From bff8392ad41ca6ca16dd4d5d812d994a86e2b83c Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Sun, 31 Mar 2019 02:24:47 -0500 Subject: [PATCH 001/247] Remove unnecessary ".bro" from @load directives Removed ".bro" file extensions from "@load" directives because they are not needed. --- scripts/base/files/pe/main.bro | 2 +- scripts/base/frameworks/files/__load__.bro | 2 +- scripts/base/protocols/radius/main.bro | 2 +- scripts/policy/tuning/defaults/__load__.bro | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/base/files/pe/main.bro b/scripts/base/files/pe/main.bro index 972e8a31c8..9ef859d2fb 100644 --- a/scripts/base/files/pe/main.bro +++ b/scripts/base/files/pe/main.bro @@ -1,6 +1,6 @@ module PE; -@load ./consts.bro +@load ./consts export { redef enum Log::ID += { LOG }; diff --git a/scripts/base/frameworks/files/__load__.bro b/scripts/base/frameworks/files/__load__.bro index 2177d81e25..2da9cffc66 100644 --- a/scripts/base/frameworks/files/__load__.bro +++ b/scripts/base/frameworks/files/__load__.bro @@ -1,2 +1,2 @@ -@load ./main.bro +@load ./main @load ./magic diff --git a/scripts/base/protocols/radius/main.bro b/scripts/base/protocols/radius/main.bro index ea30b27911..7c4e721ed6 100644 --- a/scripts/base/protocols/radius/main.bro +++ b/scripts/base/protocols/radius/main.bro @@ -2,7 +2,7 @@ module RADIUS; -@load ./consts.bro +@load ./consts @load base/utils/addrs export { diff --git a/scripts/policy/tuning/defaults/__load__.bro b/scripts/policy/tuning/defaults/__load__.bro index fd52f92401..2b574a6845 100644 --- a/scripts/policy/tuning/defaults/__load__.bro +++ b/scripts/policy/tuning/defaults/__load__.bro @@ -1,3 +1,3 @@ @load ./packet-fragments @load ./warnings -@load ./extracted_file_limits.bro +@load ./extracted_file_limits From 7c48aad5826738502765b2f079782ec2549d7b1c Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Thu, 4 Apr 2019 12:27:42 -0700 Subject: [PATCH 002/247] Update DTLS error handling DTLS now only outputs protocol violations once it saw something that looked like a DTLS connection (at least a client hello). Before the danger that it misinterprets something is too high. It has a configurable number of invalid packets that it can skip over (because other protocols might be interleaved with the connection) and a maximum amount of Protocol violations that it outputs because of wrong packet versions. --- doc | 2 +- scripts/base/init-bare.bro | 11 ++++++++ src/analyzer/protocol/ssl/CMakeLists.txt | 3 ++- src/analyzer/protocol/ssl/consts.bif | 2 ++ src/analyzer/protocol/ssl/dtls-protocol.pac | 27 ++++++++++++++++++- src/analyzer/protocol/ssl/dtls.pac | 1 + .../canonified_loaded_scripts.log | 5 ++-- .../canonified_loaded_scripts.log | 5 ++-- testing/btest/Baseline/plugins.hooks/output | 17 +++++++----- .../.stdout | 0 .../base/protocols/ssl/dtls-no-dtls.test | 15 +++++++++++ 11 files changed, 74 insertions(+), 14 deletions(-) create mode 100644 src/analyzer/protocol/ssl/consts.bif create mode 100644 testing/btest/Baseline/scripts.base.protocols.ssl.dtls-no-dtls/.stdout create mode 100644 testing/btest/scripts/base/protocols/ssl/dtls-no-dtls.test diff --git a/doc b/doc index 5aa921f0f6..2036846610 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit 5aa921f0f6ce2931e446a11f2a10cffb7f0dbc09 +Subproject commit 203684661040089877830eb98e12a6d4c18a4675 diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro index 0c32cebcc5..e94efd07df 100644 --- a/scripts/base/init-bare.bro +++ b/scripts/base/init-bare.bro @@ -4169,6 +4169,17 @@ export { HashAlgorithm: count; ##< Hash algorithm number SignatureAlgorithm: count; ##< Signature algorithm number }; + + +## Number of non-DTLS frames that can occur in a DTLS connection before +## parsing of the connection is suspended. +## DTLS does not immediately stop parsing a connection because other protocols +## might be interleaved in the same UDP "connection". +const SSL::dtls_max_version_errors = 10 &redef; + +## Maximum number of invalid version errors to report in one DTLS connection. +const SSL::dtls_max_reported_version_errors = 1 &redef; + } module GLOBAL; diff --git a/src/analyzer/protocol/ssl/CMakeLists.txt b/src/analyzer/protocol/ssl/CMakeLists.txt index 14e41892c8..3193470635 100644 --- a/src/analyzer/protocol/ssl/CMakeLists.txt +++ b/src/analyzer/protocol/ssl/CMakeLists.txt @@ -8,6 +8,7 @@ bro_plugin_cc(SSL.cc DTLS.cc Plugin.cc) bro_plugin_bif(types.bif) bro_plugin_bif(events.bif) bro_plugin_bif(functions.bif) +bro_plugin_bif(consts.bif) bro_plugin_pac(tls-handshake.pac tls-handshake-protocol.pac tls-handshake-analyzer.pac ssl-defs.pac proc-client-hello.pac proc-server-hello.pac @@ -16,7 +17,7 @@ bro_plugin_pac(tls-handshake.pac tls-handshake-protocol.pac tls-handshake-analyz ) bro_plugin_pac(ssl.pac ssl-dtls-analyzer.pac ssl-analyzer.pac ssl-dtls-protocol.pac ssl-protocol.pac ssl-defs.pac proc-client-hello.pac - proc-server-hello.pac + proc-server-hello.pac proc-certificate.pac ) bro_plugin_pac(dtls.pac ssl-dtls-analyzer.pac dtls-analyzer.pac ssl-dtls-protocol.pac dtls-protocol.pac ssl-defs.pac) diff --git a/src/analyzer/protocol/ssl/consts.bif b/src/analyzer/protocol/ssl/consts.bif new file mode 100644 index 0000000000..9dcbaa65d5 --- /dev/null +++ b/src/analyzer/protocol/ssl/consts.bif @@ -0,0 +1,2 @@ +const SSL::dtls_max_version_errors: count; +const SSL::dtls_max_reported_version_errors: count; diff --git a/src/analyzer/protocol/ssl/dtls-protocol.pac b/src/analyzer/protocol/ssl/dtls-protocol.pac index 771aa267b3..70897a585c 100644 --- a/src/analyzer/protocol/ssl/dtls-protocol.pac +++ b/src/analyzer/protocol/ssl/dtls-protocol.pac @@ -45,15 +45,40 @@ type Handshake(rec: SSLRecord) = record { refine connection SSL_Conn += { + %member{ + uint16 invalid_version_count_; + uint16 reported_errors_; + %} + + %init{ + invalid_version_count_ = 0; + reported_errors_ = 0; + %} + function dtls_version_ok(version: uint16): uint16 %{ switch ( version ) { case DTLSv10: case DTLSv12: + // Reset only to 0 once we have seen a client hello. + // This means the connection gets a limited amount of valid/invalid + // packets before a client hello has to be seen - which seems reasonable. + if ( bro_analyzer()->ProtocolConfirmed() ) + invalid_version_count_ = 0; return true; default: - bro_analyzer()->ProtocolViolation(fmt("Invalid version in DTLS connection. Packet reported version: %d", version)); + invalid_version_count_++; + + if ( bro_analyzer()->ProtocolConfirmed() ) + { + reported_errors_++; + if ( reported_errors_ <= BifConst::SSL::dtls_max_reported_version_errors ) + bro_analyzer()->ProtocolViolation(fmt("Invalid version in DTLS connection. Packet reported version: %d", version)); + } + + if ( invalid_version_count_ > BifConst::SSL::dtls_max_version_errors ) + bro_analyzer()->SetSkip(true); return false; } %} diff --git a/src/analyzer/protocol/ssl/dtls.pac b/src/analyzer/protocol/ssl/dtls.pac index b08dd61f8f..b2aa34d5c5 100644 --- a/src/analyzer/protocol/ssl/dtls.pac +++ b/src/analyzer/protocol/ssl/dtls.pac @@ -10,6 +10,7 @@ namespace analyzer { namespace dtls { class DTLS_Analyzer; } } typedef analyzer::dtls::DTLS_Analyzer* DTLSAnalyzer; #include "DTLS.h" +#include "consts.bif.h" %} extern type DTLSAnalyzer; diff --git a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log index 4eeaa4b07b..bd24bf02aa 100644 --- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path loaded_scripts -#open 2018-06-08-16-37-15 +#open 2019-04-04-19-22-03 #fields name #types string scripts/base/init-bare.bro @@ -149,6 +149,7 @@ scripts/base/init-frameworks-and-bifs.bro build/scripts/base/bif/plugins/Bro_SSL.types.bif.bro build/scripts/base/bif/plugins/Bro_SSL.events.bif.bro build/scripts/base/bif/plugins/Bro_SSL.functions.bif.bro + build/scripts/base/bif/plugins/Bro_SSL.consts.bif.bro build/scripts/base/bif/plugins/Bro_SteppingStone.events.bif.bro build/scripts/base/bif/plugins/Bro_Syslog.events.bif.bro build/scripts/base/bif/plugins/Bro_TCP.events.bif.bro @@ -179,4 +180,4 @@ scripts/base/init-frameworks-and-bifs.bro build/scripts/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.bro scripts/policy/misc/loaded-scripts.bro scripts/base/utils/paths.bro -#close 2018-06-08-16-37-15 +#close 2019-04-04-19-22-03 diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log index eaca1c489a..540910b350 100644 --- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path loaded_scripts -#open 2018-09-05-20-33-08 +#open 2019-04-04-19-22-06 #fields name #types string scripts/base/init-bare.bro @@ -149,6 +149,7 @@ scripts/base/init-frameworks-and-bifs.bro build/scripts/base/bif/plugins/Bro_SSL.types.bif.bro build/scripts/base/bif/plugins/Bro_SSL.events.bif.bro build/scripts/base/bif/plugins/Bro_SSL.functions.bif.bro + build/scripts/base/bif/plugins/Bro_SSL.consts.bif.bro build/scripts/base/bif/plugins/Bro_SteppingStone.events.bif.bro build/scripts/base/bif/plugins/Bro_Syslog.events.bif.bro build/scripts/base/bif/plugins/Bro_TCP.events.bif.bro @@ -373,4 +374,4 @@ scripts/base/init-default.bro scripts/base/misc/find-filtered-trace.bro scripts/base/misc/version.bro scripts/policy/misc/loaded-scripts.bro -#close 2018-09-05-20-33-08 +#close 2019-04-04-19-22-06 diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output index d4a84a5223..04908bed0b 100644 --- a/testing/btest/Baseline/plugins.hooks/output +++ b/testing/btest/Baseline/plugins.hooks/output @@ -277,7 +277,7 @@ 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> -0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1552701731.192609, node=bro, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1554405757.770254, node=bro, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Broker::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Cluster::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Config::LOG)) -> @@ -462,7 +462,7 @@ 0.000000 MetaHookPost CallFunction(Log::create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> -0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1552701731.192609, node=bro, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1554405757.770254, node=bro, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(NetControl::check_plugins, , ()) -> 0.000000 MetaHookPost CallFunction(NetControl::init, , ()) -> 0.000000 MetaHookPost CallFunction(Notice::want_pp, , ()) -> @@ -678,6 +678,7 @@ 0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SQLiteWriter.sqlite.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SSH.events.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SSH.types.bif.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SSL.consts.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SSL.events.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SSL.functions.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SSL.types.bif.bro) -> -1 @@ -1179,7 +1180,7 @@ 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1552701731.192609, node=bro, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1554405757.770254, node=bro, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Broker::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Cluster::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Config::LOG)) @@ -1364,7 +1365,7 @@ 0.000000 MetaHookPre CallFunction(Log::create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1552701731.192609, node=bro, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1554405757.770254, node=bro, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(NetControl::check_plugins, , ()) 0.000000 MetaHookPre CallFunction(NetControl::init, , ()) 0.000000 MetaHookPre CallFunction(Notice::want_pp, , ()) @@ -1580,6 +1581,7 @@ 0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SQLiteWriter.sqlite.bif.bro) 0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SSH.events.bif.bro) 0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SSH.types.bif.bro) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SSL.consts.bif.bro) 0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SSL.events.bif.bro) 0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SSL.functions.bif.bro) 0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SSL.types.bif.bro) @@ -2080,7 +2082,7 @@ 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]) 0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]) 0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]) -0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1552701731.192609, node=bro, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1554405757.770254, node=bro, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Config::LOG) @@ -2265,7 +2267,7 @@ 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]) 0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]) 0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]) -0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1552701731.192609, node=bro, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1554405757.770254, node=bro, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction NetControl::check_plugins() 0.000000 | HookCallFunction NetControl::init() 0.000000 | HookCallFunction Notice::want_pp() @@ -2481,6 +2483,7 @@ 0.000000 | HookLoadFile .<...>/Bro_SQLiteWriter.sqlite.bif.bro 0.000000 | HookLoadFile .<...>/Bro_SSH.events.bif.bro 0.000000 | HookLoadFile .<...>/Bro_SSH.types.bif.bro +0.000000 | HookLoadFile .<...>/Bro_SSL.consts.bif.bro 0.000000 | HookLoadFile .<...>/Bro_SSL.events.bif.bro 0.000000 | HookLoadFile .<...>/Bro_SSL.functions.bif.bro 0.000000 | HookLoadFile .<...>/Bro_SSL.types.bif.bro @@ -2699,7 +2702,7 @@ 0.000000 | HookLoadFile base<...>/x509 0.000000 | HookLoadFile base<...>/xmpp 0.000000 | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)} -0.000000 | HookLogWrite packet_filter [ts=1552701731.192609, node=bro, filter=ip or not ip, init=T, success=T] +0.000000 | HookLogWrite packet_filter [ts=1554405757.770254, node=bro, filter=ip or not ip, init=T, success=T] 0.000000 | HookQueueEvent NetControl::init() 0.000000 | HookQueueEvent bro_init() 0.000000 | HookQueueEvent filter_change_tracking() diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.dtls-no-dtls/.stdout b/testing/btest/Baseline/scripts.base.protocols.ssl.dtls-no-dtls/.stdout new file mode 100644 index 0000000000..e69de29bb2 diff --git a/testing/btest/scripts/base/protocols/ssl/dtls-no-dtls.test b/testing/btest/scripts/base/protocols/ssl/dtls-no-dtls.test new file mode 100644 index 0000000000..c8721529c9 --- /dev/null +++ b/testing/btest/scripts/base/protocols/ssl/dtls-no-dtls.test @@ -0,0 +1,15 @@ +# This tests checks that non-dtls connections to which we attach don't trigger tons of errors. + +# @TEST-EXEC: bro -C -r $TRACES/dns-txt-multiple.trace %INPUT +# @TEST-EXEC: btest-diff .stdout + +event bro_init() + { + const add_ports = { 53/udp }; + Analyzer::register_for_ports(Analyzer::ANALYZER_DTLS, add_ports); + } + +event protocol_violation(c: connection, atype: Analyzer::Tag, aid: count, reason: string) + { + print c$id, atype, reason; + } From 5e9b119a086f5311d5462d86615732eb23ddc65e Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 5 Apr 2019 12:35:50 -0700 Subject: [PATCH 003/247] Use a default binpac flowbuffer policy --- aux/binpac | 2 +- src/main.cc | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/aux/binpac b/aux/binpac index bb2476465e..ce89e30109 160000 --- a/aux/binpac +++ b/aux/binpac @@ -1 +1 @@ -Subproject commit bb2476465e304a00c368bd73d40cc6f734be5311 +Subproject commit ce89e301091fd8fd6ef53701b7b29a79d888b637 diff --git a/src/main.cc b/src/main.cc index 473f3a72e7..09b1ebfaeb 100644 --- a/src/main.cc +++ b/src/main.cc @@ -893,7 +893,11 @@ int main(int argc, char** argv) // Must come after plugin activation (and also after hash // initialization). - binpac::init(); + binpac::FlowBuffer::Policy flowbuffer_policy; + flowbuffer_policy.max_capacity = 10 * 1024 * 1024; + flowbuffer_policy.min_capacity = 512; + flowbuffer_policy.contract_threshold = 2 * 1024 * 1024; + binpac::init(&flowbuffer_policy); init_event_handlers(); From fe044ecc903e14b4520f21b9fc85def72e094af7 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 5 Apr 2019 12:42:29 -0700 Subject: [PATCH 004/247] Set PE analyzer CMake dependencies correctly --- src/file_analysis/analyzer/pe/CMakeLists.txt | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/file_analysis/analyzer/pe/CMakeLists.txt b/src/file_analysis/analyzer/pe/CMakeLists.txt index 7fc89bfd51..5708f98e8f 100644 --- a/src/file_analysis/analyzer/pe/CMakeLists.txt +++ b/src/file_analysis/analyzer/pe/CMakeLists.txt @@ -6,5 +6,12 @@ include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} bro_plugin_begin(Bro PE) bro_plugin_cc(PE.cc Plugin.cc) bro_plugin_bif(events.bif) -bro_plugin_pac(pe.pac pe-file.pac pe-analyzer.pac) +bro_plugin_pac( + pe.pac + pe-analyzer.pac + pe-file-headers.pac + pe-file-idata.pac + pe-file.pac + pe-file-types.pac +) bro_plugin_end() From c94358f1aa4a60cd75aa8f6faf89b60b7fdd9006 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 5 Apr 2019 12:43:47 -0700 Subject: [PATCH 005/247] Improve PE file analysis * Consider parsing done after processing headers * Remove the analyzer when done parsing * Enforce a maximum DOS stub program length (helps filter out non-PE) --- src/file_analysis/analyzer/pe/PE.cc | 5 +++-- src/file_analysis/analyzer/pe/pe-file-headers.pac | 10 +++++++++- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/src/file_analysis/analyzer/pe/PE.cc b/src/file_analysis/analyzer/pe/PE.cc index 9db13291b0..070aff32dd 100644 --- a/src/file_analysis/analyzer/pe/PE.cc +++ b/src/file_analysis/analyzer/pe/PE.cc @@ -20,7 +20,8 @@ PE::~PE() bool PE::DeliverStream(const u_char* data, uint64 len) { if ( conn->is_done() ) - return true; + return false; + try { interp->NewData(data, data + len); @@ -30,7 +31,7 @@ bool PE::DeliverStream(const u_char* data, uint64 len) return false; } - return true; + return ! conn->is_done(); } bool PE::EndOfFile() diff --git a/src/file_analysis/analyzer/pe/pe-file-headers.pac b/src/file_analysis/analyzer/pe/pe-file-headers.pac index f12d76e035..9eee6e03da 100644 --- a/src/file_analysis/analyzer/pe/pe-file-headers.pac +++ b/src/file_analysis/analyzer/pe/pe-file-headers.pac @@ -1,3 +1,8 @@ +# Do not try parsing if the DOS stub program seems larger than 4mb. +# DOS stub programs are not expected to be much more than on the order of +# hundreds of bytes even though the format allows a full 32-bit range. +let MAX_DOS_CODE_LENGTH = 4 * 1024 * 1024; + type Headers = record { dos_header : DOS_Header; dos_code : DOS_Code(dos_code_len); @@ -6,6 +11,9 @@ type Headers = record { } &let { dos_code_len: uint32 = dos_header.AddressOfNewExeHeader > 64 ? dos_header.AddressOfNewExeHeader - 64 : 0; length: uint64 = 64 + dos_code_len + pe_header.length + section_headers.length; + + # Do not care about parsing rest of the file so mark done now ... + proc: bool = $context.connection.mark_done(); }; # The DOS header gives us the offset of the NT headers @@ -28,7 +36,7 @@ type DOS_Header = record { OEMid : uint16; OEMinfo : uint16; Reserved2 : uint16[10]; - AddressOfNewExeHeader : uint32; + AddressOfNewExeHeader : uint32 &enforce(AddressOfNewExeHeader >= 64 && (AddressOfNewExeHeader - 64) < MAX_DOS_CODE_LENGTH); } &length=64; type DOS_Code(len: uint32) = record { From 23c244d448de2b936797de4adeddf12b7135af58 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 5 Apr 2019 17:06:03 -0700 Subject: [PATCH 006/247] Change next version number in NEWS --- NEWS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 13f05baa3b..bde87d6f55 100644 --- a/NEWS +++ b/NEWS @@ -3,8 +3,8 @@ This document summarizes the most important changes in the current Bro release. For an exhaustive list of changes, see the ``CHANGES`` file (note that submodules, such as Broker, come with their own ``CHANGES``.) -Bro 2.7 -======= +Zeek 3.0.0 +========== New Functionality ----------------- From 9c843a7d83c4a7f658f68a9ef2627ff8d34171bf Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 5 Apr 2019 17:06:26 -0700 Subject: [PATCH 007/247] Add script to update external test repo commit pointers It will prompt to update the file storing the external test repo commit hash when a change is detected upon running update-changes. --- .update-changes.cfg | 12 +---- CHANGES | 4 ++ VERSION | 2 +- .../scripts/update-external-repo-pointer.sh | 49 +++++++++++++++++++ 4 files changed, 56 insertions(+), 11 deletions(-) create mode 100755 testing/scripts/update-external-repo-pointer.sh diff --git a/.update-changes.cfg b/.update-changes.cfg index e3d04b7422..ed23fb4565 100644 --- a/.update-changes.cfg +++ b/.update-changes.cfg @@ -7,15 +7,7 @@ function new_version_hook # test suite repos to check out on a CI system. version=$1 - if [ -d testing/external/zeek-testing ]; then - echo "Updating testing/external/commit-hash.zeek-testing" - ( cd testing/external/zeek-testing && git fetch origin && git rev-parse origin/master ) > testing/external/commit-hash.zeek-testing - git add testing/external/commit-hash.zeek-testing - fi + ./testing/scripts/update-external-repo-pointer.sh testing/external/zeek-testing testing/external/commit-hash.zeek-testing - if [ -d testing/external/zeek-testing-private ]; then - echo "Updating testing/external/commit-hash.zeek-testing-private" - ( cd testing/external/zeek-testing-private && git fetch origin && git rev-parse origin/master ) > testing/external/commit-hash.zeek-testing-private - git add testing/external/commit-hash.zeek-testing-private - fi + ./testing/scripts/update-external-repo-pointer.sh testing/external/zeek-testing-private testing/external/commit-hash.zeek-testing-private } diff --git a/CHANGES b/CHANGES index e0be717f10..43fa7e3ad7 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.6-205 | 2019-04-05 17:06:26 -0700 + + * Add script to update external test repo commit pointers (Jon Siwek, Corelight) + 2.6-203 | 2019-04-04 16:35:52 -0700 * Update DTLS error handling (Johanna Amann, Corelight) diff --git a/VERSION b/VERSION index 92df2bb961..a0c99ee2be 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-203 +2.6-205 diff --git a/testing/scripts/update-external-repo-pointer.sh b/testing/scripts/update-external-repo-pointer.sh new file mode 100755 index 0000000000..e6711a0d9d --- /dev/null +++ b/testing/scripts/update-external-repo-pointer.sh @@ -0,0 +1,49 @@ +#! /usr/bin/env bash + +set -e + +if [ $# -ne 2 ]; then + echo "usage: $0 " + exit 1 +fi + +repo_dir=$1 +hash_file=$2 + +repo_base=$(basename $repo_dir) +file_base=$(basename $hash_file) + +if [ ! -d "$repo_dir" ]; then + echo "External repo does not exist: $repo_dir" + exit 1 +fi + +printf "Checking for '$repo_base' changes ..." + +origin_hash=$(cd $repo_dir && git fetch origin && git rev-parse origin/master) +head_hash=$(cd $repo_dir && git rev-parse HEAD) +file_hash=$(cat $hash_file) + +if [ "$file_hash" != "$head_hash" ]; then + printf "\n" + printf "\n" + printf " '$repo_base' pointer has changed:\n" + + line=" $file_base at $file_hash" + len=${#line} + + printf "%${len}s\n" "$line" + printf "%${len}s\n" "origin/master at $origin_hash" + printf "%${len}s\n" "HEAD at $head_hash" + printf "\n" + printf "Update file '$file_base' to HEAD commit ? " + + read -p "[Y/n] " choice + + case "$choice" in + n|N) echo "Skipped '$repo_base'";; + *) echo $head_hash > $hash_file && git add $hash_file && echo "Updated '$file_base'";; + esac +else + echo " none" +fi From 0c508f828016922e5897d27a826c9de796138c70 Mon Sep 17 00:00:00 2001 From: Mauro Palumbo Date: Mon, 8 Apr 2019 22:32:14 +0200 Subject: [PATCH 008/247] smb2_write_response event added --- src/analyzer/protocol/smb/smb2-com-write.pac | 9 +++++++++ src/analyzer/protocol/smb/smb2_com_write.bif | 15 +++++++++++++++ .../.stdout | 0 .../base/protocols/smb/smb2-write-response.test | 13 +++++++++++++ 4 files changed, 37 insertions(+) create mode 100644 testing/btest/Baseline/scripts.base.protocols.smb.smb2-write-response/.stdout create mode 100644 testing/btest/scripts/base/protocols/smb/smb2-write-response.test diff --git a/src/analyzer/protocol/smb/smb2-com-write.pac b/src/analyzer/protocol/smb/smb2-com-write.pac index 177a3a84bd..c117fc793d 100644 --- a/src/analyzer/protocol/smb/smb2-com-write.pac +++ b/src/analyzer/protocol/smb/smb2-com-write.pac @@ -24,6 +24,15 @@ refine connection SMB_Conn += { function proc_smb2_write_response(h: SMB2_Header, val: SMB2_write_response) : bool %{ + + if ( smb2_write_response ) + { + BifEvent::generate_smb2_write_response(bro_analyzer(), + bro_analyzer()->Conn(), + BuildSMB2HeaderVal(h), + ${val.write_count}); + } + return true; %} diff --git a/src/analyzer/protocol/smb/smb2_com_write.bif b/src/analyzer/protocol/smb/smb2_com_write.bif index 90efce049c..66dab9b077 100644 --- a/src/analyzer/protocol/smb/smb2_com_write.bif +++ b/src/analyzer/protocol/smb/smb2_com_write.bif @@ -16,3 +16,18 @@ ## ## .. bro:see:: smb2_message event smb2_write_request%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, offset: count, length: count%); + +## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` +## version 2 requests of type *write*. This is sent by the server in response to a write request or +## named pipe on the server. +## +## For more information, see MS-SMB2:2.2.22 +## +## c: The connection. +## +## hdr: The parsed header of the :abbr:`SMB (Server Message Block)` version 2 message. +## +## length: The number of bytes of the file being written. +## +## .. bro:see:: smb2_message +event smb2_write_response%(c: connection, hdr: SMB2::Header, length: count%); diff --git a/testing/btest/Baseline/scripts.base.protocols.smb.smb2-write-response/.stdout b/testing/btest/Baseline/scripts.base.protocols.smb.smb2-write-response/.stdout new file mode 100644 index 0000000000..e69de29bb2 diff --git a/testing/btest/scripts/base/protocols/smb/smb2-write-response.test b/testing/btest/scripts/base/protocols/smb/smb2-write-response.test new file mode 100644 index 0000000000..68c9ad47f6 --- /dev/null +++ b/testing/btest/scripts/base/protocols/smb/smb2-write-response.test @@ -0,0 +1,13 @@ +# @TEST-EXEC: bro -r $TRACES/smb/smb2readwrite.pcap %INPUT +# @TEST-EXEC: btest-diff .stdout + +@load base/protocols/smb + +# A test for write response. +event smb2_write_response(c: connection, hdr: SMB2::Header, length: count) + { + print fmt("smb2_write_response %s -> %s:%d, length: %d", c$id$orig_h, c$id$resp_h, c$id$resp_p, length); + print (hdr); + } + + From 7366155bad048368d96fd120c0226d9fa6ff08d7 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Tue, 9 Apr 2019 01:26:16 -0500 Subject: [PATCH 009/247] Update script search logic for new file extension When searching for script files, look for both the new and old file extensions. If a file with ".zeek" can't be found, then search for a file with ".bro" as a fallback. --- src/Debug.cc | 2 +- src/OSFinger.cc | 2 +- src/RuleMatcher.cc | 2 +- src/broxygen/ScriptInfo.cc | 13 +++++--- src/broxygen/Target.cc | 2 +- src/plugin/Manager.cc | 45 ++++++++++++++++--------- src/scan.l | 21 +++++++++--- src/util.cc | 68 ++++++++++++++++++++++++++++++++------ src/util.h | 17 +++++++--- 9 files changed, 129 insertions(+), 43 deletions(-) diff --git a/src/Debug.cc b/src/Debug.cc index 54a40c58d1..a45c27888e 100644 --- a/src/Debug.cc +++ b/src/Debug.cc @@ -348,7 +348,7 @@ vector parse_location_string(const string& s) if ( ! sscanf(line_string.c_str(), "%d", &plr.line) ) plr.type = plrUnknown; - string path(find_file(filename, bro_path(), "bro")); + string path(find_script_file(filename, bro_path())); if ( path.empty() ) { diff --git a/src/OSFinger.cc b/src/OSFinger.cc index df5f30b0cc..1b540a1fd0 100644 --- a/src/OSFinger.cc +++ b/src/OSFinger.cc @@ -295,7 +295,7 @@ void OSFingerprint::load_config(const char* file) char buf[MAXLINE]; char* p; - FILE* c = open_file(find_file(file, bro_path(), "osf")); + FILE* c = open_file(find_file(file, bro_path(), ".osf")); if (!c) { diff --git a/src/RuleMatcher.cc b/src/RuleMatcher.cc index 54228d58dd..5b72264926 100644 --- a/src/RuleMatcher.cc +++ b/src/RuleMatcher.cc @@ -235,7 +235,7 @@ bool RuleMatcher::ReadFiles(const name_list& files) for ( int i = 0; i < files.length(); ++i ) { - rules_in = open_file(find_file(files[i], bro_path(), "sig")); + rules_in = open_file(find_file(files[i], bro_path(), ".sig")); if ( ! rules_in ) { diff --git a/src/broxygen/ScriptInfo.cc b/src/broxygen/ScriptInfo.cc index a32d96cdd5..da6ba6b44a 100644 --- a/src/broxygen/ScriptInfo.cc +++ b/src/broxygen/ScriptInfo.cc @@ -158,7 +158,7 @@ static string make_redef_details(const string& heading, char underline, ScriptInfo::ScriptInfo(const string& arg_name, const string& arg_path) : Info(), name(arg_name), path(arg_path), - is_pkg_loader(SafeBasename(name).result == PACKAGE_LOADER), + is_pkg_loader(is_package_loader(SafeBasename(name).result)), dependencies(), module_usages(), comments(), id_info(), redef_options(), constants(), state_vars(), types(), events(), hooks(), functions(), redefs() @@ -314,7 +314,7 @@ string ScriptInfo::DoReStructuredText(bool roles_only) const if ( it != dependencies.begin() ) rval += ", "; - string path = find_file(*it, bro_path(), "bro"); + string path = find_script_file(*it, bro_path()); string doc = *it; if ( ! path.empty() && is_dir(path.c_str()) ) @@ -365,8 +365,13 @@ time_t ScriptInfo::DoGetModificationTime() const if ( ! info ) { - string pkg_name = *it + "/" + PACKAGE_LOADER; - info = broxygen_mgr->GetScriptInfo(pkg_name); + for (const string& ext : script_extensions) + { + string pkg_name = *it + "/__load__" + ext; + info = broxygen_mgr->GetScriptInfo(pkg_name); + if ( info ) + break; + } if ( ! info ) reporter->InternalWarning("Broxygen failed to get mtime of %s", diff --git a/src/broxygen/Target.cc b/src/broxygen/Target.cc index dba0d67d6c..2610f648e7 100644 --- a/src/broxygen/Target.cc +++ b/src/broxygen/Target.cc @@ -410,7 +410,7 @@ void ScriptTarget::DoFindDependencies(const vector& infos) for ( size_t i = 0; i < script_deps.size(); ++i ) { - if ( SafeBasename(script_deps[i]->Name()).result == PACKAGE_LOADER ) + if ( is_package_loader(SafeBasename(script_deps[i]->Name()).result) ) { string pkg_dir = SafeDirname(script_deps[i]->Name()).result; string target_file = Name() + pkg_dir + "/index.rst"; diff --git a/src/plugin/Manager.cc b/src/plugin/Manager.cc index 836520d03a..e098d955c1 100644 --- a/src/plugin/Manager.cc +++ b/src/plugin/Manager.cc @@ -13,6 +13,7 @@ #include "../Reporter.h" #include "../Func.h" #include "../Event.h" +#include "../util.h" using namespace plugin; @@ -182,30 +183,44 @@ bool Manager::ActivateDynamicPluginInternal(const std::string& name, bool ok_if_ add_to_bro_path(scripts); } - // First load {scripts}/__preload__.bro automatically. - string init = dir + "scripts/__preload__.bro"; + string init; - if ( is_file(init) ) + // First load {scripts}/__preload__.bro automatically. + for (const string& ext : script_extensions) { - DBG_LOG(DBG_PLUGINS, " Loading %s", init.c_str()); - scripts_to_load.push_back(init); + init = dir + "scripts/__preload__" + ext; + + if ( is_file(init) ) + { + DBG_LOG(DBG_PLUGINS, " Loading %s", init.c_str()); + scripts_to_load.push_back(init); + break; + } } // Load {bif,scripts}/__load__.bro automatically. - init = dir + "lib/bif/__load__.bro"; - - if ( is_file(init) ) + for (const string& ext : script_extensions) { - DBG_LOG(DBG_PLUGINS, " Loading %s", init.c_str()); - scripts_to_load.push_back(init); + init = dir + "lib/bif/__load__" + ext; + + if ( is_file(init) ) + { + DBG_LOG(DBG_PLUGINS, " Loading %s", init.c_str()); + scripts_to_load.push_back(init); + break; + } } - init = dir + "scripts/__load__.bro"; - - if ( is_file(init) ) + for (const string& ext : script_extensions) { - DBG_LOG(DBG_PLUGINS, " Loading %s", init.c_str()); - scripts_to_load.push_back(init); + init = dir + "scripts/__load__" + ext; + + if ( is_file(init) ) + { + DBG_LOG(DBG_PLUGINS, " Loading %s", init.c_str()); + scripts_to_load.push_back(init); + break; + } } // Load shared libraries. diff --git a/src/scan.l b/src/scan.l index c2be426044..4da18b125f 100644 --- a/src/scan.l +++ b/src/scan.l @@ -77,6 +77,17 @@ static string find_relative_file(const string& filename, const string& ext) return find_file(filename, bro_path(), ext); } +static string find_relative_script_file(const string& filename) + { + if ( filename.empty() ) + return string(); + + if ( filename[0] == '.' ) + return find_script_file(filename, SafeDirname(::filename).result); + else + return find_script_file(filename, bro_path()); + } + static ino_t get_inode_num(FILE* f, const string& path) { struct stat b; @@ -363,14 +374,14 @@ when return TOK_WHEN; @load{WS}{FILE} { const char* new_file = skip_whitespace(yytext + 5); // Skip "@load". string loader = ::filename; // load_files may change ::filename, save copy - string loading = find_relative_file(new_file, "bro"); + string loading = find_relative_script_file(new_file); (void) load_files(new_file); broxygen_mgr->ScriptDependency(loader, loading); } @load-sigs{WS}{FILE} { const char* file = skip_whitespace(yytext + 10); - string path = find_relative_file(file, "sig"); + string path = find_relative_file(file, ".sig"); int rc = PLUGIN_HOOK_WITH_RESULT(HOOK_LOAD_FILE, HookLoadFile(plugin::Plugin::SIGNATURES, file, path), -1); switch ( rc ) { @@ -430,7 +441,7 @@ when return TOK_WHEN; @unload{WS}{FILE} { // Skip "@unload". const char* file = skip_whitespace(yytext + 7); - string path = find_relative_file(file, "bro"); + string path = find_relative_script_file(file); if ( path.empty() ) reporter->Error("failed find file associated with @unload %s", file); @@ -624,7 +635,7 @@ static bool already_scanned(const string& path) static int load_files(const char* orig_file) { - string file_path = find_relative_file(orig_file, "bro"); + string file_path = find_relative_script_file(orig_file); int rc = PLUGIN_HOOK_WITH_RESULT(HOOK_LOAD_FILE, HookLoadFile(plugin::Plugin::SCRIPT, orig_file, file_path), -1); if ( rc == 1 ) @@ -970,7 +981,7 @@ int yywrap() string canon = without_bropath_component(it->name); string flat = flatten_script_name(canon, prefixes[i]); - string path = find_relative_file(flat, "bro"); + string path = find_relative_script_file(flat); if ( ! path.empty() ) { diff --git a/src/util.cc b/src/util.cc index cce49a7f6d..227faa9c1f 100644 --- a/src/util.cc +++ b/src/util.cc @@ -20,6 +20,7 @@ #endif #include +#include #include #include #include @@ -1007,7 +1008,18 @@ string bro_prefixes() return rval; } -const char* PACKAGE_LOADER = "__load__.bro"; +const array script_extensions = {".zeek", ".bro"}; + +bool is_package_loader(const string& path) + { + for (const string& ext : script_extensions) + { + if (path == "__load__" + ext) + return true; + } + + return false; + } FILE* open_file(const string& path, const string& mode) { @@ -1034,13 +1046,22 @@ static bool can_read(const string& path) FILE* open_package(string& path, const string& mode) { string arg_path = path; - path.append("/").append(PACKAGE_LOADER); + path.append("/__load__"); - if ( can_read(path) ) - return open_file(path, mode); + for (const string& ext : script_extensions) + { + string p = path + ext; + if ( can_read(p) ) + { + path.append(ext); + return open_file(path, mode); + } + } + path.append(script_extensions[0]); + string package_loader = "__load__" + script_extensions[0]; reporter->Error("Failed to open package '%s': missing '%s' file", - arg_path.c_str(), PACKAGE_LOADER); + arg_path.c_str(), package_loader.c_str()); return 0; } @@ -1123,7 +1144,7 @@ string flatten_script_name(const string& name, const string& prefix) if ( ! rval.empty() ) rval.append("."); - if ( SafeBasename(name).result == PACKAGE_LOADER ) + if ( is_package_loader(SafeBasename(name).result) ) rval.append(SafeDirname(name).result); else rval.append(name); @@ -1221,7 +1242,7 @@ string without_bropath_component(const string& path) } static string find_file_in_path(const string& filename, const string& path, - const string& opt_ext = "") + const vector& opt_ext) { if ( filename.empty() ) return string(); @@ -1239,10 +1260,13 @@ static string find_file_in_path(const string& filename, const string& path, if ( ! opt_ext.empty() ) { - string with_ext = abs_path + '.' + opt_ext; + for (const string& ext : opt_ext) + { + string with_ext = abs_path + ext; - if ( can_read(with_ext) ) - return with_ext; + if ( can_read(with_ext) ) + return with_ext; + } } if ( can_read(abs_path) ) @@ -1257,9 +1281,31 @@ string find_file(const string& filename, const string& path_set, vector paths; tokenize_string(path_set, ":", &paths); + vector ext; + if ( ! opt_ext.empty() ) + ext.push_back(opt_ext); + for ( size_t n = 0; n < paths.size(); ++n ) { - string f = find_file_in_path(filename, paths[n], opt_ext); + string f = find_file_in_path(filename, paths[n], ext); + + if ( ! f.empty() ) + return f; + } + + return string(); + } + +string find_script_file(const string& filename, const string& path_set) + { + vector paths; + tokenize_string(path_set, ":", &paths); + + vector ext(script_extensions.begin(), script_extensions.end()); + + for ( size_t n = 0; n < paths.size(); ++n ) + { + string f = find_file_in_path(filename, paths[n], ext); if ( ! f.empty() ) return f; diff --git a/src/util.h b/src/util.h index 232275d9c9..bd1566080f 100644 --- a/src/util.h +++ b/src/util.h @@ -26,6 +26,7 @@ #include #include +#include #include #include #include @@ -248,16 +249,16 @@ static const SourceID SOURCE_BROKER = 0xffffffff; extern void pinpoint(); extern int int_list_cmp(const void* v1, const void* v2); -// Contains the name of the script file that gets read -// when a package is loaded (i.e., "__load__.bro). -extern const char* PACKAGE_LOADER; - extern const std::string& bro_path(); extern const char* bro_magic_path(); extern const char* bro_plugin_path(); extern const char* bro_plugin_activate(); extern std::string bro_prefixes(); +extern const std::array script_extensions; + +bool is_package_loader(const std::string& path); + extern void add_to_bro_path(const std::string& dir); @@ -341,6 +342,14 @@ std::string without_bropath_component(const std::string& path); std::string find_file(const std::string& filename, const std::string& path_set, const std::string& opt_ext = ""); +/** + * Locate a script file within a given search path. + * @param filename Name of a file to find. + * @param path_set Colon-delimited set of paths to search for the file. + * @return Path to the found file, or an empty string if not found. + */ +std::string find_script_file(const std::string& filename, const std::string& path_set); + // Wrapper around fopen(3). Emits an error when failing to open. FILE* open_file(const std::string& path, const std::string& mode = "r"); From 0d61df30b7d192f72703a4e803327cd1eae3d6df Mon Sep 17 00:00:00 2001 From: Jeff Barber Date: Wed, 10 Apr 2019 15:10:29 -0700 Subject: [PATCH 010/247] Prevent topk_merge from crashing when second argument is empty set --- src/probabilistic/Topk.cc | 7 +++++++ testing/btest/scripts/base/frameworks/sumstats/topk.bro | 5 +++++ 2 files changed, 12 insertions(+) diff --git a/src/probabilistic/Topk.cc b/src/probabilistic/Topk.cc index e01b4e41b6..254b268145 100644 --- a/src/probabilistic/Topk.cc +++ b/src/probabilistic/Topk.cc @@ -78,6 +78,13 @@ TopkVal::~TopkVal() void TopkVal::Merge(const TopkVal* value, bool doPrune) { + if (!value->type) + { + // Merge-from is empty. Nothing to do. + assert(value->numElements == 0); + return; + } + if ( type == 0 ) { assert(numElements == 0); diff --git a/testing/btest/scripts/base/frameworks/sumstats/topk.bro b/testing/btest/scripts/base/frameworks/sumstats/topk.bro index 99c301c669..0d0a49b191 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/topk.bro +++ b/testing/btest/scripts/base/frameworks/sumstats/topk.bro @@ -5,6 +5,11 @@ event bro_init() &priority=5 { local r1: SumStats::Reducer = [$stream="test.metric", $apply=set(SumStats::TOPK)]; + # Merge two empty sets + local topk1: opaque of topk = topk_init(4); + local topk2: opaque of topk = topk_init(4); + topk_merge(topk1, topk2); + SumStats::create([$name="topk-test", $epoch=3secs, $reducers=set(r1), From 7c2477d87a51b2c99d5b7dd65373afe6c0184f90 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Thu, 11 Apr 2019 02:38:53 -0500 Subject: [PATCH 011/247] Fix the core/load-duplicates.bro test The load-duplicates.bro test would never fail because loading the provided script code twice wouldn't trigger an error. Fixed this by changing the sample script content. Also added a test case to verify that an error occurs as expected when two scripts with the same content are loaded. --- testing/btest/core/load-duplicates.bro | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/testing/btest/core/load-duplicates.bro b/testing/btest/core/load-duplicates.bro index 8c86fbc272..9b3810d40d 100644 --- a/testing/btest/core/load-duplicates.bro +++ b/testing/btest/core/load-duplicates.bro @@ -3,12 +3,13 @@ # @TEST-EXEC: mkdir -p foo/bar # @TEST-EXEC: echo "@load bar/test" >loader.bro # @TEST-EXEC: cp %INPUT foo/bar/test.bro +# @TEST-EXEC: cp %INPUT foo/bar/test2.bro +# # @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader bar/test # @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader bar/test.bro # @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader foo/bar/test # @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader foo/bar/test.bro # @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader `pwd`/foo/bar/test.bro +# @TEST-EXEC-FAIL: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader bar/test2 -type Test: enum { - TEST, -}; +global pi = 3.14; From 438fe27ce4306b0b1af56e75af7ad20fa40061e3 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Thu, 11 Apr 2019 12:07:54 -0500 Subject: [PATCH 012/247] Add test cases to verify new file extension is recognized Added tests to verify that scripts with the new ".zeek" file extension are recognized and that ".bro" is used as a fallback. --- .../core.load-file-extension/bro_only | 1 + .../core.load-file-extension/bro_preferred | 1 + .../core.load-file-extension/bro_preferred_2 | 1 + .../core.load-file-extension/no_extension | 1 + .../core.load-file-extension/xyz_preferred | 1 + .../core.load-file-extension/zeek_only | 1 + .../core.load-file-extension/zeek_preferred | 1 + .../zeek_script_preferred | 1 + testing/btest/Baseline/core.load-pkg/output | 3 +- testing/btest/Baseline/core.load-pkg/output2 | 2 + .../btest/Baseline/core.load-prefixes/output | 2 +- .../btest/Baseline/core.load-unload/output2 | 1 + testing/btest/core/load-file-extension.bro | 89 +++++++++++++++++++ testing/btest/core/load-pkg.bro | 24 ++++- testing/btest/core/load-prefixes.bro | 8 +- testing/btest/core/load-unload.bro | 27 +++++- 16 files changed, 154 insertions(+), 10 deletions(-) create mode 100644 testing/btest/Baseline/core.load-file-extension/bro_only create mode 100644 testing/btest/Baseline/core.load-file-extension/bro_preferred create mode 100644 testing/btest/Baseline/core.load-file-extension/bro_preferred_2 create mode 100644 testing/btest/Baseline/core.load-file-extension/no_extension create mode 100644 testing/btest/Baseline/core.load-file-extension/xyz_preferred create mode 100644 testing/btest/Baseline/core.load-file-extension/zeek_only create mode 100644 testing/btest/Baseline/core.load-file-extension/zeek_preferred create mode 100644 testing/btest/Baseline/core.load-file-extension/zeek_script_preferred create mode 100644 testing/btest/Baseline/core.load-pkg/output2 create mode 100644 testing/btest/Baseline/core.load-unload/output2 create mode 100644 testing/btest/core/load-file-extension.bro diff --git a/testing/btest/Baseline/core.load-file-extension/bro_only b/testing/btest/Baseline/core.load-file-extension/bro_only new file mode 100644 index 0000000000..bb2333014b --- /dev/null +++ b/testing/btest/Baseline/core.load-file-extension/bro_only @@ -0,0 +1 @@ +Bro script loaded diff --git a/testing/btest/Baseline/core.load-file-extension/bro_preferred b/testing/btest/Baseline/core.load-file-extension/bro_preferred new file mode 100644 index 0000000000..bb2333014b --- /dev/null +++ b/testing/btest/Baseline/core.load-file-extension/bro_preferred @@ -0,0 +1 @@ +Bro script loaded diff --git a/testing/btest/Baseline/core.load-file-extension/bro_preferred_2 b/testing/btest/Baseline/core.load-file-extension/bro_preferred_2 new file mode 100644 index 0000000000..bb2333014b --- /dev/null +++ b/testing/btest/Baseline/core.load-file-extension/bro_preferred_2 @@ -0,0 +1 @@ +Bro script loaded diff --git a/testing/btest/Baseline/core.load-file-extension/no_extension b/testing/btest/Baseline/core.load-file-extension/no_extension new file mode 100644 index 0000000000..b9cfe8016f --- /dev/null +++ b/testing/btest/Baseline/core.load-file-extension/no_extension @@ -0,0 +1 @@ +No file extension script loaded diff --git a/testing/btest/Baseline/core.load-file-extension/xyz_preferred b/testing/btest/Baseline/core.load-file-extension/xyz_preferred new file mode 100644 index 0000000000..8883b557a3 --- /dev/null +++ b/testing/btest/Baseline/core.load-file-extension/xyz_preferred @@ -0,0 +1 @@ +Non-standard file extension script loaded diff --git a/testing/btest/Baseline/core.load-file-extension/zeek_only b/testing/btest/Baseline/core.load-file-extension/zeek_only new file mode 100644 index 0000000000..129000059a --- /dev/null +++ b/testing/btest/Baseline/core.load-file-extension/zeek_only @@ -0,0 +1 @@ +Zeek script loaded diff --git a/testing/btest/Baseline/core.load-file-extension/zeek_preferred b/testing/btest/Baseline/core.load-file-extension/zeek_preferred new file mode 100644 index 0000000000..129000059a --- /dev/null +++ b/testing/btest/Baseline/core.load-file-extension/zeek_preferred @@ -0,0 +1 @@ +Zeek script loaded diff --git a/testing/btest/Baseline/core.load-file-extension/zeek_script_preferred b/testing/btest/Baseline/core.load-file-extension/zeek_script_preferred new file mode 100644 index 0000000000..129000059a --- /dev/null +++ b/testing/btest/Baseline/core.load-file-extension/zeek_script_preferred @@ -0,0 +1 @@ +Zeek script loaded diff --git a/testing/btest/Baseline/core.load-pkg/output b/testing/btest/Baseline/core.load-pkg/output index 119b2f9a18..ab438bfe3b 100644 --- a/testing/btest/Baseline/core.load-pkg/output +++ b/testing/btest/Baseline/core.load-pkg/output @@ -1 +1,2 @@ -Foo loaded +test.zeek loaded +__load__.zeek loaded diff --git a/testing/btest/Baseline/core.load-pkg/output2 b/testing/btest/Baseline/core.load-pkg/output2 new file mode 100644 index 0000000000..1021a36092 --- /dev/null +++ b/testing/btest/Baseline/core.load-pkg/output2 @@ -0,0 +1,2 @@ +test.zeek loaded +__load__.bro loaded diff --git a/testing/btest/Baseline/core.load-prefixes/output b/testing/btest/Baseline/core.load-prefixes/output index ea35b3a8c0..2969d774cf 100644 --- a/testing/btest/Baseline/core.load-prefixes/output +++ b/testing/btest/Baseline/core.load-prefixes/output @@ -1,4 +1,4 @@ loaded lcl2.base.utils.site.bro loaded lcl.base.utils.site.bro loaded lcl2.base.protocols.http.bro -loaded lcl.base.protocols.http.bro +loaded lcl.base.protocols.http.zeek diff --git a/testing/btest/Baseline/core.load-unload/output2 b/testing/btest/Baseline/core.load-unload/output2 new file mode 100644 index 0000000000..bd327f15d4 --- /dev/null +++ b/testing/btest/Baseline/core.load-unload/output2 @@ -0,0 +1 @@ +Loaded: dontloadme.bro diff --git a/testing/btest/core/load-file-extension.bro b/testing/btest/core/load-file-extension.bro new file mode 100644 index 0000000000..1b5520c873 --- /dev/null +++ b/testing/btest/core/load-file-extension.bro @@ -0,0 +1,89 @@ +# Test loading scripts with different file extensions. +# +# Test that either ".zeek" or ".bro" can be loaded without specifying extension +# @TEST-EXEC: cp x/foo.bro . +# @TEST-EXEC: bro -b load_foo > bro_only +# @TEST-EXEC: btest-diff bro_only +# @TEST-EXEC: rm foo.bro +# +# @TEST-EXEC: cp x/foo.zeek . +# @TEST-EXEC: bro -b load_foo > zeek_only +# @TEST-EXEC: btest-diff zeek_only +# @TEST-EXEC: rm foo.zeek +# +# Test that ".zeek" is the preferred file extension, unless ".bro" is specified +# @TEST-EXEC: cp x/foo.* . +# @TEST-EXEC: cp x2/foo . +# @TEST-EXEC: bro -b load_foo > zeek_preferred +# @TEST-EXEC: btest-diff zeek_preferred +# +# @TEST-EXEC: bro -b load_foo_bro > bro_preferred +# @TEST-EXEC: btest-diff bro_preferred +# @TEST-EXEC: rm foo* +# +# Test that ".bro" is preferred over a script with no file extension (when +# there is no ".zeek" script) +# @TEST-EXEC: cp x/foo.bro . +# @TEST-EXEC: cp x2/foo . +# @TEST-EXEC: bro -b load_foo > bro_preferred_2 +# @TEST-EXEC: btest-diff bro_preferred_2 +# @TEST-EXEC: rm foo* +# +# Test that a script with no file extension can be loaded +# @TEST-EXEC: cp x2/foo . +# @TEST-EXEC: bro -b load_foo > no_extension +# @TEST-EXEC: btest-diff no_extension +# @TEST-EXEC: rm foo +# +# Test that a ".zeek" script is preferred over a script package of same name +# @TEST-EXEC: cp -r x/foo* . +# @TEST-EXEC: bro -b load_foo > zeek_script_preferred +# @TEST-EXEC: btest-diff zeek_script_preferred +# @TEST-EXEC: rm -r foo* +# +# Test that unrecognized file extensions can be loaded explicitly +# @TEST-EXEC: cp x/foo.* . +# @TEST-EXEC: bro -b load_foo_xyz > xyz_preferred +# @TEST-EXEC: btest-diff xyz_preferred +# @TEST-EXEC: rm foo.* +# +# @TEST-EXEC: cp x/foo.xyz . +# @TEST-EXEC-FAIL: bro -b load_foo +# @TEST-EXEC: rm foo.xyz + +@TEST-START-FILE load_foo +@load foo +@TEST-END-FILE + +@TEST-START-FILE load_foo_bro +@load foo.bro +@TEST-END-FILE + +@TEST-START-FILE load_foo_xyz +@load foo.xyz +@TEST-END-FILE + + +@TEST-START-FILE x/foo.bro +print "Bro script loaded"; +@TEST-END-FILE + +@TEST-START-FILE x/foo.zeek +print "Zeek script loaded"; +@TEST-END-FILE + +@TEST-START-FILE x/foo.xyz +print "Non-standard file extension script loaded"; +@TEST-END-FILE + +@TEST-START-FILE x/foo/__load__.zeek +@load ./main +@TEST-END-FILE + +@TEST-START-FILE x/foo/main.zeek +print "Script package loaded"; +@TEST-END-FILE + +@TEST-START-FILE x2/foo +print "No file extension script loaded"; +@TEST-END-FILE diff --git a/testing/btest/core/load-pkg.bro b/testing/btest/core/load-pkg.bro index e6671e038d..8c861f7982 100644 --- a/testing/btest/core/load-pkg.bro +++ b/testing/btest/core/load-pkg.bro @@ -1,10 +1,28 @@ +# Test that package loading works when a package loader script is present. +# +# Test that ".zeek" is loaded when there is also a ".bro" # @TEST-EXEC: bro -b foo >output # @TEST-EXEC: btest-diff output +# +# Test that ".bro" is loaded when there is no ".zeek" +# @TEST-EXEC: rm foo/__load__.zeek +# @TEST-EXEC: bro -b foo >output2 +# @TEST-EXEC: btest-diff output2 +# +# Test that package cannot be loaded when no package loader script exists. +# @TEST-EXEC: rm foo/__load__.bro +# @TEST-EXEC-FAIL: bro -b foo @TEST-START-FILE foo/__load__.bro -@load ./test.bro +@load ./test +print "__load__.bro loaded"; @TEST-END-FILE -@TEST-START-FILE foo/test.bro -print "Foo loaded"; +@TEST-START-FILE foo/__load__.zeek +@load ./test +print "__load__.zeek loaded"; +@TEST-END-FILE + +@TEST-START-FILE foo/test.zeek +print "test.zeek loaded"; @TEST-END-FILE diff --git a/testing/btest/core/load-prefixes.bro b/testing/btest/core/load-prefixes.bro index 1dfc3ac5dd..5d064c0d36 100644 --- a/testing/btest/core/load-prefixes.bro +++ b/testing/btest/core/load-prefixes.bro @@ -8,6 +8,8 @@ @prefixes += lcl2 @TEST-END-FILE +# Since base/utils/site.bro is a script, only a script with the original file +# extension can be loaded here. @TEST-START-FILE lcl.base.utils.site.bro print "loaded lcl.base.utils.site.bro"; @TEST-END-FILE @@ -16,8 +18,10 @@ print "loaded lcl.base.utils.site.bro"; print "loaded lcl2.base.utils.site.bro"; @TEST-END-FILE -@TEST-START-FILE lcl.base.protocols.http.bro -print "loaded lcl.base.protocols.http.bro"; +# For a script package like base/protocols/http/, either of the recognized +# file extensions can be loaded here. +@TEST-START-FILE lcl.base.protocols.http.zeek +print "loaded lcl.base.protocols.http.zeek"; @TEST-END-FILE @TEST-START-FILE lcl2.base.protocols.http.bro diff --git a/testing/btest/core/load-unload.bro b/testing/btest/core/load-unload.bro index 6525a8e8ea..6b2614a50c 100644 --- a/testing/btest/core/load-unload.bro +++ b/testing/btest/core/load-unload.bro @@ -1,11 +1,32 @@ # This tests the @unload directive # -# @TEST-EXEC: bro -b %INPUT misc/loaded-scripts dontloadmebro > output +# Test that @unload works with ".bro" when there is no ".zeek" script +# @TEST-EXEC: bro -b unloadbro misc/loaded-scripts dontloadmebro > output # @TEST-EXEC: btest-diff output -# @TEST-EXEC: grep -q dontloadmebro loaded_scripts.log && exit 1 || exit 0 +# @TEST-EXEC: grep dontloadmebro loaded_scripts.log && exit 1 || exit 0 +# +# Test that @unload looks for ".zeek" first (assuming no file extension is +# specified in the @unload) +# @TEST-EXEC: bro -b unload misc/loaded-scripts dontloadme.zeek dontloadme.bro > output2 +# @TEST-EXEC: btest-diff output2 +# @TEST-EXEC: grep dontloadme.bro loaded_scripts.log +@TEST-START-FILE unloadbro.bro @unload dontloadmebro +@TEST-END-FILE @TEST-START-FILE dontloadmebro.bro -print "FAIL"; +print "Loaded: dontloadmebro.bro"; +@TEST-END-FILE + +@TEST-START-FILE unload.zeek +@unload dontloadme +@TEST-END-FILE + +@TEST-START-FILE dontloadme.zeek +print "Loaded: dontloadme.zeek"; +@TEST-END-FILE + +@TEST-START-FILE dontloadme.bro +print "Loaded: dontloadme.bro"; @TEST-END-FILE From 537d9cab97d3c9f4413dee4a32a82a89af188af4 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Thu, 11 Apr 2019 14:59:17 -0500 Subject: [PATCH 013/247] Update a few tests due to scripts with new file extension --- testing/btest/plugins/bifs-and-scripts-install.sh | 2 +- testing/btest/plugins/bifs-and-scripts.sh | 2 +- .../protocol-plugin/scripts/{__load__.bro => __load__.zeek} | 0 3 files changed, 2 insertions(+), 2 deletions(-) rename testing/btest/plugins/protocol-plugin/scripts/{__load__.bro => __load__.zeek} (100%) diff --git a/testing/btest/plugins/bifs-and-scripts-install.sh b/testing/btest/plugins/bifs-and-scripts-install.sh index 60c754f8ff..5498e515ca 100644 --- a/testing/btest/plugins/bifs-and-scripts-install.sh +++ b/testing/btest/plugins/bifs-and-scripts-install.sh @@ -9,7 +9,7 @@ mkdir -p scripts/demo/foo/base/ -cat >scripts/__load__.bro <scripts/__load__.zeek <scripts/__load__.bro <scripts/__load__.zeek < Date: Thu, 11 Apr 2019 21:12:40 -0500 Subject: [PATCH 014/247] Rename all scripts to have ".zeek" file extension --- scripts/CMakeLists.txt | 8 +- .../extract/{__load__.bro => __load__.zeek} | 0 .../files/extract/{main.bro => main.zeek} | 0 .../hash/{__load__.bro => __load__.zeek} | 0 .../base/files/hash/{main.bro => main.zeek} | 0 .../files/pe/{__load__.bro => __load__.zeek} | 0 .../base/files/pe/{consts.bro => consts.zeek} | 0 scripts/base/files/pe/{main.bro => main.zeek} | 0 .../unified2/{__load__.bro => __load__.zeek} | 0 .../files/unified2/{main.bro => main.zeek} | 0 .../x509/{__load__.bro => __load__.zeek} | 0 .../base/files/x509/{main.bro => main.zeek} | 0 .../analyzer/{__load__.bro => __load__.zeek} | 0 .../analyzer/{main.bro => main.zeek} | 0 .../broker/{__load__.bro => __load__.zeek} | 0 .../frameworks/broker/{log.bro => log.zeek} | 0 .../frameworks/broker/{main.bro => main.zeek} | 0 .../broker/{store.bro => store.zeek} | 0 .../cluster/{__load__.bro => __load__.zeek} | 0 .../cluster/{main.bro => main.zeek} | 6 +- .../cluster/nodes/{logger.bro => logger.zeek} | 0 .../nodes/{manager.bro => manager.zeek} | 0 .../cluster/nodes/{proxy.bro => proxy.zeek} | 0 .../cluster/nodes/{worker.bro => worker.zeek} | 0 .../cluster/{pools.bro => pools.zeek} | 0 ...connections.bro => setup-connections.zeek} | 0 .../config/{__load__.bro => __load__.zeek} | 0 .../config/{input.bro => input.zeek} | 0 .../frameworks/config/{main.bro => main.zeek} | 0 .../config/{weird.bro => weird.zeek} | 0 .../control/{__load__.bro => __load__.zeek} | 0 .../control/{main.bro => main.zeek} | 0 .../dpd/{__load__.bro => __load__.zeek} | 0 .../frameworks/dpd/{main.bro => main.zeek} | 0 .../files/{__load__.bro => __load__.zeek} | 0 .../magic/{__load__.bro => __load__.zeek} | 0 .../frameworks/files/{main.bro => main.zeek} | 0 .../input/{__load__.bro => __load__.zeek} | 0 .../frameworks/input/{main.bro => main.zeek} | 0 .../input/readers/{ascii.bro => ascii.zeek} | 0 .../readers/{benchmark.bro => benchmark.zeek} | 0 .../input/readers/{binary.bro => binary.zeek} | 0 .../input/readers/{config.bro => config.zeek} | 0 .../input/readers/{raw.bro => raw.zeek} | 0 .../input/readers/{sqlite.bro => sqlite.zeek} | 0 .../intel/{__load__.bro => __load__.zeek} | 0 .../intel/{cluster.bro => cluster.zeek} | 0 .../intel/{files.bro => files.zeek} | 0 .../intel/{input.bro => input.zeek} | 0 .../frameworks/intel/{main.bro => main.zeek} | 0 .../logging/{__load__.bro => __load__.zeek} | 0 .../logging/{main.bro => main.zeek} | 0 .../{__load__.bro => __load__.zeek} | 0 .../postprocessors/{scp.bro => scp.zeek} | 0 .../postprocessors/{sftp.bro => sftp.zeek} | 0 .../logging/writers/{ascii.bro => ascii.zeek} | 0 .../logging/writers/{none.bro => none.zeek} | 0 .../writers/{sqlite.bro => sqlite.zeek} | 0 .../{__load__.bro => __load__.zeek} | 0 ...and-release.bro => catch-and-release.zeek} | 0 .../netcontrol/{cluster.bro => cluster.zeek} | 0 .../netcontrol/{drop.bro => drop.zeek} | 0 .../netcontrol/{main.bro => main.zeek} | 4 +- .../{non-cluster.bro => non-cluster.zeek} | 0 .../netcontrol/{plugin.bro => plugin.zeek} | 0 .../plugins/{__load__.bro => __load__.zeek} | 0 .../plugins/{acld.bro => acld.zeek} | 0 .../plugins/{broker.bro => broker.zeek} | 0 .../plugins/{debug.bro => debug.zeek} | 0 .../plugins/{openflow.bro => openflow.zeek} | 0 .../{packetfilter.bro => packetfilter.zeek} | 0 .../netcontrol/{shunt.bro => shunt.zeek} | 0 .../netcontrol/{types.bro => types.zeek} | 0 .../notice/{__load__.bro => __load__.zeek} | 0 .../{add-geodata.bro => add-geodata.zeek} | 0 .../notice/actions/{drop.bro => drop.zeek} | 0 .../{email_admin.bro => email_admin.zeek} | 0 .../notice/actions/{page.bro => page.zeek} | 0 .../actions/{pp-alarms.bro => pp-alarms.zeek} | 0 .../frameworks/notice/{main.bro => main.zeek} | 0 .../notice/{weird.bro => weird.zeek} | 0 .../openflow/{__load__.bro => __load__.zeek} | 0 .../openflow/{cluster.bro => cluster.zeek} | 0 .../openflow/{consts.bro => consts.zeek} | 0 .../openflow/{main.bro => main.zeek} | 2 +- .../{non-cluster.bro => non-cluster.zeek} | 0 .../plugins/{__load__.bro => __load__.zeek} | 0 .../plugins/{broker.bro => broker.zeek} | 0 .../openflow/plugins/{log.bro => log.zeek} | 0 .../openflow/plugins/{ryu.bro => ryu.zeek} | 0 .../openflow/{types.bro => types.zeek} | 0 .../{__load__.bro => __load__.zeek} | 0 .../{cluster.bro => cluster.zeek} | 0 .../packet-filter/{main.bro => main.zeek} | 0 .../{netstats.bro => netstats.zeek} | 0 .../packet-filter/{utils.bro => utils.zeek} | 0 .../reporter/{__load__.bro => __load__.zeek} | 0 .../reporter/{main.bro => main.zeek} | 2 +- .../{__load__.bro => __load__.zeek} | 0 .../signatures/{main.bro => main.zeek} | 0 .../software/{__load__.bro => __load__.zeek} | 0 .../software/{main.bro => main.zeek} | 0 .../sumstats/{__load__.bro => __load__.zeek} | 0 .../sumstats/{cluster.bro => cluster.zeek} | 0 .../sumstats/{main.bro => main.zeek} | 0 .../{non-cluster.bro => non-cluster.zeek} | 0 .../plugins/{__load__.bro => __load__.zeek} | 0 .../plugins/{average.bro => average.zeek} | 0 .../{hll_unique.bro => hll_unique.zeek} | 0 .../sumstats/plugins/{last.bro => last.zeek} | 0 .../sumstats/plugins/{max.bro => max.zeek} | 0 .../sumstats/plugins/{min.bro => min.zeek} | 0 .../plugins/{sample.bro => sample.zeek} | 0 .../plugins/{std-dev.bro => std-dev.zeek} | 0 .../sumstats/plugins/{sum.bro => sum.zeek} | 0 .../sumstats/plugins/{topk.bro => topk.zeek} | 0 .../plugins/{unique.bro => unique.zeek} | 0 .../plugins/{variance.bro => variance.zeek} | 0 .../tunnels/{__load__.bro => __load__.zeek} | 0 .../tunnels/{main.bro => main.zeek} | 0 .../base/{init-bare.bro => init-bare.zeek} | 6 +- .../{init-default.bro => init-default.zeek} | 2 +- ...bifs.bro => init-frameworks-and-bifs.zeek} | 2 +- ...ding.bro => find-checksum-offloading.zeek} | 0 ...red-trace.bro => find-filtered-trace.zeek} | 0 .../base/misc/{version.bro => version.zeek} | 0 .../conn/{__load__.bro => __load__.zeek} | 0 .../conn/{contents.bro => contents.zeek} | 0 .../conn/{inactivity.bro => inactivity.zeek} | 0 .../protocols/conn/{main.bro => main.zeek} | 0 .../conn/{polling.bro => polling.zeek} | 0 .../conn/{thresholds.bro => thresholds.zeek} | 0 .../dce-rpc/{__load__.bro => __load__.zeek} | 0 .../dce-rpc/{consts.bro => consts.zeek} | 0 .../protocols/dce-rpc/{main.bro => main.zeek} | 0 .../dhcp/{__load__.bro => __load__.zeek} | 0 .../dhcp/{consts.bro => consts.zeek} | 0 .../protocols/dhcp/{main.bro => main.zeek} | 0 .../dnp3/{__load__.bro => __load__.zeek} | 0 .../dnp3/{consts.bro => consts.zeek} | 0 .../protocols/dnp3/{main.bro => main.zeek} | 0 .../dns/{__load__.bro => __load__.zeek} | 0 .../protocols/dns/{consts.bro => consts.zeek} | 0 .../protocols/dns/{main.bro => main.zeek} | 0 .../ftp/{__load__.bro => __load__.zeek} | 0 .../protocols/ftp/{files.bro => files.zeek} | 0 .../ftp/{gridftp.bro => gridftp.zeek} | 0 .../protocols/ftp/{info.bro => info.zeek} | 0 .../protocols/ftp/{main.bro => main.zeek} | 0 ...utils-commands.bro => utils-commands.zeek} | 0 .../protocols/ftp/{utils.bro => utils.zeek} | 0 .../http/{__load__.bro => __load__.zeek} | 0 .../http/{entities.bro => entities.zeek} | 0 .../protocols/http/{files.bro => files.zeek} | 0 .../protocols/http/{main.bro => main.zeek} | 0 .../protocols/http/{utils.bro => utils.zeek} | 0 .../imap/{__load__.bro => __load__.zeek} | 0 .../protocols/imap/{main.bro => main.zeek} | 0 .../irc/{__load__.bro => __load__.zeek} | 0 .../irc/{dcc-send.bro => dcc-send.zeek} | 0 .../protocols/irc/{files.bro => files.zeek} | 0 .../protocols/irc/{main.bro => main.zeek} | 0 .../krb/{__load__.bro => __load__.zeek} | 0 .../protocols/krb/{consts.bro => consts.zeek} | 0 .../protocols/krb/{files.bro => files.zeek} | 0 .../protocols/krb/{main.bro => main.zeek} | 0 .../modbus/{__load__.bro => __load__.zeek} | 0 .../modbus/{consts.bro => consts.zeek} | 0 .../protocols/modbus/{main.bro => main.zeek} | 0 .../mysql/{__load__.bro => __load__.zeek} | 0 .../mysql/{consts.bro => consts.zeek} | 0 .../protocols/mysql/{main.bro => main.zeek} | 0 .../ntlm/{__load__.bro => __load__.zeek} | 0 .../protocols/ntlm/{main.bro => main.zeek} | 0 .../pop3/{__load__.bro => __load__.zeek} | 0 .../radius/{__load__.bro => __load__.zeek} | 0 .../radius/{consts.bro => consts.zeek} | 0 .../protocols/radius/{main.bro => main.zeek} | 0 .../rdp/{__load__.bro => __load__.zeek} | 0 .../protocols/rdp/{consts.bro => consts.zeek} | 0 .../protocols/rdp/{main.bro => main.zeek} | 0 .../rfb/{__load__.bro => __load__.zeek} | 0 .../protocols/rfb/{main.bro => main.zeek} | 0 .../sip/{__load__.bro => __load__.zeek} | 0 .../protocols/sip/{main.bro => main.zeek} | 0 .../smb/{__load__.bro => __load__.zeek} | 0 ...nst-dos-error.bro => const-dos-error.zeek} | 0 ...nst-nt-status.bro => const-nt-status.zeek} | 0 .../protocols/smb/{consts.bro => consts.zeek} | 2 +- .../protocols/smb/{files.bro => files.zeek} | 0 .../protocols/smb/{main.bro => main.zeek} | 0 .../smb/{smb1-main.bro => smb1-main.zeek} | 0 .../smb/{smb2-main.bro => smb2-main.zeek} | 0 .../smtp/{__load__.bro => __load__.zeek} | 0 .../smtp/{entities.bro => entities.zeek} | 0 .../protocols/smtp/{files.bro => files.zeek} | 0 .../protocols/smtp/{main.bro => main.zeek} | 0 .../snmp/{__load__.bro => __load__.zeek} | 0 .../protocols/snmp/{main.bro => main.zeek} | 0 .../socks/{__load__.bro => __load__.zeek} | 0 .../socks/{consts.bro => consts.zeek} | 0 .../protocols/socks/{main.bro => main.zeek} | 0 .../ssh/{__load__.bro => __load__.zeek} | 0 .../protocols/ssh/{main.bro => main.zeek} | 0 .../ssl/{__load__.bro => __load__.zeek} | 0 .../protocols/ssl/{consts.bro => consts.zeek} | 0 .../ssl/{ct-list.bro => ct-list.zeek} | 0 .../protocols/ssl/{files.bro => files.zeek} | 0 .../protocols/ssl/{main.bro => main.zeek} | 4 +- ...zilla-ca-list.bro => mozilla-ca-list.zeek} | 0 .../syslog/{__load__.bro => __load__.zeek} | 0 .../syslog/{consts.bro => consts.zeek} | 0 .../protocols/syslog/{main.bro => main.zeek} | 0 .../tunnels/{__load__.bro => __load__.zeek} | 0 .../xmpp/{__load__.bro => __load__.zeek} | 0 .../protocols/xmpp/{main.bro => main.zeek} | 0 .../{active-http.bro => active-http.zeek} | 0 scripts/base/utils/{addrs.bro => addrs.zeek} | 0 .../utils/{conn-ids.bro => conn-ids.zeek} | 0 scripts/base/utils/{dir.bro => dir.zeek} | 0 ...nd-hosts.bro => directions-and-hosts.zeek} | 0 scripts/base/utils/{email.bro => email.zeek} | 0 scripts/base/utils/{exec.bro => exec.zeek} | 0 scripts/base/utils/{files.bro => files.zeek} | 0 ...geoip-distance.bro => geoip-distance.zeek} | 0 .../utils/{hash_hrw.bro => hash_hrw.zeek} | 0 scripts/base/utils/{json.bro => json.zeek} | 0 .../base/utils/{numbers.bro => numbers.zeek} | 0 scripts/base/utils/{paths.bro => paths.zeek} | 0 .../utils/{patterns.bro => patterns.zeek} | 0 scripts/base/utils/{queue.bro => queue.zeek} | 0 scripts/base/utils/{site.bro => site.zeek} | 0 .../base/utils/{strings.bro => strings.zeek} | 0 .../utils/{thresholds.bro => thresholds.zeek} | 0 scripts/base/utils/{time.bro => time.zeek} | 0 scripts/base/utils/{urls.bro => urls.zeek} | 0 scripts/broxygen/__load__.bro | 17 --- scripts/broxygen/__load__.zeek | 17 +++ .../broxygen/{example.bro => example.zeek} | 0 .../x509/{log-ocsp.bro => log-ocsp.zeek} | 0 .../{controllee.bro => controllee.zeek} | 0 .../{controller.bro => controller.zeek} | 0 ...ct-protocols.bro => detect-protocols.zeek} | 0 ...ogging.bro => packet-segment-logging.zeek} | 0 .../files/{detect-MHR.bro => detect-MHR.zeek} | 0 ...-files.bro => entropy-test-all-files.zeek} | 0 ...t-all-files.bro => extract-all-files.zeek} | 0 ...hash-all-files.bro => hash-all-files.zeek} | 0 .../intel/{do_expire.bro => do_expire.zeek} | 0 .../intel/{do_notice.bro => do_notice.zeek} | 0 .../intel/{removal.bro => removal.zeek} | 0 .../seen/{__load__.bro => __load__.zeek} | 0 ...-established.bro => conn-established.zeek} | 0 .../intel/seen/{dns.bro => dns.zeek} | 0 .../{file-hashes.bro => file-hashes.zeek} | 0 .../seen/{file-names.bro => file-names.zeek} | 0 .../{http-headers.bro => http-headers.zeek} | 0 .../seen/{http-url.bro => http-url.zeek} | 0 .../{pubkey-hashes.bro => pubkey-hashes.zeek} | 0 .../{smb-filenames.bro => smb-filenames.zeek} | 0 ...xtraction.bro => smtp-url-extraction.zeek} | 0 .../intel/seen/{smtp.bro => smtp.zeek} | 0 .../intel/seen/{ssl.bro => ssl.zeek} | 0 ...ere-locations.bro => where-locations.zeek} | 0 .../intel/seen/{x509.bro => x509.zeek} | 0 .../intel/{whitelist.bro => whitelist.zeek} | 0 .../notice/{__load__.bro => __load__.zeek} | 0 .../{hostnames.bro => hostnames.zeek} | 0 .../packet-filter/{shunt.bro => shunt.zeek} | 0 ...rsion-changes.bro => version-changes.zeek} | 0 .../{vulnerable.bro => vulnerable.zeek} | 0 ...ion.bro => windows-version-detection.zeek} | 0 .../barnyard2/{__load__.bro => __load__.zeek} | 0 .../barnyard2/{main.bro => main.zeek} | 0 .../barnyard2/{types.bro => types.zeek} | 0 .../{__load__.bro => __load__.zeek} | 0 .../collective-intel/{main.bro => main.zeek} | 0 .../{capture-loss.bro => capture-loss.zeek} | 0 .../{__load__.bro => __load__.zeek} | 0 .../detect-traceroute/{main.bro => main.zeek} | 0 .../{dump-events.bro => dump-events.zeek} | 0 ...load-balancing.bro => load-balancing.zeek} | 0 ...loaded-scripts.bro => loaded-scripts.zeek} | 0 .../misc/{profiling.bro => profiling.zeek} | 0 scripts/policy/misc/{scan.bro => scan.zeek} | 0 scripts/policy/misc/{stats.bro => stats.zeek} | 0 ...im-trace-file.bro => trim-trace-file.zeek} | 0 .../{weird-stats.bro => weird-stats.zeek} | 0 .../{known-hosts.bro => known-hosts.zeek} | 0 ...known-services.bro => known-services.zeek} | 0 .../{mac-logging.bro => mac-logging.zeek} | 0 .../{vlan-logging.bro => vlan-logging.zeek} | 0 .../conn/{weirds.bro => weirds.zeek} | 0 ...ated_events.bro => deprecated_events.zeek} | 0 .../dhcp/{msg-orig.bro => msg-orig.zeek} | 0 .../dhcp/{software.bro => software.zeek} | 0 .../dhcp/{sub-opts.bro => sub-opts.zeek} | 0 .../dns/{auth-addl.bro => auth-addl.zeek} | 0 ...l-names.bro => detect-external-names.zeek} | 0 ...teforcing.bro => detect-bruteforcing.zeek} | 0 .../protocols/ftp/{detect.bro => detect.zeek} | 0 .../ftp/{software.bro => software.zeek} | 0 .../{detect-sqli.bro => detect-sqli.zeek} | 0 ...detect-webapps.bro => detect-webapps.zeek} | 0 .../{header-names.bro => header-names.zeek} | 0 ...gins.bro => software-browser-plugins.zeek} | 0 .../http/{software.bro => software.zeek} | 0 ...ookies.bro => var-extraction-cookies.zeek} | 0 ...action-uri.bro => var-extraction-uri.zeek} | 0 ...ticket-logging.bro => ticket-logging.zeek} | 0 ...s-slaves.bro => known-masters-slaves.zeek} | 0 .../{track-memmap.bro => track-memmap.zeek} | 0 .../mysql/{software.bro => software.zeek} | 0 .../{indicate_ssl.bro => indicate_ssl.zeek} | 0 .../smb/{__load__.bro => __load__.zeek} | 0 .../smb/{log-cmds.bro => log-cmds.zeek} | 0 .../smtp/{blocklists.bro => blocklists.zeek} | 0 ...s-orig.bro => detect-suspicious-orig.zeek} | 0 ...ties-excerpt.bro => entities-excerpt.zeek} | 0 .../smtp/{software.bro => software.zeek} | 0 ...teforcing.bro => detect-bruteforcing.zeek} | 0 .../ssh/{geo-data.bro => geo-data.zeek} | 0 ...stnames.bro => interesting-hostnames.zeek} | 0 .../ssh/{software.bro => software.zeek} | 0 ...expiring-certs.bro => expiring-certs.zeek} | 0 ...t-certs-pem.bro => extract-certs-pem.zeek} | 0 .../ssl/{heartbleed.bro => heartbleed.zeek} | 0 .../ssl/{known-certs.bro => known-certs.zeek} | 0 ...certs-only.bro => log-hostcerts-only.zeek} | 0 .../protocols/ssl/{notary.bro => notary.zeek} | 0 ...validate-certs.bro => validate-certs.zeek} | 0 .../{validate-ocsp.bro => validate-ocsp.zeek} | 0 .../{validate-sct.bro => validate-sct.zeek} | 0 .../ssl/{weak-keys.bro => weak-keys.zeek} | 0 .../tuning/{__load__.bro => __load__.zeek} | 0 .../defaults/{__load__.bro => __load__.zeek} | 0 ..._limits.bro => extracted_file_limits.zeek} | 0 ...et-fragments.bro => packet-fragments.zeek} | 0 .../defaults/{warnings.bro => warnings.zeek} | 0 .../tuning/{json-logs.bro => json-logs.zeek} | 0 ...k-all-assets.bro => track-all-assets.zeek} | 0 scripts/site/{local.bro => local.zeek} | 0 scripts/test-all-policy.bro | 113 ------------------ scripts/test-all-policy.zeek | 113 ++++++++++++++++++ src/CMakeLists.txt | 6 +- src/Type.cc | 2 +- src/broxygen/ScriptInfo.cc | 4 +- src/broxygen/ScriptInfo.h | 2 +- src/broxygen/Target.h | 2 +- src/broxygen/broxygen.bif | 2 +- src/const.bif | 2 +- src/main.cc | 6 +- src/plugin/Manager.cc | 4 +- src/reporter.bif | 2 +- src/scan.l | 4 +- src/types.bif | 2 +- src/util.h | 2 +- 357 files changed, 169 insertions(+), 169 deletions(-) rename scripts/base/files/extract/{__load__.bro => __load__.zeek} (100%) rename scripts/base/files/extract/{main.bro => main.zeek} (100%) rename scripts/base/files/hash/{__load__.bro => __load__.zeek} (100%) rename scripts/base/files/hash/{main.bro => main.zeek} (100%) rename scripts/base/files/pe/{__load__.bro => __load__.zeek} (100%) rename scripts/base/files/pe/{consts.bro => consts.zeek} (100%) rename scripts/base/files/pe/{main.bro => main.zeek} (100%) rename scripts/base/files/unified2/{__load__.bro => __load__.zeek} (100%) rename scripts/base/files/unified2/{main.bro => main.zeek} (100%) rename scripts/base/files/x509/{__load__.bro => __load__.zeek} (100%) rename scripts/base/files/x509/{main.bro => main.zeek} (100%) rename scripts/base/frameworks/analyzer/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/analyzer/{main.bro => main.zeek} (100%) rename scripts/base/frameworks/broker/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/broker/{log.bro => log.zeek} (100%) rename scripts/base/frameworks/broker/{main.bro => main.zeek} (100%) rename scripts/base/frameworks/broker/{store.bro => store.zeek} (100%) rename scripts/base/frameworks/cluster/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/cluster/{main.bro => main.zeek} (98%) rename scripts/base/frameworks/cluster/nodes/{logger.bro => logger.zeek} (100%) rename scripts/base/frameworks/cluster/nodes/{manager.bro => manager.zeek} (100%) rename scripts/base/frameworks/cluster/nodes/{proxy.bro => proxy.zeek} (100%) rename scripts/base/frameworks/cluster/nodes/{worker.bro => worker.zeek} (100%) rename scripts/base/frameworks/cluster/{pools.bro => pools.zeek} (100%) rename scripts/base/frameworks/cluster/{setup-connections.bro => setup-connections.zeek} (100%) rename scripts/base/frameworks/config/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/config/{input.bro => input.zeek} (100%) rename scripts/base/frameworks/config/{main.bro => main.zeek} (100%) rename scripts/base/frameworks/config/{weird.bro => weird.zeek} (100%) rename scripts/base/frameworks/control/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/control/{main.bro => main.zeek} (100%) rename scripts/base/frameworks/dpd/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/dpd/{main.bro => main.zeek} (100%) rename scripts/base/frameworks/files/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/files/magic/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/files/{main.bro => main.zeek} (100%) rename scripts/base/frameworks/input/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/input/{main.bro => main.zeek} (100%) rename scripts/base/frameworks/input/readers/{ascii.bro => ascii.zeek} (100%) rename scripts/base/frameworks/input/readers/{benchmark.bro => benchmark.zeek} (100%) rename scripts/base/frameworks/input/readers/{binary.bro => binary.zeek} (100%) rename scripts/base/frameworks/input/readers/{config.bro => config.zeek} (100%) rename scripts/base/frameworks/input/readers/{raw.bro => raw.zeek} (100%) rename scripts/base/frameworks/input/readers/{sqlite.bro => sqlite.zeek} (100%) rename scripts/base/frameworks/intel/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/intel/{cluster.bro => cluster.zeek} (100%) rename scripts/base/frameworks/intel/{files.bro => files.zeek} (100%) rename scripts/base/frameworks/intel/{input.bro => input.zeek} (100%) rename scripts/base/frameworks/intel/{main.bro => main.zeek} (100%) rename scripts/base/frameworks/logging/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/logging/{main.bro => main.zeek} (100%) rename scripts/base/frameworks/logging/postprocessors/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/logging/postprocessors/{scp.bro => scp.zeek} (100%) rename scripts/base/frameworks/logging/postprocessors/{sftp.bro => sftp.zeek} (100%) rename scripts/base/frameworks/logging/writers/{ascii.bro => ascii.zeek} (100%) rename scripts/base/frameworks/logging/writers/{none.bro => none.zeek} (100%) rename scripts/base/frameworks/logging/writers/{sqlite.bro => sqlite.zeek} (100%) rename scripts/base/frameworks/netcontrol/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/netcontrol/{catch-and-release.bro => catch-and-release.zeek} (100%) rename scripts/base/frameworks/netcontrol/{cluster.bro => cluster.zeek} (100%) rename scripts/base/frameworks/netcontrol/{drop.bro => drop.zeek} (100%) rename scripts/base/frameworks/netcontrol/{main.bro => main.zeek} (99%) rename scripts/base/frameworks/netcontrol/{non-cluster.bro => non-cluster.zeek} (100%) rename scripts/base/frameworks/netcontrol/{plugin.bro => plugin.zeek} (100%) rename scripts/base/frameworks/netcontrol/plugins/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/netcontrol/plugins/{acld.bro => acld.zeek} (100%) rename scripts/base/frameworks/netcontrol/plugins/{broker.bro => broker.zeek} (100%) rename scripts/base/frameworks/netcontrol/plugins/{debug.bro => debug.zeek} (100%) rename scripts/base/frameworks/netcontrol/plugins/{openflow.bro => openflow.zeek} (100%) rename scripts/base/frameworks/netcontrol/plugins/{packetfilter.bro => packetfilter.zeek} (100%) rename scripts/base/frameworks/netcontrol/{shunt.bro => shunt.zeek} (100%) rename scripts/base/frameworks/netcontrol/{types.bro => types.zeek} (100%) rename scripts/base/frameworks/notice/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/notice/actions/{add-geodata.bro => add-geodata.zeek} (100%) rename scripts/base/frameworks/notice/actions/{drop.bro => drop.zeek} (100%) rename scripts/base/frameworks/notice/actions/{email_admin.bro => email_admin.zeek} (100%) rename scripts/base/frameworks/notice/actions/{page.bro => page.zeek} (100%) rename scripts/base/frameworks/notice/actions/{pp-alarms.bro => pp-alarms.zeek} (100%) rename scripts/base/frameworks/notice/{main.bro => main.zeek} (100%) rename scripts/base/frameworks/notice/{weird.bro => weird.zeek} (100%) rename scripts/base/frameworks/openflow/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/openflow/{cluster.bro => cluster.zeek} (100%) rename scripts/base/frameworks/openflow/{consts.bro => consts.zeek} (100%) rename scripts/base/frameworks/openflow/{main.bro => main.zeek} (99%) rename scripts/base/frameworks/openflow/{non-cluster.bro => non-cluster.zeek} (100%) rename scripts/base/frameworks/openflow/plugins/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/openflow/plugins/{broker.bro => broker.zeek} (100%) rename scripts/base/frameworks/openflow/plugins/{log.bro => log.zeek} (100%) rename scripts/base/frameworks/openflow/plugins/{ryu.bro => ryu.zeek} (100%) rename scripts/base/frameworks/openflow/{types.bro => types.zeek} (100%) rename scripts/base/frameworks/packet-filter/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/packet-filter/{cluster.bro => cluster.zeek} (100%) rename scripts/base/frameworks/packet-filter/{main.bro => main.zeek} (100%) rename scripts/base/frameworks/packet-filter/{netstats.bro => netstats.zeek} (100%) rename scripts/base/frameworks/packet-filter/{utils.bro => utils.zeek} (100%) rename scripts/base/frameworks/reporter/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/reporter/{main.bro => main.zeek} (99%) rename scripts/base/frameworks/signatures/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/signatures/{main.bro => main.zeek} (100%) rename scripts/base/frameworks/software/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/software/{main.bro => main.zeek} (100%) rename scripts/base/frameworks/sumstats/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/sumstats/{cluster.bro => cluster.zeek} (100%) rename scripts/base/frameworks/sumstats/{main.bro => main.zeek} (100%) rename scripts/base/frameworks/sumstats/{non-cluster.bro => non-cluster.zeek} (100%) rename scripts/base/frameworks/sumstats/plugins/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/sumstats/plugins/{average.bro => average.zeek} (100%) rename scripts/base/frameworks/sumstats/plugins/{hll_unique.bro => hll_unique.zeek} (100%) rename scripts/base/frameworks/sumstats/plugins/{last.bro => last.zeek} (100%) rename scripts/base/frameworks/sumstats/plugins/{max.bro => max.zeek} (100%) rename scripts/base/frameworks/sumstats/plugins/{min.bro => min.zeek} (100%) rename scripts/base/frameworks/sumstats/plugins/{sample.bro => sample.zeek} (100%) rename scripts/base/frameworks/sumstats/plugins/{std-dev.bro => std-dev.zeek} (100%) rename scripts/base/frameworks/sumstats/plugins/{sum.bro => sum.zeek} (100%) rename scripts/base/frameworks/sumstats/plugins/{topk.bro => topk.zeek} (100%) rename scripts/base/frameworks/sumstats/plugins/{unique.bro => unique.zeek} (100%) rename scripts/base/frameworks/sumstats/plugins/{variance.bro => variance.zeek} (100%) rename scripts/base/frameworks/tunnels/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/tunnels/{main.bro => main.zeek} (100%) rename scripts/base/{init-bare.bro => init-bare.zeek} (99%) rename scripts/base/{init-default.bro => init-default.zeek} (98%) rename scripts/base/{init-frameworks-and-bifs.bro => init-frameworks-and-bifs.zeek} (86%) rename scripts/base/misc/{find-checksum-offloading.bro => find-checksum-offloading.zeek} (100%) rename scripts/base/misc/{find-filtered-trace.bro => find-filtered-trace.zeek} (100%) rename scripts/base/misc/{version.bro => version.zeek} (100%) rename scripts/base/protocols/conn/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/conn/{contents.bro => contents.zeek} (100%) rename scripts/base/protocols/conn/{inactivity.bro => inactivity.zeek} (100%) rename scripts/base/protocols/conn/{main.bro => main.zeek} (100%) rename scripts/base/protocols/conn/{polling.bro => polling.zeek} (100%) rename scripts/base/protocols/conn/{thresholds.bro => thresholds.zeek} (100%) rename scripts/base/protocols/dce-rpc/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/dce-rpc/{consts.bro => consts.zeek} (100%) rename scripts/base/protocols/dce-rpc/{main.bro => main.zeek} (100%) rename scripts/base/protocols/dhcp/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/dhcp/{consts.bro => consts.zeek} (100%) rename scripts/base/protocols/dhcp/{main.bro => main.zeek} (100%) rename scripts/base/protocols/dnp3/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/dnp3/{consts.bro => consts.zeek} (100%) rename scripts/base/protocols/dnp3/{main.bro => main.zeek} (100%) rename scripts/base/protocols/dns/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/dns/{consts.bro => consts.zeek} (100%) rename scripts/base/protocols/dns/{main.bro => main.zeek} (100%) rename scripts/base/protocols/ftp/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/ftp/{files.bro => files.zeek} (100%) rename scripts/base/protocols/ftp/{gridftp.bro => gridftp.zeek} (100%) rename scripts/base/protocols/ftp/{info.bro => info.zeek} (100%) rename scripts/base/protocols/ftp/{main.bro => main.zeek} (100%) rename scripts/base/protocols/ftp/{utils-commands.bro => utils-commands.zeek} (100%) rename scripts/base/protocols/ftp/{utils.bro => utils.zeek} (100%) rename scripts/base/protocols/http/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/http/{entities.bro => entities.zeek} (100%) rename scripts/base/protocols/http/{files.bro => files.zeek} (100%) rename scripts/base/protocols/http/{main.bro => main.zeek} (100%) rename scripts/base/protocols/http/{utils.bro => utils.zeek} (100%) rename scripts/base/protocols/imap/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/imap/{main.bro => main.zeek} (100%) rename scripts/base/protocols/irc/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/irc/{dcc-send.bro => dcc-send.zeek} (100%) rename scripts/base/protocols/irc/{files.bro => files.zeek} (100%) rename scripts/base/protocols/irc/{main.bro => main.zeek} (100%) rename scripts/base/protocols/krb/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/krb/{consts.bro => consts.zeek} (100%) rename scripts/base/protocols/krb/{files.bro => files.zeek} (100%) rename scripts/base/protocols/krb/{main.bro => main.zeek} (100%) rename scripts/base/protocols/modbus/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/modbus/{consts.bro => consts.zeek} (100%) rename scripts/base/protocols/modbus/{main.bro => main.zeek} (100%) rename scripts/base/protocols/mysql/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/mysql/{consts.bro => consts.zeek} (100%) rename scripts/base/protocols/mysql/{main.bro => main.zeek} (100%) rename scripts/base/protocols/ntlm/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/ntlm/{main.bro => main.zeek} (100%) rename scripts/base/protocols/pop3/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/radius/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/radius/{consts.bro => consts.zeek} (100%) rename scripts/base/protocols/radius/{main.bro => main.zeek} (100%) rename scripts/base/protocols/rdp/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/rdp/{consts.bro => consts.zeek} (100%) rename scripts/base/protocols/rdp/{main.bro => main.zeek} (100%) rename scripts/base/protocols/rfb/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/rfb/{main.bro => main.zeek} (100%) rename scripts/base/protocols/sip/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/sip/{main.bro => main.zeek} (100%) rename scripts/base/protocols/smb/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/smb/{const-dos-error.bro => const-dos-error.zeek} (100%) rename scripts/base/protocols/smb/{const-nt-status.bro => const-nt-status.zeek} (100%) rename scripts/base/protocols/smb/{consts.bro => consts.zeek} (99%) rename scripts/base/protocols/smb/{files.bro => files.zeek} (100%) rename scripts/base/protocols/smb/{main.bro => main.zeek} (100%) rename scripts/base/protocols/smb/{smb1-main.bro => smb1-main.zeek} (100%) rename scripts/base/protocols/smb/{smb2-main.bro => smb2-main.zeek} (100%) rename scripts/base/protocols/smtp/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/smtp/{entities.bro => entities.zeek} (100%) rename scripts/base/protocols/smtp/{files.bro => files.zeek} (100%) rename scripts/base/protocols/smtp/{main.bro => main.zeek} (100%) rename scripts/base/protocols/snmp/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/snmp/{main.bro => main.zeek} (100%) rename scripts/base/protocols/socks/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/socks/{consts.bro => consts.zeek} (100%) rename scripts/base/protocols/socks/{main.bro => main.zeek} (100%) rename scripts/base/protocols/ssh/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/ssh/{main.bro => main.zeek} (100%) rename scripts/base/protocols/ssl/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/ssl/{consts.bro => consts.zeek} (100%) rename scripts/base/protocols/ssl/{ct-list.bro => ct-list.zeek} (100%) rename scripts/base/protocols/ssl/{files.bro => files.zeek} (100%) rename scripts/base/protocols/ssl/{main.bro => main.zeek} (99%) rename scripts/base/protocols/ssl/{mozilla-ca-list.bro => mozilla-ca-list.zeek} (100%) rename scripts/base/protocols/syslog/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/syslog/{consts.bro => consts.zeek} (100%) rename scripts/base/protocols/syslog/{main.bro => main.zeek} (100%) rename scripts/base/protocols/tunnels/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/xmpp/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/xmpp/{main.bro => main.zeek} (100%) rename scripts/base/utils/{active-http.bro => active-http.zeek} (100%) rename scripts/base/utils/{addrs.bro => addrs.zeek} (100%) rename scripts/base/utils/{conn-ids.bro => conn-ids.zeek} (100%) rename scripts/base/utils/{dir.bro => dir.zeek} (100%) rename scripts/base/utils/{directions-and-hosts.bro => directions-and-hosts.zeek} (100%) rename scripts/base/utils/{email.bro => email.zeek} (100%) rename scripts/base/utils/{exec.bro => exec.zeek} (100%) rename scripts/base/utils/{files.bro => files.zeek} (100%) rename scripts/base/utils/{geoip-distance.bro => geoip-distance.zeek} (100%) rename scripts/base/utils/{hash_hrw.bro => hash_hrw.zeek} (100%) rename scripts/base/utils/{json.bro => json.zeek} (100%) rename scripts/base/utils/{numbers.bro => numbers.zeek} (100%) rename scripts/base/utils/{paths.bro => paths.zeek} (100%) rename scripts/base/utils/{patterns.bro => patterns.zeek} (100%) rename scripts/base/utils/{queue.bro => queue.zeek} (100%) rename scripts/base/utils/{site.bro => site.zeek} (100%) rename scripts/base/utils/{strings.bro => strings.zeek} (100%) rename scripts/base/utils/{thresholds.bro => thresholds.zeek} (100%) rename scripts/base/utils/{time.bro => time.zeek} (100%) rename scripts/base/utils/{urls.bro => urls.zeek} (100%) delete mode 100644 scripts/broxygen/__load__.bro create mode 100644 scripts/broxygen/__load__.zeek rename scripts/broxygen/{example.bro => example.zeek} (100%) rename scripts/policy/files/x509/{log-ocsp.bro => log-ocsp.zeek} (100%) rename scripts/policy/frameworks/control/{controllee.bro => controllee.zeek} (100%) rename scripts/policy/frameworks/control/{controller.bro => controller.zeek} (100%) rename scripts/policy/frameworks/dpd/{detect-protocols.bro => detect-protocols.zeek} (100%) rename scripts/policy/frameworks/dpd/{packet-segment-logging.bro => packet-segment-logging.zeek} (100%) rename scripts/policy/frameworks/files/{detect-MHR.bro => detect-MHR.zeek} (100%) rename scripts/policy/frameworks/files/{entropy-test-all-files.bro => entropy-test-all-files.zeek} (100%) rename scripts/policy/frameworks/files/{extract-all-files.bro => extract-all-files.zeek} (100%) rename scripts/policy/frameworks/files/{hash-all-files.bro => hash-all-files.zeek} (100%) rename scripts/policy/frameworks/intel/{do_expire.bro => do_expire.zeek} (100%) rename scripts/policy/frameworks/intel/{do_notice.bro => do_notice.zeek} (100%) rename scripts/policy/frameworks/intel/{removal.bro => removal.zeek} (100%) rename scripts/policy/frameworks/intel/seen/{__load__.bro => __load__.zeek} (100%) rename scripts/policy/frameworks/intel/seen/{conn-established.bro => conn-established.zeek} (100%) rename scripts/policy/frameworks/intel/seen/{dns.bro => dns.zeek} (100%) rename scripts/policy/frameworks/intel/seen/{file-hashes.bro => file-hashes.zeek} (100%) rename scripts/policy/frameworks/intel/seen/{file-names.bro => file-names.zeek} (100%) rename scripts/policy/frameworks/intel/seen/{http-headers.bro => http-headers.zeek} (100%) rename scripts/policy/frameworks/intel/seen/{http-url.bro => http-url.zeek} (100%) rename scripts/policy/frameworks/intel/seen/{pubkey-hashes.bro => pubkey-hashes.zeek} (100%) rename scripts/policy/frameworks/intel/seen/{smb-filenames.bro => smb-filenames.zeek} (100%) rename scripts/policy/frameworks/intel/seen/{smtp-url-extraction.bro => smtp-url-extraction.zeek} (100%) rename scripts/policy/frameworks/intel/seen/{smtp.bro => smtp.zeek} (100%) rename scripts/policy/frameworks/intel/seen/{ssl.bro => ssl.zeek} (100%) rename scripts/policy/frameworks/intel/seen/{where-locations.bro => where-locations.zeek} (100%) rename scripts/policy/frameworks/intel/seen/{x509.bro => x509.zeek} (100%) rename scripts/policy/frameworks/intel/{whitelist.bro => whitelist.zeek} (100%) rename scripts/policy/frameworks/notice/{__load__.bro => __load__.zeek} (100%) rename scripts/policy/frameworks/notice/extend-email/{hostnames.bro => hostnames.zeek} (100%) rename scripts/policy/frameworks/packet-filter/{shunt.bro => shunt.zeek} (100%) rename scripts/policy/frameworks/software/{version-changes.bro => version-changes.zeek} (100%) rename scripts/policy/frameworks/software/{vulnerable.bro => vulnerable.zeek} (100%) rename scripts/policy/frameworks/software/{windows-version-detection.bro => windows-version-detection.zeek} (100%) rename scripts/policy/integration/barnyard2/{__load__.bro => __load__.zeek} (100%) rename scripts/policy/integration/barnyard2/{main.bro => main.zeek} (100%) rename scripts/policy/integration/barnyard2/{types.bro => types.zeek} (100%) rename scripts/policy/integration/collective-intel/{__load__.bro => __load__.zeek} (100%) rename scripts/policy/integration/collective-intel/{main.bro => main.zeek} (100%) rename scripts/policy/misc/{capture-loss.bro => capture-loss.zeek} (100%) rename scripts/policy/misc/detect-traceroute/{__load__.bro => __load__.zeek} (100%) rename scripts/policy/misc/detect-traceroute/{main.bro => main.zeek} (100%) rename scripts/policy/misc/{dump-events.bro => dump-events.zeek} (100%) rename scripts/policy/misc/{load-balancing.bro => load-balancing.zeek} (100%) rename scripts/policy/misc/{loaded-scripts.bro => loaded-scripts.zeek} (100%) rename scripts/policy/misc/{profiling.bro => profiling.zeek} (100%) rename scripts/policy/misc/{scan.bro => scan.zeek} (100%) rename scripts/policy/misc/{stats.bro => stats.zeek} (100%) rename scripts/policy/misc/{trim-trace-file.bro => trim-trace-file.zeek} (100%) rename scripts/policy/misc/{weird-stats.bro => weird-stats.zeek} (100%) rename scripts/policy/protocols/conn/{known-hosts.bro => known-hosts.zeek} (100%) rename scripts/policy/protocols/conn/{known-services.bro => known-services.zeek} (100%) rename scripts/policy/protocols/conn/{mac-logging.bro => mac-logging.zeek} (100%) rename scripts/policy/protocols/conn/{vlan-logging.bro => vlan-logging.zeek} (100%) rename scripts/policy/protocols/conn/{weirds.bro => weirds.zeek} (100%) rename scripts/policy/protocols/dhcp/{deprecated_events.bro => deprecated_events.zeek} (100%) rename scripts/policy/protocols/dhcp/{msg-orig.bro => msg-orig.zeek} (100%) rename scripts/policy/protocols/dhcp/{software.bro => software.zeek} (100%) rename scripts/policy/protocols/dhcp/{sub-opts.bro => sub-opts.zeek} (100%) rename scripts/policy/protocols/dns/{auth-addl.bro => auth-addl.zeek} (100%) rename scripts/policy/protocols/dns/{detect-external-names.bro => detect-external-names.zeek} (100%) rename scripts/policy/protocols/ftp/{detect-bruteforcing.bro => detect-bruteforcing.zeek} (100%) rename scripts/policy/protocols/ftp/{detect.bro => detect.zeek} (100%) rename scripts/policy/protocols/ftp/{software.bro => software.zeek} (100%) rename scripts/policy/protocols/http/{detect-sqli.bro => detect-sqli.zeek} (100%) rename scripts/policy/protocols/http/{detect-webapps.bro => detect-webapps.zeek} (100%) rename scripts/policy/protocols/http/{header-names.bro => header-names.zeek} (100%) rename scripts/policy/protocols/http/{software-browser-plugins.bro => software-browser-plugins.zeek} (100%) rename scripts/policy/protocols/http/{software.bro => software.zeek} (100%) rename scripts/policy/protocols/http/{var-extraction-cookies.bro => var-extraction-cookies.zeek} (100%) rename scripts/policy/protocols/http/{var-extraction-uri.bro => var-extraction-uri.zeek} (100%) rename scripts/policy/protocols/krb/{ticket-logging.bro => ticket-logging.zeek} (100%) rename scripts/policy/protocols/modbus/{known-masters-slaves.bro => known-masters-slaves.zeek} (100%) rename scripts/policy/protocols/modbus/{track-memmap.bro => track-memmap.zeek} (100%) rename scripts/policy/protocols/mysql/{software.bro => software.zeek} (100%) rename scripts/policy/protocols/rdp/{indicate_ssl.bro => indicate_ssl.zeek} (100%) rename scripts/policy/protocols/smb/{__load__.bro => __load__.zeek} (100%) rename scripts/policy/protocols/smb/{log-cmds.bro => log-cmds.zeek} (100%) rename scripts/policy/protocols/smtp/{blocklists.bro => blocklists.zeek} (100%) rename scripts/policy/protocols/smtp/{detect-suspicious-orig.bro => detect-suspicious-orig.zeek} (100%) rename scripts/policy/protocols/smtp/{entities-excerpt.bro => entities-excerpt.zeek} (100%) rename scripts/policy/protocols/smtp/{software.bro => software.zeek} (100%) rename scripts/policy/protocols/ssh/{detect-bruteforcing.bro => detect-bruteforcing.zeek} (100%) rename scripts/policy/protocols/ssh/{geo-data.bro => geo-data.zeek} (100%) rename scripts/policy/protocols/ssh/{interesting-hostnames.bro => interesting-hostnames.zeek} (100%) rename scripts/policy/protocols/ssh/{software.bro => software.zeek} (100%) rename scripts/policy/protocols/ssl/{expiring-certs.bro => expiring-certs.zeek} (100%) rename scripts/policy/protocols/ssl/{extract-certs-pem.bro => extract-certs-pem.zeek} (100%) rename scripts/policy/protocols/ssl/{heartbleed.bro => heartbleed.zeek} (100%) rename scripts/policy/protocols/ssl/{known-certs.bro => known-certs.zeek} (100%) rename scripts/policy/protocols/ssl/{log-hostcerts-only.bro => log-hostcerts-only.zeek} (100%) rename scripts/policy/protocols/ssl/{notary.bro => notary.zeek} (100%) rename scripts/policy/protocols/ssl/{validate-certs.bro => validate-certs.zeek} (100%) rename scripts/policy/protocols/ssl/{validate-ocsp.bro => validate-ocsp.zeek} (100%) rename scripts/policy/protocols/ssl/{validate-sct.bro => validate-sct.zeek} (100%) rename scripts/policy/protocols/ssl/{weak-keys.bro => weak-keys.zeek} (100%) rename scripts/policy/tuning/{__load__.bro => __load__.zeek} (100%) rename scripts/policy/tuning/defaults/{__load__.bro => __load__.zeek} (100%) rename scripts/policy/tuning/defaults/{extracted_file_limits.bro => extracted_file_limits.zeek} (100%) rename scripts/policy/tuning/defaults/{packet-fragments.bro => packet-fragments.zeek} (100%) rename scripts/policy/tuning/defaults/{warnings.bro => warnings.zeek} (100%) rename scripts/policy/tuning/{json-logs.bro => json-logs.zeek} (100%) rename scripts/policy/tuning/{track-all-assets.bro => track-all-assets.zeek} (100%) rename scripts/site/{local.bro => local.zeek} (100%) delete mode 100644 scripts/test-all-policy.bro create mode 100644 scripts/test-all-policy.zeek diff --git a/scripts/CMakeLists.txt b/scripts/CMakeLists.txt index 96c682871a..189c9b9df8 100644 --- a/scripts/CMakeLists.txt +++ b/scripts/CMakeLists.txt @@ -2,8 +2,8 @@ include(InstallPackageConfigFile) install(DIRECTORY ./ DESTINATION ${BRO_SCRIPT_INSTALL_PATH} FILES_MATCHING PATTERN "site/local*" EXCLUDE - PATTERN "test-all-policy.bro" EXCLUDE - PATTERN "*.bro" + PATTERN "test-all-policy.zeek" EXCLUDE + PATTERN "*.zeek" PATTERN "*.sig" PATTERN "*.fp" ) @@ -11,6 +11,6 @@ install(DIRECTORY ./ DESTINATION ${BRO_SCRIPT_INSTALL_PATH} FILES_MATCHING # Install all local* scripts as config files since they are meant to be # user modify-able. InstallPackageConfigFile( - ${CMAKE_CURRENT_SOURCE_DIR}/site/local.bro + ${CMAKE_CURRENT_SOURCE_DIR}/site/local.zeek ${BRO_SCRIPT_INSTALL_PATH}/site - local.bro) + local.zeek) diff --git a/scripts/base/files/extract/__load__.bro b/scripts/base/files/extract/__load__.zeek similarity index 100% rename from scripts/base/files/extract/__load__.bro rename to scripts/base/files/extract/__load__.zeek diff --git a/scripts/base/files/extract/main.bro b/scripts/base/files/extract/main.zeek similarity index 100% rename from scripts/base/files/extract/main.bro rename to scripts/base/files/extract/main.zeek diff --git a/scripts/base/files/hash/__load__.bro b/scripts/base/files/hash/__load__.zeek similarity index 100% rename from scripts/base/files/hash/__load__.bro rename to scripts/base/files/hash/__load__.zeek diff --git a/scripts/base/files/hash/main.bro b/scripts/base/files/hash/main.zeek similarity index 100% rename from scripts/base/files/hash/main.bro rename to scripts/base/files/hash/main.zeek diff --git a/scripts/base/files/pe/__load__.bro b/scripts/base/files/pe/__load__.zeek similarity index 100% rename from scripts/base/files/pe/__load__.bro rename to scripts/base/files/pe/__load__.zeek diff --git a/scripts/base/files/pe/consts.bro b/scripts/base/files/pe/consts.zeek similarity index 100% rename from scripts/base/files/pe/consts.bro rename to scripts/base/files/pe/consts.zeek diff --git a/scripts/base/files/pe/main.bro b/scripts/base/files/pe/main.zeek similarity index 100% rename from scripts/base/files/pe/main.bro rename to scripts/base/files/pe/main.zeek diff --git a/scripts/base/files/unified2/__load__.bro b/scripts/base/files/unified2/__load__.zeek similarity index 100% rename from scripts/base/files/unified2/__load__.bro rename to scripts/base/files/unified2/__load__.zeek diff --git a/scripts/base/files/unified2/main.bro b/scripts/base/files/unified2/main.zeek similarity index 100% rename from scripts/base/files/unified2/main.bro rename to scripts/base/files/unified2/main.zeek diff --git a/scripts/base/files/x509/__load__.bro b/scripts/base/files/x509/__load__.zeek similarity index 100% rename from scripts/base/files/x509/__load__.bro rename to scripts/base/files/x509/__load__.zeek diff --git a/scripts/base/files/x509/main.bro b/scripts/base/files/x509/main.zeek similarity index 100% rename from scripts/base/files/x509/main.bro rename to scripts/base/files/x509/main.zeek diff --git a/scripts/base/frameworks/analyzer/__load__.bro b/scripts/base/frameworks/analyzer/__load__.zeek similarity index 100% rename from scripts/base/frameworks/analyzer/__load__.bro rename to scripts/base/frameworks/analyzer/__load__.zeek diff --git a/scripts/base/frameworks/analyzer/main.bro b/scripts/base/frameworks/analyzer/main.zeek similarity index 100% rename from scripts/base/frameworks/analyzer/main.bro rename to scripts/base/frameworks/analyzer/main.zeek diff --git a/scripts/base/frameworks/broker/__load__.bro b/scripts/base/frameworks/broker/__load__.zeek similarity index 100% rename from scripts/base/frameworks/broker/__load__.bro rename to scripts/base/frameworks/broker/__load__.zeek diff --git a/scripts/base/frameworks/broker/log.bro b/scripts/base/frameworks/broker/log.zeek similarity index 100% rename from scripts/base/frameworks/broker/log.bro rename to scripts/base/frameworks/broker/log.zeek diff --git a/scripts/base/frameworks/broker/main.bro b/scripts/base/frameworks/broker/main.zeek similarity index 100% rename from scripts/base/frameworks/broker/main.bro rename to scripts/base/frameworks/broker/main.zeek diff --git a/scripts/base/frameworks/broker/store.bro b/scripts/base/frameworks/broker/store.zeek similarity index 100% rename from scripts/base/frameworks/broker/store.bro rename to scripts/base/frameworks/broker/store.zeek diff --git a/scripts/base/frameworks/cluster/__load__.bro b/scripts/base/frameworks/cluster/__load__.zeek similarity index 100% rename from scripts/base/frameworks/cluster/__load__.bro rename to scripts/base/frameworks/cluster/__load__.zeek diff --git a/scripts/base/frameworks/cluster/main.bro b/scripts/base/frameworks/cluster/main.zeek similarity index 98% rename from scripts/base/frameworks/cluster/main.bro rename to scripts/base/frameworks/cluster/main.zeek index 2d492454d4..2cb0401eea 100644 --- a/scripts/base/frameworks/cluster/main.bro +++ b/scripts/base/frameworks/cluster/main.zeek @@ -1,6 +1,6 @@ ##! A framework for establishing and controlling a cluster of Bro instances. ##! In order to use the cluster framework, a script named -##! ``cluster-layout.bro`` must exist somewhere in Bro's script search path +##! ``cluster-layout.zeek`` must exist somewhere in Bro's script search path ##! which has a cluster definition of the :bro:id:`Cluster::nodes` variable. ##! The ``CLUSTER_NODE`` environment variable or :bro:id:`Cluster::node` ##! must also be sent and the cluster framework loaded as a package like @@ -192,7 +192,7 @@ export { global worker_count: count = 0; ## The cluster layout definition. This should be placed into a filter - ## named cluster-layout.bro somewhere in the BROPATH. It will be + ## named cluster-layout.zeek somewhere in the BROPATH. It will be ## automatically loaded if the CLUSTER_NODE environment variable is set. ## Note that BroControl handles all of this automatically. ## The table is typically indexed by node names/labels (e.g. "manager" @@ -200,7 +200,7 @@ export { const nodes: table[string] of Node = {} &redef; ## Indicates whether or not the manager will act as the logger and receive - ## logs. This value should be set in the cluster-layout.bro script (the + ## logs. This value should be set in the cluster-layout.zeek script (the ## value should be true only if no logger is specified in Cluster::nodes). ## Note that BroControl handles this automatically. const manager_is_logger = T &redef; diff --git a/scripts/base/frameworks/cluster/nodes/logger.bro b/scripts/base/frameworks/cluster/nodes/logger.zeek similarity index 100% rename from scripts/base/frameworks/cluster/nodes/logger.bro rename to scripts/base/frameworks/cluster/nodes/logger.zeek diff --git a/scripts/base/frameworks/cluster/nodes/manager.bro b/scripts/base/frameworks/cluster/nodes/manager.zeek similarity index 100% rename from scripts/base/frameworks/cluster/nodes/manager.bro rename to scripts/base/frameworks/cluster/nodes/manager.zeek diff --git a/scripts/base/frameworks/cluster/nodes/proxy.bro b/scripts/base/frameworks/cluster/nodes/proxy.zeek similarity index 100% rename from scripts/base/frameworks/cluster/nodes/proxy.bro rename to scripts/base/frameworks/cluster/nodes/proxy.zeek diff --git a/scripts/base/frameworks/cluster/nodes/worker.bro b/scripts/base/frameworks/cluster/nodes/worker.zeek similarity index 100% rename from scripts/base/frameworks/cluster/nodes/worker.bro rename to scripts/base/frameworks/cluster/nodes/worker.zeek diff --git a/scripts/base/frameworks/cluster/pools.bro b/scripts/base/frameworks/cluster/pools.zeek similarity index 100% rename from scripts/base/frameworks/cluster/pools.bro rename to scripts/base/frameworks/cluster/pools.zeek diff --git a/scripts/base/frameworks/cluster/setup-connections.bro b/scripts/base/frameworks/cluster/setup-connections.zeek similarity index 100% rename from scripts/base/frameworks/cluster/setup-connections.bro rename to scripts/base/frameworks/cluster/setup-connections.zeek diff --git a/scripts/base/frameworks/config/__load__.bro b/scripts/base/frameworks/config/__load__.zeek similarity index 100% rename from scripts/base/frameworks/config/__load__.bro rename to scripts/base/frameworks/config/__load__.zeek diff --git a/scripts/base/frameworks/config/input.bro b/scripts/base/frameworks/config/input.zeek similarity index 100% rename from scripts/base/frameworks/config/input.bro rename to scripts/base/frameworks/config/input.zeek diff --git a/scripts/base/frameworks/config/main.bro b/scripts/base/frameworks/config/main.zeek similarity index 100% rename from scripts/base/frameworks/config/main.bro rename to scripts/base/frameworks/config/main.zeek diff --git a/scripts/base/frameworks/config/weird.bro b/scripts/base/frameworks/config/weird.zeek similarity index 100% rename from scripts/base/frameworks/config/weird.bro rename to scripts/base/frameworks/config/weird.zeek diff --git a/scripts/base/frameworks/control/__load__.bro b/scripts/base/frameworks/control/__load__.zeek similarity index 100% rename from scripts/base/frameworks/control/__load__.bro rename to scripts/base/frameworks/control/__load__.zeek diff --git a/scripts/base/frameworks/control/main.bro b/scripts/base/frameworks/control/main.zeek similarity index 100% rename from scripts/base/frameworks/control/main.bro rename to scripts/base/frameworks/control/main.zeek diff --git a/scripts/base/frameworks/dpd/__load__.bro b/scripts/base/frameworks/dpd/__load__.zeek similarity index 100% rename from scripts/base/frameworks/dpd/__load__.bro rename to scripts/base/frameworks/dpd/__load__.zeek diff --git a/scripts/base/frameworks/dpd/main.bro b/scripts/base/frameworks/dpd/main.zeek similarity index 100% rename from scripts/base/frameworks/dpd/main.bro rename to scripts/base/frameworks/dpd/main.zeek diff --git a/scripts/base/frameworks/files/__load__.bro b/scripts/base/frameworks/files/__load__.zeek similarity index 100% rename from scripts/base/frameworks/files/__load__.bro rename to scripts/base/frameworks/files/__load__.zeek diff --git a/scripts/base/frameworks/files/magic/__load__.bro b/scripts/base/frameworks/files/magic/__load__.zeek similarity index 100% rename from scripts/base/frameworks/files/magic/__load__.bro rename to scripts/base/frameworks/files/magic/__load__.zeek diff --git a/scripts/base/frameworks/files/main.bro b/scripts/base/frameworks/files/main.zeek similarity index 100% rename from scripts/base/frameworks/files/main.bro rename to scripts/base/frameworks/files/main.zeek diff --git a/scripts/base/frameworks/input/__load__.bro b/scripts/base/frameworks/input/__load__.zeek similarity index 100% rename from scripts/base/frameworks/input/__load__.bro rename to scripts/base/frameworks/input/__load__.zeek diff --git a/scripts/base/frameworks/input/main.bro b/scripts/base/frameworks/input/main.zeek similarity index 100% rename from scripts/base/frameworks/input/main.bro rename to scripts/base/frameworks/input/main.zeek diff --git a/scripts/base/frameworks/input/readers/ascii.bro b/scripts/base/frameworks/input/readers/ascii.zeek similarity index 100% rename from scripts/base/frameworks/input/readers/ascii.bro rename to scripts/base/frameworks/input/readers/ascii.zeek diff --git a/scripts/base/frameworks/input/readers/benchmark.bro b/scripts/base/frameworks/input/readers/benchmark.zeek similarity index 100% rename from scripts/base/frameworks/input/readers/benchmark.bro rename to scripts/base/frameworks/input/readers/benchmark.zeek diff --git a/scripts/base/frameworks/input/readers/binary.bro b/scripts/base/frameworks/input/readers/binary.zeek similarity index 100% rename from scripts/base/frameworks/input/readers/binary.bro rename to scripts/base/frameworks/input/readers/binary.zeek diff --git a/scripts/base/frameworks/input/readers/config.bro b/scripts/base/frameworks/input/readers/config.zeek similarity index 100% rename from scripts/base/frameworks/input/readers/config.bro rename to scripts/base/frameworks/input/readers/config.zeek diff --git a/scripts/base/frameworks/input/readers/raw.bro b/scripts/base/frameworks/input/readers/raw.zeek similarity index 100% rename from scripts/base/frameworks/input/readers/raw.bro rename to scripts/base/frameworks/input/readers/raw.zeek diff --git a/scripts/base/frameworks/input/readers/sqlite.bro b/scripts/base/frameworks/input/readers/sqlite.zeek similarity index 100% rename from scripts/base/frameworks/input/readers/sqlite.bro rename to scripts/base/frameworks/input/readers/sqlite.zeek diff --git a/scripts/base/frameworks/intel/__load__.bro b/scripts/base/frameworks/intel/__load__.zeek similarity index 100% rename from scripts/base/frameworks/intel/__load__.bro rename to scripts/base/frameworks/intel/__load__.zeek diff --git a/scripts/base/frameworks/intel/cluster.bro b/scripts/base/frameworks/intel/cluster.zeek similarity index 100% rename from scripts/base/frameworks/intel/cluster.bro rename to scripts/base/frameworks/intel/cluster.zeek diff --git a/scripts/base/frameworks/intel/files.bro b/scripts/base/frameworks/intel/files.zeek similarity index 100% rename from scripts/base/frameworks/intel/files.bro rename to scripts/base/frameworks/intel/files.zeek diff --git a/scripts/base/frameworks/intel/input.bro b/scripts/base/frameworks/intel/input.zeek similarity index 100% rename from scripts/base/frameworks/intel/input.bro rename to scripts/base/frameworks/intel/input.zeek diff --git a/scripts/base/frameworks/intel/main.bro b/scripts/base/frameworks/intel/main.zeek similarity index 100% rename from scripts/base/frameworks/intel/main.bro rename to scripts/base/frameworks/intel/main.zeek diff --git a/scripts/base/frameworks/logging/__load__.bro b/scripts/base/frameworks/logging/__load__.zeek similarity index 100% rename from scripts/base/frameworks/logging/__load__.bro rename to scripts/base/frameworks/logging/__load__.zeek diff --git a/scripts/base/frameworks/logging/main.bro b/scripts/base/frameworks/logging/main.zeek similarity index 100% rename from scripts/base/frameworks/logging/main.bro rename to scripts/base/frameworks/logging/main.zeek diff --git a/scripts/base/frameworks/logging/postprocessors/__load__.bro b/scripts/base/frameworks/logging/postprocessors/__load__.zeek similarity index 100% rename from scripts/base/frameworks/logging/postprocessors/__load__.bro rename to scripts/base/frameworks/logging/postprocessors/__load__.zeek diff --git a/scripts/base/frameworks/logging/postprocessors/scp.bro b/scripts/base/frameworks/logging/postprocessors/scp.zeek similarity index 100% rename from scripts/base/frameworks/logging/postprocessors/scp.bro rename to scripts/base/frameworks/logging/postprocessors/scp.zeek diff --git a/scripts/base/frameworks/logging/postprocessors/sftp.bro b/scripts/base/frameworks/logging/postprocessors/sftp.zeek similarity index 100% rename from scripts/base/frameworks/logging/postprocessors/sftp.bro rename to scripts/base/frameworks/logging/postprocessors/sftp.zeek diff --git a/scripts/base/frameworks/logging/writers/ascii.bro b/scripts/base/frameworks/logging/writers/ascii.zeek similarity index 100% rename from scripts/base/frameworks/logging/writers/ascii.bro rename to scripts/base/frameworks/logging/writers/ascii.zeek diff --git a/scripts/base/frameworks/logging/writers/none.bro b/scripts/base/frameworks/logging/writers/none.zeek similarity index 100% rename from scripts/base/frameworks/logging/writers/none.bro rename to scripts/base/frameworks/logging/writers/none.zeek diff --git a/scripts/base/frameworks/logging/writers/sqlite.bro b/scripts/base/frameworks/logging/writers/sqlite.zeek similarity index 100% rename from scripts/base/frameworks/logging/writers/sqlite.bro rename to scripts/base/frameworks/logging/writers/sqlite.zeek diff --git a/scripts/base/frameworks/netcontrol/__load__.bro b/scripts/base/frameworks/netcontrol/__load__.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/__load__.bro rename to scripts/base/frameworks/netcontrol/__load__.zeek diff --git a/scripts/base/frameworks/netcontrol/catch-and-release.bro b/scripts/base/frameworks/netcontrol/catch-and-release.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/catch-and-release.bro rename to scripts/base/frameworks/netcontrol/catch-and-release.zeek diff --git a/scripts/base/frameworks/netcontrol/cluster.bro b/scripts/base/frameworks/netcontrol/cluster.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/cluster.bro rename to scripts/base/frameworks/netcontrol/cluster.zeek diff --git a/scripts/base/frameworks/netcontrol/drop.bro b/scripts/base/frameworks/netcontrol/drop.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/drop.bro rename to scripts/base/frameworks/netcontrol/drop.zeek diff --git a/scripts/base/frameworks/netcontrol/main.bro b/scripts/base/frameworks/netcontrol/main.zeek similarity index 99% rename from scripts/base/frameworks/netcontrol/main.bro rename to scripts/base/frameworks/netcontrol/main.zeek index a9418508af..110a0488dd 100644 --- a/scripts/base/frameworks/netcontrol/main.bro +++ b/scripts/base/frameworks/netcontrol/main.zeek @@ -43,8 +43,8 @@ export { # ### High-level API. # ### - # ### Note - other high level primitives are in catch-and-release.bro, shunt.bro and - # ### drop.bro + # ### Note - other high level primitives are in catch-and-release.zeek, + # ### shunt.zeek and drop.zeek ## Allows all traffic involving a specific IP address to be forwarded. ## diff --git a/scripts/base/frameworks/netcontrol/non-cluster.bro b/scripts/base/frameworks/netcontrol/non-cluster.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/non-cluster.bro rename to scripts/base/frameworks/netcontrol/non-cluster.zeek diff --git a/scripts/base/frameworks/netcontrol/plugin.bro b/scripts/base/frameworks/netcontrol/plugin.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/plugin.bro rename to scripts/base/frameworks/netcontrol/plugin.zeek diff --git a/scripts/base/frameworks/netcontrol/plugins/__load__.bro b/scripts/base/frameworks/netcontrol/plugins/__load__.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/plugins/__load__.bro rename to scripts/base/frameworks/netcontrol/plugins/__load__.zeek diff --git a/scripts/base/frameworks/netcontrol/plugins/acld.bro b/scripts/base/frameworks/netcontrol/plugins/acld.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/plugins/acld.bro rename to scripts/base/frameworks/netcontrol/plugins/acld.zeek diff --git a/scripts/base/frameworks/netcontrol/plugins/broker.bro b/scripts/base/frameworks/netcontrol/plugins/broker.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/plugins/broker.bro rename to scripts/base/frameworks/netcontrol/plugins/broker.zeek diff --git a/scripts/base/frameworks/netcontrol/plugins/debug.bro b/scripts/base/frameworks/netcontrol/plugins/debug.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/plugins/debug.bro rename to scripts/base/frameworks/netcontrol/plugins/debug.zeek diff --git a/scripts/base/frameworks/netcontrol/plugins/openflow.bro b/scripts/base/frameworks/netcontrol/plugins/openflow.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/plugins/openflow.bro rename to scripts/base/frameworks/netcontrol/plugins/openflow.zeek diff --git a/scripts/base/frameworks/netcontrol/plugins/packetfilter.bro b/scripts/base/frameworks/netcontrol/plugins/packetfilter.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/plugins/packetfilter.bro rename to scripts/base/frameworks/netcontrol/plugins/packetfilter.zeek diff --git a/scripts/base/frameworks/netcontrol/shunt.bro b/scripts/base/frameworks/netcontrol/shunt.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/shunt.bro rename to scripts/base/frameworks/netcontrol/shunt.zeek diff --git a/scripts/base/frameworks/netcontrol/types.bro b/scripts/base/frameworks/netcontrol/types.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/types.bro rename to scripts/base/frameworks/netcontrol/types.zeek diff --git a/scripts/base/frameworks/notice/__load__.bro b/scripts/base/frameworks/notice/__load__.zeek similarity index 100% rename from scripts/base/frameworks/notice/__load__.bro rename to scripts/base/frameworks/notice/__load__.zeek diff --git a/scripts/base/frameworks/notice/actions/add-geodata.bro b/scripts/base/frameworks/notice/actions/add-geodata.zeek similarity index 100% rename from scripts/base/frameworks/notice/actions/add-geodata.bro rename to scripts/base/frameworks/notice/actions/add-geodata.zeek diff --git a/scripts/base/frameworks/notice/actions/drop.bro b/scripts/base/frameworks/notice/actions/drop.zeek similarity index 100% rename from scripts/base/frameworks/notice/actions/drop.bro rename to scripts/base/frameworks/notice/actions/drop.zeek diff --git a/scripts/base/frameworks/notice/actions/email_admin.bro b/scripts/base/frameworks/notice/actions/email_admin.zeek similarity index 100% rename from scripts/base/frameworks/notice/actions/email_admin.bro rename to scripts/base/frameworks/notice/actions/email_admin.zeek diff --git a/scripts/base/frameworks/notice/actions/page.bro b/scripts/base/frameworks/notice/actions/page.zeek similarity index 100% rename from scripts/base/frameworks/notice/actions/page.bro rename to scripts/base/frameworks/notice/actions/page.zeek diff --git a/scripts/base/frameworks/notice/actions/pp-alarms.bro b/scripts/base/frameworks/notice/actions/pp-alarms.zeek similarity index 100% rename from scripts/base/frameworks/notice/actions/pp-alarms.bro rename to scripts/base/frameworks/notice/actions/pp-alarms.zeek diff --git a/scripts/base/frameworks/notice/main.bro b/scripts/base/frameworks/notice/main.zeek similarity index 100% rename from scripts/base/frameworks/notice/main.bro rename to scripts/base/frameworks/notice/main.zeek diff --git a/scripts/base/frameworks/notice/weird.bro b/scripts/base/frameworks/notice/weird.zeek similarity index 100% rename from scripts/base/frameworks/notice/weird.bro rename to scripts/base/frameworks/notice/weird.zeek diff --git a/scripts/base/frameworks/openflow/__load__.bro b/scripts/base/frameworks/openflow/__load__.zeek similarity index 100% rename from scripts/base/frameworks/openflow/__load__.bro rename to scripts/base/frameworks/openflow/__load__.zeek diff --git a/scripts/base/frameworks/openflow/cluster.bro b/scripts/base/frameworks/openflow/cluster.zeek similarity index 100% rename from scripts/base/frameworks/openflow/cluster.bro rename to scripts/base/frameworks/openflow/cluster.zeek diff --git a/scripts/base/frameworks/openflow/consts.bro b/scripts/base/frameworks/openflow/consts.zeek similarity index 100% rename from scripts/base/frameworks/openflow/consts.bro rename to scripts/base/frameworks/openflow/consts.zeek diff --git a/scripts/base/frameworks/openflow/main.bro b/scripts/base/frameworks/openflow/main.zeek similarity index 99% rename from scripts/base/frameworks/openflow/main.bro rename to scripts/base/frameworks/openflow/main.zeek index 5740e90056..ecddea7cb3 100644 --- a/scripts/base/frameworks/openflow/main.bro +++ b/scripts/base/frameworks/openflow/main.zeek @@ -251,7 +251,7 @@ function controller_init_done(controller: Controller) event OpenFlow::controller_activated(controller$state$_name, controller); } -# Functions that are called from cluster.bro and non-cluster.bro +# Functions that are called from cluster.zeek and non-cluster.zeek function register_controller_impl(tpe: OpenFlow::Plugin, name: string, controller: Controller) { diff --git a/scripts/base/frameworks/openflow/non-cluster.bro b/scripts/base/frameworks/openflow/non-cluster.zeek similarity index 100% rename from scripts/base/frameworks/openflow/non-cluster.bro rename to scripts/base/frameworks/openflow/non-cluster.zeek diff --git a/scripts/base/frameworks/openflow/plugins/__load__.bro b/scripts/base/frameworks/openflow/plugins/__load__.zeek similarity index 100% rename from scripts/base/frameworks/openflow/plugins/__load__.bro rename to scripts/base/frameworks/openflow/plugins/__load__.zeek diff --git a/scripts/base/frameworks/openflow/plugins/broker.bro b/scripts/base/frameworks/openflow/plugins/broker.zeek similarity index 100% rename from scripts/base/frameworks/openflow/plugins/broker.bro rename to scripts/base/frameworks/openflow/plugins/broker.zeek diff --git a/scripts/base/frameworks/openflow/plugins/log.bro b/scripts/base/frameworks/openflow/plugins/log.zeek similarity index 100% rename from scripts/base/frameworks/openflow/plugins/log.bro rename to scripts/base/frameworks/openflow/plugins/log.zeek diff --git a/scripts/base/frameworks/openflow/plugins/ryu.bro b/scripts/base/frameworks/openflow/plugins/ryu.zeek similarity index 100% rename from scripts/base/frameworks/openflow/plugins/ryu.bro rename to scripts/base/frameworks/openflow/plugins/ryu.zeek diff --git a/scripts/base/frameworks/openflow/types.bro b/scripts/base/frameworks/openflow/types.zeek similarity index 100% rename from scripts/base/frameworks/openflow/types.bro rename to scripts/base/frameworks/openflow/types.zeek diff --git a/scripts/base/frameworks/packet-filter/__load__.bro b/scripts/base/frameworks/packet-filter/__load__.zeek similarity index 100% rename from scripts/base/frameworks/packet-filter/__load__.bro rename to scripts/base/frameworks/packet-filter/__load__.zeek diff --git a/scripts/base/frameworks/packet-filter/cluster.bro b/scripts/base/frameworks/packet-filter/cluster.zeek similarity index 100% rename from scripts/base/frameworks/packet-filter/cluster.bro rename to scripts/base/frameworks/packet-filter/cluster.zeek diff --git a/scripts/base/frameworks/packet-filter/main.bro b/scripts/base/frameworks/packet-filter/main.zeek similarity index 100% rename from scripts/base/frameworks/packet-filter/main.bro rename to scripts/base/frameworks/packet-filter/main.zeek diff --git a/scripts/base/frameworks/packet-filter/netstats.bro b/scripts/base/frameworks/packet-filter/netstats.zeek similarity index 100% rename from scripts/base/frameworks/packet-filter/netstats.bro rename to scripts/base/frameworks/packet-filter/netstats.zeek diff --git a/scripts/base/frameworks/packet-filter/utils.bro b/scripts/base/frameworks/packet-filter/utils.zeek similarity index 100% rename from scripts/base/frameworks/packet-filter/utils.bro rename to scripts/base/frameworks/packet-filter/utils.zeek diff --git a/scripts/base/frameworks/reporter/__load__.bro b/scripts/base/frameworks/reporter/__load__.zeek similarity index 100% rename from scripts/base/frameworks/reporter/__load__.bro rename to scripts/base/frameworks/reporter/__load__.zeek diff --git a/scripts/base/frameworks/reporter/main.bro b/scripts/base/frameworks/reporter/main.zeek similarity index 99% rename from scripts/base/frameworks/reporter/main.bro rename to scripts/base/frameworks/reporter/main.zeek index 8cba29bdc2..ea97048049 100644 --- a/scripts/base/frameworks/reporter/main.bro +++ b/scripts/base/frameworks/reporter/main.zeek @@ -9,7 +9,7 @@ ##! Note that this framework deals with the handling of internally generated ##! reporter messages, for the interface ##! into actually creating reporter messages from the scripting layer, use -##! the built-in functions in :doc:`/scripts/base/bif/reporter.bif.bro`. +##! the built-in functions in :doc:`/scripts/base/bif/reporter.bif.zeek`. module Reporter; diff --git a/scripts/base/frameworks/signatures/__load__.bro b/scripts/base/frameworks/signatures/__load__.zeek similarity index 100% rename from scripts/base/frameworks/signatures/__load__.bro rename to scripts/base/frameworks/signatures/__load__.zeek diff --git a/scripts/base/frameworks/signatures/main.bro b/scripts/base/frameworks/signatures/main.zeek similarity index 100% rename from scripts/base/frameworks/signatures/main.bro rename to scripts/base/frameworks/signatures/main.zeek diff --git a/scripts/base/frameworks/software/__load__.bro b/scripts/base/frameworks/software/__load__.zeek similarity index 100% rename from scripts/base/frameworks/software/__load__.bro rename to scripts/base/frameworks/software/__load__.zeek diff --git a/scripts/base/frameworks/software/main.bro b/scripts/base/frameworks/software/main.zeek similarity index 100% rename from scripts/base/frameworks/software/main.bro rename to scripts/base/frameworks/software/main.zeek diff --git a/scripts/base/frameworks/sumstats/__load__.bro b/scripts/base/frameworks/sumstats/__load__.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/__load__.bro rename to scripts/base/frameworks/sumstats/__load__.zeek diff --git a/scripts/base/frameworks/sumstats/cluster.bro b/scripts/base/frameworks/sumstats/cluster.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/cluster.bro rename to scripts/base/frameworks/sumstats/cluster.zeek diff --git a/scripts/base/frameworks/sumstats/main.bro b/scripts/base/frameworks/sumstats/main.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/main.bro rename to scripts/base/frameworks/sumstats/main.zeek diff --git a/scripts/base/frameworks/sumstats/non-cluster.bro b/scripts/base/frameworks/sumstats/non-cluster.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/non-cluster.bro rename to scripts/base/frameworks/sumstats/non-cluster.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/__load__.bro b/scripts/base/frameworks/sumstats/plugins/__load__.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/__load__.bro rename to scripts/base/frameworks/sumstats/plugins/__load__.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/average.bro b/scripts/base/frameworks/sumstats/plugins/average.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/average.bro rename to scripts/base/frameworks/sumstats/plugins/average.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/hll_unique.bro b/scripts/base/frameworks/sumstats/plugins/hll_unique.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/hll_unique.bro rename to scripts/base/frameworks/sumstats/plugins/hll_unique.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/last.bro b/scripts/base/frameworks/sumstats/plugins/last.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/last.bro rename to scripts/base/frameworks/sumstats/plugins/last.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/max.bro b/scripts/base/frameworks/sumstats/plugins/max.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/max.bro rename to scripts/base/frameworks/sumstats/plugins/max.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/min.bro b/scripts/base/frameworks/sumstats/plugins/min.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/min.bro rename to scripts/base/frameworks/sumstats/plugins/min.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/sample.bro b/scripts/base/frameworks/sumstats/plugins/sample.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/sample.bro rename to scripts/base/frameworks/sumstats/plugins/sample.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/std-dev.bro b/scripts/base/frameworks/sumstats/plugins/std-dev.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/std-dev.bro rename to scripts/base/frameworks/sumstats/plugins/std-dev.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/sum.bro b/scripts/base/frameworks/sumstats/plugins/sum.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/sum.bro rename to scripts/base/frameworks/sumstats/plugins/sum.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/topk.bro b/scripts/base/frameworks/sumstats/plugins/topk.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/topk.bro rename to scripts/base/frameworks/sumstats/plugins/topk.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/unique.bro b/scripts/base/frameworks/sumstats/plugins/unique.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/unique.bro rename to scripts/base/frameworks/sumstats/plugins/unique.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/variance.bro b/scripts/base/frameworks/sumstats/plugins/variance.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/variance.bro rename to scripts/base/frameworks/sumstats/plugins/variance.zeek diff --git a/scripts/base/frameworks/tunnels/__load__.bro b/scripts/base/frameworks/tunnels/__load__.zeek similarity index 100% rename from scripts/base/frameworks/tunnels/__load__.bro rename to scripts/base/frameworks/tunnels/__load__.zeek diff --git a/scripts/base/frameworks/tunnels/main.bro b/scripts/base/frameworks/tunnels/main.zeek similarity index 100% rename from scripts/base/frameworks/tunnels/main.bro rename to scripts/base/frameworks/tunnels/main.zeek diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.zeek similarity index 99% rename from scripts/base/init-bare.bro rename to scripts/base/init-bare.zeek index 0c32cebcc5..3c1c6f98fb 100644 --- a/scripts/base/init-bare.bro +++ b/scripts/base/init-bare.zeek @@ -480,7 +480,7 @@ type NetStats: record { pkts_dropped: count &default=0; ##< Packets reported dropped by the system. ## Packets seen on the link. Note that this may differ ## from *pkts_recvd* because of a potential capture_filter. See - ## :doc:`/scripts/base/frameworks/packet-filter/main.bro`. Depending on the + ## :doc:`/scripts/base/frameworks/packet-filter/main.zeek`. Depending on the ## packet capture system, this value may not be available and will then ## be always set to zero. pkts_link: count &default=0; @@ -4629,13 +4629,13 @@ const log_max_size = 0.0 &redef; const log_encryption_key = "" &redef; ## Write profiling info into this file in regular intervals. The easiest way to -## activate profiling is loading :doc:`/scripts/policy/misc/profiling.bro`. +## activate profiling is loading :doc:`/scripts/policy/misc/profiling.zeek`. ## ## .. bro:see:: profiling_interval expensive_profiling_multiple segment_profiling global profiling_file: file &redef; ## Update interval for profiling (0 disables). The easiest way to activate -## profiling is loading :doc:`/scripts/policy/misc/profiling.bro`. +## profiling is loading :doc:`/scripts/policy/misc/profiling.zeek`. ## ## .. bro:see:: profiling_file expensive_profiling_multiple segment_profiling const profiling_interval = 0 secs &redef; diff --git a/scripts/base/init-default.bro b/scripts/base/init-default.zeek similarity index 98% rename from scripts/base/init-default.bro rename to scripts/base/init-default.zeek index 463f5c2942..6982b0b2f4 100644 --- a/scripts/base/init-default.bro +++ b/scripts/base/init-default.zeek @@ -25,7 +25,7 @@ @load base/utils/urls # This has some deep interplay between types and BiFs so it's -# loaded in base/init-bare.bro +# loaded in base/init-bare.zeek #@load base/frameworks/logging @load base/frameworks/notice @load base/frameworks/analyzer diff --git a/scripts/base/init-frameworks-and-bifs.bro b/scripts/base/init-frameworks-and-bifs.zeek similarity index 86% rename from scripts/base/init-frameworks-and-bifs.bro rename to scripts/base/init-frameworks-and-bifs.zeek index f772e2d223..19897e7ffb 100644 --- a/scripts/base/init-frameworks-and-bifs.bro +++ b/scripts/base/init-frameworks-and-bifs.zeek @@ -1,7 +1,7 @@ # Load these frameworks here because they use fairly deep integration with # BiFs and script-land defined types. They are also more likely to # make use of calling BIFs for variable initializations, and that -# can't be done until init-bare.bro has been loaded completely (hence +# can't be done until init-bare.zeek has been loaded completely (hence # the separate file). @load base/frameworks/logging @load base/frameworks/broker diff --git a/scripts/base/misc/find-checksum-offloading.bro b/scripts/base/misc/find-checksum-offloading.zeek similarity index 100% rename from scripts/base/misc/find-checksum-offloading.bro rename to scripts/base/misc/find-checksum-offloading.zeek diff --git a/scripts/base/misc/find-filtered-trace.bro b/scripts/base/misc/find-filtered-trace.zeek similarity index 100% rename from scripts/base/misc/find-filtered-trace.bro rename to scripts/base/misc/find-filtered-trace.zeek diff --git a/scripts/base/misc/version.bro b/scripts/base/misc/version.zeek similarity index 100% rename from scripts/base/misc/version.bro rename to scripts/base/misc/version.zeek diff --git a/scripts/base/protocols/conn/__load__.bro b/scripts/base/protocols/conn/__load__.zeek similarity index 100% rename from scripts/base/protocols/conn/__load__.bro rename to scripts/base/protocols/conn/__load__.zeek diff --git a/scripts/base/protocols/conn/contents.bro b/scripts/base/protocols/conn/contents.zeek similarity index 100% rename from scripts/base/protocols/conn/contents.bro rename to scripts/base/protocols/conn/contents.zeek diff --git a/scripts/base/protocols/conn/inactivity.bro b/scripts/base/protocols/conn/inactivity.zeek similarity index 100% rename from scripts/base/protocols/conn/inactivity.bro rename to scripts/base/protocols/conn/inactivity.zeek diff --git a/scripts/base/protocols/conn/main.bro b/scripts/base/protocols/conn/main.zeek similarity index 100% rename from scripts/base/protocols/conn/main.bro rename to scripts/base/protocols/conn/main.zeek diff --git a/scripts/base/protocols/conn/polling.bro b/scripts/base/protocols/conn/polling.zeek similarity index 100% rename from scripts/base/protocols/conn/polling.bro rename to scripts/base/protocols/conn/polling.zeek diff --git a/scripts/base/protocols/conn/thresholds.bro b/scripts/base/protocols/conn/thresholds.zeek similarity index 100% rename from scripts/base/protocols/conn/thresholds.bro rename to scripts/base/protocols/conn/thresholds.zeek diff --git a/scripts/base/protocols/dce-rpc/__load__.bro b/scripts/base/protocols/dce-rpc/__load__.zeek similarity index 100% rename from scripts/base/protocols/dce-rpc/__load__.bro rename to scripts/base/protocols/dce-rpc/__load__.zeek diff --git a/scripts/base/protocols/dce-rpc/consts.bro b/scripts/base/protocols/dce-rpc/consts.zeek similarity index 100% rename from scripts/base/protocols/dce-rpc/consts.bro rename to scripts/base/protocols/dce-rpc/consts.zeek diff --git a/scripts/base/protocols/dce-rpc/main.bro b/scripts/base/protocols/dce-rpc/main.zeek similarity index 100% rename from scripts/base/protocols/dce-rpc/main.bro rename to scripts/base/protocols/dce-rpc/main.zeek diff --git a/scripts/base/protocols/dhcp/__load__.bro b/scripts/base/protocols/dhcp/__load__.zeek similarity index 100% rename from scripts/base/protocols/dhcp/__load__.bro rename to scripts/base/protocols/dhcp/__load__.zeek diff --git a/scripts/base/protocols/dhcp/consts.bro b/scripts/base/protocols/dhcp/consts.zeek similarity index 100% rename from scripts/base/protocols/dhcp/consts.bro rename to scripts/base/protocols/dhcp/consts.zeek diff --git a/scripts/base/protocols/dhcp/main.bro b/scripts/base/protocols/dhcp/main.zeek similarity index 100% rename from scripts/base/protocols/dhcp/main.bro rename to scripts/base/protocols/dhcp/main.zeek diff --git a/scripts/base/protocols/dnp3/__load__.bro b/scripts/base/protocols/dnp3/__load__.zeek similarity index 100% rename from scripts/base/protocols/dnp3/__load__.bro rename to scripts/base/protocols/dnp3/__load__.zeek diff --git a/scripts/base/protocols/dnp3/consts.bro b/scripts/base/protocols/dnp3/consts.zeek similarity index 100% rename from scripts/base/protocols/dnp3/consts.bro rename to scripts/base/protocols/dnp3/consts.zeek diff --git a/scripts/base/protocols/dnp3/main.bro b/scripts/base/protocols/dnp3/main.zeek similarity index 100% rename from scripts/base/protocols/dnp3/main.bro rename to scripts/base/protocols/dnp3/main.zeek diff --git a/scripts/base/protocols/dns/__load__.bro b/scripts/base/protocols/dns/__load__.zeek similarity index 100% rename from scripts/base/protocols/dns/__load__.bro rename to scripts/base/protocols/dns/__load__.zeek diff --git a/scripts/base/protocols/dns/consts.bro b/scripts/base/protocols/dns/consts.zeek similarity index 100% rename from scripts/base/protocols/dns/consts.bro rename to scripts/base/protocols/dns/consts.zeek diff --git a/scripts/base/protocols/dns/main.bro b/scripts/base/protocols/dns/main.zeek similarity index 100% rename from scripts/base/protocols/dns/main.bro rename to scripts/base/protocols/dns/main.zeek diff --git a/scripts/base/protocols/ftp/__load__.bro b/scripts/base/protocols/ftp/__load__.zeek similarity index 100% rename from scripts/base/protocols/ftp/__load__.bro rename to scripts/base/protocols/ftp/__load__.zeek diff --git a/scripts/base/protocols/ftp/files.bro b/scripts/base/protocols/ftp/files.zeek similarity index 100% rename from scripts/base/protocols/ftp/files.bro rename to scripts/base/protocols/ftp/files.zeek diff --git a/scripts/base/protocols/ftp/gridftp.bro b/scripts/base/protocols/ftp/gridftp.zeek similarity index 100% rename from scripts/base/protocols/ftp/gridftp.bro rename to scripts/base/protocols/ftp/gridftp.zeek diff --git a/scripts/base/protocols/ftp/info.bro b/scripts/base/protocols/ftp/info.zeek similarity index 100% rename from scripts/base/protocols/ftp/info.bro rename to scripts/base/protocols/ftp/info.zeek diff --git a/scripts/base/protocols/ftp/main.bro b/scripts/base/protocols/ftp/main.zeek similarity index 100% rename from scripts/base/protocols/ftp/main.bro rename to scripts/base/protocols/ftp/main.zeek diff --git a/scripts/base/protocols/ftp/utils-commands.bro b/scripts/base/protocols/ftp/utils-commands.zeek similarity index 100% rename from scripts/base/protocols/ftp/utils-commands.bro rename to scripts/base/protocols/ftp/utils-commands.zeek diff --git a/scripts/base/protocols/ftp/utils.bro b/scripts/base/protocols/ftp/utils.zeek similarity index 100% rename from scripts/base/protocols/ftp/utils.bro rename to scripts/base/protocols/ftp/utils.zeek diff --git a/scripts/base/protocols/http/__load__.bro b/scripts/base/protocols/http/__load__.zeek similarity index 100% rename from scripts/base/protocols/http/__load__.bro rename to scripts/base/protocols/http/__load__.zeek diff --git a/scripts/base/protocols/http/entities.bro b/scripts/base/protocols/http/entities.zeek similarity index 100% rename from scripts/base/protocols/http/entities.bro rename to scripts/base/protocols/http/entities.zeek diff --git a/scripts/base/protocols/http/files.bro b/scripts/base/protocols/http/files.zeek similarity index 100% rename from scripts/base/protocols/http/files.bro rename to scripts/base/protocols/http/files.zeek diff --git a/scripts/base/protocols/http/main.bro b/scripts/base/protocols/http/main.zeek similarity index 100% rename from scripts/base/protocols/http/main.bro rename to scripts/base/protocols/http/main.zeek diff --git a/scripts/base/protocols/http/utils.bro b/scripts/base/protocols/http/utils.zeek similarity index 100% rename from scripts/base/protocols/http/utils.bro rename to scripts/base/protocols/http/utils.zeek diff --git a/scripts/base/protocols/imap/__load__.bro b/scripts/base/protocols/imap/__load__.zeek similarity index 100% rename from scripts/base/protocols/imap/__load__.bro rename to scripts/base/protocols/imap/__load__.zeek diff --git a/scripts/base/protocols/imap/main.bro b/scripts/base/protocols/imap/main.zeek similarity index 100% rename from scripts/base/protocols/imap/main.bro rename to scripts/base/protocols/imap/main.zeek diff --git a/scripts/base/protocols/irc/__load__.bro b/scripts/base/protocols/irc/__load__.zeek similarity index 100% rename from scripts/base/protocols/irc/__load__.bro rename to scripts/base/protocols/irc/__load__.zeek diff --git a/scripts/base/protocols/irc/dcc-send.bro b/scripts/base/protocols/irc/dcc-send.zeek similarity index 100% rename from scripts/base/protocols/irc/dcc-send.bro rename to scripts/base/protocols/irc/dcc-send.zeek diff --git a/scripts/base/protocols/irc/files.bro b/scripts/base/protocols/irc/files.zeek similarity index 100% rename from scripts/base/protocols/irc/files.bro rename to scripts/base/protocols/irc/files.zeek diff --git a/scripts/base/protocols/irc/main.bro b/scripts/base/protocols/irc/main.zeek similarity index 100% rename from scripts/base/protocols/irc/main.bro rename to scripts/base/protocols/irc/main.zeek diff --git a/scripts/base/protocols/krb/__load__.bro b/scripts/base/protocols/krb/__load__.zeek similarity index 100% rename from scripts/base/protocols/krb/__load__.bro rename to scripts/base/protocols/krb/__load__.zeek diff --git a/scripts/base/protocols/krb/consts.bro b/scripts/base/protocols/krb/consts.zeek similarity index 100% rename from scripts/base/protocols/krb/consts.bro rename to scripts/base/protocols/krb/consts.zeek diff --git a/scripts/base/protocols/krb/files.bro b/scripts/base/protocols/krb/files.zeek similarity index 100% rename from scripts/base/protocols/krb/files.bro rename to scripts/base/protocols/krb/files.zeek diff --git a/scripts/base/protocols/krb/main.bro b/scripts/base/protocols/krb/main.zeek similarity index 100% rename from scripts/base/protocols/krb/main.bro rename to scripts/base/protocols/krb/main.zeek diff --git a/scripts/base/protocols/modbus/__load__.bro b/scripts/base/protocols/modbus/__load__.zeek similarity index 100% rename from scripts/base/protocols/modbus/__load__.bro rename to scripts/base/protocols/modbus/__load__.zeek diff --git a/scripts/base/protocols/modbus/consts.bro b/scripts/base/protocols/modbus/consts.zeek similarity index 100% rename from scripts/base/protocols/modbus/consts.bro rename to scripts/base/protocols/modbus/consts.zeek diff --git a/scripts/base/protocols/modbus/main.bro b/scripts/base/protocols/modbus/main.zeek similarity index 100% rename from scripts/base/protocols/modbus/main.bro rename to scripts/base/protocols/modbus/main.zeek diff --git a/scripts/base/protocols/mysql/__load__.bro b/scripts/base/protocols/mysql/__load__.zeek similarity index 100% rename from scripts/base/protocols/mysql/__load__.bro rename to scripts/base/protocols/mysql/__load__.zeek diff --git a/scripts/base/protocols/mysql/consts.bro b/scripts/base/protocols/mysql/consts.zeek similarity index 100% rename from scripts/base/protocols/mysql/consts.bro rename to scripts/base/protocols/mysql/consts.zeek diff --git a/scripts/base/protocols/mysql/main.bro b/scripts/base/protocols/mysql/main.zeek similarity index 100% rename from scripts/base/protocols/mysql/main.bro rename to scripts/base/protocols/mysql/main.zeek diff --git a/scripts/base/protocols/ntlm/__load__.bro b/scripts/base/protocols/ntlm/__load__.zeek similarity index 100% rename from scripts/base/protocols/ntlm/__load__.bro rename to scripts/base/protocols/ntlm/__load__.zeek diff --git a/scripts/base/protocols/ntlm/main.bro b/scripts/base/protocols/ntlm/main.zeek similarity index 100% rename from scripts/base/protocols/ntlm/main.bro rename to scripts/base/protocols/ntlm/main.zeek diff --git a/scripts/base/protocols/pop3/__load__.bro b/scripts/base/protocols/pop3/__load__.zeek similarity index 100% rename from scripts/base/protocols/pop3/__load__.bro rename to scripts/base/protocols/pop3/__load__.zeek diff --git a/scripts/base/protocols/radius/__load__.bro b/scripts/base/protocols/radius/__load__.zeek similarity index 100% rename from scripts/base/protocols/radius/__load__.bro rename to scripts/base/protocols/radius/__load__.zeek diff --git a/scripts/base/protocols/radius/consts.bro b/scripts/base/protocols/radius/consts.zeek similarity index 100% rename from scripts/base/protocols/radius/consts.bro rename to scripts/base/protocols/radius/consts.zeek diff --git a/scripts/base/protocols/radius/main.bro b/scripts/base/protocols/radius/main.zeek similarity index 100% rename from scripts/base/protocols/radius/main.bro rename to scripts/base/protocols/radius/main.zeek diff --git a/scripts/base/protocols/rdp/__load__.bro b/scripts/base/protocols/rdp/__load__.zeek similarity index 100% rename from scripts/base/protocols/rdp/__load__.bro rename to scripts/base/protocols/rdp/__load__.zeek diff --git a/scripts/base/protocols/rdp/consts.bro b/scripts/base/protocols/rdp/consts.zeek similarity index 100% rename from scripts/base/protocols/rdp/consts.bro rename to scripts/base/protocols/rdp/consts.zeek diff --git a/scripts/base/protocols/rdp/main.bro b/scripts/base/protocols/rdp/main.zeek similarity index 100% rename from scripts/base/protocols/rdp/main.bro rename to scripts/base/protocols/rdp/main.zeek diff --git a/scripts/base/protocols/rfb/__load__.bro b/scripts/base/protocols/rfb/__load__.zeek similarity index 100% rename from scripts/base/protocols/rfb/__load__.bro rename to scripts/base/protocols/rfb/__load__.zeek diff --git a/scripts/base/protocols/rfb/main.bro b/scripts/base/protocols/rfb/main.zeek similarity index 100% rename from scripts/base/protocols/rfb/main.bro rename to scripts/base/protocols/rfb/main.zeek diff --git a/scripts/base/protocols/sip/__load__.bro b/scripts/base/protocols/sip/__load__.zeek similarity index 100% rename from scripts/base/protocols/sip/__load__.bro rename to scripts/base/protocols/sip/__load__.zeek diff --git a/scripts/base/protocols/sip/main.bro b/scripts/base/protocols/sip/main.zeek similarity index 100% rename from scripts/base/protocols/sip/main.bro rename to scripts/base/protocols/sip/main.zeek diff --git a/scripts/base/protocols/smb/__load__.bro b/scripts/base/protocols/smb/__load__.zeek similarity index 100% rename from scripts/base/protocols/smb/__load__.bro rename to scripts/base/protocols/smb/__load__.zeek diff --git a/scripts/base/protocols/smb/const-dos-error.bro b/scripts/base/protocols/smb/const-dos-error.zeek similarity index 100% rename from scripts/base/protocols/smb/const-dos-error.bro rename to scripts/base/protocols/smb/const-dos-error.zeek diff --git a/scripts/base/protocols/smb/const-nt-status.bro b/scripts/base/protocols/smb/const-nt-status.zeek similarity index 100% rename from scripts/base/protocols/smb/const-nt-status.bro rename to scripts/base/protocols/smb/const-nt-status.zeek diff --git a/scripts/base/protocols/smb/consts.bro b/scripts/base/protocols/smb/consts.zeek similarity index 99% rename from scripts/base/protocols/smb/consts.bro rename to scripts/base/protocols/smb/consts.zeek index f36d029be9..32a03dd17d 100644 --- a/scripts/base/protocols/smb/consts.bro +++ b/scripts/base/protocols/smb/consts.zeek @@ -12,7 +12,7 @@ export { ## Heuristic detection of named pipes when the pipe ## mapping isn't seen. This variable is defined in - ## init-bare.bro. + ## init-bare.zeek. redef SMB::pipe_filenames = { "spoolss", "winreg", diff --git a/scripts/base/protocols/smb/files.bro b/scripts/base/protocols/smb/files.zeek similarity index 100% rename from scripts/base/protocols/smb/files.bro rename to scripts/base/protocols/smb/files.zeek diff --git a/scripts/base/protocols/smb/main.bro b/scripts/base/protocols/smb/main.zeek similarity index 100% rename from scripts/base/protocols/smb/main.bro rename to scripts/base/protocols/smb/main.zeek diff --git a/scripts/base/protocols/smb/smb1-main.bro b/scripts/base/protocols/smb/smb1-main.zeek similarity index 100% rename from scripts/base/protocols/smb/smb1-main.bro rename to scripts/base/protocols/smb/smb1-main.zeek diff --git a/scripts/base/protocols/smb/smb2-main.bro b/scripts/base/protocols/smb/smb2-main.zeek similarity index 100% rename from scripts/base/protocols/smb/smb2-main.bro rename to scripts/base/protocols/smb/smb2-main.zeek diff --git a/scripts/base/protocols/smtp/__load__.bro b/scripts/base/protocols/smtp/__load__.zeek similarity index 100% rename from scripts/base/protocols/smtp/__load__.bro rename to scripts/base/protocols/smtp/__load__.zeek diff --git a/scripts/base/protocols/smtp/entities.bro b/scripts/base/protocols/smtp/entities.zeek similarity index 100% rename from scripts/base/protocols/smtp/entities.bro rename to scripts/base/protocols/smtp/entities.zeek diff --git a/scripts/base/protocols/smtp/files.bro b/scripts/base/protocols/smtp/files.zeek similarity index 100% rename from scripts/base/protocols/smtp/files.bro rename to scripts/base/protocols/smtp/files.zeek diff --git a/scripts/base/protocols/smtp/main.bro b/scripts/base/protocols/smtp/main.zeek similarity index 100% rename from scripts/base/protocols/smtp/main.bro rename to scripts/base/protocols/smtp/main.zeek diff --git a/scripts/base/protocols/snmp/__load__.bro b/scripts/base/protocols/snmp/__load__.zeek similarity index 100% rename from scripts/base/protocols/snmp/__load__.bro rename to scripts/base/protocols/snmp/__load__.zeek diff --git a/scripts/base/protocols/snmp/main.bro b/scripts/base/protocols/snmp/main.zeek similarity index 100% rename from scripts/base/protocols/snmp/main.bro rename to scripts/base/protocols/snmp/main.zeek diff --git a/scripts/base/protocols/socks/__load__.bro b/scripts/base/protocols/socks/__load__.zeek similarity index 100% rename from scripts/base/protocols/socks/__load__.bro rename to scripts/base/protocols/socks/__load__.zeek diff --git a/scripts/base/protocols/socks/consts.bro b/scripts/base/protocols/socks/consts.zeek similarity index 100% rename from scripts/base/protocols/socks/consts.bro rename to scripts/base/protocols/socks/consts.zeek diff --git a/scripts/base/protocols/socks/main.bro b/scripts/base/protocols/socks/main.zeek similarity index 100% rename from scripts/base/protocols/socks/main.bro rename to scripts/base/protocols/socks/main.zeek diff --git a/scripts/base/protocols/ssh/__load__.bro b/scripts/base/protocols/ssh/__load__.zeek similarity index 100% rename from scripts/base/protocols/ssh/__load__.bro rename to scripts/base/protocols/ssh/__load__.zeek diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.zeek similarity index 100% rename from scripts/base/protocols/ssh/main.bro rename to scripts/base/protocols/ssh/main.zeek diff --git a/scripts/base/protocols/ssl/__load__.bro b/scripts/base/protocols/ssl/__load__.zeek similarity index 100% rename from scripts/base/protocols/ssl/__load__.bro rename to scripts/base/protocols/ssl/__load__.zeek diff --git a/scripts/base/protocols/ssl/consts.bro b/scripts/base/protocols/ssl/consts.zeek similarity index 100% rename from scripts/base/protocols/ssl/consts.bro rename to scripts/base/protocols/ssl/consts.zeek diff --git a/scripts/base/protocols/ssl/ct-list.bro b/scripts/base/protocols/ssl/ct-list.zeek similarity index 100% rename from scripts/base/protocols/ssl/ct-list.bro rename to scripts/base/protocols/ssl/ct-list.zeek diff --git a/scripts/base/protocols/ssl/files.bro b/scripts/base/protocols/ssl/files.zeek similarity index 100% rename from scripts/base/protocols/ssl/files.bro rename to scripts/base/protocols/ssl/files.zeek diff --git a/scripts/base/protocols/ssl/main.bro b/scripts/base/protocols/ssl/main.zeek similarity index 99% rename from scripts/base/protocols/ssl/main.bro rename to scripts/base/protocols/ssl/main.zeek index 8abb6e1d3f..73a8639891 100644 --- a/scripts/base/protocols/ssl/main.bro +++ b/scripts/base/protocols/ssl/main.zeek @@ -69,7 +69,7 @@ export { logged: bool &default=F; }; - ## The default root CA bundle. By default, the mozilla-ca-list.bro + ## The default root CA bundle. By default, the mozilla-ca-list.zeek ## script sets this to Mozilla's root CA list. const root_certs: table[string] of string = {} &redef; @@ -88,7 +88,7 @@ export { url: string; }; - ## The Certificate Transparency log bundle. By default, the ct-list.bro + ## The Certificate Transparency log bundle. By default, the ct-list.zeek ## script sets this to the current list of known logs. Entries ## are indexed by (binary) log-id. option ct_logs: table[string] of CTInfo = {}; diff --git a/scripts/base/protocols/ssl/mozilla-ca-list.bro b/scripts/base/protocols/ssl/mozilla-ca-list.zeek similarity index 100% rename from scripts/base/protocols/ssl/mozilla-ca-list.bro rename to scripts/base/protocols/ssl/mozilla-ca-list.zeek diff --git a/scripts/base/protocols/syslog/__load__.bro b/scripts/base/protocols/syslog/__load__.zeek similarity index 100% rename from scripts/base/protocols/syslog/__load__.bro rename to scripts/base/protocols/syslog/__load__.zeek diff --git a/scripts/base/protocols/syslog/consts.bro b/scripts/base/protocols/syslog/consts.zeek similarity index 100% rename from scripts/base/protocols/syslog/consts.bro rename to scripts/base/protocols/syslog/consts.zeek diff --git a/scripts/base/protocols/syslog/main.bro b/scripts/base/protocols/syslog/main.zeek similarity index 100% rename from scripts/base/protocols/syslog/main.bro rename to scripts/base/protocols/syslog/main.zeek diff --git a/scripts/base/protocols/tunnels/__load__.bro b/scripts/base/protocols/tunnels/__load__.zeek similarity index 100% rename from scripts/base/protocols/tunnels/__load__.bro rename to scripts/base/protocols/tunnels/__load__.zeek diff --git a/scripts/base/protocols/xmpp/__load__.bro b/scripts/base/protocols/xmpp/__load__.zeek similarity index 100% rename from scripts/base/protocols/xmpp/__load__.bro rename to scripts/base/protocols/xmpp/__load__.zeek diff --git a/scripts/base/protocols/xmpp/main.bro b/scripts/base/protocols/xmpp/main.zeek similarity index 100% rename from scripts/base/protocols/xmpp/main.bro rename to scripts/base/protocols/xmpp/main.zeek diff --git a/scripts/base/utils/active-http.bro b/scripts/base/utils/active-http.zeek similarity index 100% rename from scripts/base/utils/active-http.bro rename to scripts/base/utils/active-http.zeek diff --git a/scripts/base/utils/addrs.bro b/scripts/base/utils/addrs.zeek similarity index 100% rename from scripts/base/utils/addrs.bro rename to scripts/base/utils/addrs.zeek diff --git a/scripts/base/utils/conn-ids.bro b/scripts/base/utils/conn-ids.zeek similarity index 100% rename from scripts/base/utils/conn-ids.bro rename to scripts/base/utils/conn-ids.zeek diff --git a/scripts/base/utils/dir.bro b/scripts/base/utils/dir.zeek similarity index 100% rename from scripts/base/utils/dir.bro rename to scripts/base/utils/dir.zeek diff --git a/scripts/base/utils/directions-and-hosts.bro b/scripts/base/utils/directions-and-hosts.zeek similarity index 100% rename from scripts/base/utils/directions-and-hosts.bro rename to scripts/base/utils/directions-and-hosts.zeek diff --git a/scripts/base/utils/email.bro b/scripts/base/utils/email.zeek similarity index 100% rename from scripts/base/utils/email.bro rename to scripts/base/utils/email.zeek diff --git a/scripts/base/utils/exec.bro b/scripts/base/utils/exec.zeek similarity index 100% rename from scripts/base/utils/exec.bro rename to scripts/base/utils/exec.zeek diff --git a/scripts/base/utils/files.bro b/scripts/base/utils/files.zeek similarity index 100% rename from scripts/base/utils/files.bro rename to scripts/base/utils/files.zeek diff --git a/scripts/base/utils/geoip-distance.bro b/scripts/base/utils/geoip-distance.zeek similarity index 100% rename from scripts/base/utils/geoip-distance.bro rename to scripts/base/utils/geoip-distance.zeek diff --git a/scripts/base/utils/hash_hrw.bro b/scripts/base/utils/hash_hrw.zeek similarity index 100% rename from scripts/base/utils/hash_hrw.bro rename to scripts/base/utils/hash_hrw.zeek diff --git a/scripts/base/utils/json.bro b/scripts/base/utils/json.zeek similarity index 100% rename from scripts/base/utils/json.bro rename to scripts/base/utils/json.zeek diff --git a/scripts/base/utils/numbers.bro b/scripts/base/utils/numbers.zeek similarity index 100% rename from scripts/base/utils/numbers.bro rename to scripts/base/utils/numbers.zeek diff --git a/scripts/base/utils/paths.bro b/scripts/base/utils/paths.zeek similarity index 100% rename from scripts/base/utils/paths.bro rename to scripts/base/utils/paths.zeek diff --git a/scripts/base/utils/patterns.bro b/scripts/base/utils/patterns.zeek similarity index 100% rename from scripts/base/utils/patterns.bro rename to scripts/base/utils/patterns.zeek diff --git a/scripts/base/utils/queue.bro b/scripts/base/utils/queue.zeek similarity index 100% rename from scripts/base/utils/queue.bro rename to scripts/base/utils/queue.zeek diff --git a/scripts/base/utils/site.bro b/scripts/base/utils/site.zeek similarity index 100% rename from scripts/base/utils/site.bro rename to scripts/base/utils/site.zeek diff --git a/scripts/base/utils/strings.bro b/scripts/base/utils/strings.zeek similarity index 100% rename from scripts/base/utils/strings.bro rename to scripts/base/utils/strings.zeek diff --git a/scripts/base/utils/thresholds.bro b/scripts/base/utils/thresholds.zeek similarity index 100% rename from scripts/base/utils/thresholds.bro rename to scripts/base/utils/thresholds.zeek diff --git a/scripts/base/utils/time.bro b/scripts/base/utils/time.zeek similarity index 100% rename from scripts/base/utils/time.bro rename to scripts/base/utils/time.zeek diff --git a/scripts/base/utils/urls.bro b/scripts/base/utils/urls.zeek similarity index 100% rename from scripts/base/utils/urls.bro rename to scripts/base/utils/urls.zeek diff --git a/scripts/broxygen/__load__.bro b/scripts/broxygen/__load__.bro deleted file mode 100644 index 5d4ac5ea03..0000000000 --- a/scripts/broxygen/__load__.bro +++ /dev/null @@ -1,17 +0,0 @@ -@load test-all-policy.bro - -# Scripts which are commented out in test-all-policy.bro. -@load protocols/ssl/notary.bro -@load frameworks/control/controllee.bro -@load frameworks/control/controller.bro -@load frameworks/files/extract-all-files.bro -@load policy/misc/dump-events.bro -@load policy/protocols/dhcp/deprecated_events.bro -@load policy/protocols/smb/__load__.bro - -@load ./example.bro - -event bro_init() - { - terminate(); - } diff --git a/scripts/broxygen/__load__.zeek b/scripts/broxygen/__load__.zeek new file mode 100644 index 0000000000..51e119a2c6 --- /dev/null +++ b/scripts/broxygen/__load__.zeek @@ -0,0 +1,17 @@ +@load test-all-policy.zeek + +# Scripts which are commented out in test-all-policy.zeek. +@load protocols/ssl/notary.zeek +@load frameworks/control/controllee.zeek +@load frameworks/control/controller.zeek +@load frameworks/files/extract-all-files.zeek +@load policy/misc/dump-events.zeek +@load policy/protocols/dhcp/deprecated_events.zeek +@load policy/protocols/smb/__load__.zeek + +@load ./example.zeek + +event bro_init() + { + terminate(); + } diff --git a/scripts/broxygen/example.bro b/scripts/broxygen/example.zeek similarity index 100% rename from scripts/broxygen/example.bro rename to scripts/broxygen/example.zeek diff --git a/scripts/policy/files/x509/log-ocsp.bro b/scripts/policy/files/x509/log-ocsp.zeek similarity index 100% rename from scripts/policy/files/x509/log-ocsp.bro rename to scripts/policy/files/x509/log-ocsp.zeek diff --git a/scripts/policy/frameworks/control/controllee.bro b/scripts/policy/frameworks/control/controllee.zeek similarity index 100% rename from scripts/policy/frameworks/control/controllee.bro rename to scripts/policy/frameworks/control/controllee.zeek diff --git a/scripts/policy/frameworks/control/controller.bro b/scripts/policy/frameworks/control/controller.zeek similarity index 100% rename from scripts/policy/frameworks/control/controller.bro rename to scripts/policy/frameworks/control/controller.zeek diff --git a/scripts/policy/frameworks/dpd/detect-protocols.bro b/scripts/policy/frameworks/dpd/detect-protocols.zeek similarity index 100% rename from scripts/policy/frameworks/dpd/detect-protocols.bro rename to scripts/policy/frameworks/dpd/detect-protocols.zeek diff --git a/scripts/policy/frameworks/dpd/packet-segment-logging.bro b/scripts/policy/frameworks/dpd/packet-segment-logging.zeek similarity index 100% rename from scripts/policy/frameworks/dpd/packet-segment-logging.bro rename to scripts/policy/frameworks/dpd/packet-segment-logging.zeek diff --git a/scripts/policy/frameworks/files/detect-MHR.bro b/scripts/policy/frameworks/files/detect-MHR.zeek similarity index 100% rename from scripts/policy/frameworks/files/detect-MHR.bro rename to scripts/policy/frameworks/files/detect-MHR.zeek diff --git a/scripts/policy/frameworks/files/entropy-test-all-files.bro b/scripts/policy/frameworks/files/entropy-test-all-files.zeek similarity index 100% rename from scripts/policy/frameworks/files/entropy-test-all-files.bro rename to scripts/policy/frameworks/files/entropy-test-all-files.zeek diff --git a/scripts/policy/frameworks/files/extract-all-files.bro b/scripts/policy/frameworks/files/extract-all-files.zeek similarity index 100% rename from scripts/policy/frameworks/files/extract-all-files.bro rename to scripts/policy/frameworks/files/extract-all-files.zeek diff --git a/scripts/policy/frameworks/files/hash-all-files.bro b/scripts/policy/frameworks/files/hash-all-files.zeek similarity index 100% rename from scripts/policy/frameworks/files/hash-all-files.bro rename to scripts/policy/frameworks/files/hash-all-files.zeek diff --git a/scripts/policy/frameworks/intel/do_expire.bro b/scripts/policy/frameworks/intel/do_expire.zeek similarity index 100% rename from scripts/policy/frameworks/intel/do_expire.bro rename to scripts/policy/frameworks/intel/do_expire.zeek diff --git a/scripts/policy/frameworks/intel/do_notice.bro b/scripts/policy/frameworks/intel/do_notice.zeek similarity index 100% rename from scripts/policy/frameworks/intel/do_notice.bro rename to scripts/policy/frameworks/intel/do_notice.zeek diff --git a/scripts/policy/frameworks/intel/removal.bro b/scripts/policy/frameworks/intel/removal.zeek similarity index 100% rename from scripts/policy/frameworks/intel/removal.bro rename to scripts/policy/frameworks/intel/removal.zeek diff --git a/scripts/policy/frameworks/intel/seen/__load__.bro b/scripts/policy/frameworks/intel/seen/__load__.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/__load__.bro rename to scripts/policy/frameworks/intel/seen/__load__.zeek diff --git a/scripts/policy/frameworks/intel/seen/conn-established.bro b/scripts/policy/frameworks/intel/seen/conn-established.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/conn-established.bro rename to scripts/policy/frameworks/intel/seen/conn-established.zeek diff --git a/scripts/policy/frameworks/intel/seen/dns.bro b/scripts/policy/frameworks/intel/seen/dns.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/dns.bro rename to scripts/policy/frameworks/intel/seen/dns.zeek diff --git a/scripts/policy/frameworks/intel/seen/file-hashes.bro b/scripts/policy/frameworks/intel/seen/file-hashes.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/file-hashes.bro rename to scripts/policy/frameworks/intel/seen/file-hashes.zeek diff --git a/scripts/policy/frameworks/intel/seen/file-names.bro b/scripts/policy/frameworks/intel/seen/file-names.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/file-names.bro rename to scripts/policy/frameworks/intel/seen/file-names.zeek diff --git a/scripts/policy/frameworks/intel/seen/http-headers.bro b/scripts/policy/frameworks/intel/seen/http-headers.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/http-headers.bro rename to scripts/policy/frameworks/intel/seen/http-headers.zeek diff --git a/scripts/policy/frameworks/intel/seen/http-url.bro b/scripts/policy/frameworks/intel/seen/http-url.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/http-url.bro rename to scripts/policy/frameworks/intel/seen/http-url.zeek diff --git a/scripts/policy/frameworks/intel/seen/pubkey-hashes.bro b/scripts/policy/frameworks/intel/seen/pubkey-hashes.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/pubkey-hashes.bro rename to scripts/policy/frameworks/intel/seen/pubkey-hashes.zeek diff --git a/scripts/policy/frameworks/intel/seen/smb-filenames.bro b/scripts/policy/frameworks/intel/seen/smb-filenames.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/smb-filenames.bro rename to scripts/policy/frameworks/intel/seen/smb-filenames.zeek diff --git a/scripts/policy/frameworks/intel/seen/smtp-url-extraction.bro b/scripts/policy/frameworks/intel/seen/smtp-url-extraction.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/smtp-url-extraction.bro rename to scripts/policy/frameworks/intel/seen/smtp-url-extraction.zeek diff --git a/scripts/policy/frameworks/intel/seen/smtp.bro b/scripts/policy/frameworks/intel/seen/smtp.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/smtp.bro rename to scripts/policy/frameworks/intel/seen/smtp.zeek diff --git a/scripts/policy/frameworks/intel/seen/ssl.bro b/scripts/policy/frameworks/intel/seen/ssl.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/ssl.bro rename to scripts/policy/frameworks/intel/seen/ssl.zeek diff --git a/scripts/policy/frameworks/intel/seen/where-locations.bro b/scripts/policy/frameworks/intel/seen/where-locations.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/where-locations.bro rename to scripts/policy/frameworks/intel/seen/where-locations.zeek diff --git a/scripts/policy/frameworks/intel/seen/x509.bro b/scripts/policy/frameworks/intel/seen/x509.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/x509.bro rename to scripts/policy/frameworks/intel/seen/x509.zeek diff --git a/scripts/policy/frameworks/intel/whitelist.bro b/scripts/policy/frameworks/intel/whitelist.zeek similarity index 100% rename from scripts/policy/frameworks/intel/whitelist.bro rename to scripts/policy/frameworks/intel/whitelist.zeek diff --git a/scripts/policy/frameworks/notice/__load__.bro b/scripts/policy/frameworks/notice/__load__.zeek similarity index 100% rename from scripts/policy/frameworks/notice/__load__.bro rename to scripts/policy/frameworks/notice/__load__.zeek diff --git a/scripts/policy/frameworks/notice/extend-email/hostnames.bro b/scripts/policy/frameworks/notice/extend-email/hostnames.zeek similarity index 100% rename from scripts/policy/frameworks/notice/extend-email/hostnames.bro rename to scripts/policy/frameworks/notice/extend-email/hostnames.zeek diff --git a/scripts/policy/frameworks/packet-filter/shunt.bro b/scripts/policy/frameworks/packet-filter/shunt.zeek similarity index 100% rename from scripts/policy/frameworks/packet-filter/shunt.bro rename to scripts/policy/frameworks/packet-filter/shunt.zeek diff --git a/scripts/policy/frameworks/software/version-changes.bro b/scripts/policy/frameworks/software/version-changes.zeek similarity index 100% rename from scripts/policy/frameworks/software/version-changes.bro rename to scripts/policy/frameworks/software/version-changes.zeek diff --git a/scripts/policy/frameworks/software/vulnerable.bro b/scripts/policy/frameworks/software/vulnerable.zeek similarity index 100% rename from scripts/policy/frameworks/software/vulnerable.bro rename to scripts/policy/frameworks/software/vulnerable.zeek diff --git a/scripts/policy/frameworks/software/windows-version-detection.bro b/scripts/policy/frameworks/software/windows-version-detection.zeek similarity index 100% rename from scripts/policy/frameworks/software/windows-version-detection.bro rename to scripts/policy/frameworks/software/windows-version-detection.zeek diff --git a/scripts/policy/integration/barnyard2/__load__.bro b/scripts/policy/integration/barnyard2/__load__.zeek similarity index 100% rename from scripts/policy/integration/barnyard2/__load__.bro rename to scripts/policy/integration/barnyard2/__load__.zeek diff --git a/scripts/policy/integration/barnyard2/main.bro b/scripts/policy/integration/barnyard2/main.zeek similarity index 100% rename from scripts/policy/integration/barnyard2/main.bro rename to scripts/policy/integration/barnyard2/main.zeek diff --git a/scripts/policy/integration/barnyard2/types.bro b/scripts/policy/integration/barnyard2/types.zeek similarity index 100% rename from scripts/policy/integration/barnyard2/types.bro rename to scripts/policy/integration/barnyard2/types.zeek diff --git a/scripts/policy/integration/collective-intel/__load__.bro b/scripts/policy/integration/collective-intel/__load__.zeek similarity index 100% rename from scripts/policy/integration/collective-intel/__load__.bro rename to scripts/policy/integration/collective-intel/__load__.zeek diff --git a/scripts/policy/integration/collective-intel/main.bro b/scripts/policy/integration/collective-intel/main.zeek similarity index 100% rename from scripts/policy/integration/collective-intel/main.bro rename to scripts/policy/integration/collective-intel/main.zeek diff --git a/scripts/policy/misc/capture-loss.bro b/scripts/policy/misc/capture-loss.zeek similarity index 100% rename from scripts/policy/misc/capture-loss.bro rename to scripts/policy/misc/capture-loss.zeek diff --git a/scripts/policy/misc/detect-traceroute/__load__.bro b/scripts/policy/misc/detect-traceroute/__load__.zeek similarity index 100% rename from scripts/policy/misc/detect-traceroute/__load__.bro rename to scripts/policy/misc/detect-traceroute/__load__.zeek diff --git a/scripts/policy/misc/detect-traceroute/main.bro b/scripts/policy/misc/detect-traceroute/main.zeek similarity index 100% rename from scripts/policy/misc/detect-traceroute/main.bro rename to scripts/policy/misc/detect-traceroute/main.zeek diff --git a/scripts/policy/misc/dump-events.bro b/scripts/policy/misc/dump-events.zeek similarity index 100% rename from scripts/policy/misc/dump-events.bro rename to scripts/policy/misc/dump-events.zeek diff --git a/scripts/policy/misc/load-balancing.bro b/scripts/policy/misc/load-balancing.zeek similarity index 100% rename from scripts/policy/misc/load-balancing.bro rename to scripts/policy/misc/load-balancing.zeek diff --git a/scripts/policy/misc/loaded-scripts.bro b/scripts/policy/misc/loaded-scripts.zeek similarity index 100% rename from scripts/policy/misc/loaded-scripts.bro rename to scripts/policy/misc/loaded-scripts.zeek diff --git a/scripts/policy/misc/profiling.bro b/scripts/policy/misc/profiling.zeek similarity index 100% rename from scripts/policy/misc/profiling.bro rename to scripts/policy/misc/profiling.zeek diff --git a/scripts/policy/misc/scan.bro b/scripts/policy/misc/scan.zeek similarity index 100% rename from scripts/policy/misc/scan.bro rename to scripts/policy/misc/scan.zeek diff --git a/scripts/policy/misc/stats.bro b/scripts/policy/misc/stats.zeek similarity index 100% rename from scripts/policy/misc/stats.bro rename to scripts/policy/misc/stats.zeek diff --git a/scripts/policy/misc/trim-trace-file.bro b/scripts/policy/misc/trim-trace-file.zeek similarity index 100% rename from scripts/policy/misc/trim-trace-file.bro rename to scripts/policy/misc/trim-trace-file.zeek diff --git a/scripts/policy/misc/weird-stats.bro b/scripts/policy/misc/weird-stats.zeek similarity index 100% rename from scripts/policy/misc/weird-stats.bro rename to scripts/policy/misc/weird-stats.zeek diff --git a/scripts/policy/protocols/conn/known-hosts.bro b/scripts/policy/protocols/conn/known-hosts.zeek similarity index 100% rename from scripts/policy/protocols/conn/known-hosts.bro rename to scripts/policy/protocols/conn/known-hosts.zeek diff --git a/scripts/policy/protocols/conn/known-services.bro b/scripts/policy/protocols/conn/known-services.zeek similarity index 100% rename from scripts/policy/protocols/conn/known-services.bro rename to scripts/policy/protocols/conn/known-services.zeek diff --git a/scripts/policy/protocols/conn/mac-logging.bro b/scripts/policy/protocols/conn/mac-logging.zeek similarity index 100% rename from scripts/policy/protocols/conn/mac-logging.bro rename to scripts/policy/protocols/conn/mac-logging.zeek diff --git a/scripts/policy/protocols/conn/vlan-logging.bro b/scripts/policy/protocols/conn/vlan-logging.zeek similarity index 100% rename from scripts/policy/protocols/conn/vlan-logging.bro rename to scripts/policy/protocols/conn/vlan-logging.zeek diff --git a/scripts/policy/protocols/conn/weirds.bro b/scripts/policy/protocols/conn/weirds.zeek similarity index 100% rename from scripts/policy/protocols/conn/weirds.bro rename to scripts/policy/protocols/conn/weirds.zeek diff --git a/scripts/policy/protocols/dhcp/deprecated_events.bro b/scripts/policy/protocols/dhcp/deprecated_events.zeek similarity index 100% rename from scripts/policy/protocols/dhcp/deprecated_events.bro rename to scripts/policy/protocols/dhcp/deprecated_events.zeek diff --git a/scripts/policy/protocols/dhcp/msg-orig.bro b/scripts/policy/protocols/dhcp/msg-orig.zeek similarity index 100% rename from scripts/policy/protocols/dhcp/msg-orig.bro rename to scripts/policy/protocols/dhcp/msg-orig.zeek diff --git a/scripts/policy/protocols/dhcp/software.bro b/scripts/policy/protocols/dhcp/software.zeek similarity index 100% rename from scripts/policy/protocols/dhcp/software.bro rename to scripts/policy/protocols/dhcp/software.zeek diff --git a/scripts/policy/protocols/dhcp/sub-opts.bro b/scripts/policy/protocols/dhcp/sub-opts.zeek similarity index 100% rename from scripts/policy/protocols/dhcp/sub-opts.bro rename to scripts/policy/protocols/dhcp/sub-opts.zeek diff --git a/scripts/policy/protocols/dns/auth-addl.bro b/scripts/policy/protocols/dns/auth-addl.zeek similarity index 100% rename from scripts/policy/protocols/dns/auth-addl.bro rename to scripts/policy/protocols/dns/auth-addl.zeek diff --git a/scripts/policy/protocols/dns/detect-external-names.bro b/scripts/policy/protocols/dns/detect-external-names.zeek similarity index 100% rename from scripts/policy/protocols/dns/detect-external-names.bro rename to scripts/policy/protocols/dns/detect-external-names.zeek diff --git a/scripts/policy/protocols/ftp/detect-bruteforcing.bro b/scripts/policy/protocols/ftp/detect-bruteforcing.zeek similarity index 100% rename from scripts/policy/protocols/ftp/detect-bruteforcing.bro rename to scripts/policy/protocols/ftp/detect-bruteforcing.zeek diff --git a/scripts/policy/protocols/ftp/detect.bro b/scripts/policy/protocols/ftp/detect.zeek similarity index 100% rename from scripts/policy/protocols/ftp/detect.bro rename to scripts/policy/protocols/ftp/detect.zeek diff --git a/scripts/policy/protocols/ftp/software.bro b/scripts/policy/protocols/ftp/software.zeek similarity index 100% rename from scripts/policy/protocols/ftp/software.bro rename to scripts/policy/protocols/ftp/software.zeek diff --git a/scripts/policy/protocols/http/detect-sqli.bro b/scripts/policy/protocols/http/detect-sqli.zeek similarity index 100% rename from scripts/policy/protocols/http/detect-sqli.bro rename to scripts/policy/protocols/http/detect-sqli.zeek diff --git a/scripts/policy/protocols/http/detect-webapps.bro b/scripts/policy/protocols/http/detect-webapps.zeek similarity index 100% rename from scripts/policy/protocols/http/detect-webapps.bro rename to scripts/policy/protocols/http/detect-webapps.zeek diff --git a/scripts/policy/protocols/http/header-names.bro b/scripts/policy/protocols/http/header-names.zeek similarity index 100% rename from scripts/policy/protocols/http/header-names.bro rename to scripts/policy/protocols/http/header-names.zeek diff --git a/scripts/policy/protocols/http/software-browser-plugins.bro b/scripts/policy/protocols/http/software-browser-plugins.zeek similarity index 100% rename from scripts/policy/protocols/http/software-browser-plugins.bro rename to scripts/policy/protocols/http/software-browser-plugins.zeek diff --git a/scripts/policy/protocols/http/software.bro b/scripts/policy/protocols/http/software.zeek similarity index 100% rename from scripts/policy/protocols/http/software.bro rename to scripts/policy/protocols/http/software.zeek diff --git a/scripts/policy/protocols/http/var-extraction-cookies.bro b/scripts/policy/protocols/http/var-extraction-cookies.zeek similarity index 100% rename from scripts/policy/protocols/http/var-extraction-cookies.bro rename to scripts/policy/protocols/http/var-extraction-cookies.zeek diff --git a/scripts/policy/protocols/http/var-extraction-uri.bro b/scripts/policy/protocols/http/var-extraction-uri.zeek similarity index 100% rename from scripts/policy/protocols/http/var-extraction-uri.bro rename to scripts/policy/protocols/http/var-extraction-uri.zeek diff --git a/scripts/policy/protocols/krb/ticket-logging.bro b/scripts/policy/protocols/krb/ticket-logging.zeek similarity index 100% rename from scripts/policy/protocols/krb/ticket-logging.bro rename to scripts/policy/protocols/krb/ticket-logging.zeek diff --git a/scripts/policy/protocols/modbus/known-masters-slaves.bro b/scripts/policy/protocols/modbus/known-masters-slaves.zeek similarity index 100% rename from scripts/policy/protocols/modbus/known-masters-slaves.bro rename to scripts/policy/protocols/modbus/known-masters-slaves.zeek diff --git a/scripts/policy/protocols/modbus/track-memmap.bro b/scripts/policy/protocols/modbus/track-memmap.zeek similarity index 100% rename from scripts/policy/protocols/modbus/track-memmap.bro rename to scripts/policy/protocols/modbus/track-memmap.zeek diff --git a/scripts/policy/protocols/mysql/software.bro b/scripts/policy/protocols/mysql/software.zeek similarity index 100% rename from scripts/policy/protocols/mysql/software.bro rename to scripts/policy/protocols/mysql/software.zeek diff --git a/scripts/policy/protocols/rdp/indicate_ssl.bro b/scripts/policy/protocols/rdp/indicate_ssl.zeek similarity index 100% rename from scripts/policy/protocols/rdp/indicate_ssl.bro rename to scripts/policy/protocols/rdp/indicate_ssl.zeek diff --git a/scripts/policy/protocols/smb/__load__.bro b/scripts/policy/protocols/smb/__load__.zeek similarity index 100% rename from scripts/policy/protocols/smb/__load__.bro rename to scripts/policy/protocols/smb/__load__.zeek diff --git a/scripts/policy/protocols/smb/log-cmds.bro b/scripts/policy/protocols/smb/log-cmds.zeek similarity index 100% rename from scripts/policy/protocols/smb/log-cmds.bro rename to scripts/policy/protocols/smb/log-cmds.zeek diff --git a/scripts/policy/protocols/smtp/blocklists.bro b/scripts/policy/protocols/smtp/blocklists.zeek similarity index 100% rename from scripts/policy/protocols/smtp/blocklists.bro rename to scripts/policy/protocols/smtp/blocklists.zeek diff --git a/scripts/policy/protocols/smtp/detect-suspicious-orig.bro b/scripts/policy/protocols/smtp/detect-suspicious-orig.zeek similarity index 100% rename from scripts/policy/protocols/smtp/detect-suspicious-orig.bro rename to scripts/policy/protocols/smtp/detect-suspicious-orig.zeek diff --git a/scripts/policy/protocols/smtp/entities-excerpt.bro b/scripts/policy/protocols/smtp/entities-excerpt.zeek similarity index 100% rename from scripts/policy/protocols/smtp/entities-excerpt.bro rename to scripts/policy/protocols/smtp/entities-excerpt.zeek diff --git a/scripts/policy/protocols/smtp/software.bro b/scripts/policy/protocols/smtp/software.zeek similarity index 100% rename from scripts/policy/protocols/smtp/software.bro rename to scripts/policy/protocols/smtp/software.zeek diff --git a/scripts/policy/protocols/ssh/detect-bruteforcing.bro b/scripts/policy/protocols/ssh/detect-bruteforcing.zeek similarity index 100% rename from scripts/policy/protocols/ssh/detect-bruteforcing.bro rename to scripts/policy/protocols/ssh/detect-bruteforcing.zeek diff --git a/scripts/policy/protocols/ssh/geo-data.bro b/scripts/policy/protocols/ssh/geo-data.zeek similarity index 100% rename from scripts/policy/protocols/ssh/geo-data.bro rename to scripts/policy/protocols/ssh/geo-data.zeek diff --git a/scripts/policy/protocols/ssh/interesting-hostnames.bro b/scripts/policy/protocols/ssh/interesting-hostnames.zeek similarity index 100% rename from scripts/policy/protocols/ssh/interesting-hostnames.bro rename to scripts/policy/protocols/ssh/interesting-hostnames.zeek diff --git a/scripts/policy/protocols/ssh/software.bro b/scripts/policy/protocols/ssh/software.zeek similarity index 100% rename from scripts/policy/protocols/ssh/software.bro rename to scripts/policy/protocols/ssh/software.zeek diff --git a/scripts/policy/protocols/ssl/expiring-certs.bro b/scripts/policy/protocols/ssl/expiring-certs.zeek similarity index 100% rename from scripts/policy/protocols/ssl/expiring-certs.bro rename to scripts/policy/protocols/ssl/expiring-certs.zeek diff --git a/scripts/policy/protocols/ssl/extract-certs-pem.bro b/scripts/policy/protocols/ssl/extract-certs-pem.zeek similarity index 100% rename from scripts/policy/protocols/ssl/extract-certs-pem.bro rename to scripts/policy/protocols/ssl/extract-certs-pem.zeek diff --git a/scripts/policy/protocols/ssl/heartbleed.bro b/scripts/policy/protocols/ssl/heartbleed.zeek similarity index 100% rename from scripts/policy/protocols/ssl/heartbleed.bro rename to scripts/policy/protocols/ssl/heartbleed.zeek diff --git a/scripts/policy/protocols/ssl/known-certs.bro b/scripts/policy/protocols/ssl/known-certs.zeek similarity index 100% rename from scripts/policy/protocols/ssl/known-certs.bro rename to scripts/policy/protocols/ssl/known-certs.zeek diff --git a/scripts/policy/protocols/ssl/log-hostcerts-only.bro b/scripts/policy/protocols/ssl/log-hostcerts-only.zeek similarity index 100% rename from scripts/policy/protocols/ssl/log-hostcerts-only.bro rename to scripts/policy/protocols/ssl/log-hostcerts-only.zeek diff --git a/scripts/policy/protocols/ssl/notary.bro b/scripts/policy/protocols/ssl/notary.zeek similarity index 100% rename from scripts/policy/protocols/ssl/notary.bro rename to scripts/policy/protocols/ssl/notary.zeek diff --git a/scripts/policy/protocols/ssl/validate-certs.bro b/scripts/policy/protocols/ssl/validate-certs.zeek similarity index 100% rename from scripts/policy/protocols/ssl/validate-certs.bro rename to scripts/policy/protocols/ssl/validate-certs.zeek diff --git a/scripts/policy/protocols/ssl/validate-ocsp.bro b/scripts/policy/protocols/ssl/validate-ocsp.zeek similarity index 100% rename from scripts/policy/protocols/ssl/validate-ocsp.bro rename to scripts/policy/protocols/ssl/validate-ocsp.zeek diff --git a/scripts/policy/protocols/ssl/validate-sct.bro b/scripts/policy/protocols/ssl/validate-sct.zeek similarity index 100% rename from scripts/policy/protocols/ssl/validate-sct.bro rename to scripts/policy/protocols/ssl/validate-sct.zeek diff --git a/scripts/policy/protocols/ssl/weak-keys.bro b/scripts/policy/protocols/ssl/weak-keys.zeek similarity index 100% rename from scripts/policy/protocols/ssl/weak-keys.bro rename to scripts/policy/protocols/ssl/weak-keys.zeek diff --git a/scripts/policy/tuning/__load__.bro b/scripts/policy/tuning/__load__.zeek similarity index 100% rename from scripts/policy/tuning/__load__.bro rename to scripts/policy/tuning/__load__.zeek diff --git a/scripts/policy/tuning/defaults/__load__.bro b/scripts/policy/tuning/defaults/__load__.zeek similarity index 100% rename from scripts/policy/tuning/defaults/__load__.bro rename to scripts/policy/tuning/defaults/__load__.zeek diff --git a/scripts/policy/tuning/defaults/extracted_file_limits.bro b/scripts/policy/tuning/defaults/extracted_file_limits.zeek similarity index 100% rename from scripts/policy/tuning/defaults/extracted_file_limits.bro rename to scripts/policy/tuning/defaults/extracted_file_limits.zeek diff --git a/scripts/policy/tuning/defaults/packet-fragments.bro b/scripts/policy/tuning/defaults/packet-fragments.zeek similarity index 100% rename from scripts/policy/tuning/defaults/packet-fragments.bro rename to scripts/policy/tuning/defaults/packet-fragments.zeek diff --git a/scripts/policy/tuning/defaults/warnings.bro b/scripts/policy/tuning/defaults/warnings.zeek similarity index 100% rename from scripts/policy/tuning/defaults/warnings.bro rename to scripts/policy/tuning/defaults/warnings.zeek diff --git a/scripts/policy/tuning/json-logs.bro b/scripts/policy/tuning/json-logs.zeek similarity index 100% rename from scripts/policy/tuning/json-logs.bro rename to scripts/policy/tuning/json-logs.zeek diff --git a/scripts/policy/tuning/track-all-assets.bro b/scripts/policy/tuning/track-all-assets.zeek similarity index 100% rename from scripts/policy/tuning/track-all-assets.bro rename to scripts/policy/tuning/track-all-assets.zeek diff --git a/scripts/site/local.bro b/scripts/site/local.zeek similarity index 100% rename from scripts/site/local.bro rename to scripts/site/local.zeek diff --git a/scripts/test-all-policy.bro b/scripts/test-all-policy.bro deleted file mode 100644 index be2efbbc19..0000000000 --- a/scripts/test-all-policy.bro +++ /dev/null @@ -1,113 +0,0 @@ -# This file loads ALL policy scripts that are part of the Bro distribution. -# -# This is rarely makes sense, and is for testing only. -# -# Note that we have a unit test that makes sure that all policy files shipped are -# actually loaded here. If we have files that are part of the distribution yet -# can't be loaded here, these must still be listed here with their load command -# commented out. - -# The base/ scripts are all loaded by default and not included here. - -# @load frameworks/control/controllee.bro -# @load frameworks/control/controller.bro -@load frameworks/dpd/detect-protocols.bro -@load frameworks/dpd/packet-segment-logging.bro -@load frameworks/intel/do_notice.bro -@load frameworks/intel/do_expire.bro -@load frameworks/intel/whitelist.bro -@load frameworks/intel/removal.bro -@load frameworks/intel/seen/__load__.bro -@load frameworks/intel/seen/conn-established.bro -@load frameworks/intel/seen/dns.bro -@load frameworks/intel/seen/file-hashes.bro -@load frameworks/intel/seen/file-names.bro -@load frameworks/intel/seen/http-headers.bro -@load frameworks/intel/seen/http-url.bro -@load frameworks/intel/seen/pubkey-hashes.bro -@load frameworks/intel/seen/smb-filenames.bro -@load frameworks/intel/seen/smtp-url-extraction.bro -@load frameworks/intel/seen/smtp.bro -@load frameworks/intel/seen/ssl.bro -@load frameworks/intel/seen/where-locations.bro -@load frameworks/intel/seen/x509.bro -@load frameworks/files/detect-MHR.bro -@load frameworks/files/entropy-test-all-files.bro -#@load frameworks/files/extract-all-files.bro -@load frameworks/files/hash-all-files.bro -@load frameworks/notice/__load__.bro -@load frameworks/notice/extend-email/hostnames.bro -@load files/x509/log-ocsp.bro -@load frameworks/packet-filter/shunt.bro -@load frameworks/software/version-changes.bro -@load frameworks/software/vulnerable.bro -@load frameworks/software/windows-version-detection.bro -@load integration/barnyard2/__load__.bro -@load integration/barnyard2/main.bro -@load integration/barnyard2/types.bro -@load integration/collective-intel/__load__.bro -@load integration/collective-intel/main.bro -@load misc/capture-loss.bro -@load misc/detect-traceroute/__load__.bro -@load misc/detect-traceroute/main.bro -# @load misc/dump-events.bro -@load misc/load-balancing.bro -@load misc/loaded-scripts.bro -@load misc/profiling.bro -@load misc/scan.bro -@load misc/stats.bro -@load misc/weird-stats.bro -@load misc/trim-trace-file.bro -@load protocols/conn/known-hosts.bro -@load protocols/conn/known-services.bro -@load protocols/conn/mac-logging.bro -@load protocols/conn/vlan-logging.bro -@load protocols/conn/weirds.bro -#@load protocols/dhcp/deprecated_events.bro -@load protocols/dhcp/msg-orig.bro -@load protocols/dhcp/software.bro -@load protocols/dhcp/sub-opts.bro -@load protocols/dns/auth-addl.bro -@load protocols/dns/detect-external-names.bro -@load protocols/ftp/detect-bruteforcing.bro -@load protocols/ftp/detect.bro -@load protocols/ftp/software.bro -@load protocols/http/detect-sqli.bro -@load protocols/http/detect-webapps.bro -@load protocols/http/header-names.bro -@load protocols/http/software-browser-plugins.bro -@load protocols/http/software.bro -@load protocols/http/var-extraction-cookies.bro -@load protocols/http/var-extraction-uri.bro -@load protocols/krb/ticket-logging.bro -@load protocols/modbus/known-masters-slaves.bro -@load protocols/modbus/track-memmap.bro -@load protocols/mysql/software.bro -@load protocols/rdp/indicate_ssl.bro -#@load protocols/smb/__load__.bro -@load protocols/smb/log-cmds.bro -@load protocols/smtp/blocklists.bro -@load protocols/smtp/detect-suspicious-orig.bro -@load protocols/smtp/entities-excerpt.bro -@load protocols/smtp/software.bro -@load protocols/ssh/detect-bruteforcing.bro -@load protocols/ssh/geo-data.bro -@load protocols/ssh/interesting-hostnames.bro -@load protocols/ssh/software.bro -@load protocols/ssl/expiring-certs.bro -@load protocols/ssl/extract-certs-pem.bro -@load protocols/ssl/heartbleed.bro -@load protocols/ssl/known-certs.bro -@load protocols/ssl/log-hostcerts-only.bro -#@load protocols/ssl/notary.bro -@load protocols/ssl/validate-certs.bro -@load protocols/ssl/validate-ocsp.bro -@load protocols/ssl/validate-sct.bro -@load protocols/ssl/weak-keys.bro -@load tuning/__load__.bro -@load tuning/defaults/__load__.bro -@load tuning/defaults/extracted_file_limits.bro -@load tuning/defaults/packet-fragments.bro -@load tuning/defaults/warnings.bro -@load tuning/json-logs.bro -@load tuning/track-all-assets.bro diff --git a/scripts/test-all-policy.zeek b/scripts/test-all-policy.zeek new file mode 100644 index 0000000000..26408b6d44 --- /dev/null +++ b/scripts/test-all-policy.zeek @@ -0,0 +1,113 @@ +# This file loads ALL policy scripts that are part of the Bro distribution. +# +# This is rarely makes sense, and is for testing only. +# +# Note that we have a unit test that makes sure that all policy files shipped are +# actually loaded here. If we have files that are part of the distribution yet +# can't be loaded here, these must still be listed here with their load command +# commented out. + +# The base/ scripts are all loaded by default and not included here. + +# @load frameworks/control/controllee.zeek +# @load frameworks/control/controller.zeek +@load frameworks/dpd/detect-protocols.zeek +@load frameworks/dpd/packet-segment-logging.zeek +@load frameworks/intel/do_notice.zeek +@load frameworks/intel/do_expire.zeek +@load frameworks/intel/whitelist.zeek +@load frameworks/intel/removal.zeek +@load frameworks/intel/seen/__load__.zeek +@load frameworks/intel/seen/conn-established.zeek +@load frameworks/intel/seen/dns.zeek +@load frameworks/intel/seen/file-hashes.zeek +@load frameworks/intel/seen/file-names.zeek +@load frameworks/intel/seen/http-headers.zeek +@load frameworks/intel/seen/http-url.zeek +@load frameworks/intel/seen/pubkey-hashes.zeek +@load frameworks/intel/seen/smb-filenames.zeek +@load frameworks/intel/seen/smtp-url-extraction.zeek +@load frameworks/intel/seen/smtp.zeek +@load frameworks/intel/seen/ssl.zeek +@load frameworks/intel/seen/where-locations.zeek +@load frameworks/intel/seen/x509.zeek +@load frameworks/files/detect-MHR.zeek +@load frameworks/files/entropy-test-all-files.zeek +#@load frameworks/files/extract-all-files.zeek +@load frameworks/files/hash-all-files.zeek +@load frameworks/notice/__load__.zeek +@load frameworks/notice/extend-email/hostnames.zeek +@load files/x509/log-ocsp.zeek +@load frameworks/packet-filter/shunt.zeek +@load frameworks/software/version-changes.zeek +@load frameworks/software/vulnerable.zeek +@load frameworks/software/windows-version-detection.zeek +@load integration/barnyard2/__load__.zeek +@load integration/barnyard2/main.zeek +@load integration/barnyard2/types.zeek +@load integration/collective-intel/__load__.zeek +@load integration/collective-intel/main.zeek +@load misc/capture-loss.zeek +@load misc/detect-traceroute/__load__.zeek +@load misc/detect-traceroute/main.zeek +# @load misc/dump-events.zeek +@load misc/load-balancing.zeek +@load misc/loaded-scripts.zeek +@load misc/profiling.zeek +@load misc/scan.zeek +@load misc/stats.zeek +@load misc/weird-stats.zeek +@load misc/trim-trace-file.zeek +@load protocols/conn/known-hosts.zeek +@load protocols/conn/known-services.zeek +@load protocols/conn/mac-logging.zeek +@load protocols/conn/vlan-logging.zeek +@load protocols/conn/weirds.zeek +#@load protocols/dhcp/deprecated_events.zeek +@load protocols/dhcp/msg-orig.zeek +@load protocols/dhcp/software.zeek +@load protocols/dhcp/sub-opts.zeek +@load protocols/dns/auth-addl.zeek +@load protocols/dns/detect-external-names.zeek +@load protocols/ftp/detect-bruteforcing.zeek +@load protocols/ftp/detect.zeek +@load protocols/ftp/software.zeek +@load protocols/http/detect-sqli.zeek +@load protocols/http/detect-webapps.zeek +@load protocols/http/header-names.zeek +@load protocols/http/software-browser-plugins.zeek +@load protocols/http/software.zeek +@load protocols/http/var-extraction-cookies.zeek +@load protocols/http/var-extraction-uri.zeek +@load protocols/krb/ticket-logging.zeek +@load protocols/modbus/known-masters-slaves.zeek +@load protocols/modbus/track-memmap.zeek +@load protocols/mysql/software.zeek +@load protocols/rdp/indicate_ssl.zeek +#@load protocols/smb/__load__.zeek +@load protocols/smb/log-cmds.zeek +@load protocols/smtp/blocklists.zeek +@load protocols/smtp/detect-suspicious-orig.zeek +@load protocols/smtp/entities-excerpt.zeek +@load protocols/smtp/software.zeek +@load protocols/ssh/detect-bruteforcing.zeek +@load protocols/ssh/geo-data.zeek +@load protocols/ssh/interesting-hostnames.zeek +@load protocols/ssh/software.zeek +@load protocols/ssl/expiring-certs.zeek +@load protocols/ssl/extract-certs-pem.zeek +@load protocols/ssl/heartbleed.zeek +@load protocols/ssl/known-certs.zeek +@load protocols/ssl/log-hostcerts-only.zeek +#@load protocols/ssl/notary.zeek +@load protocols/ssl/validate-certs.zeek +@load protocols/ssl/validate-ocsp.zeek +@load protocols/ssl/validate-sct.zeek +@load protocols/ssl/weak-keys.zeek +@load tuning/__load__.zeek +@load tuning/defaults/__load__.zeek +@load tuning/defaults/extracted_file_limits.zeek +@load tuning/defaults/packet-fragments.zeek +@load tuning/defaults/warnings.zeek +@load tuning/json-logs.zeek +@load tuning/track-all-assets.zeek diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index f3dfd42d85..35fb70f5de 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -385,17 +385,17 @@ add_dependencies(generate_outputs_stage2b generate_outputs_stage1) add_custom_target(generate_outputs) add_dependencies(generate_outputs generate_outputs_stage2a generate_outputs_stage2b) -# Build __load__.bro files for standard *.bif.bro. +# Build __load__.zeek files for standard *.bif.zeek. bro_bif_create_loader(bif_loader "${bro_BASE_BIF_SCRIPTS}") add_dependencies(bif_loader ${bro_SUBDIRS}) add_dependencies(bro bif_loader) -# Build __load__.bro files for plugins/*.bif.bro. +# Build __load__.zeek files for plugins/*.bif.zeek. bro_bif_create_loader(bif_loader_plugins "${bro_PLUGIN_BIF_SCRIPTS}") add_dependencies(bif_loader_plugins ${bro_SUBDIRS}) add_dependencies(bro bif_loader_plugins) -# Install *.bif.bro. +# Install *.bif.zeek. install(DIRECTORY ${CMAKE_BINARY_DIR}/scripts/base/bif DESTINATION ${BRO_SCRIPT_INSTALL_PATH}/base) # Create plugin directory at install time. diff --git a/src/Type.cc b/src/Type.cc index 77a5ac6d16..741f1cfc0f 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -1510,7 +1510,7 @@ void EnumType::CheckAndAddName(const string& module_name, const char* name, else { // We allow double-definitions if matching exactly. This is so that - // we can define an enum both in a *.bif and *.bro for avoiding + // we can define an enum both in a *.bif and *.zeek for avoiding // cyclic dependencies. string fullname = make_full_var_name(module_name.c_str(), name); if ( id->Name() != fullname diff --git a/src/broxygen/ScriptInfo.cc b/src/broxygen/ScriptInfo.cc index da6ba6b44a..7ecf212a44 100644 --- a/src/broxygen/ScriptInfo.cc +++ b/src/broxygen/ScriptInfo.cc @@ -253,12 +253,12 @@ void ScriptInfo::DoInitPostScript() // The following enum types are automatically created internally in Bro, // so just manually associating them with scripts for now. - if ( name == "base/frameworks/input/main.bro" ) + if ( name == "base/frameworks/input/main.zeek" ) { auto id = global_scope()->Lookup("Input::Reader"); types.push_back(new IdentifierInfo(id, this)); } - else if ( name == "base/frameworks/logging/main.bro" ) + else if ( name == "base/frameworks/logging/main.zeek" ) { auto id = global_scope()->Lookup("Log::Writer"); types.push_back(new IdentifierInfo(id, this)); diff --git a/src/broxygen/ScriptInfo.h b/src/broxygen/ScriptInfo.h index d7328ef7c8..dd43e15a4e 100644 --- a/src/broxygen/ScriptInfo.h +++ b/src/broxygen/ScriptInfo.h @@ -77,7 +77,7 @@ public: { redefs.insert(info); } /** - * @return Whether the script is a package loader (i.e. "__load__.bro"). + * @return Whether the script is a package loader (i.e. "__load__.zeek"). */ bool IsPkgLoader() const { return is_pkg_loader; } diff --git a/src/broxygen/Target.h b/src/broxygen/Target.h index 9a5a23107c..7f18697eaf 100644 --- a/src/broxygen/Target.h +++ b/src/broxygen/Target.h @@ -41,7 +41,7 @@ struct TargetFile { /** * A Broxygen target abstract base class. A target is generally any portion of * documentation that Bro can build. It's identified by a type (e.g. script, - * identifier, package), a pattern (e.g. "example.bro", "HTTP::Info"), and + * identifier, package), a pattern (e.g. "example.zeek", "HTTP::Info"), and * a path to an output file. */ class Target { diff --git a/src/broxygen/broxygen.bif b/src/broxygen/broxygen.bif index d1b3028edc..4b2f5653b2 100644 --- a/src/broxygen/broxygen.bif +++ b/src/broxygen/broxygen.bif @@ -35,7 +35,7 @@ function get_identifier_comments%(name: string%): string ## ## name: the name of a Bro script. It must be a relative path to where ## it is located within a particular component of BROPATH and use -## the same file name extension/suffix as the actual file (e.g. ".bro"). +## the same file name extension/suffix as the actual file (e.g. ".zeek"). ## ## Returns: summary comments associated with script with *name*. If ## *name* is not a known script, an empty string is returned. diff --git a/src/const.bif b/src/const.bif index 6d60ac707b..9da5950259 100644 --- a/src/const.bif +++ b/src/const.bif @@ -1,6 +1,6 @@ ##! Declaration of various scripting-layer constants that the Bro core uses ##! internally. Documentation and default values for the scripting-layer -##! variables themselves are found in :doc:`/scripts/base/init-bare.bro`. +##! variables themselves are found in :doc:`/scripts/base/init-bare.zeek`. const ignore_keep_alive_rexmit: bool; const skip_http_data: bool; diff --git a/src/main.cc b/src/main.cc index 473f3a72e7..782c49edde 100644 --- a/src/main.cc +++ b/src/main.cc @@ -823,11 +823,11 @@ int main(int argc, char** argv) broxygen_mgr = new broxygen::Manager(broxygen_config, bro_argv[0]); - add_essential_input_file("base/init-bare.bro"); - add_essential_input_file("base/init-frameworks-and-bifs.bro"); + add_essential_input_file("base/init-bare.zeek"); + add_essential_input_file("base/init-frameworks-and-bifs.zeek"); if ( ! bare_mode ) - add_input_file("base/init-default.bro"); + add_input_file("base/init-default.zeek"); plugin_mgr->SearchDynamicPlugins(bro_plugin_path()); diff --git a/src/plugin/Manager.cc b/src/plugin/Manager.cc index e098d955c1..47f7ba1ed9 100644 --- a/src/plugin/Manager.cc +++ b/src/plugin/Manager.cc @@ -185,7 +185,7 @@ bool Manager::ActivateDynamicPluginInternal(const std::string& name, bool ok_if_ string init; - // First load {scripts}/__preload__.bro automatically. + // First load {scripts}/__preload__.zeek automatically. for (const string& ext : script_extensions) { init = dir + "scripts/__preload__" + ext; @@ -198,7 +198,7 @@ bool Manager::ActivateDynamicPluginInternal(const std::string& name, bool ok_if_ } } - // Load {bif,scripts}/__load__.bro automatically. + // Load {bif,scripts}/__load__.zeek automatically. for (const string& ext : script_extensions) { init = dir + "lib/bif/__load__" + ext; diff --git a/src/reporter.bif b/src/reporter.bif index 4a58e2728b..038182574e 100644 --- a/src/reporter.bif +++ b/src/reporter.bif @@ -4,7 +4,7 @@ ##! If event handlers do exist, it's assumed they take care of determining ##! how/where to output the messages. ##! -##! See :doc:`/scripts/base/frameworks/reporter/main.bro` for a convenient +##! See :doc:`/scripts/base/frameworks/reporter/main.zeek` for a convenient ##! reporter message logging framework. module Reporter; diff --git a/src/scan.l b/src/scan.l index 4da18b125f..fb8ca20f8e 100644 --- a/src/scan.l +++ b/src/scan.l @@ -923,7 +923,7 @@ int yywrap() if ( ! did_builtin_init && file_stack.length() == 1 ) { // ### This is a gross hack - we know that the first file - // we parse is init-bare.bro, and after it it's safe to initialize + // we parse is init-bare.zeek, and after it it's safe to initialize // the built-ins. Furthermore, we want to initialize the // built-in's *right* after parsing bro.init, so that other // source files can use built-in's when initializing globals. @@ -961,7 +961,7 @@ int yywrap() // prefixed and flattened version of the loaded file in BROPATH. The // flattening involves taking the path in BROPATH in which the // scanned file lives and replacing '/' path separators with a '.' If - // the scanned file is "__load__.bro", that part of the flattened + // the scanned file is "__load__.zeek", that part of the flattened // file name is discarded. If the prefix is non-empty, it gets placed // in front of the flattened path, separated with another '.' std::list::iterator it; diff --git a/src/types.bif b/src/types.bif index babccb0f0d..79f5780f52 100644 --- a/src/types.bif +++ b/src/types.bif @@ -141,7 +141,7 @@ enum createmode_t %{ %} # Declare record types that we want to access from the event engine. These are -# defined in init-bare.bro. +# defined in init-bare.zeek. type info_t: record; type fattr_t: record; type sattr_t: record; diff --git a/src/util.h b/src/util.h index bd1566080f..b63b74a3f7 100644 --- a/src/util.h +++ b/src/util.h @@ -309,7 +309,7 @@ std::string implode_string_vector(const std::vector& v, /** * Flatten a script name by replacing '/' path separators with '.'. - * @param file A path to a Bro script. If it is a __load__.bro, that part + * @param file A path to a Bro script. If it is a __load__.zeek, that part * is discarded when constructing the flattened the name. * @param prefix A string to prepend to the flattened script name. * @return The flattened script name. From 8bc65f09ec9f5cfafbf8bef96121a2b75af75d3e Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 11 Apr 2019 19:02:13 -0700 Subject: [PATCH 015/247] Cleanup/improve PList usage and Event API Majority of PLists are now created as automatic/stack objects, rather than on heap and initialized either with the known-capacity reserved upfront or directly from an initializer_list (so there's no wasted slack in the memory that gets allocated for lists containing a fixed/known number of elements). Added versions of the ConnectionEvent/QueueEvent methods that take a val_list by value. Added a move ctor/assign-operator to Plists to allow passing them around without having to copy the underlying array of pointers. --- src/Anon.cc | 8 +- src/Attr.cc | 2 +- src/BroList.h | 20 - src/Conn.cc | 92 ++-- src/Conn.h | 3 + src/DFA.h | 3 - src/DNS_Mgr.cc | 36 +- src/DNS_Mgr.h | 9 +- src/Discard.cc | 36 +- src/Event.cc | 43 +- src/Event.h | 28 +- src/EventHandler.cc | 9 +- src/EventRegistry.cc | 2 +- src/Expr.cc | 24 +- src/Expr.h | 2 +- src/File.cc | 20 +- src/ID.cc | 6 +- src/List.cc | 57 +- src/List.h | 55 +- src/PersistenceSerializer.cc | 3 +- src/RE.h | 3 - src/RemoteSerializer.cc | 52 +- src/Reporter.cc | 39 +- src/RuleAction.cc | 15 +- src/RuleCondition.cc | 2 +- src/Scope.cc | 3 + src/Serializer.cc | 7 +- src/Serializer.h | 2 +- src/Sessions.cc | 26 +- src/StateAccess.cc | 47 +- src/Stats.cc | 19 +- src/Stmt.cc | 20 +- src/Stmt.h | 3 + src/Type.cc | 2 +- src/Type.h | 3 + src/Val.cc | 49 +- src/Var.cc | 3 +- src/analyzer/Analyzer.cc | 27 +- src/analyzer/Analyzer.h | 6 + src/analyzer/protocol/arp/ARP.cc | 34 +- src/analyzer/protocol/backdoor/BackDoor.cc | 49 +- .../protocol/bittorrent/BitTorrent.cc | 10 +- .../protocol/bittorrent/BitTorrentTracker.cc | 48 +- src/analyzer/protocol/conn-size/ConnSize.cc | 10 +- src/analyzer/protocol/dns/DNS.cc | 274 +++++----- src/analyzer/protocol/file/File.cc | 13 +- src/analyzer/protocol/finger/Finger.cc | 24 +- src/analyzer/protocol/ftp/FTP.cc | 21 +- src/analyzer/protocol/gnutella/Gnutella.cc | 73 +-- src/analyzer/protocol/http/HTTP.cc | 130 +++-- src/analyzer/protocol/icmp/ICMP.cc | 147 +++-- src/analyzer/protocol/ident/Ident.cc | 39 +- src/analyzer/protocol/interconn/InterConn.cc | 16 +- src/analyzer/protocol/irc/IRC.cc | 510 +++++++++--------- src/analyzer/protocol/login/Login.cc | 79 ++- src/analyzer/protocol/login/NVT.cc | 9 +- src/analyzer/protocol/login/RSH.cc | 35 +- src/analyzer/protocol/login/Rlogin.cc | 10 +- src/analyzer/protocol/mime/MIME.cc | 79 ++- src/analyzer/protocol/ncp/NCP.cc | 26 +- src/analyzer/protocol/netbios/NetbiosSSN.cc | 30 +- src/analyzer/protocol/ntp/NTP.cc | 11 +- src/analyzer/protocol/pop3/POP3.cc | 17 +- src/analyzer/protocol/rpc/MOUNT.cc | 28 +- src/analyzer/protocol/rpc/MOUNT.h | 4 +- src/analyzer/protocol/rpc/NFS.cc | 28 +- src/analyzer/protocol/rpc/NFS.h | 4 +- src/analyzer/protocol/rpc/Portmap.cc | 22 +- src/analyzer/protocol/rpc/RPC.cc | 48 +- src/analyzer/protocol/smtp/SMTP.cc | 59 +- .../protocol/stepping-stone/SteppingStone.cc | 21 +- src/analyzer/protocol/tcp/TCP.cc | 92 ++-- src/analyzer/protocol/tcp/TCP_Endpoint.cc | 10 +- src/analyzer/protocol/tcp/TCP_Reassembler.cc | 57 +- src/analyzer/protocol/udp/UDP.cc | 10 +- src/broker/Manager.cc | 35 +- src/broker/messaging.bif | 8 +- src/file_analysis/File.cc | 53 +- src/file_analysis/File.h | 6 + src/file_analysis/Manager.cc | 11 +- .../analyzer/data_event/DataEvent.cc | 20 +- src/file_analysis/analyzer/entropy/Entropy.cc | 9 +- src/file_analysis/analyzer/extract/Extract.cc | 12 +- src/file_analysis/analyzer/hash/Hash.cc | 11 +- .../analyzer/unified2/unified2-analyzer.pac | 27 +- src/file_analysis/analyzer/x509/OCSP.cc | 86 ++- src/file_analysis/analyzer/x509/X509.cc | 27 +- src/file_analysis/analyzer/x509/X509Common.cc | 17 +- src/input/Manager.cc | 25 +- src/logging/Manager.cc | 26 +- src/main.cc | 22 +- src/option.bif | 6 +- 92 files changed, 1585 insertions(+), 1679 deletions(-) diff --git a/src/Anon.cc b/src/Anon.cc index a2afc489ca..de225e95a8 100644 --- a/src/Anon.cc +++ b/src/Anon.cc @@ -415,10 +415,10 @@ void log_anonymization_mapping(ipaddr32_t input, ipaddr32_t output) { if ( anonymization_mapping ) { - val_list* vl = new val_list; - vl->append(new AddrVal(input)); - vl->append(new AddrVal(output)); - mgr.QueueEvent(anonymization_mapping, vl); + mgr.QueueEvent(anonymization_mapping, { + new AddrVal(input), + new AddrVal(output) + }); } } diff --git a/src/Attr.cc b/src/Attr.cc index 47ea7d4f06..0e6db9c068 100644 --- a/src/Attr.cc +++ b/src/Attr.cc @@ -141,7 +141,7 @@ Attributes::~Attributes() void Attributes::AddAttr(Attr* attr) { if ( ! attrs ) - attrs = new attr_list; + attrs = new attr_list(1); if ( ! attr->RedundantAttrOkay() ) // We overwrite old attributes by deleting them first. diff --git a/src/BroList.h b/src/BroList.h index 6168bf7bda..0aa94d55ec 100644 --- a/src/BroList.h +++ b/src/BroList.h @@ -13,10 +13,6 @@ class ID; declare(PList,ID); typedef PList(ID) id_list; -class HashKey; -declare(PList,HashKey); -typedef PList(HashKey) hash_key_list; - class Val; declare(PList,Val); typedef PList(Val) val_list; @@ -29,28 +25,12 @@ class BroType; declare(PList,BroType); typedef PList(BroType) type_list; -class TypeDecl; -declare(PList,TypeDecl); -typedef PList(TypeDecl) type_decl_list; - -class Case; -declare(PList,Case); -typedef PList(Case) case_list; - class Attr; declare(PList,Attr); typedef PList(Attr) attr_list; -class Scope; -declare(PList,Scope); -typedef PList(Scope) scope_list; - class Timer; declare(PList,Timer); typedef PList(Timer) timer_list; -class DNS_Mgr_Request; -declare(PList,DNS_Mgr_Request); -typedef PList(DNS_Mgr_Request) DNS_mgr_request_list; - #endif diff --git a/src/Conn.cc b/src/Conn.cc index 03ecf32703..494d2d21c4 100644 --- a/src/Conn.cc +++ b/src/Conn.cc @@ -325,12 +325,11 @@ void Connection::HistoryThresholdEvent(EventHandlerPtr e, bool is_orig, // and at this stage it's not a *multiple* instance. return; - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(val_mgr->GetCount(threshold)); - - ConnectionEvent(e, 0, vl); + ConnectionEvent(e, 0, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + val_mgr->GetCount(threshold) + }); } void Connection::DeleteTimer(double /* t */) @@ -390,9 +389,7 @@ void Connection::EnableStatusUpdateTimer() void Connection::StatusUpdateTimer(double t) { - val_list* vl = new val_list(1); - vl->append(BuildConnVal()); - ConnectionEvent(connection_status_update, 0, vl); + ConnectionEvent(connection_status_update, 0, { BuildConnVal() }); ADD_TIMER(&Connection::StatusUpdateTimer, network_time + connection_status_update_interval, 0, TIMER_CONN_STATUS_UPDATE); @@ -630,23 +627,23 @@ int Connection::VersionFoundEvent(const IPAddr& addr, const char* s, int len, { if ( software_parse_error ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new AddrVal(addr)); - vl->append(new StringVal(len, s)); - ConnectionEvent(software_parse_error, analyzer, vl); + ConnectionEvent(software_parse_error, analyzer, { + BuildConnVal(), + new AddrVal(addr), + new StringVal(len, s), + }); } return 0; } if ( software_version_found ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new AddrVal(addr)); - vl->append(val); - vl->append(new StringVal(len, s)); - ConnectionEvent(software_version_found, 0, vl); + ConnectionEvent(software_version_found, 0, { + BuildConnVal(), + new AddrVal(addr), + val, + new StringVal(len, s), + }); } else Unref(val); @@ -669,11 +666,11 @@ int Connection::UnparsedVersionFoundEvent(const IPAddr& addr, if ( software_unparsed_version_found ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new AddrVal(addr)); - vl->append(new StringVal(len, full)); - ConnectionEvent(software_unparsed_version_found, analyzer, vl); + ConnectionEvent(software_unparsed_version_found, analyzer, { + BuildConnVal(), + new AddrVal(addr), + new StringVal(len, full), + }); } return 1; @@ -684,12 +681,11 @@ void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, const ch if ( ! f ) return; - val_list* vl = new val_list(2); if ( name ) - vl->append(new StringVal(name)); - vl->append(BuildConnVal()); + ConnectionEvent(f, analyzer, {new StringVal(name), BuildConnVal()}); + else + ConnectionEvent(f, analyzer, {BuildConnVal()}); - ConnectionEvent(f, analyzer, vl); } void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, Val* v1, Val* v2) @@ -701,33 +697,35 @@ void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, Val* v1, return; } - val_list* vl = new val_list(3); - vl->append(BuildConnVal()); - vl->append(v1); - if ( v2 ) - vl->append(v2); - - ConnectionEvent(f, analyzer, vl); + ConnectionEvent(f, analyzer, {BuildConnVal(), v1, v2}); + else + ConnectionEvent(f, analyzer, {BuildConnVal(), v1}); } -void Connection::ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* a, val_list* vl) +void Connection::ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* a, val_list vl) { if ( ! f ) { // This may actually happen if there is no local handler // and a previously existing remote handler went away. - loop_over_list(*vl, i) - Unref((*vl)[i]); - delete vl; + loop_over_list(vl, i) + Unref(vl[i]); + return; } // "this" is passed as a cookie for the event - mgr.QueueEvent(f, vl, SOURCE_LOCAL, + mgr.QueueEvent(f, std::move(vl), SOURCE_LOCAL, a ? a->GetID() : 0, GetTimerMgr(), this); } +void Connection::ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* a, val_list* vl) + { + ConnectionEvent(f, a, std::move(*vl)); + delete vl; + } + void Connection::Weird(const char* name, const char* addl) { weird = 1; @@ -1055,12 +1053,12 @@ void Connection::CheckFlowLabel(bool is_orig, uint32 flow_label) if ( connection_flow_label_changed && (is_orig ? saw_first_orig_packet : saw_first_resp_packet) ) { - val_list* vl = new val_list(4); - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(val_mgr->GetCount(my_flow_label)); - vl->append(val_mgr->GetCount(flow_label)); - ConnectionEvent(connection_flow_label_changed, 0, vl); + ConnectionEvent(connection_flow_label_changed, 0, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + val_mgr->GetCount(my_flow_label), + val_mgr->GetCount(flow_label), + }); } my_flow_label = flow_label; diff --git a/src/Conn.h b/src/Conn.h index e49314968a..2622134f2a 100644 --- a/src/Conn.h +++ b/src/Conn.h @@ -176,8 +176,11 @@ public: void Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, const char* name = 0); void Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, Val* v1, Val* v2 = 0); + void ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* analyzer, val_list* vl); + void ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* analyzer, + val_list vl); void Weird(const char* name, const char* addl = ""); bool DidWeird() const { return weird != 0; } diff --git a/src/DFA.h b/src/DFA.h index 2f06f4e98f..1b58774da0 100644 --- a/src/DFA.h +++ b/src/DFA.h @@ -111,9 +111,6 @@ private: PDict(CacheEntry) states; }; -declare(PList,DFA_State); -typedef PList(DFA_State) DFA_state_list; - class DFA_Machine : public BroObj { public: DFA_Machine(NFA_Machine* n, EquivClass* ec); diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index 2fff6903b0..c72e66f0bf 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -699,25 +699,27 @@ int DNS_Mgr::Save() return 1; } +void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* dm) + { + if ( ! e ) + return; + + mgr.QueueEvent(e, {BuildMappingVal(dm)}); + } + void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* dm, ListVal* l1, ListVal* l2) { if ( ! e ) return; - val_list* vl = new val_list; - vl->append(BuildMappingVal(dm)); + Unref(l1); + Unref(l2); - if ( l1 ) - { - vl->append(l1->ConvertToSet()); - if ( l2 ) - vl->append(l2->ConvertToSet()); - - Unref(l1); - Unref(l2); - } - - mgr.QueueEvent(e, vl); + mgr.QueueEvent(e, { + BuildMappingVal(dm), + l1->ConvertToSet(), + l2->ConvertToSet(), + }); } void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* old_dm, DNS_Mapping* new_dm) @@ -725,10 +727,10 @@ void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* old_dm, DNS_Mapping* new_dm) if ( ! e ) return; - val_list* vl = new val_list; - vl->append(BuildMappingVal(old_dm)); - vl->append(BuildMappingVal(new_dm)); - mgr.QueueEvent(e, vl); + mgr.QueueEvent(e, { + BuildMappingVal(old_dm), + BuildMappingVal(new_dm), + }); } Val* DNS_Mgr::BuildMappingVal(DNS_Mapping* dm) diff --git a/src/DNS_Mgr.h b/src/DNS_Mgr.h index 0358ceba18..24d1e4c850 100644 --- a/src/DNS_Mgr.h +++ b/src/DNS_Mgr.h @@ -9,7 +9,7 @@ #include #include "util.h" -#include "BroList.h" +#include "List.h" #include "Dict.h" #include "EventHandler.h" #include "iosource/IOSource.h" @@ -23,6 +23,9 @@ class EventHandler; class RecordType; class DNS_Mgr_Request; +declare(PList,DNS_Mgr_Request); +typedef PList(DNS_Mgr_Request) DNS_mgr_request_list; + struct nb_dns_info; struct nb_dns_result; @@ -96,8 +99,8 @@ protected: friend class LookupCallback; friend class DNS_Mgr_Request; - void Event(EventHandlerPtr e, DNS_Mapping* dm, - ListVal* l1 = 0, ListVal* l2 = 0); + void Event(EventHandlerPtr e, DNS_Mapping* dm); + void Event(EventHandlerPtr e, DNS_Mapping* dm, ListVal* l1, ListVal* l2); void Event(EventHandlerPtr e, DNS_Mapping* old_dm, DNS_Mapping* new_dm); Val* BuildMappingVal(DNS_Mapping* dm); diff --git a/src/Discard.cc b/src/Discard.cc index 2a20c897aa..d1acd80b4d 100644 --- a/src/Discard.cc +++ b/src/Discard.cc @@ -33,12 +33,11 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen) if ( check_ip ) { - val_list* args = new val_list; - args->append(ip->BuildPktHdrVal()); + val_list args{ip->BuildPktHdrVal()}; try { - discard_packet = check_ip->Call(args)->AsBool(); + discard_packet = check_ip->Call(&args)->AsBool(); } catch ( InterpreterException& e ) @@ -46,8 +45,6 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen) discard_packet = false; } - delete args; - if ( discard_packet ) return discard_packet; } @@ -88,21 +85,20 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen) const struct tcphdr* tp = (const struct tcphdr*) data; int th_len = tp->th_off * 4; - val_list* args = new val_list; - args->append(ip->BuildPktHdrVal()); - args->append(BuildData(data, th_len, len, caplen)); + val_list args{ + ip->BuildPktHdrVal(), + BuildData(data, th_len, len, caplen), + }; try { - discard_packet = check_tcp->Call(args)->AsBool(); + discard_packet = check_tcp->Call(&args)->AsBool(); } catch ( InterpreterException& e ) { discard_packet = false; } - - delete args; } } @@ -113,21 +109,20 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen) const struct udphdr* up = (const struct udphdr*) data; int uh_len = sizeof (struct udphdr); - val_list* args = new val_list; - args->append(ip->BuildPktHdrVal()); - args->append(BuildData(data, uh_len, len, caplen)); + val_list args{ + ip->BuildPktHdrVal(), + BuildData(data, uh_len, len, caplen), + }; try { - discard_packet = check_udp->Call(args)->AsBool(); + discard_packet = check_udp->Call(&args)->AsBool(); } catch ( InterpreterException& e ) { discard_packet = false; } - - delete args; } } @@ -137,20 +132,17 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen) { const struct icmp* ih = (const struct icmp*) data; - val_list* args = new val_list; - args->append(ip->BuildPktHdrVal()); + val_list args{ip->BuildPktHdrVal()}; try { - discard_packet = check_icmp->Call(args)->AsBool(); + discard_packet = check_icmp->Call(&args)->AsBool(); } catch ( InterpreterException& e ) { discard_packet = false; } - - delete args; } } diff --git a/src/Event.cc b/src/Event.cc index 36ba2dfc3c..26ca874c2a 100644 --- a/src/Event.cc +++ b/src/Event.cc @@ -13,28 +13,27 @@ EventMgr mgr; uint64 num_events_queued = 0; uint64 num_events_dispatched = 0; +Event::Event(EventHandlerPtr arg_handler, val_list arg_args, + SourceID arg_src, analyzer::ID arg_aid, TimerMgr* arg_mgr, + BroObj* arg_obj) + : handler(arg_handler), + args(std::move(arg_args)), + src(arg_src), + aid(arg_aid), + mgr(arg_mgr ? arg_mgr : timer_mgr), + obj(arg_obj), + next_event(nullptr) + { + if ( obj ) + Ref(obj); + } + Event::Event(EventHandlerPtr arg_handler, val_list* arg_args, SourceID arg_src, analyzer::ID arg_aid, TimerMgr* arg_mgr, BroObj* arg_obj) + : Event(arg_handler, std::move(*arg_args), arg_src, arg_aid, arg_mgr, arg_obj) { - handler = arg_handler; - args = arg_args; - src = arg_src; - mgr = arg_mgr ? arg_mgr : timer_mgr; // default is global - aid = arg_aid; - obj = arg_obj; - - if ( obj ) - Ref(obj); - - next_event = 0; - } - -Event::~Event() - { - // We don't Unref() the individual arguments by using delete_vals() - // here, because Func::Call already did that. - delete args; + delete arg_args; } void Event::Describe(ODesc* d) const @@ -49,7 +48,7 @@ void Event::Describe(ODesc* d) const if ( ! d->IsBinary() ) d->Add("("); - describe_vals(args, d); + describe_vals(&args, d); if ( ! d->IsBinary() ) d->Add("("); } @@ -62,7 +61,7 @@ void Event::Dispatch(bool no_remote) if ( event_serializer ) { SerialInfo info(event_serializer); - event_serializer->Serialize(&info, handler->Name(), args); + event_serializer->Serialize(&info, handler->Name(), &args); } if ( handler->ErrorHandler() ) @@ -70,7 +69,7 @@ void Event::Dispatch(bool no_remote) try { - handler->Call(args, no_remote); + handler->Call(&args, no_remote); } catch ( InterpreterException& e ) @@ -129,7 +128,7 @@ void EventMgr::QueueEvent(Event* event) void EventMgr::Drain() { if ( event_queue_flush_point ) - QueueEvent(event_queue_flush_point, new val_list()); + QueueEvent(event_queue_flush_point, val_list{}); SegmentProfiler(segment_logger, "draining-events"); diff --git a/src/Event.h b/src/Event.h index 69860daf50..9ee30ae674 100644 --- a/src/Event.h +++ b/src/Event.h @@ -11,12 +11,17 @@ class EventMgr; +// We don't Unref() the individual arguments by using delete_vals() +// in a dtor because Func::Call already does that. class Event : public BroObj { public: + Event(EventHandlerPtr handler, val_list args, + SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, + TimerMgr* mgr = 0, BroObj* obj = 0); + Event(EventHandlerPtr handler, val_list* args, SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, TimerMgr* mgr = 0, BroObj* obj = 0); - ~Event() override; void SetNext(Event* n) { next_event = n; } Event* NextEvent() const { return next_event; } @@ -25,7 +30,7 @@ public: analyzer::ID Analyzer() const { return aid; } TimerMgr* Mgr() const { return mgr; } EventHandlerPtr Handler() const { return handler; } - val_list* Args() const { return args; } + const val_list* Args() const { return &args; } void Describe(ODesc* d) const override; @@ -37,7 +42,7 @@ protected: void Dispatch(bool no_remote = false); EventHandlerPtr handler; - val_list* args; + val_list args; SourceID src; analyzer::ID aid; TimerMgr* mgr; @@ -53,14 +58,25 @@ public: EventMgr(); ~EventMgr() override; - void QueueEvent(const EventHandlerPtr &h, val_list* vl, + void QueueEvent(const EventHandlerPtr &h, val_list vl, SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, TimerMgr* mgr = 0, BroObj* obj = 0) { if ( h ) - QueueEvent(new Event(h, vl, src, aid, mgr, obj)); + QueueEvent(new Event(h, std::move(vl), src, aid, mgr, obj)); else - delete_vals(vl); + { + loop_over_list(vl, i) + Unref(vl[i]); + } + } + + void QueueEvent(const EventHandlerPtr &h, val_list* vl, + SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, + TimerMgr* mgr = 0, BroObj* obj = 0) + { + QueueEvent(h, std::move(*vl), src, aid, mgr, obj); + delete vl; } void Dispatch(Event* event, bool no_remote = false) diff --git a/src/EventHandler.cc b/src/EventHandler.cc index 00b19f7832..08e8728d6f 100644 --- a/src/EventHandler.cc +++ b/src/EventHandler.cc @@ -172,11 +172,10 @@ void EventHandler::NewEvent(val_list* vl) vargs->Assign(i, rec); } - val_list* mvl = new val_list(2); - mvl->append(new StringVal(name)); - mvl->append(vargs); - - Event* ev = new Event(new_event, mvl); + Event* ev = new Event(new_event, { + new StringVal(name), + vargs, + }); mgr.Dispatch(ev); } diff --git a/src/EventRegistry.cc b/src/EventRegistry.cc index 875d6d6b26..e28c7b4176 100644 --- a/src/EventRegistry.cc +++ b/src/EventRegistry.cc @@ -73,7 +73,7 @@ EventRegistry::string_list* EventRegistry::UsedHandlers() EventRegistry::string_list* EventRegistry::AllHandlers() { - string_list* names = new string_list; + string_list* names = new string_list(handlers.Length()); IterCookie* c = handlers.InitForIteration(); diff --git a/src/Expr.cc b/src/Expr.cc index 737a9455ca..ff039ece35 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -2565,7 +2565,7 @@ bool AssignExpr::TypeCheck(attr_list* attrs) if ( attrs ) { - attr_copy = new attr_list; + attr_copy = new attr_list(attrs->length()); loop_over_list(*attrs, i) attr_copy->append((*attrs)[i]); } @@ -2634,7 +2634,7 @@ bool AssignExpr::TypeCheck(attr_list* attrs) if ( sce->Attrs() ) { attr_list* a = sce->Attrs()->Attrs(); - attrs = new attr_list; + attrs = new attr_list(a->length()); loop_over_list(*a, i) attrs->append((*a)[i]); } @@ -3467,9 +3467,9 @@ RecordConstructorExpr::RecordConstructorExpr(ListExpr* constructor_list) // Spin through the list, which should be comprised only of // record-field-assign expressions, and build up a // record type to associate with this constructor. - type_decl_list* record_types = new type_decl_list; - const expr_list& exprs = constructor_list->Exprs(); + type_decl_list* record_types = new type_decl_list(exprs.length()); + loop_over_list(exprs, i) { Expr* e = exprs[i]; @@ -4469,11 +4469,12 @@ bool FlattenExpr::DoUnserialize(UnserialInfo* info) ScheduleTimer::ScheduleTimer(EventHandlerPtr arg_event, val_list* arg_args, double t, TimerMgr* arg_tmgr) -: Timer(t, TIMER_SCHEDULE) + : Timer(t, TIMER_SCHEDULE), + event(arg_event), + args(std::move(*arg_args)), + tmgr(arg_tmgr) { - event = arg_event; - args = arg_args; - tmgr = arg_tmgr; + delete arg_args; } ScheduleTimer::~ScheduleTimer() @@ -4482,7 +4483,7 @@ ScheduleTimer::~ScheduleTimer() void ScheduleTimer::Dispatch(double /* t */, int /* is_expire */) { - mgr.QueueEvent(event, args, SOURCE_LOCAL, 0, tmgr); + mgr.QueueEvent(event, std::move(args), SOURCE_LOCAL, 0, tmgr); } ScheduleExpr::ScheduleExpr(Expr* arg_when, EventExpr* arg_event) @@ -4998,7 +4999,8 @@ Val* EventExpr::Eval(Frame* f) const return 0; val_list* v = eval_list(f, args); - mgr.QueueEvent(handler, v); + mgr.QueueEvent(handler, std::move(*v)); + delete v; return 0; } @@ -5128,7 +5130,7 @@ BroType* ListExpr::InitType() const if ( exprs[0]->IsRecordElement(0) ) { - type_decl_list* types = new type_decl_list; + type_decl_list* types = new type_decl_list(exprs.length()); loop_over_list(exprs, i) { TypeDecl* td = new TypeDecl(0, 0); diff --git a/src/Expr.h b/src/Expr.h index 820de2b876..e268f07648 100644 --- a/src/Expr.h +++ b/src/Expr.h @@ -937,7 +937,7 @@ public: protected: EventHandlerPtr event; - val_list* args; + val_list args; TimerMgr* tmgr; }; diff --git a/src/File.cc b/src/File.cc index 609ea4f0ac..d7a213237f 100644 --- a/src/File.cc +++ b/src/File.cc @@ -65,10 +65,8 @@ void RotateTimer::Dispatch(double t, int is_expire) { if ( raise ) { - val_list* vl = new val_list; Ref(file); - vl->append(new Val(file)); - mgr.QueueEvent(rotate_interval, vl); + mgr.QueueEvent(rotate_interval, {new Val(file)}); } file->InstallRotateTimer(); @@ -641,19 +639,15 @@ void BroFile::CloseCachedFiles() // Send final rotate events (immediately). if ( f->rotate_interval ) { - val_list* vl = new val_list; Ref(f); - vl->append(new Val(f)); - Event* event = new Event(::rotate_interval, vl); + Event* event = new Event(::rotate_interval, {new Val(f)}); mgr.Dispatch(event, true); } if ( f->rotate_size ) { - val_list* vl = new val_list; Ref(f); - vl->append(new Val(f)); - Event* event = new ::Event(::rotate_size, vl); + Event* event = new ::Event(::rotate_size, {new Val(f)}); mgr.Dispatch(event, true); } @@ -801,9 +795,7 @@ int BroFile::Write(const char* data, int len) if ( rotate_size && current_size < rotate_size && current_size + len >= rotate_size ) { - val_list* vl = new val_list; - vl->append(new Val(this)); - mgr.QueueEvent(::rotate_size, vl); + mgr.QueueEvent(::rotate_size, {new Val(this)}); } // This does not work if we seek around. But none of the logs does that @@ -818,10 +810,8 @@ void BroFile::RaiseOpenEvent() if ( ! ::file_opened ) return; - val_list* vl = new val_list; Ref(this); - vl->append(new Val(this)); - Event* event = new ::Event(::file_opened, vl); + Event* event = new ::Event(::file_opened, {new Val(this)}); mgr.Dispatch(event, true); } diff --git a/src/ID.cc b/src/ID.cc index fd99d7c937..faa11b3408 100644 --- a/src/ID.cc +++ b/src/ID.cc @@ -258,8 +258,7 @@ void ID::MakeDeprecated() if ( IsDeprecated() ) return; - attr_list* attr = new attr_list; - attr->append(new Attr(ATTR_DEPRECATED)); + attr_list* attr = new attr_list{new Attr(ATTR_DEPRECATED)}; AddAttrs(new Attributes(attr, Type(), false)); } @@ -305,8 +304,7 @@ void ID::SetOption() // option implied redefinable if ( ! IsRedefinable() ) { - attr_list* attr = new attr_list; - attr->append(new Attr(ATTR_REDEF)); + attr_list* attr = new attr_list{new Attr(ATTR_REDEF)}; AddAttrs(new Attributes(attr, Type(), false)); } } diff --git a/src/List.cc b/src/List.cc index 0f7f706bcd..86129ccfa0 100644 --- a/src/List.cc +++ b/src/List.cc @@ -12,11 +12,13 @@ BaseList::BaseList(int size) { num_entries = 0; - max_entries = 0; - entry = 0; if ( size <= 0 ) + { + max_entries = 0; + entry = 0; return; + } max_entries = size; @@ -24,7 +26,7 @@ BaseList::BaseList(int size) } -BaseList::BaseList(BaseList& b) +BaseList::BaseList(const BaseList& b) { max_entries = b.max_entries; num_entries = b.num_entries; @@ -38,18 +40,34 @@ BaseList::BaseList(BaseList& b) entry[i] = b.entry[i]; } +BaseList::BaseList(BaseList&& b) + { + entry = b.entry; + num_entries = b.num_entries; + max_entries = b.max_entries; + + b.entry = 0; + b.num_entries = b.max_entries = 0; + } + +BaseList::BaseList(const ent* arr, int n) + { + num_entries = max_entries = n; + entry = (ent*) safe_malloc(max_entries * sizeof(ent)); + memcpy(entry, arr, n * sizeof(ent)); + } + void BaseList::sort(list_cmp_func cmp_func) { qsort(entry, num_entries, sizeof(ent), cmp_func); } -void BaseList::operator=(BaseList& b) +BaseList& BaseList::operator=(const BaseList& b) { if ( this == &b ) - return; // i.e., this already equals itself + return *this; - if ( entry ) - free(entry); + free(entry); max_entries = b.max_entries; num_entries = b.num_entries; @@ -61,6 +79,23 @@ void BaseList::operator=(BaseList& b) for ( int i = 0; i < num_entries; ++i ) entry[i] = b.entry[i]; + + return *this; + } + +BaseList& BaseList::operator=(BaseList&& b) + { + if ( this == &b ) + return *this; + + free(entry); + entry = b.entry; + num_entries = b.num_entries; + max_entries = b.max_entries; + + b.entry = 0; + b.num_entries = b.max_entries = 0; + return *this; } void BaseList::insert(ent a) @@ -145,12 +180,8 @@ ent BaseList::get() void BaseList::clear() { - if ( entry ) - { - free(entry); - entry = 0; - } - + free(entry); + entry = 0; num_entries = max_entries = 0; } diff --git a/src/List.h b/src/List.h index 6fb2bbcec6..15e99eb0dd 100644 --- a/src/List.h +++ b/src/List.h @@ -20,6 +20,8 @@ // Entries must be either a pointer to the data or nonzero data with // sizeof(data) <= sizeof(void*). +#include +#include #include #include "util.h" @@ -28,8 +30,6 @@ typedef int (*list_cmp_func)(const void* v1, const void* v2); class BaseList { public: - ~BaseList() { clear(); } - void clear(); // remove all entries int length() const { return num_entries; } int max() const { return max_entries; } @@ -41,8 +41,14 @@ public: { return padded_sizeof(*this) + pad_size(max_entries * sizeof(ent)); } protected: + ~BaseList() { free(entry); } explicit BaseList(int = 0); - BaseList(BaseList&); + BaseList(const BaseList&); + BaseList(BaseList&&); + BaseList(const ent* arr, int n); + + BaseList& operator=(const BaseList&); + BaseList& operator=(BaseList&&); void insert(ent); // add at head of list @@ -75,7 +81,29 @@ protected: return entry[i]; } - void operator=(BaseList&); + // This could essentially be an std::vector if we wanted. Some + // reasons to maybe not refactor to use std::vector ? + // + // - Harder to use a custom growth factor. Also, the growth + // factor would be implementation-specific, taking some control over + // performance out of our hands. + // + // - It won't ever take advantage of realloc's occasional ability to + // grow in-place. + // + // - Combine above point this with lack of control of growth + // factor means the common choice of 2x growth factor causes + // a growth pattern that crawls forward in memory with no possible + // re-use of previous chunks (the new capacity is always larger than + // all previously allocated chunks combined). This point and + // whether 2x is empirically an issue still seems debated (at least + // GCC seems to stand by 2x as empirically better). + // + // - Sketchy shrinking behavior: standard says that requests to + // shrink are non-binding (it's expected implementations heed, but + // still not great to have no guarantee). Also, it would not take + // advantage of realloc's ability to contract in-place, it would + // allocate-and-copy. ent* entry; int max_entries; @@ -103,10 +131,13 @@ struct List(type) : BaseList \ explicit List(type)(type ...); \ List(type)() : BaseList(0) {} \ explicit List(type)(int sz) : BaseList(sz) {} \ - List(type)(List(type)& l) : BaseList((BaseList&)l) {} \ + List(type)(const List(type)& l) : BaseList(l) {} \ + List(type)(List(type)&& l) : BaseList(std::move(l)) {} \ \ - void operator=(List(type)& l) \ - { BaseList::operator=((BaseList&)l); } \ + List(type)& operator=(const List(type)& l) \ + { return (List(type)&) BaseList::operator=(l); } \ + List(type)& operator=(List(type)&& l) \ + { return (List(type)&) BaseList::operator=(std::move(l)); } \ void insert(type a) { BaseList::insert(ent(a)); } \ void sortedinsert(type a, list_cmp_func cmp_func) \ { BaseList::sortedinsert(ent(a), cmp_func); } \ @@ -144,10 +175,14 @@ struct PList(type) : BaseList \ explicit PList(type)(type* ...); \ PList(type)() : BaseList(0) {} \ explicit PList(type)(int sz) : BaseList(sz) {} \ - PList(type)(PList(type)& l) : BaseList((BaseList&)l) {} \ + PList(type)(const PList(type)& l) : BaseList(l) {} \ + PList(type)(PList(type)&& l) : BaseList(std::move(l)) {} \ + PList(type)(std::initializer_list il) : BaseList((const ent*)il.begin(), il.size()) {} \ \ - void operator=(PList(type)& l) \ - { BaseList::operator=((BaseList&)l); } \ + PList(type)& operator=(const PList(type)& l) \ + { return (PList(type)&) BaseList::operator=(l); } \ + PList(type)& operator=(PList(type)&& l) \ + { return (PList(type)&) BaseList::operator=(std::move(l)); } \ void insert(type* a) { BaseList::insert(ent(a)); } \ void sortedinsert(type* a, list_cmp_func cmp_func) \ { BaseList::sortedinsert(ent(a), cmp_func); } \ diff --git a/src/PersistenceSerializer.cc b/src/PersistenceSerializer.cc index ae5c531aa7..6f4082314f 100644 --- a/src/PersistenceSerializer.cc +++ b/src/PersistenceSerializer.cc @@ -201,7 +201,8 @@ void PersistenceSerializer::RaiseFinishedSendState() void PersistenceSerializer::GotEvent(const char* name, double time, EventHandlerPtr event, val_list* args) { - mgr.QueueEvent(event, args); + mgr.QueueEvent(event, std::move(*args)); + delete args; } void PersistenceSerializer::GotFunctionCall(const char* name, double time, diff --git a/src/RE.h b/src/RE.h index 06b0699864..286eb1b44d 100644 --- a/src/RE.h +++ b/src/RE.h @@ -229,9 +229,6 @@ protected: Specific_RE_Matcher* re_exact; }; -declare(PList, RE_Matcher); -typedef PList(RE_Matcher) re_matcher_list; - extern RE_Matcher* RE_Matcher_conjunction(const RE_Matcher* re1, const RE_Matcher* re2); extern RE_Matcher* RE_Matcher_disjunction(const RE_Matcher* re1, const RE_Matcher* re2); diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc index f55fba167c..3abd8e6423 100644 --- a/src/RemoteSerializer.cc +++ b/src/RemoteSerializer.cc @@ -1435,7 +1435,9 @@ void RemoteSerializer::Process() break; BufferedEvent* be = events[0]; - ::Event* event = new ::Event(be->handler, be->args, be->src); + ::Event* event = new ::Event(be->handler, std::move(*be->args), be->src); + delete be->args; + be->args = nullptr; Peer* old_current_peer = current_peer; // Prevent the source peer from getting the event back. @@ -2260,14 +2262,14 @@ bool RemoteSerializer::ProcessPongMsg() ping_args* args = (ping_args*) current_args->data; - val_list* vl = new val_list; - vl->append(current_peer->val->Ref()); - vl->append(val_mgr->GetCount((unsigned int) ntohl(args->seq))); - vl->append(new Val(current_time(true) - ntohd(args->time1), - TYPE_INTERVAL)); - vl->append(new Val(ntohd(args->time2), TYPE_INTERVAL)); - vl->append(new Val(ntohd(args->time3), TYPE_INTERVAL)); - mgr.QueueEvent(remote_pong, vl); + mgr.QueueEvent(remote_pong, { + current_peer->val->Ref(), + val_mgr->GetCount((unsigned int) ntohl(args->seq)), + new Val(current_time(true) - ntohd(args->time1), + TYPE_INTERVAL), + new Val(ntohd(args->time2), TYPE_INTERVAL), + new Val(ntohd(args->time3), TYPE_INTERVAL) + }); return true; } @@ -3006,20 +3008,20 @@ void RemoteSerializer::Log(LogLevel level, const char* msg, Peer* peer, { if ( peer ) { - val_list* vl = new val_list(); - vl->append(peer->val->Ref()); - vl->append(val_mgr->GetCount(level)); - vl->append(val_mgr->GetCount(src)); - vl->append(new StringVal(msg)); - mgr.QueueEvent(remote_log_peer, vl); + mgr.QueueEvent(remote_log_peer, { + peer->val->Ref(), + val_mgr->GetCount(level), + val_mgr->GetCount(src), + new StringVal(msg) + }); } else { - val_list* vl = new val_list(); - vl->append(val_mgr->GetCount(level)); - vl->append(val_mgr->GetCount(src)); - vl->append(new StringVal(msg)); - mgr.QueueEvent(remote_log, vl); + mgr.QueueEvent(remote_log, { + val_mgr->GetCount(level), + val_mgr->GetCount(src), + new StringVal(msg) + }); } #ifdef DEBUG @@ -3041,27 +3043,27 @@ void RemoteSerializer::Log(LogLevel level, const char* msg, Peer* peer, void RemoteSerializer::RaiseEvent(EventHandlerPtr event, Peer* peer, const char* arg) { - val_list* vl = new val_list; + val_list vl(1 + (bool)arg); if ( peer ) { Ref(peer->val); - vl->append(peer->val); + vl.append(peer->val); } else { Val* v = mgr.GetLocalPeerVal(); v->Ref(); - vl->append(v); + vl.append(v); } if ( arg ) - vl->append(new StringVal(arg)); + vl.append(new StringVal(arg)); // If we only have remote sources, the network time // will not increase as long as no peers are connected. // Therefore, we send these events immediately. - mgr.Dispatch(new Event(event, vl, PEER_LOCAL)); + mgr.Dispatch(new Event(event, std::move(vl), PEER_LOCAL)); } void RemoteSerializer::LogStats() diff --git a/src/Reporter.cc b/src/Reporter.cc index 413f89b9ea..9821911d17 100644 --- a/src/Reporter.cc +++ b/src/Reporter.cc @@ -216,36 +216,30 @@ void Reporter::Syslog(const char* fmt, ...) void Reporter::WeirdHelper(EventHandlerPtr event, Val* conn_val, file_analysis::File* f, const char* addl, const char* fmt_name, ...) { - val_list* vl = new val_list(1); + val_list vl(2); if ( conn_val ) - vl->append(conn_val); + vl.append(conn_val); else if ( f ) - vl->append(f->GetVal()->Ref()); + vl.append(f->GetVal()->Ref()); if ( addl ) - vl->append(new StringVal(addl)); + vl.append(new StringVal(addl)); va_list ap; va_start(ap, fmt_name); - DoLog("weird", event, 0, 0, vl, false, false, 0, fmt_name, ap); + DoLog("weird", event, 0, 0, &vl, false, false, 0, fmt_name, ap); va_end(ap); - - delete vl; } void Reporter::WeirdFlowHelper(const IPAddr& orig, const IPAddr& resp, const char* fmt_name, ...) { - val_list* vl = new val_list(2); - vl->append(new AddrVal(orig)); - vl->append(new AddrVal(resp)); + val_list vl{new AddrVal(orig), new AddrVal(resp)}; va_list ap; va_start(ap, fmt_name); - DoLog("weird", flow_weird, 0, 0, vl, false, false, 0, fmt_name, ap); + DoLog("weird", flow_weird, 0, 0, &vl, false, false, 0, fmt_name, ap); va_end(ap); - - delete vl; } void Reporter::UpdateWeirdStats(const char* name) @@ -489,29 +483,32 @@ void Reporter::DoLog(const char* prefix, EventHandlerPtr event, FILE* out, if ( raise_event && event && via_events && ! in_error_handler ) { - val_list* vl = new val_list; + auto vl_size = 1 + (bool)time + (bool)location + (bool)conn + + (addl ? addl->length() : 0); + + val_list vl(vl_size); if ( time ) - vl->append(new Val((bro_start_network_time != 0.0) ? network_time : 0, TYPE_TIME)); + vl.append(new Val((bro_start_network_time != 0.0) ? network_time : 0, TYPE_TIME)); - vl->append(new StringVal(buffer)); + vl.append(new StringVal(buffer)); if ( location ) - vl->append(new StringVal(loc_str.c_str())); + vl.append(new StringVal(loc_str.c_str())); if ( conn ) - vl->append(conn->BuildConnVal()); + vl.append(conn->BuildConnVal()); if ( addl ) { loop_over_list(*addl, i) - vl->append((*addl)[i]); + vl.append((*addl)[i]); } if ( conn ) - conn->ConnectionEvent(event, 0, vl); + conn->ConnectionEvent(event, 0, std::move(vl)); else - mgr.QueueEvent(event, vl); + mgr.QueueEvent(event, std::move(vl)); } else { diff --git a/src/RuleAction.cc b/src/RuleAction.cc index e67c51b514..ab9994bde2 100644 --- a/src/RuleAction.cc +++ b/src/RuleAction.cc @@ -17,16 +17,11 @@ void RuleActionEvent::DoAction(const Rule* parent, RuleEndpointState* state, { if ( signature_match ) { - val_list* vl = new val_list; - vl->append(rule_matcher->BuildRuleStateValue(parent, state)); - vl->append(new StringVal(msg)); - - if ( data ) - vl->append(new StringVal(len, (const char*)data)); - else - vl->append(val_mgr->GetEmptyString()); - - mgr.QueueEvent(signature_match, vl); + mgr.QueueEvent(signature_match, { + rule_matcher->BuildRuleStateValue(parent, state), + new StringVal(msg), + data ? new StringVal(len, (const char*)data) : val_mgr->GetEmptyString(), + }); } } diff --git a/src/RuleCondition.cc b/src/RuleCondition.cc index 0534570ed7..fdb35f5d06 100644 --- a/src/RuleCondition.cc +++ b/src/RuleCondition.cc @@ -162,7 +162,7 @@ bool RuleConditionEval::DoMatch(Rule* rule, RuleEndpointState* state, return id->ID_Val()->AsBool(); // Call function with a signature_state value as argument. - val_list args; + val_list args(2); args.append(rule_matcher->BuildRuleStateValue(rule, state)); if ( data ) diff --git a/src/Scope.cc b/src/Scope.cc index a707336381..e260ea3ca7 100644 --- a/src/Scope.cc +++ b/src/Scope.cc @@ -7,6 +7,9 @@ #include "Scope.h" #include "Reporter.h" +declare(PList,Scope); +typedef PList(Scope) scope_list; + static scope_list scopes; static Scope* top_scope; diff --git a/src/Serializer.cc b/src/Serializer.cc index 0366c36c81..2c32283c56 100644 --- a/src/Serializer.cc +++ b/src/Serializer.cc @@ -365,7 +365,7 @@ bool Serializer::UnserializeCall(UnserialInfo* info) d.SetIncludeStats(true); d.SetShort(); - val_list* args = new val_list; + val_list* args = new val_list(len); for ( int i = 0; i < len; ++i ) { Val* v = Val::Unserialize(info); @@ -996,7 +996,8 @@ void EventPlayer::GotEvent(const char* name, double time, { ne_time = time; ne_handler = event; - ne_args = args; + ne_args = std::move(*args); + delete args; } void EventPlayer::GotFunctionCall(const char* name, double time, @@ -1054,7 +1055,7 @@ void EventPlayer::Process() if ( ! (io && ne_time) ) return; - Event* event = new Event(ne_handler, ne_args); + Event* event = new Event(ne_handler, std::move(ne_args)); mgr.Dispatch(event); ne_time = 0; diff --git a/src/Serializer.h b/src/Serializer.h index 3b863a5b6e..2c30ef5443 100644 --- a/src/Serializer.h +++ b/src/Serializer.h @@ -353,7 +353,7 @@ protected: // Next event waiting to be dispatched. double ne_time; EventHandlerPtr ne_handler; - val_list* ne_args; + val_list ne_args; }; diff --git a/src/Sessions.cc b/src/Sessions.cc index edccb7e00c..db4e9e5d3a 100644 --- a/src/Sessions.cc +++ b/src/Sessions.cc @@ -171,11 +171,7 @@ void NetSessions::NextPacket(double t, const Packet* pkt) SegmentProfiler(segment_logger, "dispatching-packet"); if ( raw_packet ) - { - val_list* vl = new val_list(); - vl->append(pkt->BuildPktHdrVal()); - mgr.QueueEvent(raw_packet, vl); - } + mgr.QueueEvent(raw_packet, {pkt->BuildPktHdrVal()}); if ( pkt_profiler ) pkt_profiler->ProfilePkt(t, pkt->cap_len); @@ -415,11 +411,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr { dump_this_packet = 1; if ( esp_packet ) - { - val_list* vl = new val_list(); - vl->append(ip_hdr->BuildPktHdrVal()); - mgr.QueueEvent(esp_packet, vl); - } + mgr.QueueEvent(esp_packet, {ip_hdr->BuildPktHdrVal()}); // Can't do more since upper-layer payloads are going to be encrypted. return; @@ -439,11 +431,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr } if ( mobile_ipv6_message ) - { - val_list* vl = new val_list(); - vl->append(ip_hdr->BuildPktHdrVal()); - mgr.QueueEvent(mobile_ipv6_message, vl); - } + mgr.QueueEvent(mobile_ipv6_message, {ip_hdr->BuildPktHdrVal()}); if ( ip_hdr->NextProto() != IPPROTO_NONE ) Weird("mobility_piggyback", pkt, encapsulation); @@ -1329,10 +1317,10 @@ Connection* NetSessions::NewConn(HashKey* k, double t, const ConnID* id, if ( external ) { - val_list* vl = new val_list(2); - vl->append(conn->BuildConnVal()); - vl->append(new StringVal(conn->GetTimerMgr()->GetTag().c_str())); - conn->ConnectionEvent(connection_external, 0, vl); + conn->ConnectionEvent(connection_external, 0, { + conn->BuildConnVal(), + new StringVal(conn->GetTimerMgr()->GetTag().c_str()), + }); } } diff --git a/src/StateAccess.cc b/src/StateAccess.cc index 874ed9c5c2..b9f08a54cc 100644 --- a/src/StateAccess.cc +++ b/src/StateAccess.cc @@ -192,12 +192,12 @@ bool StateAccess::CheckOld(const char* op, ID* id, Val* index, else arg3 = new StringVal(""); - val_list* args = new val_list; - args->append(new StringVal(op)); - args->append(arg1); - args->append(arg2); - args->append(arg3); - mgr.QueueEvent(remote_state_inconsistency, args); + mgr.QueueEvent(remote_state_inconsistency, { + new StringVal(op), + arg1, + arg2, + arg3, + }); return false; } @@ -219,12 +219,12 @@ bool StateAccess::CheckOldSet(const char* op, ID* id, Val* index, Val* arg2 = new StringVal(should ? "set" : "not set"); Val* arg3 = new StringVal(is ? "set" : "not set"); - val_list* args = new val_list; - args->append(new StringVal(op)); - args->append(arg1); - args->append(arg2); - args->append(arg3); - mgr.QueueEvent(remote_state_inconsistency, args); + mgr.QueueEvent(remote_state_inconsistency, { + new StringVal(op), + arg1, + arg2, + arg3, + }); return false; } @@ -514,12 +514,12 @@ void StateAccess::Replay() d.SetShort(); op1.val->Describe(&d); - val_list* args = new val_list; - args->append(new StringVal("read")); - args->append(new StringVal(fmt("%s[%s]", target.id->Name(), d.Description()))); - args->append(new StringVal("existent")); - args->append(new StringVal("not existent")); - mgr.QueueEvent(remote_state_inconsistency, args); + mgr.QueueEvent(remote_state_inconsistency, { + new StringVal("read"), + new StringVal(fmt("%s[%s]", target.id->Name(), d.Description())), + new StringVal("existent"), + new StringVal("not existent"), + }); } } } @@ -536,10 +536,10 @@ void StateAccess::Replay() if ( remote_state_access_performed ) { - val_list* vl = new val_list; - vl->append(new StringVal(target.id->Name())); - vl->append(target.id->ID_Val()->Ref()); - mgr.QueueEvent(remote_state_access_performed, vl); + mgr.QueueEvent(remote_state_access_performed, { + new StringVal(target.id->Name()), + target.id->ID_Val()->Ref(), + }); } } @@ -943,8 +943,7 @@ void NotifierRegistry::Register(ID* id, NotifierRegistry::Notifier* notifier) } else { - attr_list* a = new attr_list; - a->append(attr); + attr_list* a = new attr_list{attr}; id->SetAttrs(new Attributes(a, id->Type(), false)); } diff --git a/src/Stats.cc b/src/Stats.cc index 780ffdc39b..7c232f7aa4 100644 --- a/src/Stats.cc +++ b/src/Stats.cc @@ -310,11 +310,11 @@ void ProfileLogger::Log() // (and for consistency we dispatch it *now*) if ( profiling_update ) { - val_list* vl = new val_list; Ref(file); - vl->append(new Val(file)); - vl->append(val_mgr->GetBool(expensive)); - mgr.Dispatch(new Event(profiling_update, vl)); + mgr.Dispatch(new Event(profiling_update, { + new Val(file), + val_mgr->GetBool(expensive), + })); } } @@ -369,12 +369,11 @@ void SampleLogger::SegmentProfile(const char* /* name */, const Location* /* loc */, double dtime, int dmem) { - val_list* vl = new val_list(2); - vl->append(load_samples->Ref()); - vl->append(new IntervalVal(dtime, Seconds)); - vl->append(val_mgr->GetInt(dmem)); - - mgr.QueueEvent(load_sample, vl); + mgr.QueueEvent(load_sample, { + load_samples->Ref(), + new IntervalVal(dtime, Seconds), + val_mgr->GetInt(dmem) + }); } void SegmentProfiler::Init() diff --git a/src/Stmt.cc b/src/Stmt.cc index 7e7ba23a18..6dba9eb251 100644 --- a/src/Stmt.cc +++ b/src/Stmt.cc @@ -292,13 +292,14 @@ Val* PrintStmt::DoExec(val_list* vals, stmt_flow_type& /* flow */) const if ( print_hook ) { - val_list* vl = new val_list(2); ::Ref(f); - vl->append(new Val(f)); - vl->append(new StringVal(d.Len(), d.Description())); // Note, this doesn't do remote printing. - mgr.Dispatch(new Event(print_hook, vl), true); + mgr.Dispatch( + new Event( + print_hook, + {new Val(f), new StringVal(d.Len(), d.Description())}), + true); } if ( remote_serializer ) @@ -704,7 +705,7 @@ bool Case::DoUnserialize(UnserialInfo* info) if ( ! UNSERIALIZE(&len) ) return false; - type_cases = new id_list; + type_cases = new id_list(len); while ( len-- ) { @@ -1198,7 +1199,10 @@ Val* EventStmt::Exec(Frame* f, stmt_flow_type& flow) const val_list* args = eval_list(f, event_expr->Args()); if ( args ) - mgr.QueueEvent(event_expr->Handler(), args); + { + mgr.QueueEvent(event_expr->Handler(), std::move(*args)); + delete args; + } flow = FLOW_NEXT; @@ -1633,7 +1637,7 @@ bool ForStmt::DoUnserialize(UnserialInfo* info) if ( ! UNSERIALIZE(&len) ) return false; - loop_vars = new id_list; + loop_vars = new id_list(len); while ( len-- ) { @@ -2149,7 +2153,7 @@ bool InitStmt::DoUnserialize(UnserialInfo* info) if ( ! UNSERIALIZE(&len) ) return false; - inits = new id_list; + inits = new id_list(len); while ( len-- ) { diff --git a/src/Stmt.h b/src/Stmt.h index a9bf7cddf8..c3ee6611fe 100644 --- a/src/Stmt.h +++ b/src/Stmt.h @@ -213,6 +213,9 @@ protected: Stmt* s; }; +declare(PList,Case); +typedef PList(Case) case_list; + class SwitchStmt : public ExprStmt { public: SwitchStmt(Expr* index, case_list* cases); diff --git a/src/Type.cc b/src/Type.cc index 77a5ac6d16..28f4a28492 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -2266,7 +2266,7 @@ BroType* merge_types(const BroType* t1, const BroType* t2) if ( rt1->NumFields() != rt2->NumFields() ) return 0; - type_decl_list* tdl3 = new type_decl_list; + type_decl_list* tdl3 = new type_decl_list(rt1->NumFields()); for ( int i = 0; i < rt1->NumFields(); ++i ) { diff --git a/src/Type.h b/src/Type.h index bc13997461..c537bb6203 100644 --- a/src/Type.h +++ b/src/Type.h @@ -460,6 +460,9 @@ public: const char* id; }; +declare(PList,TypeDecl); +typedef PList(TypeDecl) type_decl_list; + class RecordType : public BroType { public: explicit RecordType(type_decl_list* types); diff --git a/src/Val.cc b/src/Val.cc index b55a9090d3..a7bb933524 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -1861,29 +1861,30 @@ Val* TableVal::Default(Val* index) return def_attr->AttrExpr()->IsConst() ? def_val->Ref() : def_val->Clone(); const Func* f = def_val->AsFunc(); - val_list* vl = new val_list(); + val_list vl; if ( index->Type()->Tag() == TYPE_LIST ) { const val_list* vl0 = index->AsListVal()->Vals(); + vl = val_list(vl0->length()); loop_over_list(*vl0, i) - vl->append((*vl0)[i]->Ref()); + vl.append((*vl0)[i]->Ref()); } else - vl->append(index->Ref()); + { + vl = val_list{index->Ref()}; + } Val* result = 0; try { - result = f->Call(vl); + result = f->Call(&vl); } catch ( InterpreterException& e ) { /* Already reported. */ } - delete vl; - if ( ! result ) { Error("no value returned from &default function"); @@ -2423,21 +2424,6 @@ double TableVal::CallExpireFunc(Val* idx) return 0; } - val_list* vl = new val_list; - vl->append(Ref()); - - // Flatten lists of a single element. - if ( idx->Type()->Tag() == TYPE_LIST && - idx->AsListVal()->Length() == 1 ) - { - Val* old = idx; - idx = idx->AsListVal()->Index(0); - idx->Ref(); - Unref(old); - } - - vl->append(idx); - double secs = 0; try @@ -2447,19 +2433,31 @@ double TableVal::CallExpireFunc(Val* idx) if ( ! vf ) { // Will have been reported already. - delete_vals(vl); + Unref(idx); return 0; } if ( vf->Type()->Tag() != TYPE_FUNC ) { - Unref(vf); - delete_vals(vl); vf->Error("not a function"); + Unref(vf); + Unref(idx); return 0; } - Val* vs = vf->AsFunc()->Call(vl); + + // Flatten lists of a single element. + if ( idx->Type()->Tag() == TYPE_LIST && + idx->AsListVal()->Length() == 1 ) + { + Val* old = idx; + idx = idx->AsListVal()->Index(0); + idx->Ref(); + Unref(old); + } + + val_list vl{Ref(), idx}; + Val* vs = vf->AsFunc()->Call(&vl); if ( vs ) { @@ -2468,7 +2466,6 @@ double TableVal::CallExpireFunc(Val* idx) } Unref(vf); - delete vl; } catch ( InterpreterException& e ) diff --git a/src/Var.cc b/src/Var.cc index 8534fdd910..fb27b7261f 100644 --- a/src/Var.cc +++ b/src/Var.cc @@ -325,8 +325,7 @@ static void transfer_arg_defaults(RecordType* args, RecordType* recv) if ( ! recv_i->attrs ) { - attr_list* a = new attr_list(); - a->append(def); + attr_list* a = new attr_list{def}; recv_i->attrs = new Attributes(a, recv_i->type, true); } diff --git a/src/analyzer/Analyzer.cc b/src/analyzer/Analyzer.cc index 818dd917e8..be2cfcf627 100644 --- a/src/analyzer/Analyzer.cc +++ b/src/analyzer/Analyzer.cc @@ -665,11 +665,11 @@ void Analyzer::ProtocolConfirmation(Tag arg_tag) EnumVal* tval = arg_tag ? arg_tag.AsEnumVal() : tag.AsEnumVal(); Ref(tval); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(tval); - vl->append(val_mgr->GetCount(id)); - mgr.QueueEvent(protocol_confirmation, vl); + mgr.QueueEvent(protocol_confirmation, { + BuildConnVal(), + tval, + val_mgr->GetCount(id), + }); protocol_confirmed = true; } @@ -692,12 +692,12 @@ void Analyzer::ProtocolViolation(const char* reason, const char* data, int len) EnumVal* tval = tag.AsEnumVal(); Ref(tval); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(tval); - vl->append(val_mgr->GetCount(id)); - vl->append(r); - mgr.QueueEvent(protocol_violation, vl); + mgr.QueueEvent(protocol_violation, { + BuildConnVal(), + tval, + val_mgr->GetCount(id), + r, + }); } void Analyzer::AddTimer(analyzer_timer_func timer, double t, @@ -782,6 +782,11 @@ void Analyzer::ConnectionEvent(EventHandlerPtr f, val_list* vl) conn->ConnectionEvent(f, this, vl); } +void Analyzer::ConnectionEvent(EventHandlerPtr f, val_list vl) + { + conn->ConnectionEvent(f, this, std::move(vl)); + } + void Analyzer::Weird(const char* name, const char* addl) { conn->Weird(name, addl); diff --git a/src/analyzer/Analyzer.h b/src/analyzer/Analyzer.h index a13df7e21e..ab09e63458 100644 --- a/src/analyzer/Analyzer.h +++ b/src/analyzer/Analyzer.h @@ -541,6 +541,12 @@ public: */ void ConnectionEvent(EventHandlerPtr f, val_list* vl); + /** + * Convenience function that forwards directly to + * Connection::ConnectionEvent(). + */ + void ConnectionEvent(EventHandlerPtr f, val_list vl); + /** * Convenience function that forwards directly to the corresponding * Connection::Weird(). diff --git a/src/analyzer/protocol/arp/ARP.cc b/src/analyzer/protocol/arp/ARP.cc index 83166bd149..e206303e9c 100644 --- a/src/analyzer/protocol/arp/ARP.cc +++ b/src/analyzer/protocol/arp/ARP.cc @@ -190,13 +190,13 @@ void ARP_Analyzer::BadARP(const struct arp_pkthdr* hdr, const char* msg) if ( ! bad_arp ) return; - val_list* vl = new val_list; - vl->append(ConstructAddrVal(ar_spa(hdr))); - vl->append(EthAddrToStr((const u_char*) ar_sha(hdr))); - vl->append(ConstructAddrVal(ar_tpa(hdr))); - vl->append(EthAddrToStr((const u_char*) ar_tha(hdr))); - vl->append(new StringVal(msg)); - mgr.QueueEvent(bad_arp, vl); + mgr.QueueEvent(bad_arp, { + ConstructAddrVal(ar_spa(hdr)), + EthAddrToStr((const u_char*) ar_sha(hdr)), + ConstructAddrVal(ar_tpa(hdr)), + EthAddrToStr((const u_char*) ar_tha(hdr)), + new StringVal(msg), + }); } void ARP_Analyzer::Corrupted(const char* msg) @@ -212,18 +212,14 @@ void ARP_Analyzer::RREvent(EventHandlerPtr e, if ( ! e ) return; - // init the val_list - val_list* vl = new val_list; - - // prepare the event arguments - vl->append(EthAddrToStr(src)); - vl->append(EthAddrToStr(dst)); - vl->append(ConstructAddrVal(spa)); - vl->append(EthAddrToStr((const u_char*) sha)); - vl->append(ConstructAddrVal(tpa)); - vl->append(EthAddrToStr((const u_char*) tha)); - - mgr.QueueEvent(e, vl); + mgr.QueueEvent(e, { + EthAddrToStr(src), + EthAddrToStr(dst), + ConstructAddrVal(spa), + EthAddrToStr((const u_char*) sha), + ConstructAddrVal(tpa), + EthAddrToStr((const u_char*) tha), + }); } AddrVal* ARP_Analyzer::ConstructAddrVal(const void* addr) diff --git a/src/analyzer/protocol/backdoor/BackDoor.cc b/src/analyzer/protocol/backdoor/BackDoor.cc index ecfb660b94..4cc8d5f703 100644 --- a/src/analyzer/protocol/backdoor/BackDoor.cc +++ b/src/analyzer/protocol/backdoor/BackDoor.cc @@ -246,13 +246,12 @@ void BackDoorEndpoint::RloginSignatureFound(int len) rlogin_checking_done = 1; - val_list* vl = new val_list; - vl->append(endp->TCP()->BuildConnVal()); - vl->append(val_mgr->GetBool(endp->IsOrig())); - vl->append(val_mgr->GetCount(rlogin_num_null)); - vl->append(val_mgr->GetCount(len)); - - endp->TCP()->ConnectionEvent(rlogin_signature_found, vl); + endp->TCP()->ConnectionEvent(rlogin_signature_found, { + endp->TCP()->BuildConnVal(), + val_mgr->GetBool(endp->IsOrig()), + val_mgr->GetCount(rlogin_num_null), + val_mgr->GetCount(len), + }); } void BackDoorEndpoint::CheckForTelnet(uint64 /* seq */, int len, const u_char* data) @@ -338,12 +337,11 @@ void BackDoorEndpoint::CheckForTelnet(uint64 /* seq */, int len, const u_char* d void BackDoorEndpoint::TelnetSignatureFound(int len) { - val_list* vl = new val_list; - vl->append(endp->TCP()->BuildConnVal()); - vl->append(val_mgr->GetBool(endp->IsOrig())); - vl->append(val_mgr->GetCount(len)); - - endp->TCP()->ConnectionEvent(telnet_signature_found, vl); + endp->TCP()->ConnectionEvent(telnet_signature_found, { + endp->TCP()->BuildConnVal(), + val_mgr->GetBool(endp->IsOrig()), + val_mgr->GetCount(len), + }); } void BackDoorEndpoint::CheckForSSH(uint64 seq, int len, const u_char* data) @@ -643,13 +641,12 @@ void BackDoorEndpoint::CheckForHTTPProxy(uint64 /* seq */, int len, void BackDoorEndpoint::SignatureFound(EventHandlerPtr e, int do_orig) { - val_list* vl = new val_list; - vl->append(endp->TCP()->BuildConnVal()); - if ( do_orig ) - vl->append(val_mgr->GetBool(endp->IsOrig())); + endp->TCP()->ConnectionEvent(e, + {endp->TCP()->BuildConnVal(), val_mgr->GetBool(endp->IsOrig())}); - endp->TCP()->ConnectionEvent(e, vl); + else + endp->TCP()->ConnectionEvent(e, {endp->TCP()->BuildConnVal()}); } @@ -776,20 +773,16 @@ void BackDoor_Analyzer::StatTimer(double t, int is_expire) void BackDoor_Analyzer::StatEvent() { - val_list* vl = new val_list; - vl->append(TCP()->BuildConnVal()); - vl->append(orig_endp->BuildStats()); - vl->append(resp_endp->BuildStats()); - - TCP()->ConnectionEvent(backdoor_stats, vl); + TCP()->ConnectionEvent(backdoor_stats, { + TCP()->BuildConnVal(), + orig_endp->BuildStats(), + resp_endp->BuildStats(), + }); } void BackDoor_Analyzer::RemoveEvent() { - val_list* vl = new val_list; - vl->append(TCP()->BuildConnVal()); - - TCP()->ConnectionEvent(backdoor_remove_conn, vl); + TCP()->ConnectionEvent(backdoor_remove_conn, {TCP()->BuildConnVal()}); } BackDoorTimer::BackDoorTimer(double t, BackDoor_Analyzer* a) diff --git a/src/analyzer/protocol/bittorrent/BitTorrent.cc b/src/analyzer/protocol/bittorrent/BitTorrent.cc index 652d3d120c..989265623c 100644 --- a/src/analyzer/protocol/bittorrent/BitTorrent.cc +++ b/src/analyzer/protocol/bittorrent/BitTorrent.cc @@ -120,10 +120,10 @@ void BitTorrent_Analyzer::DeliverWeird(const char* msg, bool orig) { if ( bittorrent_peer_weird ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(msg)); - ConnectionEvent(bittorrent_peer_weird, vl); + ConnectionEvent(bittorrent_peer_weird, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(msg), + }); } } diff --git a/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc b/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc index 54cac790fb..411bbf0aff 100644 --- a/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc +++ b/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc @@ -247,11 +247,11 @@ void BitTorrentTracker_Analyzer::DeliverWeird(const char* msg, bool orig) { if ( bt_tracker_weird ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(msg)); - ConnectionEvent(bt_tracker_weird, vl); + ConnectionEvent(bt_tracker_weird, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(msg), + }); } } @@ -346,19 +346,16 @@ void BitTorrentTracker_Analyzer::RequestGet(char* uri) void BitTorrentTracker_Analyzer::EmitRequest(void) { - val_list* vl; - ProtocolConfirmation(); - vl = new val_list; - vl->append(BuildConnVal()); - vl->append(req_val_uri); - vl->append(req_val_headers); + ConnectionEvent(bt_tracker_request, { + BuildConnVal(), + req_val_uri, + req_val_headers, + }); req_val_uri = 0; req_val_headers = 0; - - ConnectionEvent(bt_tracker_request, vl); } bool BitTorrentTracker_Analyzer::ParseResponse(char* line) @@ -404,11 +401,11 @@ bool BitTorrentTracker_Analyzer::ParseResponse(char* line) { if ( res_status != 200 ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetCount(res_status)); - vl->append(res_val_headers); - ConnectionEvent(bt_tracker_response_not_ok, vl); + ConnectionEvent(bt_tracker_response_not_ok, { + BuildConnVal(), + val_mgr->GetCount(res_status), + res_val_headers, + }); res_val_headers = 0; res_buf_pos = res_buf + res_buf_len; res_state = BTT_RES_DONE; @@ -790,16 +787,15 @@ void BitTorrentTracker_Analyzer::EmitResponse(void) { ProtocolConfirmation(); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetCount(res_status)); - vl->append(res_val_headers); - vl->append(res_val_peers); - vl->append(res_val_benc); + ConnectionEvent(bt_tracker_response, { + BuildConnVal(), + val_mgr->GetCount(res_status), + res_val_headers, + res_val_peers, + res_val_benc, + }); res_val_headers = 0; res_val_peers = 0; res_val_benc = 0; - - ConnectionEvent(bt_tracker_response, vl); } diff --git a/src/analyzer/protocol/conn-size/ConnSize.cc b/src/analyzer/protocol/conn-size/ConnSize.cc index 52d81e3111..cf6521103c 100644 --- a/src/analyzer/protocol/conn-size/ConnSize.cc +++ b/src/analyzer/protocol/conn-size/ConnSize.cc @@ -47,11 +47,11 @@ void ConnSize_Analyzer::ThresholdEvent(EventHandlerPtr f, uint64 threshold, bool if ( ! f ) return; - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetCount(threshold)); - vl->append(val_mgr->GetBool(is_orig)); - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + val_mgr->GetCount(threshold), + val_mgr->GetBool(is_orig), + }); } void ConnSize_Analyzer::CheckSizes(bool is_orig) diff --git a/src/analyzer/protocol/dns/DNS.cc b/src/analyzer/protocol/dns/DNS.cc index 944ce92731..a67b548fe9 100644 --- a/src/analyzer/protocol/dns/DNS.cc +++ b/src/analyzer/protocol/dns/DNS.cc @@ -46,13 +46,12 @@ int DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query) if ( dns_message ) { - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_query)); - vl->append(msg.BuildHdrVal()); - vl->append(val_mgr->GetCount(len)); - - analyzer->ConnectionEvent(dns_message, vl); + analyzer->ConnectionEvent(dns_message, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_query), + msg.BuildHdrVal(), + val_mgr->GetCount(len), + }); } // There is a great deal of non-DNS traffic that runs on port 53. @@ -133,11 +132,10 @@ int DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query) int DNS_Interpreter::EndMessage(DNS_MsgInfo* msg) { - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - analyzer->ConnectionEvent(dns_end, vl); + analyzer->ConnectionEvent(dns_end, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + }); return 1; } @@ -336,11 +334,11 @@ int DNS_Interpreter::ParseAnswer(DNS_MsgInfo* msg, if ( dns_unknown_reply && ! msg->skip_event ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - analyzer->ConnectionEvent(dns_unknown_reply, vl); + analyzer->ConnectionEvent(dns_unknown_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + }); } analyzer->Weird("DNS_RR_unknown_type", fmt("%d", msg->atype)); @@ -551,14 +549,12 @@ int DNS_Interpreter::ParseRR_Name(DNS_MsgInfo* msg, if ( reply_event && ! msg->skip_event ) { - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(new StringVal(new BroString(name, name_end - name, 1))); - - analyzer->ConnectionEvent(reply_event, vl); + analyzer->ConnectionEvent(reply_event, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + new StringVal(new BroString(name, name_end - name, 1)), + }); } return 1; @@ -598,14 +594,7 @@ int DNS_Interpreter::ParseRR_SOA(DNS_MsgInfo* msg, if ( dns_SOA_reply && ! msg->skip_event ) { - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - RecordVal* r = new RecordVal(dns_soa); - r->Assign(0, new StringVal(new BroString(mname, mname_end - mname, 1))); r->Assign(1, new StringVal(new BroString(rname, rname_end - rname, 1))); r->Assign(2, val_mgr->GetCount(serial)); @@ -614,9 +603,12 @@ int DNS_Interpreter::ParseRR_SOA(DNS_MsgInfo* msg, r->Assign(5, new IntervalVal(double(expire), Seconds)); r->Assign(6, new IntervalVal(double(minimum), Seconds)); - vl->append(r); - - analyzer->ConnectionEvent(dns_SOA_reply, vl); + analyzer->ConnectionEvent(dns_SOA_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + r + }); } return 1; @@ -642,15 +634,13 @@ int DNS_Interpreter::ParseRR_MX(DNS_MsgInfo* msg, if ( dns_MX_reply && ! msg->skip_event ) { - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(new StringVal(new BroString(name, name_end - name, 1))); - vl->append(val_mgr->GetCount(preference)); - - analyzer->ConnectionEvent(dns_MX_reply, vl); + analyzer->ConnectionEvent(dns_MX_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + new StringVal(new BroString(name, name_end - name, 1)), + val_mgr->GetCount(preference), + }); } return 1; @@ -687,16 +677,15 @@ int DNS_Interpreter::ParseRR_SRV(DNS_MsgInfo* msg, if ( dns_SRV_reply && ! msg->skip_event ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(new StringVal(new BroString(name, name_end - name, 1))); - vl->append(val_mgr->GetCount(priority)); - vl->append(val_mgr->GetCount(weight)); - vl->append(val_mgr->GetCount(port)); - - analyzer->ConnectionEvent(dns_SRV_reply, vl); + analyzer->ConnectionEvent(dns_SRV_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + new StringVal(new BroString(name, name_end - name, 1)), + val_mgr->GetCount(priority), + val_mgr->GetCount(weight), + val_mgr->GetCount(port), + }); } return 1; @@ -711,12 +700,11 @@ int DNS_Interpreter::ParseRR_EDNS(DNS_MsgInfo* msg, if ( dns_EDNS_addl && ! msg->skip_event ) { - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildEDNS_Val()); - analyzer->ConnectionEvent(dns_EDNS_addl, vl); + analyzer->ConnectionEvent(dns_EDNS_addl, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildEDNS_Val(), + }); } // Currently EDNS supports the movement of type:data pairs @@ -789,13 +777,11 @@ int DNS_Interpreter::ParseRR_TSIG(DNS_MsgInfo* msg, msg->tsig->orig_id = orig_id; msg->tsig->rr_error = rr_error; - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildTSIG_Val()); - - analyzer->ConnectionEvent(dns_TSIG_addl, vl); + analyzer->ConnectionEvent(dns_TSIG_addl, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildTSIG_Val(), + }); return 1; } @@ -889,14 +875,12 @@ int DNS_Interpreter::ParseRR_RRSIG(DNS_MsgInfo* msg, rrsig.signer_name = new BroString(name, name_end - name, 1); rrsig.signature = sign; - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(msg->BuildRRSIG_Val(&rrsig)); - - analyzer->ConnectionEvent(dns_RRSIG, vl); + analyzer->ConnectionEvent(dns_RRSIG, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + msg->BuildRRSIG_Val(&rrsig), + }); return 1; } @@ -983,14 +967,12 @@ int DNS_Interpreter::ParseRR_DNSKEY(DNS_MsgInfo* msg, dnskey.dprotocol = dprotocol; dnskey.public_key = key; - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(msg->BuildDNSKEY_Val(&dnskey)); - - analyzer->ConnectionEvent(dns_DNSKEY, vl); + analyzer->ConnectionEvent(dns_DNSKEY, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + msg->BuildDNSKEY_Val(&dnskey), + }); return 1; } @@ -1035,15 +1017,13 @@ int DNS_Interpreter::ParseRR_NSEC(DNS_MsgInfo* msg, typebitmaps_len = typebitmaps_len - (2 + bmlen); } - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(new StringVal(new BroString(name, name_end - name, 1))); - vl->append(char_strings); - - analyzer->ConnectionEvent(dns_NSEC, vl); + analyzer->ConnectionEvent(dns_NSEC, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + new StringVal(new BroString(name, name_end - name, 1)), + char_strings, + }); return 1; } @@ -1121,14 +1101,12 @@ int DNS_Interpreter::ParseRR_NSEC3(DNS_MsgInfo* msg, nsec3.nsec_hash = hash_val; nsec3.bitmaps = char_strings; - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(msg->BuildNSEC3_Val(&nsec3)); - - analyzer->ConnectionEvent(dns_NSEC3, vl); + analyzer->ConnectionEvent(dns_NSEC3, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + msg->BuildNSEC3_Val(&nsec3), + }); return 1; } @@ -1178,14 +1156,12 @@ int DNS_Interpreter::ParseRR_DS(DNS_MsgInfo* msg, ds.digest_type = ds_dtype; ds.digest_val = ds_digest; - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(msg->BuildDS_Val(&ds)); - - analyzer->ConnectionEvent(dns_DS, vl); + analyzer->ConnectionEvent(dns_DS, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + msg->BuildDS_Val(&ds), + }); return 1; } @@ -1203,14 +1179,12 @@ int DNS_Interpreter::ParseRR_A(DNS_MsgInfo* msg, if ( dns_A_reply && ! msg->skip_event ) { - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(new AddrVal(htonl(addr))); - - analyzer->ConnectionEvent(dns_A_reply, vl); + analyzer->ConnectionEvent(dns_A_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + new AddrVal(htonl(addr)), + }); } return 1; @@ -1242,13 +1216,12 @@ int DNS_Interpreter::ParseRR_AAAA(DNS_MsgInfo* msg, event = dns_A6_reply; if ( event && ! msg->skip_event ) { - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(new AddrVal(addr)); - analyzer->ConnectionEvent(event, vl); + analyzer->ConnectionEvent(event, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + new AddrVal(addr), + }); } return 1; @@ -1317,14 +1290,12 @@ int DNS_Interpreter::ParseRR_TXT(DNS_MsgInfo* msg, while ( (char_string = extract_char_string(analyzer, data, len, rdlength)) ) char_strings->Assign(char_strings->Size(), char_string); - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(char_strings); - - analyzer->ConnectionEvent(dns_TXT_reply, vl); + analyzer->ConnectionEvent(dns_TXT_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + char_strings, + }); return rdlength == 0; } @@ -1359,16 +1330,14 @@ int DNS_Interpreter::ParseRR_CAA(DNS_MsgInfo* msg, data += value->Len(); rdlength -= value->Len(); - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(val_mgr->GetCount(flags)); - vl->append(new StringVal(tag)); - vl->append(new StringVal(value)); - - analyzer->ConnectionEvent(dns_CAA_reply, vl); + analyzer->ConnectionEvent(dns_CAA_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + val_mgr->GetCount(flags), + new StringVal(tag), + new StringVal(value), + }); return rdlength == 0; } @@ -1382,14 +1351,13 @@ void DNS_Interpreter::SendReplyOrRejectEvent(DNS_MsgInfo* msg, RR_Type qtype = RR_Type(ExtractShort(data, len)); int qclass = ExtractShort(data, len); - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(new StringVal(question_name)); - vl->append(val_mgr->GetCount(qtype)); - vl->append(val_mgr->GetCount(qclass)); - - analyzer->ConnectionEvent(event, vl); + analyzer->ConnectionEvent(event, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + new StringVal(question_name), + val_mgr->GetCount(qtype), + val_mgr->GetCount(qclass), + }); } @@ -1737,10 +1705,10 @@ void DNS_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, { if ( ! interp->ParseMessage(data, len, 1) && non_dns_request ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new StringVal(len, (const char*) data)); - ConnectionEvent(non_dns_request, vl); + ConnectionEvent(non_dns_request, { + BuildConnVal(), + new StringVal(len, (const char*) data), + }); } } diff --git a/src/analyzer/protocol/file/File.cc b/src/analyzer/protocol/file/File.cc index b7e00c7fa4..bb81eaa1fd 100644 --- a/src/analyzer/protocol/file/File.cc +++ b/src/analyzer/protocol/file/File.cc @@ -77,10 +77,11 @@ void File_Analyzer::Identify() &matches); string match = matches.empty() ? "" : *(matches.begin()->second.begin()); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new StringVal(buffer_len, buffer)); - vl->append(new StringVal("")); - vl->append(new StringVal(match)); - ConnectionEvent(file_transferred, vl); + + ConnectionEvent(file_transferred, { + BuildConnVal(), + new StringVal(buffer_len, buffer), + new StringVal(""), + new StringVal(match), + }); } diff --git a/src/analyzer/protocol/finger/Finger.cc b/src/analyzer/protocol/finger/Finger.cc index 6729c34448..0f7cec2677 100644 --- a/src/analyzer/protocol/finger/Finger.cc +++ b/src/analyzer/protocol/finger/Finger.cc @@ -66,14 +66,15 @@ void Finger_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig else host = at + 1; - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(long_cnt)); - vl->append(new StringVal(at - line, line)); - vl->append(new StringVal(end_of_line - host, host)); - if ( finger_request ) - ConnectionEvent(finger_request, vl); + { + ConnectionEvent(finger_request, { + BuildConnVal(), + val_mgr->GetBool(long_cnt), + new StringVal(at - line, line), + new StringVal(end_of_line - host, host), + }); + } Conn()->Match(Rule::FINGER, (const u_char *) line, end_of_line - line, true, true, 1, true); @@ -86,10 +87,9 @@ void Finger_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig if ( ! finger_reply ) return; - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new StringVal(end_of_line - line, line)); - - ConnectionEvent(finger_reply, vl); + ConnectionEvent(finger_reply, { + BuildConnVal(), + new StringVal(end_of_line - line, line), + }); } } diff --git a/src/analyzer/protocol/ftp/FTP.cc b/src/analyzer/protocol/ftp/FTP.cc index f28dadf670..d4a659124e 100644 --- a/src/analyzer/protocol/ftp/FTP.cc +++ b/src/analyzer/protocol/ftp/FTP.cc @@ -73,8 +73,7 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig) // Could emit "ftp empty request/reply" weird, but maybe not worth it. return; - val_list* vl = new val_list; - vl->append(BuildConnVal()); + val_list vl; EventHandlerPtr f; if ( orig ) @@ -95,8 +94,11 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig) else cmd_str = (new StringVal(cmd_len, cmd))->ToUpper(); - vl->append(cmd_str); - vl->append(new StringVal(end_of_line - line, line)); + vl = val_list{ + BuildConnVal(), + cmd_str, + new StringVal(end_of_line - line, line), + }; f = ftp_request; ProtocolConfirmation(); @@ -171,14 +173,17 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig) } } - vl->append(val_mgr->GetCount(reply_code)); - vl->append(new StringVal(end_of_line - line, line)); - vl->append(val_mgr->GetBool(cont_resp)); + vl = val_list{ + BuildConnVal(), + val_mgr->GetCount(reply_code), + new StringVal(end_of_line - line, line), + val_mgr->GetBool(cont_resp), + }; f = ftp_reply; } - ConnectionEvent(f, vl); + ConnectionEvent(f, std::move(vl)); ForwardStream(length, data, orig); } diff --git a/src/analyzer/protocol/gnutella/Gnutella.cc b/src/analyzer/protocol/gnutella/Gnutella.cc index e7c11b40bb..dc6e14bf63 100644 --- a/src/analyzer/protocol/gnutella/Gnutella.cc +++ b/src/analyzer/protocol/gnutella/Gnutella.cc @@ -58,16 +58,10 @@ void Gnutella_Analyzer::Done() if ( ! sent_establish && (gnutella_establish || gnutella_not_establish) ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - if ( Established() && gnutella_establish ) - ConnectionEvent(gnutella_establish, vl); + ConnectionEvent(gnutella_establish, {BuildConnVal()}); else if ( ! Established () && gnutella_not_establish ) - ConnectionEvent(gnutella_not_establish, vl); - else - delete_vals(vl); + ConnectionEvent(gnutella_not_establish, {BuildConnVal()}); } if ( gnutella_partial_binary_msg ) @@ -78,14 +72,12 @@ void Gnutella_Analyzer::Done() { if ( ! p->msg_sent && p->msg_pos ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(new StringVal(p->msg)); - vl->append(val_mgr->GetBool((i == 0))); - vl->append(val_mgr->GetCount(p->msg_pos)); - - ConnectionEvent(gnutella_partial_binary_msg, vl); + ConnectionEvent(gnutella_partial_binary_msg, { + BuildConnVal(), + new StringVal(p->msg), + val_mgr->GetBool((i == 0)), + val_mgr->GetCount(p->msg_pos), + }); } else if ( ! p->msg_sent && p->payload_left ) @@ -129,10 +121,7 @@ int Gnutella_Analyzer::IsHTTP(string header) if ( gnutella_http_notify ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - ConnectionEvent(gnutella_http_notify, vl); + ConnectionEvent(gnutella_http_notify, {BuildConnVal()}); } analyzer::Analyzer* a = analyzer_mgr->InstantiateAnalyzer("HTTP", Conn()); @@ -192,13 +181,11 @@ void Gnutella_Analyzer::DeliverLines(int len, const u_char* data, bool orig) { if ( gnutella_text_msg ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(ms->headers.data())); - - ConnectionEvent(gnutella_text_msg, vl); + ConnectionEvent(gnutella_text_msg, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(ms->headers.data()), + }); } ms->headers = ""; @@ -206,12 +193,9 @@ void Gnutella_Analyzer::DeliverLines(int len, const u_char* data, bool orig) if ( Established () && gnutella_establish ) { - val_list* vl = new val_list; - sent_establish = 1; - vl->append(BuildConnVal()); - ConnectionEvent(gnutella_establish, vl); + ConnectionEvent(gnutella_establish, {BuildConnVal()}); } } } @@ -237,21 +221,18 @@ void Gnutella_Analyzer::SendEvents(GnutellaMsgState* p, bool is_orig) if ( gnutella_binary_msg ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(val_mgr->GetCount(p->msg_type)); - vl->append(val_mgr->GetCount(p->msg_ttl)); - vl->append(val_mgr->GetCount(p->msg_hops)); - vl->append(val_mgr->GetCount(p->msg_len)); - vl->append(new StringVal(p->payload)); - vl->append(val_mgr->GetCount(p->payload_len)); - vl->append(val_mgr->GetBool( - (p->payload_len < min(p->msg_len, (unsigned int)GNUTELLA_MAX_PAYLOAD)))); - vl->append(val_mgr->GetBool((p->payload_left == 0))); - - ConnectionEvent(gnutella_binary_msg, vl); + ConnectionEvent(gnutella_binary_msg, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + val_mgr->GetCount(p->msg_type), + val_mgr->GetCount(p->msg_ttl), + val_mgr->GetCount(p->msg_hops), + val_mgr->GetCount(p->msg_len), + new StringVal(p->payload), + val_mgr->GetCount(p->payload_len), + val_mgr->GetBool((p->payload_len < min(p->msg_len, (unsigned int)GNUTELLA_MAX_PAYLOAD))), + val_mgr->GetBool((p->payload_left == 0)), + }); } } diff --git a/src/analyzer/protocol/http/HTTP.cc b/src/analyzer/protocol/http/HTTP.cc index 4706286914..6087f7b43d 100644 --- a/src/analyzer/protocol/http/HTTP.cc +++ b/src/analyzer/protocol/http/HTTP.cc @@ -646,11 +646,11 @@ void HTTP_Message::Done(const int interrupted, const char* detail) if ( http_message_done ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(BuildMessageStat(interrupted, detail)); - GetAnalyzer()->ConnectionEvent(http_message_done, vl); + GetAnalyzer()->ConnectionEvent(http_message_done, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_orig), + BuildMessageStat(interrupted, detail), + }); } MyHTTP_Analyzer()->HTTP_MessageDone(is_orig, this); @@ -679,10 +679,10 @@ void HTTP_Message::BeginEntity(mime::MIME_Entity* entity) if ( http_begin_entity ) { - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - analyzer->ConnectionEvent(http_begin_entity, vl); + analyzer->ConnectionEvent(http_begin_entity, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_orig), + }); } } @@ -696,10 +696,10 @@ void HTTP_Message::EndEntity(mime::MIME_Entity* entity) if ( http_end_entity ) { - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - analyzer->ConnectionEvent(http_end_entity, vl); + analyzer->ConnectionEvent(http_end_entity, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_orig), + }); } current_entity = (HTTP_Entity*) entity->Parent(); @@ -737,11 +737,11 @@ void HTTP_Message::SubmitAllHeaders(mime::MIME_HeaderList& hlist) { if ( http_all_headers ) { - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(BuildHeaderTable(hlist)); - analyzer->ConnectionEvent(http_all_headers, vl); + analyzer->ConnectionEvent(http_all_headers, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_orig), + BuildHeaderTable(hlist), + }); } if ( http_content_type ) @@ -751,12 +751,12 @@ void HTTP_Message::SubmitAllHeaders(mime::MIME_HeaderList& hlist) ty->Ref(); subty->Ref(); - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(ty); - vl->append(subty); - analyzer->ConnectionEvent(http_content_type, vl); + analyzer->ConnectionEvent(http_content_type, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_orig), + ty, + subty, + }); } } @@ -1182,12 +1182,8 @@ void HTTP_Analyzer::GenStats() r->Assign(2, new Val(request_version, TYPE_DOUBLE)); r->Assign(3, new Val(reply_version, TYPE_DOUBLE)); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(r); - // DEBUG_MSG("%.6f http_stats\n", network_time); - ConnectionEvent(http_stats, vl); + ConnectionEvent(http_stats, {BuildConnVal(), r}); } } @@ -1384,13 +1380,12 @@ void HTTP_Analyzer::HTTP_Event(const char* category, StringVal* detail) { if ( http_event ) { - val_list* vl = new val_list(); - vl->append(BuildConnVal()); - vl->append(new StringVal(category)); - vl->append(detail); - // DEBUG_MSG("%.6f http_event\n", network_time); - ConnectionEvent(http_event, vl); + ConnectionEvent(http_event, { + BuildConnVal(), + new StringVal(category), + detail, + }); } else delete detail; @@ -1426,17 +1421,16 @@ void HTTP_Analyzer::HTTP_Request() if ( http_request ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - Ref(request_method); - vl->append(request_method); - vl->append(TruncateURI(request_URI->AsStringVal())); - vl->append(TruncateURI(unescaped_URI->AsStringVal())); - vl->append(new StringVal(fmt("%.1f", request_version))); // DEBUG_MSG("%.6f http_request\n", network_time); - ConnectionEvent(http_request, vl); + ConnectionEvent(http_request, { + BuildConnVal(), + request_method, + TruncateURI(request_URI->AsStringVal()), + TruncateURI(unescaped_URI->AsStringVal()), + new StringVal(fmt("%.1f", request_version)), + }); } } @@ -1444,15 +1438,14 @@ void HTTP_Analyzer::HTTP_Reply() { if ( http_reply ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new StringVal(fmt("%.1f", reply_version))); - vl->append(val_mgr->GetCount(reply_code)); - if ( reply_reason_phrase ) - vl->append(reply_reason_phrase->Ref()); - else - vl->append(new StringVal("")); - ConnectionEvent(http_reply, vl); + ConnectionEvent(http_reply, { + BuildConnVal(), + new StringVal(fmt("%.1f", reply_version)), + val_mgr->GetCount(reply_code), + reply_reason_phrase ? + reply_reason_phrase->Ref() : + new StringVal(""), + }); } else { @@ -1524,10 +1517,10 @@ void HTTP_Analyzer::ReplyMade(const int interrupted, const char* msg) if ( http_connection_upgrade ) { - val_list* vl = new val_list(); - vl->append(BuildConnVal()); - vl->append(new StringVal(upgrade_protocol)); - ConnectionEvent(http_connection_upgrade, vl); + ConnectionEvent(http_connection_upgrade, { + BuildConnVal(), + new StringVal(upgrade_protocol), + }); } } @@ -1697,14 +1690,15 @@ void HTTP_Analyzer::HTTP_Header(int is_orig, mime::MIME_Header* h) Conn()->Match(rule, (const u_char*) hd_value.data, hd_value.length, is_orig, false, true, false); - val_list* vl = new val_list(); - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(mime::new_string_val(h->get_name())->ToUpper()); - vl->append(mime::new_string_val(h->get_value())); if ( DEBUG_http ) DEBUG_MSG("%.6f http_header\n", network_time); - ConnectionEvent(http_header, vl); + + ConnectionEvent(http_header, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + mime::new_string_val(h->get_name())->ToUpper(), + mime::new_string_val(h->get_value()), + }); } } @@ -1833,12 +1827,12 @@ void HTTP_Analyzer::HTTP_EntityData(int is_orig, BroString* entity_data) { if ( http_entity_data ) { - val_list* vl = new val_list(); - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(val_mgr->GetCount(entity_data->Len())); - vl->append(new StringVal(entity_data)); - ConnectionEvent(http_entity_data, vl); + ConnectionEvent(http_entity_data, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + val_mgr->GetCount(entity_data->Len()), + new StringVal(entity_data), + }); } else delete entity_data; diff --git a/src/analyzer/protocol/icmp/ICMP.cc b/src/analyzer/protocol/icmp/ICMP.cc index 1832b324b2..a740ac8848 100644 --- a/src/analyzer/protocol/icmp/ICMP.cc +++ b/src/analyzer/protocol/icmp/ICMP.cc @@ -199,20 +199,21 @@ void ICMP_Analyzer::ICMP_Sent(const struct icmp* icmpp, int len, int caplen, { if ( icmp_sent ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, icmpv6, ip_hdr)); - ConnectionEvent(icmp_sent, vl); + ConnectionEvent(icmp_sent, { + BuildConnVal(), + BuildICMPVal(icmpp, len, icmpv6, ip_hdr), + }); } if ( icmp_sent_payload ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, icmpv6, ip_hdr)); BroString* payload = new BroString(data, min(len, caplen), 0); - vl->append(new StringVal(payload)); - ConnectionEvent(icmp_sent_payload, vl); + + ConnectionEvent(icmp_sent_payload, { + BuildConnVal(), + BuildICMPVal(icmpp, len, icmpv6, ip_hdr), + new StringVal(payload), + }); } } @@ -511,14 +512,13 @@ void ICMP_Analyzer::Echo(double t, const struct icmp* icmpp, int len, BroString* payload = new BroString(data, caplen, 0); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, ip_hdr->NextProto() != IPPROTO_ICMP, ip_hdr)); - vl->append(val_mgr->GetCount(iid)); - vl->append(val_mgr->GetCount(iseq)); - vl->append(new StringVal(payload)); - - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, ip_hdr->NextProto() != IPPROTO_ICMP, ip_hdr), + val_mgr->GetCount(iid), + val_mgr->GetCount(iseq), + new StringVal(payload), + }); } @@ -534,24 +534,23 @@ void ICMP_Analyzer::RouterAdvert(double t, const struct icmp* icmpp, int len, if ( caplen >= (int)sizeof(reachable) + (int)sizeof(retrans) ) memcpy(&retrans, data + sizeof(reachable), sizeof(retrans)); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); - vl->append(val_mgr->GetCount(icmpp->icmp_num_addrs)); // Cur Hop Limit - vl->append(val_mgr->GetBool(icmpp->icmp_wpa & 0x80)); // Managed - vl->append(val_mgr->GetBool(icmpp->icmp_wpa & 0x40)); // Other - vl->append(val_mgr->GetBool(icmpp->icmp_wpa & 0x20)); // Home Agent - vl->append(val_mgr->GetCount((icmpp->icmp_wpa & 0x18)>>3)); // Pref - vl->append(val_mgr->GetBool(icmpp->icmp_wpa & 0x04)); // Proxy - vl->append(val_mgr->GetCount(icmpp->icmp_wpa & 0x02)); // Reserved - vl->append(new IntervalVal((double)ntohs(icmpp->icmp_lifetime), Seconds)); - vl->append(new IntervalVal((double)ntohl(reachable), Milliseconds)); - vl->append(new IntervalVal((double)ntohl(retrans), Milliseconds)); - int opt_offset = sizeof(reachable) + sizeof(retrans); - vl->append(BuildNDOptionsVal(caplen - opt_offset, data + opt_offset)); - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, 1, ip_hdr), + val_mgr->GetCount(icmpp->icmp_num_addrs), // Cur Hop Limit + val_mgr->GetBool(icmpp->icmp_wpa & 0x80), // Managed + val_mgr->GetBool(icmpp->icmp_wpa & 0x40), // Other + val_mgr->GetBool(icmpp->icmp_wpa & 0x20), // Home Agent + val_mgr->GetCount((icmpp->icmp_wpa & 0x18)>>3), // Pref + val_mgr->GetBool(icmpp->icmp_wpa & 0x04), // Proxy + val_mgr->GetCount(icmpp->icmp_wpa & 0x02), // Reserved + new IntervalVal((double)ntohs(icmpp->icmp_lifetime), Seconds), + new IntervalVal((double)ntohl(reachable), Milliseconds), + new IntervalVal((double)ntohl(retrans), Milliseconds), + BuildNDOptionsVal(caplen - opt_offset, data + opt_offset), + }); } @@ -564,18 +563,17 @@ void ICMP_Analyzer::NeighborAdvert(double t, const struct icmp* icmpp, int len, if ( caplen >= (int)sizeof(in6_addr) ) tgtaddr = IPAddr(*((const in6_addr*)data)); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); - vl->append(val_mgr->GetBool(icmpp->icmp_num_addrs & 0x80)); // Router - vl->append(val_mgr->GetBool(icmpp->icmp_num_addrs & 0x40)); // Solicited - vl->append(val_mgr->GetBool(icmpp->icmp_num_addrs & 0x20)); // Override - vl->append(new AddrVal(tgtaddr)); - int opt_offset = sizeof(in6_addr); - vl->append(BuildNDOptionsVal(caplen - opt_offset, data + opt_offset)); - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, 1, ip_hdr), + val_mgr->GetBool(icmpp->icmp_num_addrs & 0x80), // Router + val_mgr->GetBool(icmpp->icmp_num_addrs & 0x40), // Solicited + val_mgr->GetBool(icmpp->icmp_num_addrs & 0x20), // Override + new AddrVal(tgtaddr), + BuildNDOptionsVal(caplen - opt_offset, data + opt_offset), + }); } @@ -588,15 +586,14 @@ void ICMP_Analyzer::NeighborSolicit(double t, const struct icmp* icmpp, int len, if ( caplen >= (int)sizeof(in6_addr) ) tgtaddr = IPAddr(*((const in6_addr*)data)); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); - vl->append(new AddrVal(tgtaddr)); - int opt_offset = sizeof(in6_addr); - vl->append(BuildNDOptionsVal(caplen - opt_offset, data + opt_offset)); - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, 1, ip_hdr), + new AddrVal(tgtaddr), + BuildNDOptionsVal(caplen - opt_offset, data + opt_offset), + }); } @@ -612,16 +609,15 @@ void ICMP_Analyzer::Redirect(double t, const struct icmp* icmpp, int len, if ( caplen >= 2 * (int)sizeof(in6_addr) ) dstaddr = IPAddr(*((const in6_addr*)(data + sizeof(in6_addr)))); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); - vl->append(new AddrVal(tgtaddr)); - vl->append(new AddrVal(dstaddr)); - int opt_offset = 2 * sizeof(in6_addr); - vl->append(BuildNDOptionsVal(caplen - opt_offset, data + opt_offset)); - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, 1, ip_hdr), + new AddrVal(tgtaddr), + new AddrVal(dstaddr), + BuildNDOptionsVal(caplen - opt_offset, data + opt_offset), + }); } @@ -630,12 +626,11 @@ void ICMP_Analyzer::RouterSolicit(double t, const struct icmp* icmpp, int len, { EventHandlerPtr f = icmp_router_solicitation; - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); - vl->append(BuildNDOptionsVal(caplen, data)); - - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, 1, ip_hdr), + BuildNDOptionsVal(caplen, data), + }); } @@ -657,12 +652,12 @@ void ICMP_Analyzer::Context4(double t, const struct icmp* icmpp, if ( f ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 0, ip_hdr)); - vl->append(val_mgr->GetCount(icmpp->icmp_code)); - vl->append(ExtractICMP4Context(caplen, data)); - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, 0, ip_hdr), + val_mgr->GetCount(icmpp->icmp_code), + ExtractICMP4Context(caplen, data), + }); } } @@ -697,12 +692,12 @@ void ICMP_Analyzer::Context6(double t, const struct icmp* icmpp, if ( f ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); - vl->append(val_mgr->GetCount(icmpp->icmp_code)); - vl->append(ExtractICMP6Context(caplen, data)); - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, 1, ip_hdr), + val_mgr->GetCount(icmpp->icmp_code), + ExtractICMP6Context(caplen, data), + }); } } diff --git a/src/analyzer/protocol/ident/Ident.cc b/src/analyzer/protocol/ident/Ident.cc index 125f2d7f64..ba32968c3b 100644 --- a/src/analyzer/protocol/ident/Ident.cc +++ b/src/analyzer/protocol/ident/Ident.cc @@ -83,12 +83,11 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) Weird("ident_request_addendum", s.CheckString()); } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetPort(local_port, TRANSPORT_TCP)); - vl->append(val_mgr->GetPort(remote_port, TRANSPORT_TCP)); - - ConnectionEvent(ident_request, vl); + ConnectionEvent(ident_request, { + BuildConnVal(), + val_mgr->GetPort(local_port, TRANSPORT_TCP), + val_mgr->GetPort(remote_port, TRANSPORT_TCP), + }); did_deliver = 1; } @@ -144,13 +143,12 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) if ( is_error ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetPort(local_port, TRANSPORT_TCP)); - vl->append(val_mgr->GetPort(remote_port, TRANSPORT_TCP)); - vl->append(new StringVal(end_of_line - line, line)); - - ConnectionEvent(ident_error, vl); + ConnectionEvent(ident_error, { + BuildConnVal(), + val_mgr->GetPort(local_port, TRANSPORT_TCP), + val_mgr->GetPort(remote_port, TRANSPORT_TCP), + new StringVal(end_of_line - line, line), + }); } else @@ -178,14 +176,13 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) line = skip_whitespace(colon + 1, end_of_line); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetPort(local_port, TRANSPORT_TCP)); - vl->append(val_mgr->GetPort(remote_port, TRANSPORT_TCP)); - vl->append(new StringVal(end_of_line - line, line)); - vl->append(new StringVal(sys_type_s)); - - ConnectionEvent(ident_reply, vl); + ConnectionEvent(ident_reply, { + BuildConnVal(), + val_mgr->GetPort(local_port, TRANSPORT_TCP), + val_mgr->GetPort(remote_port, TRANSPORT_TCP), + new StringVal(end_of_line - line, line), + new StringVal(sys_type_s), + }); } } } diff --git a/src/analyzer/protocol/interconn/InterConn.cc b/src/analyzer/protocol/interconn/InterConn.cc index 8d9dd72774..39749a0deb 100644 --- a/src/analyzer/protocol/interconn/InterConn.cc +++ b/src/analyzer/protocol/interconn/InterConn.cc @@ -241,20 +241,16 @@ void InterConn_Analyzer::StatTimer(double t, int is_expire) void InterConn_Analyzer::StatEvent() { - val_list* vl = new val_list; - vl->append(Conn()->BuildConnVal()); - vl->append(orig_endp->BuildStats()); - vl->append(resp_endp->BuildStats()); - - Conn()->ConnectionEvent(interconn_stats, this, vl); + Conn()->ConnectionEvent(interconn_stats, this, { + Conn()->BuildConnVal(), + orig_endp->BuildStats(), + resp_endp->BuildStats(), + }); } void InterConn_Analyzer::RemoveEvent() { - val_list* vl = new val_list; - vl->append(Conn()->BuildConnVal()); - - Conn()->ConnectionEvent(interconn_remove_conn, this, vl); + Conn()->ConnectionEvent(interconn_remove_conn, this, {Conn()->BuildConnVal()}); } InterConnTimer::InterConnTimer(double t, InterConn_Analyzer* a) diff --git a/src/analyzer/protocol/irc/IRC.cc b/src/analyzer/protocol/irc/IRC.cc index 25d568d627..cd48d8469c 100644 --- a/src/analyzer/protocol/irc/IRC.cc +++ b/src/analyzer/protocol/irc/IRC.cc @@ -233,14 +233,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) // else ### } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(val_mgr->GetInt(users)); - vl->append(val_mgr->GetInt(services)); - vl->append(val_mgr->GetInt(servers)); - - ConnectionEvent(irc_network_info, vl); + ConnectionEvent(irc_network_info, { + BuildConnVal(), + val_mgr->GetBool(orig), + val_mgr->GetInt(users), + val_mgr->GetInt(services), + val_mgr->GetInt(servers), + }); } break; @@ -271,13 +270,8 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( parts.size() > 0 && parts[0][0] == ':' ) parts[0] = parts[0].substr(1); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(type.c_str())); - vl->append(new StringVal(channel.c_str())); - TableVal* set = new TableVal(string_set); + for ( unsigned int i = 0; i < parts.size(); ++i ) { if ( parts[i][0] == '@' ) @@ -286,9 +280,14 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) set->Assign(idx, 0); Unref(idx); } - vl->append(set); - ConnectionEvent(irc_names_info, vl); + ConnectionEvent(irc_names_info, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(type.c_str()), + new StringVal(channel.c_str()), + set, + }); } break; @@ -316,14 +315,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) // else ### } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(val_mgr->GetInt(users)); - vl->append(val_mgr->GetInt(services)); - vl->append(val_mgr->GetInt(servers)); - - ConnectionEvent(irc_server_info, vl); + ConnectionEvent(irc_server_info, { + BuildConnVal(), + val_mgr->GetBool(orig), + val_mgr->GetInt(users), + val_mgr->GetInt(services), + val_mgr->GetInt(servers), + }); } break; @@ -339,12 +337,11 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( parts[i] == ":channels" ) channels = atoi(parts[i - 1].c_str()); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(val_mgr->GetInt(channels)); - - ConnectionEvent(irc_channel_info, vl); + ConnectionEvent(irc_channel_info, { + BuildConnVal(), + val_mgr->GetBool(orig), + val_mgr->GetInt(channels), + }); } break; @@ -372,12 +369,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) break; } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(eop - prefix, prefix)); - vl->append(new StringVal(++msg)); - ConnectionEvent(irc_global_users, vl); + ConnectionEvent(irc_global_users, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(eop - prefix, prefix), + new StringVal(++msg), + }); break; } @@ -397,12 +394,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) return; } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(parts[0].c_str())); - vl->append(new StringVal(parts[1].c_str())); - vl->append(new StringVal(parts[2].c_str())); + val_list vl(6); + vl.append(BuildConnVal()); + vl.append(val_mgr->GetBool(orig)); + vl.append(new StringVal(parts[0].c_str())); + vl.append(new StringVal(parts[1].c_str())); + vl.append(new StringVal(parts[2].c_str())); parts.erase(parts.begin(), parts.begin() + 4); @@ -413,9 +410,9 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( real_name[0] == ':' ) real_name = real_name.substr(1); - vl->append(new StringVal(real_name.c_str())); + vl.append(new StringVal(real_name.c_str())); - ConnectionEvent(irc_whois_user_line, vl); + ConnectionEvent(irc_whois_user_line, std::move(vl)); } break; @@ -436,12 +433,11 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) return; } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(parts[0].c_str())); - - ConnectionEvent(irc_whois_operator_line, vl); + ConnectionEvent(irc_whois_operator_line, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(parts[0].c_str()), + }); } break; @@ -467,11 +463,8 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( parts.size() > 0 && parts[0][0] == ':' ) parts[0] = parts[0].substr(1); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(nick.c_str())); TableVal* set = new TableVal(string_set); + for ( unsigned int i = 0; i < parts.size(); ++i ) { Val* idx = new StringVal(parts[i].c_str()); @@ -479,9 +472,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) Unref(idx); } - vl->append(set); - - ConnectionEvent(irc_whois_channel_line, vl); + ConnectionEvent(irc_whois_channel_line, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(nick.c_str()), + set, + }); } break; @@ -502,19 +498,17 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( pos < params.size() ) { string topic = params.substr(pos + 1); - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(parts[1].c_str())); - const char* t = topic.c_str(); + if ( *t == ':' ) ++t; - vl->append(new StringVal(t)); - - ConnectionEvent(irc_channel_topic, vl); + ConnectionEvent(irc_channel_topic, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(parts[1].c_str()), + new StringVal(t), + }); } else { @@ -537,24 +531,25 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) return; } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(parts[0].c_str())); - vl->append(new StringVal(parts[1].c_str())); if ( parts[2][0] == '~' ) parts[2] = parts[2].substr(1); - vl->append(new StringVal(parts[2].c_str())); - vl->append(new StringVal(parts[3].c_str())); - vl->append(new StringVal(parts[4].c_str())); - vl->append(new StringVal(parts[5].c_str())); - vl->append(new StringVal(parts[6].c_str())); + if ( parts[7][0] == ':' ) parts[7] = parts[7].substr(1); - vl->append(val_mgr->GetInt(atoi(parts[7].c_str()))); - vl->append(new StringVal(parts[8].c_str())); - ConnectionEvent(irc_who_line, vl); + ConnectionEvent(irc_who_line, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(parts[0].c_str()), + new StringVal(parts[1].c_str()), + new StringVal(parts[2].c_str()), + new StringVal(parts[3].c_str()), + new StringVal(parts[4].c_str()), + new StringVal(parts[5].c_str()), + new StringVal(parts[6].c_str()), + val_mgr->GetInt(atoi(parts[7].c_str())), + new StringVal(parts[8].c_str()), + }); } break; @@ -565,10 +560,10 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) case 436: if ( irc_invalid_nick ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - ConnectionEvent(irc_invalid_nick, vl); + ConnectionEvent(irc_invalid_nick, { + BuildConnVal(), + val_mgr->GetBool(orig), + }); } break; @@ -577,11 +572,11 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) case 491: // user is not operator if ( irc_oper_response ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(val_mgr->GetBool(code == 381)); - ConnectionEvent(irc_oper_response, vl); + ConnectionEvent(irc_oper_response, { + BuildConnVal(), + val_mgr->GetBool(orig), + val_mgr->GetBool(code == 381), + }); } break; @@ -592,14 +587,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) // All other server replies. default: - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(val_mgr->GetCount(code)); - vl->append(new StringVal(params.c_str())); - - ConnectionEvent(irc_reply, vl); + ConnectionEvent(irc_reply, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + val_mgr->GetCount(code), + new StringVal(params.c_str()), + }); break; } return; @@ -662,33 +656,31 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) raw_ip = (10 * raw_ip) + atoi(s.c_str()); } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(target.c_str())); - vl->append(new StringVal(parts[1].c_str())); - vl->append(new StringVal(parts[2].c_str())); - vl->append(new AddrVal(htonl(raw_ip))); - vl->append(val_mgr->GetCount(atoi(parts[4].c_str()))); - if ( parts.size() >= 6 ) - vl->append(val_mgr->GetCount(atoi(parts[5].c_str()))); - else - vl->append(val_mgr->GetCount(0)); - ConnectionEvent(irc_dcc_message, vl); + ConnectionEvent(irc_dcc_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(target.c_str()), + new StringVal(parts[1].c_str()), + new StringVal(parts[2].c_str()), + new AddrVal(htonl(raw_ip)), + val_mgr->GetCount(atoi(parts[4].c_str())), + parts.size() >= 6 ? + val_mgr->GetCount(atoi(parts[5].c_str())) : + val_mgr->GetCount(0), + }); } else { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(target.c_str())); - vl->append(new StringVal(message.c_str())); - - ConnectionEvent(irc_privmsg_message, vl); + ConnectionEvent(irc_privmsg_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(target.c_str()), + new StringVal(message.c_str()), + }); } } @@ -707,14 +699,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( message[0] == ':' ) message = message.substr(1); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(target.c_str())); - vl->append(new StringVal(message.c_str())); - - ConnectionEvent(irc_notice_message, vl); + ConnectionEvent(irc_notice_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(target.c_str()), + new StringVal(message.c_str()), + }); } else if ( irc_squery_message && command == "SQUERY" ) @@ -732,35 +723,34 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( message[0] == ':' ) message = message.substr(1); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(target.c_str())); - vl->append(new StringVal(message.c_str())); - - ConnectionEvent(irc_squery_message, vl); + ConnectionEvent(irc_squery_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(target.c_str()), + new StringVal(message.c_str()), + }); } else if ( irc_user_message && command == "USER" ) { // extract username and real name vector parts = SplitWords(params, ' '); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); + val_list vl(6); + vl.append(BuildConnVal()); + vl.append(val_mgr->GetBool(orig)); if ( parts.size() > 0 ) - vl->append(new StringVal(parts[0].c_str())); - else vl->append(val_mgr->GetEmptyString()); + vl.append(new StringVal(parts[0].c_str())); + else vl.append(val_mgr->GetEmptyString()); if ( parts.size() > 1 ) - vl->append(new StringVal(parts[1].c_str())); - else vl->append(val_mgr->GetEmptyString()); + vl.append(new StringVal(parts[1].c_str())); + else vl.append(val_mgr->GetEmptyString()); if ( parts.size() > 2 ) - vl->append(new StringVal(parts[2].c_str())); - else vl->append(val_mgr->GetEmptyString()); + vl.append(new StringVal(parts[2].c_str())); + else vl.append(val_mgr->GetEmptyString()); string realname; for ( unsigned int i = 3; i < parts.size(); i++ ) @@ -771,9 +761,9 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) } const char* name = realname.c_str(); - vl->append(new StringVal(*name == ':' ? name + 1 : name)); + vl.append(new StringVal(*name == ':' ? name + 1 : name)); - ConnectionEvent(irc_user_message, vl); + ConnectionEvent(irc_user_message, std::move(vl)); } else if ( irc_oper_message && command == "OPER" ) @@ -782,13 +772,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) vector parts = SplitWords(params, ' '); if ( parts.size() == 2 ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(parts[0].c_str())); - vl->append(new StringVal(parts[1].c_str())); - - ConnectionEvent(irc_oper_message, vl); + ConnectionEvent(irc_oper_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(parts[0].c_str()), + new StringVal(parts[1].c_str()), + }); } else @@ -805,12 +794,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) return; } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(parts[0].c_str())); - vl->append(new StringVal(parts[1].c_str())); + val_list vl(6); + vl.append(BuildConnVal()); + vl.append(val_mgr->GetBool(orig)); + vl.append(new StringVal(prefix.c_str())); + vl.append(new StringVal(parts[0].c_str())); + vl.append(new StringVal(parts[1].c_str())); if ( parts.size() > 2 ) { string comment = parts[2]; @@ -820,12 +809,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( comment[0] == ':' ) comment = comment.substr(1); - vl->append(new StringVal(comment.c_str())); + vl.append(new StringVal(comment.c_str())); } else - vl->append(val_mgr->GetEmptyString()); + vl.append(val_mgr->GetEmptyString()); - ConnectionEvent(irc_kick_message, vl); + ConnectionEvent(irc_kick_message, std::move(vl)); } else if ( irc_join_message && command == "JOIN" ) @@ -849,11 +838,8 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) nickname = prefix.substr(0, pos); } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - TableVal* list = new TableVal(irc_join_list); + vector channels = SplitWords(parts[0], ','); vector passwords; @@ -876,9 +862,11 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) Unref(info); } - vl->append(list); - - ConnectionEvent(irc_join_message, vl); + ConnectionEvent(irc_join_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + list, + }); } else if ( irc_join_message && command == "NJOIN" ) @@ -895,12 +883,8 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) parts[1] = parts[1].substr(1); vector users = SplitWords(parts[1], ','); - - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - TableVal* list = new TableVal(irc_join_list); + string empty_string = ""; for ( unsigned int i = 0; i < users.size(); ++i ) @@ -939,9 +923,11 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) Unref(info); } - vl->append(list); - - ConnectionEvent(irc_join_message, vl); + ConnectionEvent(irc_join_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + list, + }); } else if ( irc_part_message && command == "PART" ) @@ -977,14 +963,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) Unref(idx); } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(nick.c_str())); - vl->append(set); - vl->append(new StringVal(message.c_str())); - - ConnectionEvent(irc_part_message, vl); + ConnectionEvent(irc_part_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(nick.c_str()), + set, + new StringVal(message.c_str()), + }); } else if ( irc_quit_message && command == "QUIT" ) @@ -1001,13 +986,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) nickname = prefix.substr(0, pos); } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(nickname.c_str())); - vl->append(new StringVal(message.c_str())); - - ConnectionEvent(irc_quit_message, vl); + ConnectionEvent(irc_quit_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(nickname.c_str()), + new StringVal(message.c_str()), + }); } else if ( irc_nick_message && command == "NICK" ) @@ -1016,13 +1000,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( nick[0] == ':' ) nick = nick.substr(1); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(nick.c_str())); - - ConnectionEvent(irc_nick_message, vl); + ConnectionEvent(irc_nick_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(nick.c_str()) + }); } else if ( irc_who_message && command == "WHO" ) @@ -1042,16 +1025,14 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( parts.size() > 0 && parts[0].size() > 0 && parts[0][0] == ':' ) parts[0] = parts[0].substr(1); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - if ( parts.size() > 0 ) - vl->append(new StringVal(parts[0].c_str())); - else - vl->append(val_mgr->GetEmptyString()); - vl->append(val_mgr->GetBool(oper)); - - ConnectionEvent(irc_who_message, vl); + ConnectionEvent(irc_who_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + parts.size() > 0 ? + new StringVal(parts[0].c_str()) : + val_mgr->GetEmptyString(), + val_mgr->GetBool(oper), + }); } else if ( irc_whois_message && command == "WHOIS" ) @@ -1074,26 +1055,25 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) else users = parts[0]; - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(server.c_str())); - vl->append(new StringVal(users.c_str())); - - ConnectionEvent(irc_whois_message, vl); + ConnectionEvent(irc_whois_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(server.c_str()), + new StringVal(users.c_str()), + }); } else if ( irc_error_message && command == "ERROR" ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); if ( params[0] == ':' ) params = params.substr(1); - vl->append(new StringVal(params.c_str())); - ConnectionEvent(irc_error_message, vl); + ConnectionEvent(irc_error_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(params.c_str()), + }); } else if ( irc_invite_message && command == "INVITE" ) @@ -1104,14 +1084,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( parts[1].size() > 0 && parts[1][0] == ':' ) parts[1] = parts[1].substr(1); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(parts[0].c_str())); - vl->append(new StringVal(parts[1].c_str())); - - ConnectionEvent(irc_invite_message, vl); + ConnectionEvent(irc_invite_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(parts[0].c_str()), + new StringVal(parts[1].c_str()), + }); } else Weird("irc_invalid_invite_message_format"); @@ -1121,13 +1100,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { if ( params.size() > 0 ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(params.c_str())); - - ConnectionEvent(irc_mode_message, vl); + ConnectionEvent(irc_mode_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(params.c_str()), + }); } else @@ -1136,11 +1114,11 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) else if ( irc_password_message && command == "PASS" ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(params.c_str())); - ConnectionEvent(irc_password_message, vl); + ConnectionEvent(irc_password_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(params.c_str()), + }); } else if ( irc_squit_message && command == "SQUIT" ) @@ -1158,14 +1136,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) message = message.substr(1); } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(server.c_str())); - vl->append(new StringVal(message.c_str())); - - ConnectionEvent(irc_squit_message, vl); + ConnectionEvent(irc_squit_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(server.c_str()), + new StringVal(message.c_str()), + }); } @@ -1173,14 +1150,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { if ( irc_request ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(command.c_str())); - vl->append(new StringVal(params.c_str())); - - ConnectionEvent(irc_request, vl); + ConnectionEvent(irc_request, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(command.c_str()), + new StringVal(params.c_str()), + }); } } @@ -1188,14 +1164,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { if ( irc_message ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(command.c_str())); - vl->append(new StringVal(params.c_str())); - - ConnectionEvent(irc_message, vl); + ConnectionEvent(irc_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(command.c_str()), + new StringVal(params.c_str()), + }); } } @@ -1224,10 +1199,7 @@ void IRC_Analyzer::StartTLS() if ( ssl ) AddChildAnalyzer(ssl); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - - ConnectionEvent(irc_starttls, vl); + ConnectionEvent(irc_starttls, {BuildConnVal()}); } vector IRC_Analyzer::SplitWords(const string input, const char split) diff --git a/src/analyzer/protocol/login/Login.cc b/src/analyzer/protocol/login/Login.cc index f8eb233a29..326c126ae9 100644 --- a/src/analyzer/protocol/login/Login.cc +++ b/src/analyzer/protocol/login/Login.cc @@ -289,9 +289,7 @@ void Login_Analyzer::AuthenticationDialog(bool orig, char* line) { if ( authentication_skipped ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - ConnectionEvent(authentication_skipped, vl); + ConnectionEvent(authentication_skipped, {BuildConnVal()}); } state = LOGIN_STATE_SKIP; @@ -334,32 +332,26 @@ void Login_Analyzer::SetEnv(bool orig, char* name, char* val) else if ( login_terminal && streq(name, "TERM") ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(new StringVal(val)); - - ConnectionEvent(login_terminal, vl); + ConnectionEvent(login_terminal, { + BuildConnVal(), + new StringVal(val), + }); } else if ( login_display && streq(name, "DISPLAY") ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(new StringVal(val)); - - ConnectionEvent(login_display, vl); + ConnectionEvent(login_display, { + BuildConnVal(), + new StringVal(val), + }); } else if ( login_prompt && streq(name, "TTYPROMPT") ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(new StringVal(val)); - - ConnectionEvent(login_prompt, vl); + ConnectionEvent(login_prompt, { + BuildConnVal(), + new StringVal(val), + }); } } @@ -433,15 +425,13 @@ void Login_Analyzer::LoginEvent(EventHandlerPtr f, const char* line, Val* password = HaveTypeahead() ? PopUserTextVal() : new StringVal(""); - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(username->Ref()); - vl->append(client_name ? client_name->Ref() : val_mgr->GetEmptyString()); - vl->append(password); - vl->append(new StringVal(line)); - - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + username->Ref(), + client_name ? client_name->Ref() : val_mgr->GetEmptyString(), + password, + new StringVal(line), + }); } const char* Login_Analyzer::GetUsername(const char* line) const @@ -454,12 +444,10 @@ const char* Login_Analyzer::GetUsername(const char* line) const void Login_Analyzer::LineEvent(EventHandlerPtr f, const char* line) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(new StringVal(line)); - - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + new StringVal(line), + }); } @@ -469,12 +457,11 @@ void Login_Analyzer::Confused(const char* msg, const char* line) if ( login_confused ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new StringVal(msg)); - vl->append(new StringVal(line)); - - ConnectionEvent(login_confused, vl); + ConnectionEvent(login_confused, { + BuildConnVal(), + new StringVal(msg), + new StringVal(line), + }); } if ( login_confused_text ) @@ -496,10 +483,10 @@ void Login_Analyzer::ConfusionText(const char* line) { if ( login_confused_text ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new StringVal(line)); - ConnectionEvent(login_confused_text, vl); + ConnectionEvent(login_confused_text, { + BuildConnVal(), + new StringVal(line), + }); } } diff --git a/src/analyzer/protocol/login/NVT.cc b/src/analyzer/protocol/login/NVT.cc index 11952103bf..53ad3c202d 100644 --- a/src/analyzer/protocol/login/NVT.cc +++ b/src/analyzer/protocol/login/NVT.cc @@ -461,11 +461,10 @@ void NVT_Analyzer::SetTerminal(const u_char* terminal, int len) { if ( login_terminal ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new StringVal(new BroString(terminal, len, 0))); - - ConnectionEvent(login_terminal, vl); + ConnectionEvent(login_terminal, { + BuildConnVal(), + new StringVal(new BroString(terminal, len, 0)), + }); } } diff --git a/src/analyzer/protocol/login/RSH.cc b/src/analyzer/protocol/login/RSH.cc index 0afacb2f2b..4688bf9280 100644 --- a/src/analyzer/protocol/login/RSH.cc +++ b/src/analyzer/protocol/login/RSH.cc @@ -156,31 +156,38 @@ void Rsh_Analyzer::DeliverStream(int len, const u_char* data, bool orig) { Login_Analyzer::DeliverStream(len, data, orig); + if ( orig ) + { + if ( ! rsh_request ) + return; + } + else + { + if ( ! rsh_reply ) + return; + } + + val_list vl(4 + orig); const char* line = (const char*) data; - val_list* vl = new val_list; - line = skip_whitespace(line); - vl->append(BuildConnVal()); - vl->append(client_name ? client_name->Ref() : new StringVal("")); - vl->append(username ? username->Ref() : new StringVal("")); - vl->append(new StringVal(line)); + vl.append(BuildConnVal()); + vl.append(client_name ? client_name->Ref() : new StringVal("")); + vl.append(username ? username->Ref() : new StringVal("")); + vl.append(new StringVal(line)); - if ( orig && rsh_request ) + if ( orig ) { if ( contents_orig->RshSaveState() == RSH_SERVER_USER_NAME ) // First input - vl->append(val_mgr->GetTrue()); + vl.append(val_mgr->GetTrue()); else - vl->append(val_mgr->GetFalse()); + vl.append(val_mgr->GetFalse()); - ConnectionEvent(rsh_request, vl); + ConnectionEvent(rsh_request, std::move(vl)); } - else if ( rsh_reply ) - ConnectionEvent(rsh_reply, vl); - else - delete_vals(vl); + ConnectionEvent(rsh_reply, std::move(vl)); } void Rsh_Analyzer::ClientUserName(const char* s) diff --git a/src/analyzer/protocol/login/Rlogin.cc b/src/analyzer/protocol/login/Rlogin.cc index 6979148676..10d9e23e91 100644 --- a/src/analyzer/protocol/login/Rlogin.cc +++ b/src/analyzer/protocol/login/Rlogin.cc @@ -244,11 +244,9 @@ void Rlogin_Analyzer::TerminalType(const char* s) { if ( login_terminal ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(new StringVal(s)); - - ConnectionEvent(login_terminal, vl); + ConnectionEvent(login_terminal, { + BuildConnVal(), + new StringVal(s), + }); } } diff --git a/src/analyzer/protocol/mime/MIME.cc b/src/analyzer/protocol/mime/MIME.cc index 931e155fdf..edb5316bac 100644 --- a/src/analyzer/protocol/mime/MIME.cc +++ b/src/analyzer/protocol/mime/MIME.cc @@ -1358,11 +1358,11 @@ void MIME_Mail::Done() hash_final(md5_hash, digest); md5_hash = nullptr; - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(content_hash_length)); - vl->append(new StringVal(new BroString(1, digest, 16))); - analyzer->ConnectionEvent(mime_content_hash, vl); + analyzer->ConnectionEvent(mime_content_hash, { + analyzer->BuildConnVal(), + val_mgr->GetCount(content_hash_length), + new StringVal(new BroString(1, digest, 16)), + }); } MIME_Message::Done(); @@ -1386,11 +1386,7 @@ void MIME_Mail::BeginEntity(MIME_Entity* /* entity */) cur_entity_id.clear(); if ( mime_begin_entity ) - { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - analyzer->ConnectionEvent(mime_begin_entity, vl); - } + analyzer->ConnectionEvent(mime_begin_entity, {analyzer->BuildConnVal()}); buffer_start = data_start = 0; ASSERT(entity_content.size() == 0); @@ -1402,12 +1398,12 @@ void MIME_Mail::EndEntity(MIME_Entity* /* entity */) { BroString* s = concatenate(entity_content); - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(s->Len())); - vl->append(new StringVal(s)); - analyzer->ConnectionEvent(mime_entity_data, vl); + analyzer->ConnectionEvent(mime_entity_data, { + analyzer->BuildConnVal(), + val_mgr->GetCount(s->Len()), + new StringVal(s), + }); if ( ! mime_all_data ) delete_strings(entity_content); @@ -1416,11 +1412,7 @@ void MIME_Mail::EndEntity(MIME_Entity* /* entity */) } if ( mime_end_entity ) - { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - analyzer->ConnectionEvent(mime_end_entity, vl); - } + analyzer->ConnectionEvent(mime_end_entity, {analyzer->BuildConnVal()}); file_mgr->EndOfFile(analyzer->GetAnalyzerTag(), analyzer->Conn()); cur_entity_id.clear(); @@ -1430,10 +1422,10 @@ void MIME_Mail::SubmitHeader(MIME_Header* h) { if ( mime_one_header ) { - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(BuildHeaderVal(h)); - analyzer->ConnectionEvent(mime_one_header, vl); + analyzer->ConnectionEvent(mime_one_header, { + analyzer->BuildConnVal(), + BuildHeaderVal(h), + }); } } @@ -1441,10 +1433,10 @@ void MIME_Mail::SubmitAllHeaders(MIME_HeaderList& hlist) { if ( mime_all_headers ) { - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(BuildHeaderTable(hlist)); - analyzer->ConnectionEvent(mime_all_headers, vl); + analyzer->ConnectionEvent(mime_all_headers, { + analyzer->BuildConnVal(), + BuildHeaderTable(hlist), + }); } } @@ -1478,11 +1470,11 @@ void MIME_Mail::SubmitData(int len, const char* buf) const char* data = (char*) data_buffer->Bytes() + data_start; int data_len = (buf + len) - data; - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(data_len)); - vl->append(new StringVal(data_len, data)); - analyzer->ConnectionEvent(mime_segment_data, vl); + analyzer->ConnectionEvent(mime_segment_data, { + analyzer->BuildConnVal(), + val_mgr->GetCount(data_len), + new StringVal(data_len, data), + }); } cur_entity_id = file_mgr->DataIn(reinterpret_cast(buf), len, @@ -1525,12 +1517,11 @@ void MIME_Mail::SubmitAllData() BroString* s = concatenate(all_content); delete_strings(all_content); - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(s->Len())); - vl->append(new StringVal(s)); - - analyzer->ConnectionEvent(mime_all_data, vl); + analyzer->ConnectionEvent(mime_all_data, { + analyzer->BuildConnVal(), + val_mgr->GetCount(s->Len()), + new StringVal(s), + }); } } @@ -1555,10 +1546,10 @@ void MIME_Mail::SubmitEvent(int event_type, const char* detail) if ( mime_event ) { - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(new StringVal(category)); - vl->append(new StringVal(detail)); - analyzer->ConnectionEvent(mime_event, vl); + analyzer->ConnectionEvent(mime_event, { + analyzer->BuildConnVal(), + new StringVal(category), + new StringVal(detail), + }); } } diff --git a/src/analyzer/protocol/ncp/NCP.cc b/src/analyzer/protocol/ncp/NCP.cc index b59358b703..ceb480292b 100644 --- a/src/analyzer/protocol/ncp/NCP.cc +++ b/src/analyzer/protocol/ncp/NCP.cc @@ -61,21 +61,27 @@ void NCP_Session::DeliverFrame(const binpac::NCP::ncp_frame* frame) EventHandlerPtr f = frame->is_orig() ? ncp_request : ncp_reply; if ( f ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(frame->frame_type())); - vl->append(val_mgr->GetCount(frame->body_length())); - if ( frame->is_orig() ) - vl->append(val_mgr->GetCount(req_func)); + { + analyzer->ConnectionEvent(f, { + analyzer->BuildConnVal(), + val_mgr->GetCount(frame->frame_type()), + val_mgr->GetCount(frame->body_length()), + val_mgr->GetCount(req_func), + }); + } else { - vl->append(val_mgr->GetCount(req_frame_type)); - vl->append(val_mgr->GetCount(req_func)); - vl->append(val_mgr->GetCount(frame->reply()->completion_code())); + analyzer->ConnectionEvent(f, { + analyzer->BuildConnVal(), + val_mgr->GetCount(frame->frame_type()), + val_mgr->GetCount(frame->body_length()), + val_mgr->GetCount(req_frame_type), + val_mgr->GetCount(req_func), + val_mgr->GetCount(frame->reply()->completion_code()), + }); } - analyzer->ConnectionEvent(f, vl); } } diff --git a/src/analyzer/protocol/netbios/NetbiosSSN.cc b/src/analyzer/protocol/netbios/NetbiosSSN.cc index 492375b7aa..5dc07f7d0d 100644 --- a/src/analyzer/protocol/netbios/NetbiosSSN.cc +++ b/src/analyzer/protocol/netbios/NetbiosSSN.cc @@ -58,12 +58,12 @@ int NetbiosSSN_Interpreter::ParseMessage(unsigned int type, unsigned int flags, { if ( netbios_session_message ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_query)); - vl->append(val_mgr->GetCount(type)); - vl->append(val_mgr->GetCount(len)); - analyzer->ConnectionEvent(netbios_session_message, vl); + analyzer->ConnectionEvent(netbios_session_message, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_query), + val_mgr->GetCount(type), + val_mgr->GetCount(len), + }); } switch ( type ) { @@ -328,13 +328,19 @@ void NetbiosSSN_Interpreter::Event(EventHandlerPtr event, const u_char* data, if ( ! event ) return; - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); if ( is_orig >= 0 ) - vl->append(val_mgr->GetBool(is_orig)); - vl->append(new StringVal(new BroString(data, len, 0))); - - analyzer->ConnectionEvent(event, vl); + { + analyzer->ConnectionEvent(event, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_orig), + new StringVal(new BroString(data, len, 0)), + }); + } + else + analyzer->ConnectionEvent(event, { + analyzer->BuildConnVal(), + new StringVal(new BroString(data, len, 0)), + }); } diff --git a/src/analyzer/protocol/ntp/NTP.cc b/src/analyzer/protocol/ntp/NTP.cc index 631d5bc3e9..2e6988d13f 100644 --- a/src/analyzer/protocol/ntp/NTP.cc +++ b/src/analyzer/protocol/ntp/NTP.cc @@ -78,12 +78,11 @@ void NTP_Analyzer::Message(const u_char* data, int len) msg->Assign(9, new Val(LongFloat(ntp_data->rec), TYPE_TIME)); msg->Assign(10, new Val(LongFloat(ntp_data->xmt), TYPE_TIME)); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(msg); - vl->append(new StringVal(new BroString(data, len, 0))); - - ConnectionEvent(ntp_message, vl); + ConnectionEvent(ntp_message, { + BuildConnVal(), + msg, + new StringVal(new BroString(data, len, 0)), + }); } double NTP_Analyzer::ShortFloat(struct s_fixedpt fp) diff --git a/src/analyzer/protocol/pop3/POP3.cc b/src/analyzer/protocol/pop3/POP3.cc index 2cd5041a70..e7ccf3907c 100644 --- a/src/analyzer/protocol/pop3/POP3.cc +++ b/src/analyzer/protocol/pop3/POP3.cc @@ -833,10 +833,7 @@ void POP3_Analyzer::StartTLS() if ( ssl ) AddChildAnalyzer(ssl); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - - ConnectionEvent(pop3_starttls, vl); + ConnectionEvent(pop3_starttls, {BuildConnVal()}); } void POP3_Analyzer::AuthSuccessfull() @@ -926,14 +923,14 @@ void POP3_Analyzer::POP3Event(EventHandlerPtr event, bool is_orig, if ( ! event ) return; - val_list* vl = new val_list; + val_list vl(2 + (bool)arg1 + (bool)arg2); - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); + vl.append(BuildConnVal()); + vl.append(val_mgr->GetBool(is_orig)); if ( arg1 ) - vl->append(new StringVal(arg1)); + vl.append(new StringVal(arg1)); if ( arg2 ) - vl->append(new StringVal(arg2)); + vl.append(new StringVal(arg2)); - ConnectionEvent(event, vl); + ConnectionEvent(event, std::move(vl)); } diff --git a/src/analyzer/protocol/rpc/MOUNT.cc b/src/analyzer/protocol/rpc/MOUNT.cc index 604d2e3ed1..1cea8e0211 100644 --- a/src/analyzer/protocol/rpc/MOUNT.cc +++ b/src/analyzer/protocol/rpc/MOUNT.cc @@ -93,9 +93,9 @@ int MOUNT_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status if ( mount_reply_status ) { - val_list* vl = event_common_vl(c, rpc_status, mount_status, - start_time, last_time, reply_len); - analyzer->ConnectionEvent(mount_reply_status, vl); + auto vl = event_common_vl(c, rpc_status, mount_status, + start_time, last_time, reply_len, 0); + analyzer->ConnectionEvent(mount_reply_status, std::move(vl)); } if ( ! rpc_success ) @@ -162,34 +162,34 @@ int MOUNT_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status // optional and all are set to 0 ... if ( event ) { - val_list* vl = event_common_vl(c, rpc_status, mount_status, - start_time, last_time, reply_len); - Val *request = c->TakeRequestVal(); + auto vl = event_common_vl(c, rpc_status, mount_status, + start_time, last_time, reply_len, (bool)request + (bool)reply); + if ( request ) - vl->append(request); + vl.append(request); if ( reply ) - vl->append(reply); + vl.append(reply); - analyzer->ConnectionEvent(event, vl); + analyzer->ConnectionEvent(event, std::move(vl)); } else Unref(reply); return 1; } -val_list* MOUNT_Interp::event_common_vl(RPC_CallInfo *c, +val_list MOUNT_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, BifEnum::MOUNT3::status_t mount_status, double rep_start_time, - double rep_last_time, int reply_len) + double rep_last_time, int reply_len, int extra_elements) { // Returns a new val_list that already has a conn_val, and mount3_info. // These are the first parameters for each mount_* event ... - val_list *vl = new val_list; - vl->append(analyzer->BuildConnVal()); + val_list vl(2 + extra_elements); + vl.append(analyzer->BuildConnVal()); VectorVal* auxgids = new VectorVal(internal_type("index_vec")->AsVectorType()); for (size_t i = 0; i < c->AuxGIDs().size(); ++i) @@ -212,7 +212,7 @@ val_list* MOUNT_Interp::event_common_vl(RPC_CallInfo *c, info->Assign(11, new StringVal(c->MachineName())); info->Assign(12, auxgids); - vl->append(info); + vl.append(info); return vl; } diff --git a/src/analyzer/protocol/rpc/MOUNT.h b/src/analyzer/protocol/rpc/MOUNT.h index 42da4f61ed..7c243f96a0 100644 --- a/src/analyzer/protocol/rpc/MOUNT.h +++ b/src/analyzer/protocol/rpc/MOUNT.h @@ -22,10 +22,10 @@ protected: // Returns a new val_list that already has a conn_val, rpc_status and // mount_status. These are the first parameters for each mount_* event // ... - val_list* event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, + val_list event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, BifEnum::MOUNT3::status_t mount_status, double rep_start_time, double rep_last_time, - int reply_len); + int reply_len, int extra_elements); // These methods parse the appropriate MOUNTv3 "type" out of buf. If // there are any errors (i.e., buffer to short, etc), buf will be set diff --git a/src/analyzer/protocol/rpc/NFS.cc b/src/analyzer/protocol/rpc/NFS.cc index ff16812d65..3453263dd0 100644 --- a/src/analyzer/protocol/rpc/NFS.cc +++ b/src/analyzer/protocol/rpc/NFS.cc @@ -147,9 +147,9 @@ int NFS_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status, if ( nfs_reply_status ) { - val_list* vl = event_common_vl(c, rpc_status, nfs_status, - start_time, last_time, reply_len); - analyzer->ConnectionEvent(nfs_reply_status, vl); + auto vl = event_common_vl(c, rpc_status, nfs_status, + start_time, last_time, reply_len, 0); + analyzer->ConnectionEvent(nfs_reply_status, std::move(vl)); } if ( ! rpc_success ) @@ -274,18 +274,18 @@ int NFS_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status, // optional and all are set to 0 ... if ( event ) { - val_list* vl = event_common_vl(c, rpc_status, nfs_status, - start_time, last_time, reply_len); - Val *request = c->TakeRequestVal(); + auto vl = event_common_vl(c, rpc_status, nfs_status, + start_time, last_time, reply_len, (bool)request + (bool)reply); + if ( request ) - vl->append(request); + vl.append(request); if ( reply ) - vl->append(reply); + vl.append(reply); - analyzer->ConnectionEvent(event, vl); + analyzer->ConnectionEvent(event, std::move(vl)); } else Unref(reply); @@ -317,15 +317,15 @@ StringVal* NFS_Interp::nfs3_file_data(const u_char*& buf, int& n, uint64_t offse return 0; } -val_list* NFS_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, +val_list NFS_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, BifEnum::NFS3::status_t nfs_status, double rep_start_time, - double rep_last_time, int reply_len) + double rep_last_time, int reply_len, int extra_elements) { // Returns a new val_list that already has a conn_val, and nfs3_info. // These are the first parameters for each nfs_* event ... - val_list *vl = new val_list; - vl->append(analyzer->BuildConnVal()); + val_list vl(2 + extra_elements); + vl.append(analyzer->BuildConnVal()); VectorVal* auxgids = new VectorVal(internal_type("index_vec")->AsVectorType()); for ( size_t i = 0; i < c->AuxGIDs().size(); ++i ) @@ -346,7 +346,7 @@ val_list* NFS_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_s info->Assign(11, new StringVal(c->MachineName())); info->Assign(12, auxgids); - vl->append(info); + vl.append(info); return vl; } diff --git a/src/analyzer/protocol/rpc/NFS.h b/src/analyzer/protocol/rpc/NFS.h index 2ec4047946..56a368bfdc 100644 --- a/src/analyzer/protocol/rpc/NFS.h +++ b/src/analyzer/protocol/rpc/NFS.h @@ -22,10 +22,10 @@ protected: // Returns a new val_list that already has a conn_val, rpc_status and // nfs_status. These are the first parameters for each nfs_* event // ... - val_list* event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, + val_list event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, BifEnum::NFS3::status_t nfs_status, double rep_start_time, double rep_last_time, - int reply_len); + int reply_len, int extra_elements); // These methods parse the appropriate NFSv3 "type" out of buf. If // there are any errors (i.e., buffer to short, etc), buf will be set diff --git a/src/analyzer/protocol/rpc/Portmap.cc b/src/analyzer/protocol/rpc/Portmap.cc index 95beab6b62..8333f615fa 100644 --- a/src/analyzer/protocol/rpc/Portmap.cc +++ b/src/analyzer/protocol/rpc/Portmap.cc @@ -261,10 +261,10 @@ uint32 PortmapperInterp::CheckPort(uint32 port) { if ( pm_bad_port ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(port)); - analyzer->ConnectionEvent(pm_bad_port, vl); + analyzer->ConnectionEvent(pm_bad_port, { + analyzer->BuildConnVal(), + val_mgr->GetCount(port), + }); } port = 0; @@ -282,25 +282,25 @@ void PortmapperInterp::Event(EventHandlerPtr f, Val* request, BifEnum::rpc_statu return; } - val_list* vl = new val_list; + val_list vl; - vl->append(analyzer->BuildConnVal()); + vl.append(analyzer->BuildConnVal()); if ( status == BifEnum::RPC_SUCCESS ) { if ( request ) - vl->append(request); + vl.append(request); if ( reply ) - vl->append(reply); + vl.append(reply); } else { - vl->append(BifType::Enum::rpc_status->GetVal(status)); + vl.append(BifType::Enum::rpc_status->GetVal(status)); if ( request ) - vl->append(request); + vl.append(request); } - analyzer->ConnectionEvent(f, vl); + analyzer->ConnectionEvent(f, std::move(vl)); } Portmapper_Analyzer::Portmapper_Analyzer(Connection* conn) diff --git a/src/analyzer/protocol/rpc/RPC.cc b/src/analyzer/protocol/rpc/RPC.cc index 5bd748d1ea..781ba20681 100644 --- a/src/analyzer/protocol/rpc/RPC.cc +++ b/src/analyzer/protocol/rpc/RPC.cc @@ -330,16 +330,16 @@ void RPC_Interpreter::Event_RPC_Dialogue(RPC_CallInfo* c, BifEnum::rpc_status st { if ( rpc_dialogue ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(c->Program())); - vl->append(val_mgr->GetCount(c->Version())); - vl->append(val_mgr->GetCount(c->Proc())); - vl->append(BifType::Enum::rpc_status->GetVal(status)); - vl->append(new Val(c->StartTime(), TYPE_TIME)); - vl->append(val_mgr->GetCount(c->CallLen())); - vl->append(val_mgr->GetCount(reply_len)); - analyzer->ConnectionEvent(rpc_dialogue, vl); + analyzer->ConnectionEvent(rpc_dialogue, { + analyzer->BuildConnVal(), + val_mgr->GetCount(c->Program()), + val_mgr->GetCount(c->Version()), + val_mgr->GetCount(c->Proc()), + BifType::Enum::rpc_status->GetVal(status), + new Val(c->StartTime(), TYPE_TIME), + val_mgr->GetCount(c->CallLen()), + val_mgr->GetCount(reply_len), + }); } } @@ -347,14 +347,14 @@ void RPC_Interpreter::Event_RPC_Call(RPC_CallInfo* c) { if ( rpc_call ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(c->XID())); - vl->append(val_mgr->GetCount(c->Program())); - vl->append(val_mgr->GetCount(c->Version())); - vl->append(val_mgr->GetCount(c->Proc())); - vl->append(val_mgr->GetCount(c->CallLen())); - analyzer->ConnectionEvent(rpc_call, vl); + analyzer->ConnectionEvent(rpc_call, { + analyzer->BuildConnVal(), + val_mgr->GetCount(c->XID()), + val_mgr->GetCount(c->Program()), + val_mgr->GetCount(c->Version()), + val_mgr->GetCount(c->Proc()), + val_mgr->GetCount(c->CallLen()), + }); } } @@ -362,12 +362,12 @@ void RPC_Interpreter::Event_RPC_Reply(uint32_t xid, BifEnum::rpc_status status, { if ( rpc_reply ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(xid)); - vl->append(BifType::Enum::rpc_status->GetVal(status)); - vl->append(val_mgr->GetCount(reply_len)); - analyzer->ConnectionEvent(rpc_reply, vl); + analyzer->ConnectionEvent(rpc_reply, { + analyzer->BuildConnVal(), + val_mgr->GetCount(xid), + BifType::Enum::rpc_status->GetVal(status), + val_mgr->GetCount(reply_len), + }); } } diff --git a/src/analyzer/protocol/smtp/SMTP.cc b/src/analyzer/protocol/smtp/SMTP.cc index 6b92484431..dff1677fc3 100644 --- a/src/analyzer/protocol/smtp/SMTP.cc +++ b/src/analyzer/protocol/smtp/SMTP.cc @@ -220,11 +220,11 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig) if ( smtp_data && ! skip_data ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(data_len, line)); - ConnectionEvent(smtp_data, vl); + ConnectionEvent(smtp_data, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(data_len, line), + }); } } @@ -350,15 +350,14 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig) break; } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(val_mgr->GetCount(reply_code)); - vl->append(new StringVal(cmd)); - vl->append(new StringVal(end_of_line - line, line)); - vl->append(val_mgr->GetBool((pending_reply > 0))); - - ConnectionEvent(smtp_reply, vl); + ConnectionEvent(smtp_reply, { + BuildConnVal(), + val_mgr->GetBool(orig), + val_mgr->GetCount(reply_code), + new StringVal(cmd), + new StringVal(end_of_line - line, line), + val_mgr->GetBool((pending_reply > 0)), + }); } } @@ -411,10 +410,7 @@ void SMTP_Analyzer::StartTLS() if ( ssl ) AddChildAnalyzer(ssl); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - - ConnectionEvent(smtp_starttls, vl); + ConnectionEvent(smtp_starttls, {BuildConnVal()}); } @@ -856,14 +852,12 @@ void SMTP_Analyzer::RequestEvent(int cmd_len, const char* cmd, int arg_len, const char* arg) { ProtocolConfirmation(); - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig_is_sender)); - vl->append((new StringVal(cmd_len, cmd))->ToUpper()); - vl->append(new StringVal(arg_len, arg)); - - ConnectionEvent(smtp_request, vl); + ConnectionEvent(smtp_request, { + BuildConnVal(), + val_mgr->GetBool(orig_is_sender), + (new StringVal(cmd_len, cmd))->ToUpper(), + new StringVal(arg_len, arg), + }); } void SMTP_Analyzer::Unexpected(const int is_sender, const char* msg, @@ -874,17 +868,16 @@ void SMTP_Analyzer::Unexpected(const int is_sender, const char* msg, if ( smtp_unexpected ) { - val_list* vl = new val_list; int is_orig = is_sender; if ( ! orig_is_sender ) is_orig = ! is_orig; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(new StringVal(msg)); - vl->append(new StringVal(detail_len, detail)); - - ConnectionEvent(smtp_unexpected, vl); + ConnectionEvent(smtp_unexpected, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + new StringVal(msg), + new StringVal(detail_len, detail), + }); } } diff --git a/src/analyzer/protocol/stepping-stone/SteppingStone.cc b/src/analyzer/protocol/stepping-stone/SteppingStone.cc index 3035a0b1a5..f4b4f78c89 100644 --- a/src/analyzer/protocol/stepping-stone/SteppingStone.cc +++ b/src/analyzer/protocol/stepping-stone/SteppingStone.cc @@ -139,25 +139,20 @@ void SteppingStoneEndpoint::Event(EventHandlerPtr f, int id1, int id2) if ( ! f ) return; - val_list* vl = new val_list; - - vl->append(val_mgr->GetInt(id1)); - if ( id2 >= 0 ) - vl->append(val_mgr->GetInt(id2)); + endp->TCP()->ConnectionEvent(f, {val_mgr->GetInt(id1), val_mgr->GetInt(id2)}); + else + endp->TCP()->ConnectionEvent(f, {val_mgr->GetInt(id1)}); - endp->TCP()->ConnectionEvent(f, vl); } void SteppingStoneEndpoint::CreateEndpEvent(int is_orig) { - val_list* vl = new val_list; - - vl->append(endp->TCP()->BuildConnVal()); - vl->append(val_mgr->GetInt(stp_id)); - vl->append(val_mgr->GetBool(is_orig)); - - endp->TCP()->ConnectionEvent(stp_create_endp, vl); + endp->TCP()->ConnectionEvent(stp_create_endp, { + endp->TCP()->BuildConnVal(), + val_mgr->GetInt(stp_id), + val_mgr->GetBool(is_orig), + }); } SteppingStone_Analyzer::SteppingStone_Analyzer(Connection* c) diff --git a/src/analyzer/protocol/tcp/TCP.cc b/src/analyzer/protocol/tcp/TCP.cc index 9329b103ed..a90e0f32c4 100644 --- a/src/analyzer/protocol/tcp/TCP.cc +++ b/src/analyzer/protocol/tcp/TCP.cc @@ -299,11 +299,11 @@ static void passive_fingerprint(TCP_Analyzer* tcp, bool is_orig, if ( OS_val ) { // found new OS version - val_list* vl = new val_list; - vl->append(tcp->BuildConnVal()); - vl->append(src_addr_val->Ref()); - vl->append(OS_val); - tcp->ConnectionEvent(OS_version_found, vl); + tcp->ConnectionEvent(OS_version_found, { + tcp->BuildConnVal(), + src_addr_val->Ref(), + OS_val, + }); } } @@ -965,20 +965,17 @@ void TCP_Analyzer::GeneratePacketEvent( const u_char* data, int len, int caplen, int is_orig, TCP_Flags flags) { - val_list* vl = new val_list(); - - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(new StringVal(flags.AsString())); - vl->append(val_mgr->GetCount(rel_seq)); - vl->append(val_mgr->GetCount(flags.ACK() ? rel_ack : 0)); - vl->append(val_mgr->GetCount(len)); - - // We need the min() here because Ethernet padding can lead to - // caplen > len. - vl->append(new StringVal(min(caplen, len), (const char*) data)); - - ConnectionEvent(tcp_packet, vl); + ConnectionEvent(tcp_packet, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + new StringVal(flags.AsString()), + val_mgr->GetCount(rel_seq), + val_mgr->GetCount(flags.ACK() ? rel_ack : 0), + val_mgr->GetCount(len), + // We need the min() here because Ethernet padding can lead to + // caplen > len. + new StringVal(min(caplen, len), (const char*) data), + }); } int TCP_Analyzer::DeliverData(double t, const u_char* data, int len, int caplen, @@ -1283,10 +1280,10 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, if ( connection_SYN_packet ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(SYN_vals->Ref()); - ConnectionEvent(connection_SYN_packet, vl); + ConnectionEvent(connection_SYN_packet, { + BuildConnVal(), + SYN_vals->Ref(), + }); } passive_fingerprint(this, is_orig, ip, tp, tcp_hdr_len); @@ -1503,14 +1500,12 @@ int TCP_Analyzer::TCPOptionEvent(unsigned int opt, { if ( tcp_option ) { - val_list* vl = new val_list(); - - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(val_mgr->GetCount(opt)); - vl->append(val_mgr->GetCount(optlen)); - - analyzer->ConnectionEvent(tcp_option, vl); + analyzer->ConnectionEvent(tcp_option, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_orig), + val_mgr->GetCount(opt), + val_mgr->GetCount(optlen), + }); } return 0; @@ -1826,10 +1821,10 @@ void TCP_Analyzer::EndpointEOF(TCP_Reassembler* endp) { if ( connection_EOF ) { - val_list* vl = new val_list(); - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(endp->IsOrig())); - ConnectionEvent(connection_EOF, vl); + ConnectionEvent(connection_EOF, { + BuildConnVal(), + val_mgr->GetBool(endp->IsOrig()), + }); } const analyzer_list& children(GetChildren()); @@ -2108,15 +2103,14 @@ int TCPStats_Endpoint::DataSent(double /* t */, uint64 seq, int len, int caplen, if ( tcp_rexmit ) { - val_list* vl = new val_list(); - vl->append(endp->TCP()->BuildConnVal()); - vl->append(val_mgr->GetBool(endp->IsOrig())); - vl->append(val_mgr->GetCount(seq)); - vl->append(val_mgr->GetCount(len)); - vl->append(val_mgr->GetCount(data_in_flight)); - vl->append(val_mgr->GetCount(endp->peer->window)); - - endp->TCP()->ConnectionEvent(tcp_rexmit, vl); + endp->TCP()->ConnectionEvent(tcp_rexmit, { + endp->TCP()->BuildConnVal(), + val_mgr->GetBool(endp->IsOrig()), + val_mgr->GetCount(seq), + val_mgr->GetCount(len), + val_mgr->GetCount(data_in_flight), + val_mgr->GetCount(endp->peer->window), + }); } } else @@ -2164,11 +2158,11 @@ void TCPStats_Analyzer::Done() { TCP_ApplicationAnalyzer::Done(); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(orig_stats->BuildStats()); - vl->append(resp_stats->BuildStats()); - ConnectionEvent(conn_stats, vl); + ConnectionEvent(conn_stats, { + BuildConnVal(), + orig_stats->BuildStats(), + resp_stats->BuildStats(), + }); } void TCPStats_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, uint64 seq, const IP_Hdr* ip, int caplen) diff --git a/src/analyzer/protocol/tcp/TCP_Endpoint.cc b/src/analyzer/protocol/tcp/TCP_Endpoint.cc index 7e7b316e10..ce58398f2d 100644 --- a/src/analyzer/protocol/tcp/TCP_Endpoint.cc +++ b/src/analyzer/protocol/tcp/TCP_Endpoint.cc @@ -237,11 +237,11 @@ int TCP_Endpoint::DataSent(double t, uint64 seq, int len, int caplen, if ( contents_file_write_failure ) { - val_list* vl = new val_list(); - vl->append(Conn()->BuildConnVal()); - vl->append(val_mgr->GetBool(IsOrig())); - vl->append(new StringVal(buf)); - tcp_analyzer->ConnectionEvent(contents_file_write_failure, vl); + tcp_analyzer->ConnectionEvent(contents_file_write_failure, { + Conn()->BuildConnVal(), + val_mgr->GetBool(IsOrig()), + new StringVal(buf), + }); } } } diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.cc b/src/analyzer/protocol/tcp/TCP_Reassembler.cc index ef68f621b5..5ad6d2e460 100644 --- a/src/analyzer/protocol/tcp/TCP_Reassembler.cc +++ b/src/analyzer/protocol/tcp/TCP_Reassembler.cc @@ -136,12 +136,12 @@ void TCP_Reassembler::Gap(uint64 seq, uint64 len) if ( report_gap(endp, endp->peer) ) { - val_list* vl = new val_list; - vl->append(dst_analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(IsOrig())); - vl->append(val_mgr->GetCount(seq)); - vl->append(val_mgr->GetCount(len)); - dst_analyzer->ConnectionEvent(content_gap, vl); + dst_analyzer->ConnectionEvent(content_gap, { + dst_analyzer->BuildConnVal(), + val_mgr->GetBool(IsOrig()), + val_mgr->GetCount(seq), + val_mgr->GetCount(len), + }); } if ( type == Direct ) @@ -335,11 +335,11 @@ void TCP_Reassembler::RecordBlock(DataBlock* b, BroFile* f) if ( contents_file_write_failure ) { - val_list* vl = new val_list(); - vl->append(Endpoint()->Conn()->BuildConnVal()); - vl->append(val_mgr->GetBool(IsOrig())); - vl->append(new StringVal("TCP reassembler content write failure")); - tcp_analyzer->ConnectionEvent(contents_file_write_failure, vl); + tcp_analyzer->ConnectionEvent(contents_file_write_failure, { + Endpoint()->Conn()->BuildConnVal(), + val_mgr->GetBool(IsOrig()), + new StringVal("TCP reassembler content write failure"), + }); } } @@ -352,11 +352,11 @@ void TCP_Reassembler::RecordGap(uint64 start_seq, uint64 upper_seq, BroFile* f) if ( contents_file_write_failure ) { - val_list* vl = new val_list(); - vl->append(Endpoint()->Conn()->BuildConnVal()); - vl->append(val_mgr->GetBool(IsOrig())); - vl->append(new StringVal("TCP reassembler gap write failure")); - tcp_analyzer->ConnectionEvent(contents_file_write_failure, vl); + tcp_analyzer->ConnectionEvent(contents_file_write_failure, { + Endpoint()->Conn()->BuildConnVal(), + val_mgr->GetBool(IsOrig()), + new StringVal("TCP reassembler gap write failure"), + }); } } @@ -425,12 +425,12 @@ void TCP_Reassembler::Overlap(const u_char* b1, const u_char* b2, uint64 n) BroString* b1_s = new BroString((const u_char*) b1, n, 0); BroString* b2_s = new BroString((const u_char*) b2, n, 0); - val_list* vl = new val_list(3); - vl->append(tcp_analyzer->BuildConnVal()); - vl->append(new StringVal(b1_s)); - vl->append(new StringVal(b2_s)); - vl->append(new StringVal(flags.AsString())); - tcp_analyzer->ConnectionEvent(rexmit_inconsistency, vl); + tcp_analyzer->ConnectionEvent(rexmit_inconsistency, { + tcp_analyzer->BuildConnVal(), + new StringVal(b1_s), + new StringVal(b2_s), + new StringVal(flags.AsString()), + }); } } @@ -596,13 +596,12 @@ void TCP_Reassembler::DeliverBlock(uint64 seq, int len, const u_char* data) if ( deliver_tcp_contents ) { - val_list* vl = new val_list(); - vl->append(tcp_analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(IsOrig())); - vl->append(val_mgr->GetCount(seq)); - vl->append(new StringVal(len, (const char*) data)); - - tcp_analyzer->ConnectionEvent(tcp_contents, vl); + tcp_analyzer->ConnectionEvent(tcp_contents, { + tcp_analyzer->BuildConnVal(), + val_mgr->GetBool(IsOrig()), + val_mgr->GetCount(seq), + new StringVal(len, (const char*) data), + }); } // Q. Can we say this because it is already checked in DataSent()? diff --git a/src/analyzer/protocol/udp/UDP.cc b/src/analyzer/protocol/udp/UDP.cc index ca144941b6..6123c42e91 100644 --- a/src/analyzer/protocol/udp/UDP.cc +++ b/src/analyzer/protocol/udp/UDP.cc @@ -157,11 +157,11 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, if ( do_udp_contents ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(new StringVal(len, (const char*) data)); - ConnectionEvent(udp_contents, vl); + ConnectionEvent(udp_contents, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + new StringVal(len, (const char*) data), + }); } Unref(port_val); diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc index d31198ced7..c9d1d7a1e3 100644 --- a/src/broker/Manager.cc +++ b/src/broker/Manager.cc @@ -540,9 +540,11 @@ bool Manager::PublishLogWrite(EnumVal* stream, EnumVal* writer, string path, int std::string serial_data(data, len); free(data); - val_list vl(2); - vl.append(stream->Ref()); - vl.append(new StringVal(path)); + val_list vl{ + stream->Ref(), + new StringVal(path), + }; + Val* v = log_topic_func->Call(&vl); if ( ! v ) @@ -993,7 +995,7 @@ void Manager::ProcessEvent(const broker::topic& topic, broker::bro::Event ev) return; } - auto vl = new val_list; + val_list vl(args.size()); for ( auto i = 0u; i < args.size(); ++i ) { @@ -1002,7 +1004,7 @@ void Manager::ProcessEvent(const broker::topic& topic, broker::bro::Event ev) auto val = data_to_val(std::move(args[i]), expected_type); if ( val ) - vl->append(val); + vl.append(val); else { reporter->Warning("failed to convert remote event '%s' arg #%d," @@ -1013,10 +1015,13 @@ void Manager::ProcessEvent(const broker::topic& topic, broker::bro::Event ev) } } - if ( static_cast(vl->length()) == args.size() ) - mgr.QueueEvent(handler, vl, SOURCE_BROKER); + if ( static_cast(vl.length()) == args.size() ) + mgr.QueueEvent(handler, std::move(vl), SOURCE_BROKER); else - delete_vals(vl); + { + loop_over_list(vl, i) + Unref(vl[i]); + } } bool bro_broker::Manager::ProcessLogCreate(broker::bro::LogCreate lc) @@ -1270,11 +1275,7 @@ void Manager::ProcessStatus(broker::status stat) auto str = stat.message(); auto msg = new StringVal(str ? *str : ""); - auto vl = new val_list; - vl->append(endpoint_info); - vl->append(msg); - - mgr.QueueEvent(event, vl); + mgr.QueueEvent(event, {endpoint_info, msg}); } void Manager::ProcessError(broker::error err) @@ -1351,10 +1352,10 @@ void Manager::ProcessError(broker::error err) msg = fmt("[%s] %s", caf::to_string(err.category()).c_str(), caf::to_string(err.context()).c_str()); } - auto vl = new val_list; - vl->append(BifType::Enum::Broker::ErrorCode->GetVal(ec)); - vl->append(new StringVal(msg)); - mgr.QueueEvent(Broker::error, vl); + mgr.QueueEvent(Broker::error, { + BifType::Enum::Broker::ErrorCode->GetVal(ec), + new StringVal(msg), + }); } void Manager::ProcessStoreResponse(StoreHandleVal* s, broker::store::response response) diff --git a/src/broker/messaging.bif b/src/broker/messaging.bif index ec7696c752..d80f3742b6 100644 --- a/src/broker/messaging.bif +++ b/src/broker/messaging.bif @@ -183,9 +183,7 @@ function Cluster::publish_rr%(pool: Pool, key: string, ...%): bool if ( ! topic_func ) topic_func = global_scope()->Lookup("Cluster::rr_topic")->ID_Val()->AsFunc(); - val_list vl(2); - vl.append(pool->Ref()); - vl.append(key->Ref()); + val_list vl{pool->Ref(), key->Ref()}; auto topic = topic_func->Call(&vl); if ( ! topic->AsString()->Len() ) @@ -226,9 +224,7 @@ function Cluster::publish_hrw%(pool: Pool, key: any, ...%): bool if ( ! topic_func ) topic_func = global_scope()->Lookup("Cluster::hrw_topic")->ID_Val()->AsFunc(); - val_list vl(2); - vl.append(pool->Ref()); - vl.append(key->Ref()); + val_list vl{pool->Ref(), key->Ref()}; auto topic = topic_func->Call(&vl); if ( ! topic->AsString()->Len() ) diff --git a/src/file_analysis/File.cc b/src/file_analysis/File.cc index 641943909e..faa6b280b0 100644 --- a/src/file_analysis/File.cc +++ b/src/file_analysis/File.cc @@ -154,11 +154,11 @@ void File::RaiseFileOverNewConnection(Connection* conn, bool is_orig) { if ( conn && FileEventAvailable(file_over_new_connection) ) { - val_list* vl = new val_list(); - vl->append(val->Ref()); - vl->append(conn->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - FileEvent(file_over_new_connection, vl); + FileEvent(file_over_new_connection, { + val->Ref(), + conn->BuildConnVal(), + val_mgr->GetBool(is_orig), + }); } } @@ -303,13 +303,11 @@ bool File::SetMime(const string& mime_type) if ( ! FileEventAvailable(file_sniff) ) return false; - val_list* vl = new val_list(); - vl->append(val->Ref()); RecordVal* meta = new RecordVal(fa_metadata_type); - vl->append(meta); meta->Assign(meta_mime_type_idx, new StringVal(mime_type)); meta->Assign(meta_inferred_idx, val_mgr->GetBool(0)); - FileEvent(file_sniff, vl); + + FileEvent(file_sniff, {val->Ref(), meta}); return true; } @@ -338,10 +336,7 @@ void File::InferMetadata() len = min(len, LookupFieldDefaultCount(bof_buffer_size_idx)); file_mgr->DetectMIME(data, len, &matches); - val_list* vl = new val_list(); - vl->append(val->Ref()); RecordVal* meta = new RecordVal(fa_metadata_type); - vl->append(meta); if ( ! matches.empty() ) { @@ -351,7 +346,7 @@ void File::InferMetadata() file_analysis::GenMIMEMatchesVal(matches)); } - FileEvent(file_sniff, vl); + FileEvent(file_sniff, {val->Ref(), meta}); return; } @@ -463,11 +458,11 @@ void File::DeliverChunk(const u_char* data, uint64 len, uint64 offset) if ( FileEventAvailable(file_reassembly_overflow) ) { - val_list* vl = new val_list(); - vl->append(val->Ref()); - vl->append(val_mgr->GetCount(current_offset)); - vl->append(val_mgr->GetCount(gap_bytes)); - FileEvent(file_reassembly_overflow, vl); + FileEvent(file_reassembly_overflow, { + val->Ref(), + val_mgr->GetCount(current_offset), + val_mgr->GetCount(gap_bytes), + }); } } @@ -608,11 +603,11 @@ void File::Gap(uint64 offset, uint64 len) if ( FileEventAvailable(file_gap) ) { - val_list* vl = new val_list(); - vl->append(val->Ref()); - vl->append(val_mgr->GetCount(offset)); - vl->append(val_mgr->GetCount(len)); - FileEvent(file_gap, vl); + FileEvent(file_gap, { + val->Ref(), + val_mgr->GetCount(offset), + val_mgr->GetCount(len), + }); } analyzers.DrainModifications(); @@ -631,14 +626,18 @@ void File::FileEvent(EventHandlerPtr h) if ( ! FileEventAvailable(h) ) return; - val_list* vl = new val_list(); - vl->append(val->Ref()); - FileEvent(h, vl); + FileEvent(h, {val->Ref()}); } void File::FileEvent(EventHandlerPtr h, val_list* vl) { - mgr.QueueEvent(h, vl); + FileEvent(h, std::move(*vl)); + delete vl; + } + +void File::FileEvent(EventHandlerPtr h, val_list vl) + { + mgr.QueueEvent(h, std::move(vl)); if ( h == file_new || h == file_over_new_connection || h == file_sniff || diff --git a/src/file_analysis/File.h b/src/file_analysis/File.h index 0c4c313f06..54517b53ba 100644 --- a/src/file_analysis/File.h +++ b/src/file_analysis/File.h @@ -172,6 +172,12 @@ public: */ void FileEvent(EventHandlerPtr h, val_list* vl); + /** + * Raises an event related to the file's life-cycle. + * @param h pointer to an event handler. + * @param vl list of argument values to pass to event call. + */ + void FileEvent(EventHandlerPtr h, val_list vl); /** * Sets the MIME type for a file to a specific value. diff --git a/src/file_analysis/Manager.cc b/src/file_analysis/Manager.cc index ab4b1ed261..134418a476 100644 --- a/src/file_analysis/Manager.cc +++ b/src/file_analysis/Manager.cc @@ -443,12 +443,11 @@ string Manager::GetFileID(analyzer::Tag tag, Connection* c, bool is_orig) EnumVal* tagval = tag.AsEnumVal(); Ref(tagval); - val_list* vl = new val_list(); - vl->append(tagval); - vl->append(c->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - - mgr.QueueEvent(get_file_handle, vl); + mgr.QueueEvent(get_file_handle, { + tagval, + c->BuildConnVal(), + val_mgr->GetBool(is_orig), + }); mgr.Drain(); // need file handle immediately so we don't have to buffer data return current_file_id; } diff --git a/src/file_analysis/analyzer/data_event/DataEvent.cc b/src/file_analysis/analyzer/data_event/DataEvent.cc index 15462e8e92..8aa688b879 100644 --- a/src/file_analysis/analyzer/data_event/DataEvent.cc +++ b/src/file_analysis/analyzer/data_event/DataEvent.cc @@ -41,12 +41,11 @@ bool DataEvent::DeliverChunk(const u_char* data, uint64 len, uint64 offset) { if ( ! chunk_event ) return true; - val_list* args = new val_list; - args->append(GetFile()->GetVal()->Ref()); - args->append(new StringVal(new BroString(data, len, 0))); - args->append(val_mgr->GetCount(offset)); - - mgr.QueueEvent(chunk_event, args); + mgr.QueueEvent(chunk_event, { + GetFile()->GetVal()->Ref(), + new StringVal(new BroString(data, len, 0)), + val_mgr->GetCount(offset), + }); return true; } @@ -55,11 +54,10 @@ bool DataEvent::DeliverStream(const u_char* data, uint64 len) { if ( ! stream_event ) return true; - val_list* args = new val_list; - args->append(GetFile()->GetVal()->Ref()); - args->append(new StringVal(new BroString(data, len, 0))); - - mgr.QueueEvent(stream_event, args); + mgr.QueueEvent(stream_event, { + GetFile()->GetVal()->Ref(), + new StringVal(new BroString(data, len, 0)), + }); return true; } diff --git a/src/file_analysis/analyzer/entropy/Entropy.cc b/src/file_analysis/analyzer/entropy/Entropy.cc index 4802224950..873b8e2fcf 100644 --- a/src/file_analysis/analyzer/entropy/Entropy.cc +++ b/src/file_analysis/analyzer/entropy/Entropy.cc @@ -53,9 +53,6 @@ void Entropy::Finalize() if ( ! fed ) return; - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - double montepi, scc, ent, mean, chisq; montepi = scc = ent = mean = chisq = 0.0; entropy->Get(&ent, &chisq, &mean, &montepi, &scc); @@ -67,6 +64,8 @@ void Entropy::Finalize() ent_result->Assign(3, new Val(montepi, TYPE_DOUBLE)); ent_result->Assign(4, new Val(scc, TYPE_DOUBLE)); - vl->append(ent_result); - mgr.QueueEvent(file_entropy, vl); + mgr.QueueEvent(file_entropy, { + GetFile()->GetVal()->Ref(), + ent_result, + }); } diff --git a/src/file_analysis/analyzer/extract/Extract.cc b/src/file_analysis/analyzer/extract/Extract.cc index dc05fba367..e7aca5bcf3 100644 --- a/src/file_analysis/analyzer/extract/Extract.cc +++ b/src/file_analysis/analyzer/extract/Extract.cc @@ -90,12 +90,12 @@ bool Extract::DeliverStream(const u_char* data, uint64 len) if ( limit_exceeded && file_extraction_limit ) { File* f = GetFile(); - val_list* vl = new val_list(); - vl->append(f->GetVal()->Ref()); - vl->append(Args()->Ref()); - vl->append(val_mgr->GetCount(limit)); - vl->append(val_mgr->GetCount(len)); - f->FileEvent(file_extraction_limit, vl); + f->FileEvent(file_extraction_limit, { + f->GetVal()->Ref(), + Args()->Ref(), + val_mgr->GetCount(limit), + val_mgr->GetCount(len), + }); // Limit may have been modified by a BIF, re-check it. limit_exceeded = check_limit_exceeded(limit, depth, len, &towrite); diff --git a/src/file_analysis/analyzer/hash/Hash.cc b/src/file_analysis/analyzer/hash/Hash.cc index 9829934301..07bcb0babd 100644 --- a/src/file_analysis/analyzer/hash/Hash.cc +++ b/src/file_analysis/analyzer/hash/Hash.cc @@ -48,10 +48,9 @@ void Hash::Finalize() if ( ! hash->IsValid() || ! fed ) return; - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - vl->append(new StringVal(kind)); - vl->append(hash->Get()); - - mgr.QueueEvent(file_hash, vl); + mgr.QueueEvent(file_hash, { + GetFile()->GetVal()->Ref(), + new StringVal(kind), + hash->Get(), + }); } diff --git a/src/file_analysis/analyzer/unified2/unified2-analyzer.pac b/src/file_analysis/analyzer/unified2/unified2-analyzer.pac index 00229184a2..ee874c4d37 100644 --- a/src/file_analysis/analyzer/unified2/unified2-analyzer.pac +++ b/src/file_analysis/analyzer/unified2/unified2-analyzer.pac @@ -81,10 +81,11 @@ refine flow Flow += { ids_event->Assign(11, to_port(${ev.dst_p}, ${ev.protocol})); ids_event->Assign(17, val_mgr->GetCount(${ev.packet_action})); - val_list* vl = new val_list(); - vl->append(connection()->bro_analyzer()->GetFile()->GetVal()->Ref()); - vl->append(ids_event); - mgr.QueueEvent(::unified2_event, vl, SOURCE_LOCAL); + mgr.QueueEvent(::unified2_event, { + connection()->bro_analyzer()->GetFile()->GetVal()->Ref(), + ids_event, + }, + SOURCE_LOCAL); } return true; %} @@ -112,10 +113,11 @@ refine flow Flow += { ids_event->Assign(15, val_mgr->GetCount(${ev.mpls_label})); ids_event->Assign(16, val_mgr->GetCount(${ev.vlan_id})); - val_list* vl = new val_list(); - vl->append(connection()->bro_analyzer()->GetFile()->GetVal()->Ref()); - vl->append(ids_event); - mgr.QueueEvent(::unified2_event, vl, SOURCE_LOCAL); + mgr.QueueEvent(::unified2_event, { + connection()->bro_analyzer()->GetFile()->GetVal()->Ref(), + ids_event, + }, + SOURCE_LOCAL); } return true; @@ -133,10 +135,11 @@ refine flow Flow += { packet->Assign(4, val_mgr->GetCount(${pkt.link_type})); packet->Assign(5, bytestring_to_val(${pkt.packet_data})); - val_list* vl = new val_list(); - vl->append(connection()->bro_analyzer()->GetFile()->GetVal()->Ref()); - vl->append(packet); - mgr.QueueEvent(::unified2_packet, vl, SOURCE_LOCAL); + mgr.QueueEvent(::unified2_packet, { + connection()->bro_analyzer()->GetFile()->GetVal()->Ref(), + packet, + }, + SOURCE_LOCAL); } return true; diff --git a/src/file_analysis/analyzer/x509/OCSP.cc b/src/file_analysis/analyzer/x509/OCSP.cc index c49481c23a..3681c6fd44 100644 --- a/src/file_analysis/analyzer/x509/OCSP.cc +++ b/src/file_analysis/analyzer/x509/OCSP.cc @@ -417,10 +417,6 @@ void file_analysis::OCSP::ParseRequest(OCSP_REQUEST* req) char buf[OCSP_STRING_BUF_SIZE]; // we need a buffer for some of the openssl functions memset(buf, 0, sizeof(buf)); - // build up our response as we go along... - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - uint64 version = 0; #if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) @@ -431,23 +427,24 @@ void file_analysis::OCSP::ParseRequest(OCSP_REQUEST* req) // TODO: try to parse out general name ? #endif - vl->append(val_mgr->GetCount(version)); + mgr.QueueEvent(ocsp_request, { + GetFile()->GetVal()->Ref(), + val_mgr->GetCount(version), + }); BIO *bio = BIO_new(BIO_s_mem()); - mgr.QueueEvent(ocsp_request, vl); - int req_count = OCSP_request_onereq_count(req); for ( int i=0; iappend(GetFile()->GetVal()->Ref()); + val_list rvl(5); + rvl.append(GetFile()->GetVal()->Ref()); OCSP_ONEREQ *one_req = OCSP_request_onereq_get0(req, i); OCSP_CERTID *cert_id = OCSP_onereq_get0_id(one_req); - ocsp_add_cert_id(cert_id, rvl, bio); - mgr.QueueEvent(ocsp_request_certificate, rvl); + ocsp_add_cert_id(cert_id, &rvl, bio); + mgr.QueueEvent(ocsp_request_certificate, std::move(rvl)); } BIO_free(bio); @@ -470,14 +467,13 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) char buf[OCSP_STRING_BUF_SIZE]; memset(buf, 0, sizeof(buf)); - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - const char *status_str = OCSP_response_status_str(OCSP_response_status(resp)); StringVal* status_val = new StringVal(strlen(status_str), status_str); - vl->append(status_val->Ref()); - mgr.QueueEvent(ocsp_response_status, vl); - vl = nullptr; + + mgr.QueueEvent(ocsp_response_status, { + GetFile()->GetVal()->Ref(), + status_val->Ref(), + }); //if (!resp_bytes) // { @@ -490,6 +486,8 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) //int len = BIO_read(bio, buf, sizeof(buf)); //BIO_reset(bio); + val_list vl(8); + // get the basic response basic_resp = OCSP_response_get1_basic(resp); if ( !basic_resp ) @@ -501,28 +499,27 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) goto clean_up; #endif - vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - vl->append(resp_val->Ref()); - vl->append(status_val); + vl.append(GetFile()->GetVal()->Ref()); + vl.append(resp_val->Ref()); + vl.append(status_val); #if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) - vl->append(val_mgr->GetCount((uint64)ASN1_INTEGER_get(resp_data->version))); + vl.append(val_mgr->GetCount((uint64)ASN1_INTEGER_get(resp_data->version))); #else - vl->append(parse_basic_resp_data_version(basic_resp)); + vl.append(parse_basic_resp_data_version(basic_resp)); #endif // responderID if ( OCSP_RESPID_bio(basic_resp, bio) ) { len = BIO_read(bio, buf, sizeof(buf)); - vl->append(new StringVal(len, buf)); + vl.append(new StringVal(len, buf)); BIO_reset(bio); } else { reporter->Weird("OpenSSL failed to get OCSP responder id"); - vl->append(val_mgr->GetEmptyString()); + vl.append(val_mgr->GetEmptyString()); } // producedAt @@ -532,7 +529,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) produced_at = OCSP_resp_get0_produced_at(basic_resp); #endif - vl->append(new Val(GetTimeFromAsn1(produced_at, GetFile(), reporter), TYPE_TIME)); + vl.append(new Val(GetTimeFromAsn1(produced_at, GetFile(), reporter), TYPE_TIME)); // responses @@ -545,8 +542,8 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) if ( !single_resp ) continue; - val_list* rvl = new val_list(); - rvl->append(GetFile()->GetVal()->Ref()); + val_list rvl(10); + rvl.append(GetFile()->GetVal()->Ref()); // cert id const OCSP_CERTID* cert_id = nullptr; @@ -557,7 +554,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) cert_id = OCSP_SINGLERESP_get0_id(single_resp); #endif - ocsp_add_cert_id(cert_id, rvl, bio); + ocsp_add_cert_id(cert_id, &rvl, bio); BIO_reset(bio); // certStatus @@ -574,38 +571,38 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) reporter->Weird("OpenSSL failed to find status of OCSP response"); const char* cert_status_str = OCSP_cert_status_str(status); - rvl->append(new StringVal(strlen(cert_status_str), cert_status_str)); + rvl.append(new StringVal(strlen(cert_status_str), cert_status_str)); // revocation time and reason if revoked if ( status == V_OCSP_CERTSTATUS_REVOKED ) { - rvl->append(new Val(GetTimeFromAsn1(revoke_time, GetFile(), reporter), TYPE_TIME)); + rvl.append(new Val(GetTimeFromAsn1(revoke_time, GetFile(), reporter), TYPE_TIME)); if ( reason != OCSP_REVOKED_STATUS_NOSTATUS ) { const char* revoke_reason = OCSP_crl_reason_str(reason); - rvl->append(new StringVal(strlen(revoke_reason), revoke_reason)); + rvl.append(new StringVal(strlen(revoke_reason), revoke_reason)); } else - rvl->append(new StringVal(0, "")); + rvl.append(new StringVal(0, "")); } else { - rvl->append(new Val(0.0, TYPE_TIME)); - rvl->append(new StringVal(0, "")); + rvl.append(new Val(0.0, TYPE_TIME)); + rvl.append(new StringVal(0, "")); } if ( this_update ) - rvl->append(new Val(GetTimeFromAsn1(this_update, GetFile(), reporter), TYPE_TIME)); + rvl.append(new Val(GetTimeFromAsn1(this_update, GetFile(), reporter), TYPE_TIME)); else - rvl->append(new Val(0.0, TYPE_TIME)); + rvl.append(new Val(0.0, TYPE_TIME)); if ( next_update ) - rvl->append(new Val(GetTimeFromAsn1(next_update, GetFile(), reporter), TYPE_TIME)); + rvl.append(new Val(GetTimeFromAsn1(next_update, GetFile(), reporter), TYPE_TIME)); else - rvl->append(new Val(0.0, TYPE_TIME)); + rvl.append(new Val(0.0, TYPE_TIME)); - mgr.QueueEvent(ocsp_response_certificate, rvl); + mgr.QueueEvent(ocsp_response_certificate, std::move(rvl)); num_ext = OCSP_SINGLERESP_get_ext_count(single_resp); for ( int k = 0; k < num_ext; ++k ) @@ -621,10 +618,10 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) #if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) i2a_ASN1_OBJECT(bio, basic_resp->signatureAlgorithm->algorithm); len = BIO_read(bio, buf, sizeof(buf)); - vl->append(new StringVal(len, buf)); + vl.append(new StringVal(len, buf)); BIO_reset(bio); #else - vl->append(parse_basic_resp_sig_alg(basic_resp, bio, buf, sizeof(buf))); + vl.append(parse_basic_resp_sig_alg(basic_resp, bio, buf, sizeof(buf))); #endif //i2a_ASN1_OBJECT(bio, basic_resp->signature); @@ -633,7 +630,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) //BIO_reset(bio); certs_vector = new VectorVal(internal_type("x509_opaque_vector")->AsVectorType()); - vl->append(certs_vector); + vl.append(certs_vector); #if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) certs = basic_resp->certs; @@ -654,7 +651,8 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) reporter->Weird("OpenSSL returned null certificate"); } } - mgr.QueueEvent(ocsp_response_bytes, vl); + + mgr.QueueEvent(ocsp_response_bytes, std::move(vl)); // ok, now that we are done with the actual certificate - let's parse extensions :) num_ext = OCSP_BASICRESP_get_ext_count(basic_resp); diff --git a/src/file_analysis/analyzer/x509/X509.cc b/src/file_analysis/analyzer/x509/X509.cc index 38422897db..c33f20a800 100644 --- a/src/file_analysis/analyzer/x509/X509.cc +++ b/src/file_analysis/analyzer/x509/X509.cc @@ -57,11 +57,11 @@ bool file_analysis::X509::EndOfFile() RecordVal* cert_record = ParseCertificate(cert_val, GetFile()); // and send the record on to scriptland - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - vl->append(cert_val->Ref()); - vl->append(cert_record->Ref()); // we Ref it here, because we want to keep a copy around for now... - mgr.QueueEvent(x509_certificate, vl); + mgr.QueueEvent(x509_certificate, { + GetFile()->GetVal()->Ref(), + cert_val->Ref(), + cert_record->Ref(), // we Ref it here, because we want to keep a copy around for now... + }); // after parsing the certificate - parse the extensions... @@ -227,11 +227,10 @@ void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex) if ( constr->pathlen ) pBasicConstraint->Assign(1, val_mgr->GetCount((int32_t) ASN1_INTEGER_get(constr->pathlen))); - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - vl->append(pBasicConstraint); - - mgr.QueueEvent(x509_ext_basic_constraints, vl); + mgr.QueueEvent(x509_ext_basic_constraints, { + GetFile()->GetVal()->Ref(), + pBasicConstraint, + }); BASIC_CONSTRAINTS_free(constr); } @@ -367,10 +366,10 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext) sanExt->Assign(4, val_mgr->GetBool(otherfields)); - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - vl->append(sanExt); - mgr.QueueEvent(x509_ext_subject_alternative_name, vl); + mgr.QueueEvent(x509_ext_subject_alternative_name, { + GetFile()->GetVal()->Ref(), + sanExt, + }); GENERAL_NAMES_free(altname); } diff --git a/src/file_analysis/analyzer/x509/X509Common.cc b/src/file_analysis/analyzer/x509/X509Common.cc index b6c16fc1dc..7fb3100e97 100644 --- a/src/file_analysis/analyzer/x509/X509Common.cc +++ b/src/file_analysis/analyzer/x509/X509Common.cc @@ -277,13 +277,18 @@ void file_analysis::X509Common::ParseExtension(X509_EXTENSION* ex, EventHandlerP // parsed. And if we have it, we send the specialized event on top of the // generic event that we just had. I know, that is... kind of not nice, // but I am not sure if there is a better way to do it... - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - vl->append(pX509Ext); - if ( h == ocsp_extension ) - vl->append(val_mgr->GetBool(global ? 1 : 0)); - mgr.QueueEvent(h, vl); + if ( h == ocsp_extension ) + mgr.QueueEvent(h, { + GetFile()->GetVal()->Ref(), + pX509Ext, + val_mgr->GetBool(global ? 1 : 0), + }); + else + mgr.QueueEvent(h, { + GetFile()->GetVal()->Ref(), + pX509Ext, + }); // let individual analyzers parse more. ParseExtensionsSpecific(ex, global, ext_asn, oid); diff --git a/src/input/Manager.cc b/src/input/Manager.cc index aaf84a99b2..002e8cded9 100644 --- a/src/input/Manager.cc +++ b/src/input/Manager.cc @@ -1865,11 +1865,12 @@ bool Manager::SendEvent(ReaderFrontend* reader, const string& name, const int nu bool convert_error = false; - val_list* vl = new val_list; + val_list vl(num_vals); + for ( int j = 0; j < num_vals; j++) { Val* v = ValueToVal(i, vals[j], convert_error); - vl->append(v); + vl.append(v); if ( v && ! convert_error && ! same_type(type->FieldType(j), v->Type()) ) { convert_error = true; @@ -1881,18 +1882,20 @@ bool Manager::SendEvent(ReaderFrontend* reader, const string& name, const int nu if ( convert_error ) { - delete_vals(vl); + loop_over_list(vl, i) + Unref(vl[i]); + return false; } else - mgr.QueueEvent(handler, vl, SOURCE_LOCAL); + mgr.QueueEvent(handler, std::move(vl), SOURCE_LOCAL); return true; } void Manager::SendEvent(EventHandlerPtr ev, const int numvals, ...) const { - val_list* vl = new val_list; + val_list vl(numvals); #ifdef DEBUG DBG_LOG(DBG_INPUT, "SendEvent with %d vals", @@ -1902,16 +1905,16 @@ void Manager::SendEvent(EventHandlerPtr ev, const int numvals, ...) const va_list lP; va_start(lP, numvals); for ( int i = 0; i < numvals; i++ ) - vl->append( va_arg(lP, Val*) ); + vl.append( va_arg(lP, Val*) ); va_end(lP); - mgr.QueueEvent(ev, vl, SOURCE_LOCAL); + mgr.QueueEvent(ev, std::move(vl), SOURCE_LOCAL); } void Manager::SendEvent(EventHandlerPtr ev, list events) const { - val_list* vl = new val_list; + val_list vl(events.size()); #ifdef DEBUG DBG_LOG(DBG_INPUT, "SendEvent with %" PRIuPTR " vals (list)", @@ -1919,11 +1922,9 @@ void Manager::SendEvent(EventHandlerPtr ev, list events) const #endif for ( list::iterator i = events.begin(); i != events.end(); i++ ) - { - vl->append( *i ); - } + vl.append( *i ); - mgr.QueueEvent(ev, vl, SOURCE_LOCAL); + mgr.QueueEvent(ev, std::move(vl), SOURCE_LOCAL); } // Convert a bro list value to a bro record value. diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index f1b459811f..108869be9f 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -715,11 +715,7 @@ bool Manager::Write(EnumVal* id, RecordVal* columns) // Raise the log event. if ( stream->event ) - { - val_list* vl = new val_list(1); - vl->append(columns->Ref()); - mgr.QueueEvent(stream->event, vl, SOURCE_LOCAL); - } + mgr.QueueEvent(stream->event, {columns->Ref()}, SOURCE_LOCAL); // Send to each of our filters. for ( list::iterator i = stream->filters.begin(); @@ -732,8 +728,7 @@ bool Manager::Write(EnumVal* id, RecordVal* columns) { // See whether the predicates indicates that we want // to log this record. - val_list vl(1); - vl.append(columns->Ref()); + val_list vl{columns->Ref()}; int result = 1; @@ -750,17 +745,12 @@ bool Manager::Write(EnumVal* id, RecordVal* columns) if ( filter->path_func ) { - val_list vl(3); - vl.append(id->Ref()); - Val* path_arg; if ( filter->path_val ) path_arg = filter->path_val->Ref(); else path_arg = val_mgr->GetEmptyString(); - vl.append(path_arg); - Val* rec_arg; BroType* rt = filter->path_func->FType()->Args()->FieldType("rec"); @@ -770,7 +760,11 @@ bool Manager::Write(EnumVal* id, RecordVal* columns) // Can be TYPE_ANY here. rec_arg = columns->Ref(); - vl.append(rec_arg); + val_list vl{ + id->Ref(), + path_arg, + rec_arg, + }; Val* v = 0; @@ -1087,8 +1081,7 @@ threading::Value** Manager::RecordToFilterVals(Stream* stream, Filter* filter, RecordVal* ext_rec = nullptr; if ( filter->num_ext_fields > 0 ) { - val_list vl(1); - vl.append(filter->path_val->Ref()); + val_list vl{filter->path_val->Ref()}; Val* res = filter->ext_func->Call(&vl); if ( res ) ext_rec = res->AsRecordVal(); @@ -1593,8 +1586,7 @@ bool Manager::FinishedRotation(WriterFrontend* writer, const char* new_name, con assert(func); // Call the postprocessor function. - val_list vl(1); - vl.append(info); + val_list vl{info}; int result = 0; diff --git a/src/main.cc b/src/main.cc index 1116b8c331..56300fc1a2 100644 --- a/src/main.cc +++ b/src/main.cc @@ -284,12 +284,11 @@ void done_with_network() if ( net_done ) { - val_list* args = new val_list; - args->append(new Val(timer_mgr->Time(), TYPE_TIME)); mgr.Drain(); - // Don't propagate this event to remote clients. - mgr.Dispatch(new Event(net_done, args), true); + mgr.Dispatch(new Event(net_done, + {new Val(timer_mgr->Time(), TYPE_TIME)}), + true); } // Save state before expiring the remaining events/timers. @@ -341,7 +340,7 @@ void terminate_bro() EventHandlerPtr bro_done = internal_handler("bro_done"); if ( bro_done ) - mgr.QueueEvent(bro_done, new val_list); + mgr.QueueEvent(bro_done, val_list{}); timer_mgr->Expire(); mgr.Drain(); @@ -1137,8 +1136,9 @@ int main(int argc, char** argv) net_update_time(current_time()); EventHandlerPtr bro_init = internal_handler("bro_init"); - if ( bro_init ) //### this should be a function - mgr.QueueEvent(bro_init, new val_list); + + if ( bro_init ) + mgr.QueueEvent(bro_init, val_list{}); EventRegistry::string_list* dead_handlers = event_registry->UnusedHandlers(); @@ -1190,10 +1190,10 @@ int main(int argc, char** argv) if ( i->skipped ) continue; - val_list* vl = new val_list; - vl->append(new StringVal(i->name.c_str())); - vl->append(val_mgr->GetCount(i->include_level)); - mgr.QueueEvent(bro_script_loaded, vl); + mgr.QueueEvent(bro_script_loaded, { + new StringVal(i->name.c_str()), + val_mgr->GetCount(i->include_level), + }); } reporter->ReportViaEvents(true); diff --git a/src/option.bif b/src/option.bif index 2156808763..04bc7f2b1b 100644 --- a/src/option.bif +++ b/src/option.bif @@ -15,10 +15,12 @@ static bool call_option_handlers_and_set_value(StringVal* name, ID* i, Val* val, { for ( auto handler_function : i->GetOptionHandlers() ) { - val_list vl(2); + bool add_loc = handler_function->FType()->AsFuncType()->ArgTypes()->Types()->length() == 3; + val_list vl(2 + add_loc); vl.append(name->Ref()); vl.append(val); - if ( handler_function->FType()->AsFuncType()->ArgTypes()->Types()->length() == 3 ) + + if ( add_loc ) vl.append(location->Ref()); val = handler_function->Call(&vl); // consumed by next call. From b6862c5c59bb5febda071cf834d51d1546543c51 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 11 Apr 2019 20:23:49 -0700 Subject: [PATCH 016/247] Add methods to queue events without handler existence check Added ConnectionEventFast() and QueueEventFast() methods to avoid redundant event handler existence checks. It's common practice for caller to already check for event handler existence before doing all the work of constructing the arguments, so it's desirable to not have to check for existence again. E.g. going through ConnectionEvent() means 3 existence checks: one you do yourself before calling it, one in ConnectionEvent(), and then another in QueueEvent(). The existence check itself can be more than a few operations sometimes as it needs to check a few flags that determine if it's enabled, has a local body, or has any remote receivers in the old comm. system or has been flagged as something to publish in the new comm. system. --- aux/bifcl | 2 +- src/Anon.cc | 2 +- src/Conn.cc | 27 +- src/Conn.h | 2 + src/DNS_Mgr.cc | 6 +- src/Event.cc | 2 +- src/Event.h | 7 + src/Reporter.cc | 4 +- src/RuleAction.cc | 2 +- src/Sessions.cc | 8 +- src/StateAccess.cc | 2 +- src/Stats.cc | 11 +- src/analyzer/Analyzer.cc | 19 +- src/analyzer/Analyzer.h | 6 + src/analyzer/protocol/arp/ARP.cc | 4 +- src/analyzer/protocol/backdoor/BackDoor.cc | 27 +- .../protocol/bittorrent/BitTorrent.cc | 2 +- .../protocol/bittorrent/BitTorrentTracker.cc | 39 +-- src/analyzer/protocol/conn-size/ConnSize.cc | 2 +- src/analyzer/protocol/dns/DNS.cc | 261 ++++++++++-------- src/analyzer/protocol/dns/DNS.h | 6 +- src/analyzer/protocol/file/File.cc | 13 +- src/analyzer/protocol/finger/Finger.cc | 4 +- src/analyzer/protocol/gnutella/Gnutella.cc | 14 +- src/analyzer/protocol/http/HTTP.cc | 24 +- src/analyzer/protocol/icmp/ICMP.cc | 39 ++- src/analyzer/protocol/ident/Ident.cc | 17 +- src/analyzer/protocol/imap/imap-analyzer.pac | 7 +- src/analyzer/protocol/interconn/InterConn.cc | 14 +- src/analyzer/protocol/irc/IRC.cc | 122 ++++---- src/analyzer/protocol/login/Login.cc | 19 +- src/analyzer/protocol/login/NVT.cc | 2 +- src/analyzer/protocol/login/RSH.cc | 4 +- src/analyzer/protocol/login/Rlogin.cc | 2 +- src/analyzer/protocol/mime/MIME.cc | 19 +- src/analyzer/protocol/ncp/NCP.cc | 4 +- src/analyzer/protocol/netbios/NetbiosSSN.cc | 6 +- src/analyzer/protocol/ntlm/ntlm-analyzer.pac | 9 + src/analyzer/protocol/ntp/NTP.cc | 5 +- src/analyzer/protocol/pop3/POP3.cc | 5 +- src/analyzer/protocol/rfb/rfb-analyzer.pac | 24 +- src/analyzer/protocol/rpc/MOUNT.cc | 4 +- src/analyzer/protocol/rpc/NFS.cc | 4 +- src/analyzer/protocol/rpc/Portmap.cc | 4 +- src/analyzer/protocol/rpc/RPC.cc | 6 +- .../protocol/smb/smb1-com-nt-create-andx.pac | 6 +- src/analyzer/protocol/smb/smb1-protocol.pac | 7 +- src/analyzer/protocol/smb/smb2-com-create.pac | 6 +- src/analyzer/protocol/smtp/SMTP.cc | 23 +- .../protocol/socks/socks-analyzer.pac | 87 +++--- src/analyzer/protocol/ssl/ssl-analyzer.pac | 4 +- .../protocol/ssl/ssl-dtls-analyzer.pac | 21 +- .../protocol/ssl/tls-handshake-analyzer.pac | 172 ++++++++---- .../protocol/stepping-stone/SteppingStone.cc | 9 +- .../protocol/syslog/syslog-analyzer.pac | 3 + src/analyzer/protocol/tcp/TCP.cc | 23 +- src/analyzer/protocol/tcp/TCP_Endpoint.cc | 2 +- src/analyzer/protocol/tcp/TCP_Reassembler.cc | 10 +- src/analyzer/protocol/udp/UDP.cc | 2 +- src/analyzer/protocol/xmpp/xmpp-analyzer.pac | 3 +- src/broker/Manager.cc | 9 +- src/file_analysis/File.cc | 2 +- src/file_analysis/Manager.cc | 2 +- .../analyzer/data_event/DataEvent.cc | 4 +- src/file_analysis/analyzer/entropy/Entropy.cc | 5 +- src/file_analysis/analyzer/hash/Hash.cc | 5 +- .../analyzer/unified2/unified2-analyzer.pac | 6 +- src/file_analysis/analyzer/x509/OCSP.cc | 24 +- src/file_analysis/analyzer/x509/X509.cc | 20 +- .../analyzer/x509/x509-extension.pac | 3 + src/logging/Manager.cc | 2 +- src/main.cc | 23 +- 72 files changed, 771 insertions(+), 524 deletions(-) diff --git a/aux/bifcl b/aux/bifcl index 44622332fb..33cde13264 160000 --- a/aux/bifcl +++ b/aux/bifcl @@ -1 +1 @@ -Subproject commit 44622332fb1361383799be33e365704caacce199 +Subproject commit 33cde13264825df906668b608017e65f4ffbc12a diff --git a/src/Anon.cc b/src/Anon.cc index de225e95a8..983c7fbec8 100644 --- a/src/Anon.cc +++ b/src/Anon.cc @@ -415,7 +415,7 @@ void log_anonymization_mapping(ipaddr32_t input, ipaddr32_t output) { if ( anonymization_mapping ) { - mgr.QueueEvent(anonymization_mapping, { + mgr.QueueEventFast(anonymization_mapping, { new AddrVal(input), new AddrVal(output) }); diff --git a/src/Conn.cc b/src/Conn.cc index 494d2d21c4..83ad6c08f6 100644 --- a/src/Conn.cc +++ b/src/Conn.cc @@ -325,7 +325,7 @@ void Connection::HistoryThresholdEvent(EventHandlerPtr e, bool is_orig, // and at this stage it's not a *multiple* instance. return; - ConnectionEvent(e, 0, { + ConnectionEventFast(e, 0, { BuildConnVal(), val_mgr->GetBool(is_orig), val_mgr->GetCount(threshold) @@ -389,7 +389,7 @@ void Connection::EnableStatusUpdateTimer() void Connection::StatusUpdateTimer(double t) { - ConnectionEvent(connection_status_update, 0, { BuildConnVal() }); + ConnectionEventFast(connection_status_update, 0, { BuildConnVal() }); ADD_TIMER(&Connection::StatusUpdateTimer, network_time + connection_status_update_interval, 0, TIMER_CONN_STATUS_UPDATE); @@ -627,7 +627,7 @@ int Connection::VersionFoundEvent(const IPAddr& addr, const char* s, int len, { if ( software_parse_error ) { - ConnectionEvent(software_parse_error, analyzer, { + ConnectionEventFast(software_parse_error, analyzer, { BuildConnVal(), new AddrVal(addr), new StringVal(len, s), @@ -638,7 +638,7 @@ int Connection::VersionFoundEvent(const IPAddr& addr, const char* s, int len, if ( software_version_found ) { - ConnectionEvent(software_version_found, 0, { + ConnectionEventFast(software_version_found, 0, { BuildConnVal(), new AddrVal(addr), val, @@ -666,7 +666,7 @@ int Connection::UnparsedVersionFoundEvent(const IPAddr& addr, if ( software_unparsed_version_found ) { - ConnectionEvent(software_unparsed_version_found, analyzer, { + ConnectionEventFast(software_unparsed_version_found, analyzer, { BuildConnVal(), new AddrVal(addr), new StringVal(len, full), @@ -682,9 +682,9 @@ void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, const ch return; if ( name ) - ConnectionEvent(f, analyzer, {new StringVal(name), BuildConnVal()}); + ConnectionEventFast(f, analyzer, {new StringVal(name), BuildConnVal()}); else - ConnectionEvent(f, analyzer, {BuildConnVal()}); + ConnectionEventFast(f, analyzer, {BuildConnVal()}); } @@ -698,9 +698,9 @@ void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, Val* v1, } if ( v2 ) - ConnectionEvent(f, analyzer, {BuildConnVal(), v1, v2}); + ConnectionEventFast(f, analyzer, {BuildConnVal(), v1, v2}); else - ConnectionEvent(f, analyzer, {BuildConnVal(), v1}); + ConnectionEventFast(f, analyzer, {BuildConnVal(), v1}); } void Connection::ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* a, val_list vl) @@ -720,6 +720,13 @@ void Connection::ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* a, val_l a ? a->GetID() : 0, GetTimerMgr(), this); } +void Connection::ConnectionEventFast(EventHandlerPtr f, analyzer::Analyzer* a, val_list vl) + { + // "this" is passed as a cookie for the event + mgr.QueueEventFast(f, std::move(vl), SOURCE_LOCAL, + a ? a->GetID() : 0, GetTimerMgr(), this); + } + void Connection::ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* a, val_list* vl) { ConnectionEvent(f, a, std::move(*vl)); @@ -1053,7 +1060,7 @@ void Connection::CheckFlowLabel(bool is_orig, uint32 flow_label) if ( connection_flow_label_changed && (is_orig ? saw_first_orig_packet : saw_first_resp_packet) ) { - ConnectionEvent(connection_flow_label_changed, 0, { + ConnectionEventFast(connection_flow_label_changed, 0, { BuildConnVal(), val_mgr->GetBool(is_orig), val_mgr->GetCount(my_flow_label), diff --git a/src/Conn.h b/src/Conn.h index 2622134f2a..d19501ff13 100644 --- a/src/Conn.h +++ b/src/Conn.h @@ -181,6 +181,8 @@ public: val_list* vl); void ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* analyzer, val_list vl); + void ConnectionEventFast(EventHandlerPtr f, analyzer::Analyzer* analyzer, + val_list vl); void Weird(const char* name, const char* addl = ""); bool DidWeird() const { return weird != 0; } diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index c72e66f0bf..c3efda3ad9 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -704,7 +704,7 @@ void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* dm) if ( ! e ) return; - mgr.QueueEvent(e, {BuildMappingVal(dm)}); + mgr.QueueEventFast(e, {BuildMappingVal(dm)}); } void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* dm, ListVal* l1, ListVal* l2) @@ -715,7 +715,7 @@ void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* dm, ListVal* l1, ListVal* l2 Unref(l1); Unref(l2); - mgr.QueueEvent(e, { + mgr.QueueEventFast(e, { BuildMappingVal(dm), l1->ConvertToSet(), l2->ConvertToSet(), @@ -727,7 +727,7 @@ void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* old_dm, DNS_Mapping* new_dm) if ( ! e ) return; - mgr.QueueEvent(e, { + mgr.QueueEventFast(e, { BuildMappingVal(old_dm), BuildMappingVal(new_dm), }); diff --git a/src/Event.cc b/src/Event.cc index 26ca874c2a..8b87caa9b1 100644 --- a/src/Event.cc +++ b/src/Event.cc @@ -128,7 +128,7 @@ void EventMgr::QueueEvent(Event* event) void EventMgr::Drain() { if ( event_queue_flush_point ) - QueueEvent(event_queue_flush_point, val_list{}); + QueueEventFast(event_queue_flush_point, val_list{}); SegmentProfiler(segment_logger, "draining-events"); diff --git a/src/Event.h b/src/Event.h index 9ee30ae674..258b680d49 100644 --- a/src/Event.h +++ b/src/Event.h @@ -58,6 +58,13 @@ public: EventMgr(); ~EventMgr() override; + void QueueEventFast(const EventHandlerPtr &h, val_list vl, + SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, + TimerMgr* mgr = 0, BroObj* obj = 0) + { + QueueEvent(new Event(h, std::move(vl), src, aid, mgr, obj)); + } + void QueueEvent(const EventHandlerPtr &h, val_list vl, SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, TimerMgr* mgr = 0, BroObj* obj = 0) diff --git a/src/Reporter.cc b/src/Reporter.cc index 9821911d17..cc0542eaac 100644 --- a/src/Reporter.cc +++ b/src/Reporter.cc @@ -506,9 +506,9 @@ void Reporter::DoLog(const char* prefix, EventHandlerPtr event, FILE* out, } if ( conn ) - conn->ConnectionEvent(event, 0, std::move(vl)); + conn->ConnectionEventFast(event, 0, std::move(vl)); else - mgr.QueueEvent(event, std::move(vl)); + mgr.QueueEventFast(event, std::move(vl)); } else { diff --git a/src/RuleAction.cc b/src/RuleAction.cc index ab9994bde2..3d22e3b56f 100644 --- a/src/RuleAction.cc +++ b/src/RuleAction.cc @@ -17,7 +17,7 @@ void RuleActionEvent::DoAction(const Rule* parent, RuleEndpointState* state, { if ( signature_match ) { - mgr.QueueEvent(signature_match, { + mgr.QueueEventFast(signature_match, { rule_matcher->BuildRuleStateValue(parent, state), new StringVal(msg), data ? new StringVal(len, (const char*)data) : val_mgr->GetEmptyString(), diff --git a/src/Sessions.cc b/src/Sessions.cc index db4e9e5d3a..3507c46e53 100644 --- a/src/Sessions.cc +++ b/src/Sessions.cc @@ -171,7 +171,7 @@ void NetSessions::NextPacket(double t, const Packet* pkt) SegmentProfiler(segment_logger, "dispatching-packet"); if ( raw_packet ) - mgr.QueueEvent(raw_packet, {pkt->BuildPktHdrVal()}); + mgr.QueueEventFast(raw_packet, {pkt->BuildPktHdrVal()}); if ( pkt_profiler ) pkt_profiler->ProfilePkt(t, pkt->cap_len); @@ -411,7 +411,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr { dump_this_packet = 1; if ( esp_packet ) - mgr.QueueEvent(esp_packet, {ip_hdr->BuildPktHdrVal()}); + mgr.QueueEventFast(esp_packet, {ip_hdr->BuildPktHdrVal()}); // Can't do more since upper-layer payloads are going to be encrypted. return; @@ -1315,9 +1315,9 @@ Connection* NetSessions::NewConn(HashKey* k, double t, const ConnID* id, { conn->Event(new_connection, 0); - if ( external ) + if ( external && connection_external ) { - conn->ConnectionEvent(connection_external, 0, { + conn->ConnectionEventFast(connection_external, 0, { conn->BuildConnVal(), new StringVal(conn->GetTimerMgr()->GetTag().c_str()), }); diff --git a/src/StateAccess.cc b/src/StateAccess.cc index b9f08a54cc..72ed9ef236 100644 --- a/src/StateAccess.cc +++ b/src/StateAccess.cc @@ -536,7 +536,7 @@ void StateAccess::Replay() if ( remote_state_access_performed ) { - mgr.QueueEvent(remote_state_access_performed, { + mgr.QueueEventFast(remote_state_access_performed, { new StringVal(target.id->Name()), target.id->ID_Val()->Ref(), }); diff --git a/src/Stats.cc b/src/Stats.cc index 7c232f7aa4..1d2a2c8ad8 100644 --- a/src/Stats.cc +++ b/src/Stats.cc @@ -369,11 +369,12 @@ void SampleLogger::SegmentProfile(const char* /* name */, const Location* /* loc */, double dtime, int dmem) { - mgr.QueueEvent(load_sample, { - load_samples->Ref(), - new IntervalVal(dtime, Seconds), - val_mgr->GetInt(dmem) - }); + if ( load_sample ) + mgr.QueueEventFast(load_sample, { + load_samples->Ref(), + new IntervalVal(dtime, Seconds), + val_mgr->GetInt(dmem) + }); } void SegmentProfiler::Init() diff --git a/src/analyzer/Analyzer.cc b/src/analyzer/Analyzer.cc index be2cfcf627..874b405e9d 100644 --- a/src/analyzer/Analyzer.cc +++ b/src/analyzer/Analyzer.cc @@ -662,16 +662,19 @@ void Analyzer::ProtocolConfirmation(Tag arg_tag) if ( protocol_confirmed ) return; + protocol_confirmed = true; + + if ( ! protocol_confirmation ) + return; + EnumVal* tval = arg_tag ? arg_tag.AsEnumVal() : tag.AsEnumVal(); Ref(tval); - mgr.QueueEvent(protocol_confirmation, { + mgr.QueueEventFast(protocol_confirmation, { BuildConnVal(), tval, val_mgr->GetCount(id), }); - - protocol_confirmed = true; } void Analyzer::ProtocolViolation(const char* reason, const char* data, int len) @@ -689,10 +692,13 @@ void Analyzer::ProtocolViolation(const char* reason, const char* data, int len) else r = new StringVal(reason); + if ( ! protocol_violation ) + return; + EnumVal* tval = tag.AsEnumVal(); Ref(tval); - mgr.QueueEvent(protocol_violation, { + mgr.QueueEventFast(protocol_violation, { BuildConnVal(), tval, val_mgr->GetCount(id), @@ -787,6 +793,11 @@ void Analyzer::ConnectionEvent(EventHandlerPtr f, val_list vl) conn->ConnectionEvent(f, this, std::move(vl)); } +void Analyzer::ConnectionEventFast(EventHandlerPtr f, val_list vl) + { + conn->ConnectionEventFast(f, this, std::move(vl)); + } + void Analyzer::Weird(const char* name, const char* addl) { conn->Weird(name, addl); diff --git a/src/analyzer/Analyzer.h b/src/analyzer/Analyzer.h index ab09e63458..141d420a82 100644 --- a/src/analyzer/Analyzer.h +++ b/src/analyzer/Analyzer.h @@ -547,6 +547,12 @@ public: */ void ConnectionEvent(EventHandlerPtr f, val_list vl); + /** + * Convenience function that forwards directly to + * Connection::ConnectionEventFast(). + */ + void ConnectionEventFast(EventHandlerPtr f, val_list vl); + /** * Convenience function that forwards directly to the corresponding * Connection::Weird(). diff --git a/src/analyzer/protocol/arp/ARP.cc b/src/analyzer/protocol/arp/ARP.cc index e206303e9c..d3a4ab688f 100644 --- a/src/analyzer/protocol/arp/ARP.cc +++ b/src/analyzer/protocol/arp/ARP.cc @@ -190,7 +190,7 @@ void ARP_Analyzer::BadARP(const struct arp_pkthdr* hdr, const char* msg) if ( ! bad_arp ) return; - mgr.QueueEvent(bad_arp, { + mgr.QueueEventFast(bad_arp, { ConstructAddrVal(ar_spa(hdr)), EthAddrToStr((const u_char*) ar_sha(hdr)), ConstructAddrVal(ar_tpa(hdr)), @@ -212,7 +212,7 @@ void ARP_Analyzer::RREvent(EventHandlerPtr e, if ( ! e ) return; - mgr.QueueEvent(e, { + mgr.QueueEventFast(e, { EthAddrToStr(src), EthAddrToStr(dst), ConstructAddrVal(spa), diff --git a/src/analyzer/protocol/backdoor/BackDoor.cc b/src/analyzer/protocol/backdoor/BackDoor.cc index 4cc8d5f703..81b4c0e9a5 100644 --- a/src/analyzer/protocol/backdoor/BackDoor.cc +++ b/src/analyzer/protocol/backdoor/BackDoor.cc @@ -246,7 +246,10 @@ void BackDoorEndpoint::RloginSignatureFound(int len) rlogin_checking_done = 1; - endp->TCP()->ConnectionEvent(rlogin_signature_found, { + if ( ! rlogin_signature_found ) + return; + + endp->TCP()->ConnectionEventFast(rlogin_signature_found, { endp->TCP()->BuildConnVal(), val_mgr->GetBool(endp->IsOrig()), val_mgr->GetCount(rlogin_num_null), @@ -337,7 +340,10 @@ void BackDoorEndpoint::CheckForTelnet(uint64 /* seq */, int len, const u_char* d void BackDoorEndpoint::TelnetSignatureFound(int len) { - endp->TCP()->ConnectionEvent(telnet_signature_found, { + if ( ! telnet_signature_found ) + return; + + endp->TCP()->ConnectionEventFast(telnet_signature_found, { endp->TCP()->BuildConnVal(), val_mgr->GetBool(endp->IsOrig()), val_mgr->GetCount(len), @@ -641,12 +647,15 @@ void BackDoorEndpoint::CheckForHTTPProxy(uint64 /* seq */, int len, void BackDoorEndpoint::SignatureFound(EventHandlerPtr e, int do_orig) { + if ( ! e ) + return; + if ( do_orig ) - endp->TCP()->ConnectionEvent(e, + endp->TCP()->ConnectionEventFast(e, {endp->TCP()->BuildConnVal(), val_mgr->GetBool(endp->IsOrig())}); else - endp->TCP()->ConnectionEvent(e, {endp->TCP()->BuildConnVal()}); + endp->TCP()->ConnectionEventFast(e, {endp->TCP()->BuildConnVal()}); } @@ -773,7 +782,10 @@ void BackDoor_Analyzer::StatTimer(double t, int is_expire) void BackDoor_Analyzer::StatEvent() { - TCP()->ConnectionEvent(backdoor_stats, { + if ( ! backdoor_stats ) + return; + + TCP()->ConnectionEventFast(backdoor_stats, { TCP()->BuildConnVal(), orig_endp->BuildStats(), resp_endp->BuildStats(), @@ -782,7 +794,10 @@ void BackDoor_Analyzer::StatEvent() void BackDoor_Analyzer::RemoveEvent() { - TCP()->ConnectionEvent(backdoor_remove_conn, {TCP()->BuildConnVal()}); + if ( ! backdoor_remove_conn ) + return; + + TCP()->ConnectionEventFast(backdoor_remove_conn, {TCP()->BuildConnVal()}); } BackDoorTimer::BackDoorTimer(double t, BackDoor_Analyzer* a) diff --git a/src/analyzer/protocol/bittorrent/BitTorrent.cc b/src/analyzer/protocol/bittorrent/BitTorrent.cc index 989265623c..c57d694c6e 100644 --- a/src/analyzer/protocol/bittorrent/BitTorrent.cc +++ b/src/analyzer/protocol/bittorrent/BitTorrent.cc @@ -120,7 +120,7 @@ void BitTorrent_Analyzer::DeliverWeird(const char* msg, bool orig) { if ( bittorrent_peer_weird ) { - ConnectionEvent(bittorrent_peer_weird, { + ConnectionEventFast(bittorrent_peer_weird, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(msg), diff --git a/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc b/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc index 411bbf0aff..a1a40e8d56 100644 --- a/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc +++ b/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc @@ -247,7 +247,7 @@ void BitTorrentTracker_Analyzer::DeliverWeird(const char* msg, bool orig) { if ( bt_tracker_weird ) { - ConnectionEvent(bt_tracker_weird, { + ConnectionEventFast(bt_tracker_weird, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(msg), @@ -348,11 +348,12 @@ void BitTorrentTracker_Analyzer::EmitRequest(void) { ProtocolConfirmation(); - ConnectionEvent(bt_tracker_request, { - BuildConnVal(), - req_val_uri, - req_val_headers, - }); + if ( bt_tracker_request ) + ConnectionEventFast(bt_tracker_request, { + BuildConnVal(), + req_val_uri, + req_val_headers, + }); req_val_uri = 0; req_val_headers = 0; @@ -401,11 +402,12 @@ bool BitTorrentTracker_Analyzer::ParseResponse(char* line) { if ( res_status != 200 ) { - ConnectionEvent(bt_tracker_response_not_ok, { - BuildConnVal(), - val_mgr->GetCount(res_status), - res_val_headers, - }); + if ( bt_tracker_response_not_ok ) + ConnectionEventFast(bt_tracker_response_not_ok, { + BuildConnVal(), + val_mgr->GetCount(res_status), + res_val_headers, + }); res_val_headers = 0; res_buf_pos = res_buf + res_buf_len; res_state = BTT_RES_DONE; @@ -787,13 +789,14 @@ void BitTorrentTracker_Analyzer::EmitResponse(void) { ProtocolConfirmation(); - ConnectionEvent(bt_tracker_response, { - BuildConnVal(), - val_mgr->GetCount(res_status), - res_val_headers, - res_val_peers, - res_val_benc, - }); + if ( bt_tracker_response ) + ConnectionEventFast(bt_tracker_response, { + BuildConnVal(), + val_mgr->GetCount(res_status), + res_val_headers, + res_val_peers, + res_val_benc, + }); res_val_headers = 0; res_val_peers = 0; diff --git a/src/analyzer/protocol/conn-size/ConnSize.cc b/src/analyzer/protocol/conn-size/ConnSize.cc index cf6521103c..1b18335e7f 100644 --- a/src/analyzer/protocol/conn-size/ConnSize.cc +++ b/src/analyzer/protocol/conn-size/ConnSize.cc @@ -47,7 +47,7 @@ void ConnSize_Analyzer::ThresholdEvent(EventHandlerPtr f, uint64 threshold, bool if ( ! f ) return; - ConnectionEvent(f, { + ConnectionEventFast(f, { BuildConnVal(), val_mgr->GetCount(threshold), val_mgr->GetBool(is_orig), diff --git a/src/analyzer/protocol/dns/DNS.cc b/src/analyzer/protocol/dns/DNS.cc index a67b548fe9..f99a7ca1e9 100644 --- a/src/analyzer/protocol/dns/DNS.cc +++ b/src/analyzer/protocol/dns/DNS.cc @@ -46,7 +46,7 @@ int DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query) if ( dns_message ) { - analyzer->ConnectionEvent(dns_message, { + analyzer->ConnectionEventFast(dns_message, { analyzer->BuildConnVal(), val_mgr->GetBool(is_query), msg.BuildHdrVal(), @@ -132,10 +132,11 @@ int DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query) int DNS_Interpreter::EndMessage(DNS_MsgInfo* msg) { - analyzer->ConnectionEvent(dns_end, { - analyzer->BuildConnVal(), - msg->BuildHdrVal(), - }); + if ( dns_end ) + analyzer->ConnectionEventFast(dns_end, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + }); return 1; } @@ -334,7 +335,7 @@ int DNS_Interpreter::ParseAnswer(DNS_MsgInfo* msg, if ( dns_unknown_reply && ! msg->skip_event ) { - analyzer->ConnectionEvent(dns_unknown_reply, { + analyzer->ConnectionEventFast(dns_unknown_reply, { analyzer->BuildConnVal(), msg->BuildHdrVal(), msg->BuildAnswerVal(), @@ -549,7 +550,7 @@ int DNS_Interpreter::ParseRR_Name(DNS_MsgInfo* msg, if ( reply_event && ! msg->skip_event ) { - analyzer->ConnectionEvent(reply_event, { + analyzer->ConnectionEventFast(reply_event, { analyzer->BuildConnVal(), msg->BuildHdrVal(), msg->BuildAnswerVal(), @@ -603,7 +604,7 @@ int DNS_Interpreter::ParseRR_SOA(DNS_MsgInfo* msg, r->Assign(5, new IntervalVal(double(expire), Seconds)); r->Assign(6, new IntervalVal(double(minimum), Seconds)); - analyzer->ConnectionEvent(dns_SOA_reply, { + analyzer->ConnectionEventFast(dns_SOA_reply, { analyzer->BuildConnVal(), msg->BuildHdrVal(), msg->BuildAnswerVal(), @@ -634,7 +635,7 @@ int DNS_Interpreter::ParseRR_MX(DNS_MsgInfo* msg, if ( dns_MX_reply && ! msg->skip_event ) { - analyzer->ConnectionEvent(dns_MX_reply, { + analyzer->ConnectionEventFast(dns_MX_reply, { analyzer->BuildConnVal(), msg->BuildHdrVal(), msg->BuildAnswerVal(), @@ -677,7 +678,7 @@ int DNS_Interpreter::ParseRR_SRV(DNS_MsgInfo* msg, if ( dns_SRV_reply && ! msg->skip_event ) { - analyzer->ConnectionEvent(dns_SRV_reply, { + analyzer->ConnectionEventFast(dns_SRV_reply, { analyzer->BuildConnVal(), msg->BuildHdrVal(), msg->BuildAnswerVal(), @@ -700,7 +701,7 @@ int DNS_Interpreter::ParseRR_EDNS(DNS_MsgInfo* msg, if ( dns_EDNS_addl && ! msg->skip_event ) { - analyzer->ConnectionEvent(dns_EDNS_addl, { + analyzer->ConnectionEventFast(dns_EDNS_addl, { analyzer->BuildConnVal(), msg->BuildHdrVal(), msg->BuildEDNS_Val(), @@ -766,22 +767,24 @@ int DNS_Interpreter::ParseRR_TSIG(DNS_MsgInfo* msg, unsigned int rr_error = ExtractShort(data, len); ExtractOctets(data, len, 0); // Other Data - msg->tsig = new TSIG_DATA; + if ( dns_TSIG_addl ) + { + TSIG_DATA tsig; + tsig.alg_name = + new BroString(alg_name, alg_name_end - alg_name, 1); + tsig.sig = request_MAC; + tsig.time_s = sign_time_sec; + tsig.time_ms = sign_time_msec; + tsig.fudge = fudge; + tsig.orig_id = orig_id; + tsig.rr_error = rr_error; - msg->tsig->alg_name = - new BroString(alg_name, alg_name_end - alg_name, 1); - msg->tsig->sig = request_MAC; - msg->tsig->time_s = sign_time_sec; - msg->tsig->time_ms = sign_time_msec; - msg->tsig->fudge = fudge; - msg->tsig->orig_id = orig_id; - msg->tsig->rr_error = rr_error; - - analyzer->ConnectionEvent(dns_TSIG_addl, { - analyzer->BuildConnVal(), - msg->BuildHdrVal(), - msg->BuildTSIG_Val(), - }); + analyzer->ConnectionEventFast(dns_TSIG_addl, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildTSIG_Val(&tsig), + }); + } return 1; } @@ -864,23 +867,26 @@ int DNS_Interpreter::ParseRR_RRSIG(DNS_MsgInfo* msg, break; } - RRSIG_DATA rrsig; - rrsig.type_covered = type_covered; - rrsig.algorithm = algo; - rrsig.labels = lab; - rrsig.orig_ttl = orig_ttl; - rrsig.sig_exp = sign_exp; - rrsig.sig_incep = sign_incp; - rrsig.key_tag = key_tag; - rrsig.signer_name = new BroString(name, name_end - name, 1); - rrsig.signature = sign; + if ( dns_RRSIG ) + { + RRSIG_DATA rrsig; + rrsig.type_covered = type_covered; + rrsig.algorithm = algo; + rrsig.labels = lab; + rrsig.orig_ttl = orig_ttl; + rrsig.sig_exp = sign_exp; + rrsig.sig_incep = sign_incp; + rrsig.key_tag = key_tag; + rrsig.signer_name = new BroString(name, name_end - name, 1); + rrsig.signature = sign; - analyzer->ConnectionEvent(dns_RRSIG, { - analyzer->BuildConnVal(), - msg->BuildHdrVal(), - msg->BuildAnswerVal(), - msg->BuildRRSIG_Val(&rrsig), - }); + analyzer->ConnectionEventFast(dns_RRSIG, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + msg->BuildRRSIG_Val(&rrsig), + }); + } return 1; } @@ -961,18 +967,21 @@ int DNS_Interpreter::ParseRR_DNSKEY(DNS_MsgInfo* msg, break; } - DNSKEY_DATA dnskey; - dnskey.dflags = dflags; - dnskey.dalgorithm = dalgorithm; - dnskey.dprotocol = dprotocol; - dnskey.public_key = key; + if ( dns_DNSKEY ) + { + DNSKEY_DATA dnskey; + dnskey.dflags = dflags; + dnskey.dalgorithm = dalgorithm; + dnskey.dprotocol = dprotocol; + dnskey.public_key = key; - analyzer->ConnectionEvent(dns_DNSKEY, { - analyzer->BuildConnVal(), - msg->BuildHdrVal(), - msg->BuildAnswerVal(), - msg->BuildDNSKEY_Val(&dnskey), - }); + analyzer->ConnectionEventFast(dns_DNSKEY, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + msg->BuildDNSKEY_Val(&dnskey), + }); + } return 1; } @@ -1017,13 +1026,16 @@ int DNS_Interpreter::ParseRR_NSEC(DNS_MsgInfo* msg, typebitmaps_len = typebitmaps_len - (2 + bmlen); } - analyzer->ConnectionEvent(dns_NSEC, { - analyzer->BuildConnVal(), - msg->BuildHdrVal(), - msg->BuildAnswerVal(), - new StringVal(new BroString(name, name_end - name, 1)), - char_strings, - }); + if ( dns_NSEC ) + analyzer->ConnectionEventFast(dns_NSEC, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + new StringVal(new BroString(name, name_end - name, 1)), + char_strings, + }); + else + Unref(char_strings); return 1; } @@ -1091,22 +1103,25 @@ int DNS_Interpreter::ParseRR_NSEC3(DNS_MsgInfo* msg, typebitmaps_len = typebitmaps_len - (2 + bmlen); } - NSEC3_DATA nsec3; - nsec3.nsec_flags = nsec_flags; - nsec3.nsec_hash_algo = hash_algo; - nsec3.nsec_iter = iter; - nsec3.nsec_salt_len = salt_len; - nsec3.nsec_salt = salt_val; - nsec3.nsec_hlen = hash_len; - nsec3.nsec_hash = hash_val; - nsec3.bitmaps = char_strings; + if ( dns_NSEC3 ) + { + NSEC3_DATA nsec3; + nsec3.nsec_flags = nsec_flags; + nsec3.nsec_hash_algo = hash_algo; + nsec3.nsec_iter = iter; + nsec3.nsec_salt_len = salt_len; + nsec3.nsec_salt = salt_val; + nsec3.nsec_hlen = hash_len; + nsec3.nsec_hash = hash_val; + nsec3.bitmaps = char_strings; - analyzer->ConnectionEvent(dns_NSEC3, { - analyzer->BuildConnVal(), - msg->BuildHdrVal(), - msg->BuildAnswerVal(), - msg->BuildNSEC3_Val(&nsec3), - }); + analyzer->ConnectionEventFast(dns_NSEC3, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + msg->BuildNSEC3_Val(&nsec3), + }); + } return 1; } @@ -1150,18 +1165,21 @@ int DNS_Interpreter::ParseRR_DS(DNS_MsgInfo* msg, break; } - DS_DATA ds; - ds.key_tag = ds_key_tag; - ds.algorithm = ds_algo; - ds.digest_type = ds_dtype; - ds.digest_val = ds_digest; + if ( dns_DS ) + { + DS_DATA ds; + ds.key_tag = ds_key_tag; + ds.algorithm = ds_algo; + ds.digest_type = ds_dtype; + ds.digest_val = ds_digest; - analyzer->ConnectionEvent(dns_DS, { - analyzer->BuildConnVal(), - msg->BuildHdrVal(), - msg->BuildAnswerVal(), - msg->BuildDS_Val(&ds), - }); + analyzer->ConnectionEventFast(dns_DS, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + msg->BuildDS_Val(&ds), + }); + } return 1; } @@ -1179,7 +1197,7 @@ int DNS_Interpreter::ParseRR_A(DNS_MsgInfo* msg, if ( dns_A_reply && ! msg->skip_event ) { - analyzer->ConnectionEvent(dns_A_reply, { + analyzer->ConnectionEventFast(dns_A_reply, { analyzer->BuildConnVal(), msg->BuildHdrVal(), msg->BuildAnswerVal(), @@ -1216,7 +1234,7 @@ int DNS_Interpreter::ParseRR_AAAA(DNS_MsgInfo* msg, event = dns_A6_reply; if ( event && ! msg->skip_event ) { - analyzer->ConnectionEvent(event, { + analyzer->ConnectionEventFast(event, { analyzer->BuildConnVal(), msg->BuildHdrVal(), msg->BuildAnswerVal(), @@ -1290,12 +1308,15 @@ int DNS_Interpreter::ParseRR_TXT(DNS_MsgInfo* msg, while ( (char_string = extract_char_string(analyzer, data, len, rdlength)) ) char_strings->Assign(char_strings->Size(), char_string); - analyzer->ConnectionEvent(dns_TXT_reply, { - analyzer->BuildConnVal(), - msg->BuildHdrVal(), - msg->BuildAnswerVal(), - char_strings, - }); + if ( dns_TXT_reply ) + analyzer->ConnectionEventFast(dns_TXT_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + char_strings, + }); + else + Unref(char_strings); return rdlength == 0; } @@ -1330,14 +1351,20 @@ int DNS_Interpreter::ParseRR_CAA(DNS_MsgInfo* msg, data += value->Len(); rdlength -= value->Len(); - analyzer->ConnectionEvent(dns_CAA_reply, { - analyzer->BuildConnVal(), - msg->BuildHdrVal(), - msg->BuildAnswerVal(), - val_mgr->GetCount(flags), - new StringVal(tag), - new StringVal(value), - }); + if ( dns_CAA_reply ) + analyzer->ConnectionEventFast(dns_CAA_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + val_mgr->GetCount(flags), + new StringVal(tag), + new StringVal(value), + }); + else + { + delete tag; + delete value; + } return rdlength == 0; } @@ -1351,13 +1378,14 @@ void DNS_Interpreter::SendReplyOrRejectEvent(DNS_MsgInfo* msg, RR_Type qtype = RR_Type(ExtractShort(data, len)); int qclass = ExtractShort(data, len); - analyzer->ConnectionEvent(event, { - analyzer->BuildConnVal(), - msg->BuildHdrVal(), - new StringVal(question_name), - val_mgr->GetCount(qtype), - val_mgr->GetCount(qclass), - }); + if ( event ) + analyzer->ConnectionEventFast(event, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + new StringVal(question_name), + val_mgr->GetCount(qtype), + val_mgr->GetCount(qclass), + }); } @@ -1391,7 +1419,6 @@ DNS_MsgInfo::DNS_MsgInfo(DNS_RawMsgHdr* hdr, int arg_is_query) answer_type = DNS_QUESTION; skip_event = 0; - tsig = 0; } DNS_MsgInfo::~DNS_MsgInfo() @@ -1470,7 +1497,7 @@ Val* DNS_MsgInfo::BuildEDNS_Val() return r; } -Val* DNS_MsgInfo::BuildTSIG_Val() +Val* DNS_MsgInfo::BuildTSIG_Val(struct TSIG_DATA* tsig) { RecordVal* r = new RecordVal(dns_tsig_additional); double rtime = tsig->time_s + tsig->time_ms / 1000.0; @@ -1487,9 +1514,6 @@ Val* DNS_MsgInfo::BuildTSIG_Val() r->Assign(7, val_mgr->GetCount(tsig->rr_error)); r->Assign(8, val_mgr->GetCount(is_query)); - delete tsig; - tsig = 0; - return r; } @@ -1705,10 +1729,11 @@ void DNS_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, { if ( ! interp->ParseMessage(data, len, 1) && non_dns_request ) { - ConnectionEvent(non_dns_request, { - BuildConnVal(), - new StringVal(len, (const char*) data), - }); + if ( non_dns_request ) + ConnectionEventFast(non_dns_request, { + BuildConnVal(), + new StringVal(len, (const char*) data), + }); } } diff --git a/src/analyzer/protocol/dns/DNS.h b/src/analyzer/protocol/dns/DNS.h index f095fe96fa..a4975cdaa1 100644 --- a/src/analyzer/protocol/dns/DNS.h +++ b/src/analyzer/protocol/dns/DNS.h @@ -182,7 +182,7 @@ public: Val* BuildHdrVal(); Val* BuildAnswerVal(); Val* BuildEDNS_Val(); - Val* BuildTSIG_Val(); + Val* BuildTSIG_Val(struct TSIG_DATA*); Val* BuildRRSIG_Val(struct RRSIG_DATA*); Val* BuildDNSKEY_Val(struct DNSKEY_DATA*); Val* BuildNSEC3_Val(struct NSEC3_DATA*); @@ -214,10 +214,6 @@ public: ///< identical answer, there may be problems // uint32* addr; ///< cache value to pass back results ///< for forward lookups - - // More values for spesific DNS types. - //struct EDNS_ADDITIONAL* edns; - struct TSIG_DATA* tsig; }; diff --git a/src/analyzer/protocol/file/File.cc b/src/analyzer/protocol/file/File.cc index bb81eaa1fd..62fd36c0da 100644 --- a/src/analyzer/protocol/file/File.cc +++ b/src/analyzer/protocol/file/File.cc @@ -78,10 +78,11 @@ void File_Analyzer::Identify() string match = matches.empty() ? "" : *(matches.begin()->second.begin()); - ConnectionEvent(file_transferred, { - BuildConnVal(), - new StringVal(buffer_len, buffer), - new StringVal(""), - new StringVal(match), - }); + if ( file_transferred ) + ConnectionEventFast(file_transferred, { + BuildConnVal(), + new StringVal(buffer_len, buffer), + new StringVal(""), + new StringVal(match), + }); } diff --git a/src/analyzer/protocol/finger/Finger.cc b/src/analyzer/protocol/finger/Finger.cc index 0f7cec2677..fcc778f151 100644 --- a/src/analyzer/protocol/finger/Finger.cc +++ b/src/analyzer/protocol/finger/Finger.cc @@ -68,7 +68,7 @@ void Finger_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig if ( finger_request ) { - ConnectionEvent(finger_request, { + ConnectionEventFast(finger_request, { BuildConnVal(), val_mgr->GetBool(long_cnt), new StringVal(at - line, line), @@ -87,7 +87,7 @@ void Finger_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig if ( ! finger_reply ) return; - ConnectionEvent(finger_reply, { + ConnectionEventFast(finger_reply, { BuildConnVal(), new StringVal(end_of_line - line, line), }); diff --git a/src/analyzer/protocol/gnutella/Gnutella.cc b/src/analyzer/protocol/gnutella/Gnutella.cc index dc6e14bf63..0b0ebadf03 100644 --- a/src/analyzer/protocol/gnutella/Gnutella.cc +++ b/src/analyzer/protocol/gnutella/Gnutella.cc @@ -59,9 +59,9 @@ void Gnutella_Analyzer::Done() if ( ! sent_establish && (gnutella_establish || gnutella_not_establish) ) { if ( Established() && gnutella_establish ) - ConnectionEvent(gnutella_establish, {BuildConnVal()}); + ConnectionEventFast(gnutella_establish, {BuildConnVal()}); else if ( ! Established () && gnutella_not_establish ) - ConnectionEvent(gnutella_not_establish, {BuildConnVal()}); + ConnectionEventFast(gnutella_not_establish, {BuildConnVal()}); } if ( gnutella_partial_binary_msg ) @@ -72,7 +72,7 @@ void Gnutella_Analyzer::Done() { if ( ! p->msg_sent && p->msg_pos ) { - ConnectionEvent(gnutella_partial_binary_msg, { + ConnectionEventFast(gnutella_partial_binary_msg, { BuildConnVal(), new StringVal(p->msg), val_mgr->GetBool((i == 0)), @@ -121,7 +121,7 @@ int Gnutella_Analyzer::IsHTTP(string header) if ( gnutella_http_notify ) { - ConnectionEvent(gnutella_http_notify, {BuildConnVal()}); + ConnectionEventFast(gnutella_http_notify, {BuildConnVal()}); } analyzer::Analyzer* a = analyzer_mgr->InstantiateAnalyzer("HTTP", Conn()); @@ -181,7 +181,7 @@ void Gnutella_Analyzer::DeliverLines(int len, const u_char* data, bool orig) { if ( gnutella_text_msg ) { - ConnectionEvent(gnutella_text_msg, { + ConnectionEventFast(gnutella_text_msg, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(ms->headers.data()), @@ -195,7 +195,7 @@ void Gnutella_Analyzer::DeliverLines(int len, const u_char* data, bool orig) { sent_establish = 1; - ConnectionEvent(gnutella_establish, {BuildConnVal()}); + ConnectionEventFast(gnutella_establish, {BuildConnVal()}); } } } @@ -221,7 +221,7 @@ void Gnutella_Analyzer::SendEvents(GnutellaMsgState* p, bool is_orig) if ( gnutella_binary_msg ) { - ConnectionEvent(gnutella_binary_msg, { + ConnectionEventFast(gnutella_binary_msg, { BuildConnVal(), val_mgr->GetBool(is_orig), val_mgr->GetCount(p->msg_type), diff --git a/src/analyzer/protocol/http/HTTP.cc b/src/analyzer/protocol/http/HTTP.cc index 6087f7b43d..cc6403cb3e 100644 --- a/src/analyzer/protocol/http/HTTP.cc +++ b/src/analyzer/protocol/http/HTTP.cc @@ -646,7 +646,7 @@ void HTTP_Message::Done(const int interrupted, const char* detail) if ( http_message_done ) { - GetAnalyzer()->ConnectionEvent(http_message_done, { + GetAnalyzer()->ConnectionEventFast(http_message_done, { analyzer->BuildConnVal(), val_mgr->GetBool(is_orig), BuildMessageStat(interrupted, detail), @@ -679,7 +679,7 @@ void HTTP_Message::BeginEntity(mime::MIME_Entity* entity) if ( http_begin_entity ) { - analyzer->ConnectionEvent(http_begin_entity, { + analyzer->ConnectionEventFast(http_begin_entity, { analyzer->BuildConnVal(), val_mgr->GetBool(is_orig), }); @@ -696,7 +696,7 @@ void HTTP_Message::EndEntity(mime::MIME_Entity* entity) if ( http_end_entity ) { - analyzer->ConnectionEvent(http_end_entity, { + analyzer->ConnectionEventFast(http_end_entity, { analyzer->BuildConnVal(), val_mgr->GetBool(is_orig), }); @@ -737,7 +737,7 @@ void HTTP_Message::SubmitAllHeaders(mime::MIME_HeaderList& hlist) { if ( http_all_headers ) { - analyzer->ConnectionEvent(http_all_headers, { + analyzer->ConnectionEventFast(http_all_headers, { analyzer->BuildConnVal(), val_mgr->GetBool(is_orig), BuildHeaderTable(hlist), @@ -751,7 +751,7 @@ void HTTP_Message::SubmitAllHeaders(mime::MIME_HeaderList& hlist) ty->Ref(); subty->Ref(); - analyzer->ConnectionEvent(http_content_type, { + analyzer->ConnectionEventFast(http_content_type, { analyzer->BuildConnVal(), val_mgr->GetBool(is_orig), ty, @@ -1183,7 +1183,7 @@ void HTTP_Analyzer::GenStats() r->Assign(3, new Val(reply_version, TYPE_DOUBLE)); // DEBUG_MSG("%.6f http_stats\n", network_time); - ConnectionEvent(http_stats, {BuildConnVal(), r}); + ConnectionEventFast(http_stats, {BuildConnVal(), r}); } } @@ -1381,7 +1381,7 @@ void HTTP_Analyzer::HTTP_Event(const char* category, StringVal* detail) if ( http_event ) { // DEBUG_MSG("%.6f http_event\n", network_time); - ConnectionEvent(http_event, { + ConnectionEventFast(http_event, { BuildConnVal(), new StringVal(category), detail, @@ -1424,7 +1424,7 @@ void HTTP_Analyzer::HTTP_Request() Ref(request_method); // DEBUG_MSG("%.6f http_request\n", network_time); - ConnectionEvent(http_request, { + ConnectionEventFast(http_request, { BuildConnVal(), request_method, TruncateURI(request_URI->AsStringVal()), @@ -1438,7 +1438,7 @@ void HTTP_Analyzer::HTTP_Reply() { if ( http_reply ) { - ConnectionEvent(http_reply, { + ConnectionEventFast(http_reply, { BuildConnVal(), new StringVal(fmt("%.1f", reply_version)), val_mgr->GetCount(reply_code), @@ -1517,7 +1517,7 @@ void HTTP_Analyzer::ReplyMade(const int interrupted, const char* msg) if ( http_connection_upgrade ) { - ConnectionEvent(http_connection_upgrade, { + ConnectionEventFast(http_connection_upgrade, { BuildConnVal(), new StringVal(upgrade_protocol), }); @@ -1693,7 +1693,7 @@ void HTTP_Analyzer::HTTP_Header(int is_orig, mime::MIME_Header* h) if ( DEBUG_http ) DEBUG_MSG("%.6f http_header\n", network_time); - ConnectionEvent(http_header, { + ConnectionEventFast(http_header, { BuildConnVal(), val_mgr->GetBool(is_orig), mime::new_string_val(h->get_name())->ToUpper(), @@ -1827,7 +1827,7 @@ void HTTP_Analyzer::HTTP_EntityData(int is_orig, BroString* entity_data) { if ( http_entity_data ) { - ConnectionEvent(http_entity_data, { + ConnectionEventFast(http_entity_data, { BuildConnVal(), val_mgr->GetBool(is_orig), val_mgr->GetCount(entity_data->Len()), diff --git a/src/analyzer/protocol/icmp/ICMP.cc b/src/analyzer/protocol/icmp/ICMP.cc index a740ac8848..0acbbd9731 100644 --- a/src/analyzer/protocol/icmp/ICMP.cc +++ b/src/analyzer/protocol/icmp/ICMP.cc @@ -199,7 +199,7 @@ void ICMP_Analyzer::ICMP_Sent(const struct icmp* icmpp, int len, int caplen, { if ( icmp_sent ) { - ConnectionEvent(icmp_sent, { + ConnectionEventFast(icmp_sent, { BuildConnVal(), BuildICMPVal(icmpp, len, icmpv6, ip_hdr), }); @@ -209,7 +209,7 @@ void ICMP_Analyzer::ICMP_Sent(const struct icmp* icmpp, int len, int caplen, { BroString* payload = new BroString(data, min(len, caplen), 0); - ConnectionEvent(icmp_sent_payload, { + ConnectionEventFast(icmp_sent_payload, { BuildConnVal(), BuildICMPVal(icmpp, len, icmpv6, ip_hdr), new StringVal(payload), @@ -512,7 +512,7 @@ void ICMP_Analyzer::Echo(double t, const struct icmp* icmpp, int len, BroString* payload = new BroString(data, caplen, 0); - ConnectionEvent(f, { + ConnectionEventFast(f, { BuildConnVal(), BuildICMPVal(icmpp, len, ip_hdr->NextProto() != IPPROTO_ICMP, ip_hdr), val_mgr->GetCount(iid), @@ -526,6 +526,10 @@ void ICMP_Analyzer::RouterAdvert(double t, const struct icmp* icmpp, int len, int caplen, const u_char*& data, const IP_Hdr* ip_hdr) { EventHandlerPtr f = icmp_router_advertisement; + + if ( ! f ) + return; + uint32 reachable = 0, retrans = 0; if ( caplen >= (int)sizeof(reachable) ) @@ -536,7 +540,7 @@ void ICMP_Analyzer::RouterAdvert(double t, const struct icmp* icmpp, int len, int opt_offset = sizeof(reachable) + sizeof(retrans); - ConnectionEvent(f, { + ConnectionEventFast(f, { BuildConnVal(), BuildICMPVal(icmpp, len, 1, ip_hdr), val_mgr->GetCount(icmpp->icmp_num_addrs), // Cur Hop Limit @@ -558,6 +562,10 @@ void ICMP_Analyzer::NeighborAdvert(double t, const struct icmp* icmpp, int len, int caplen, const u_char*& data, const IP_Hdr* ip_hdr) { EventHandlerPtr f = icmp_neighbor_advertisement; + + if ( ! f ) + return; + IPAddr tgtaddr; if ( caplen >= (int)sizeof(in6_addr) ) @@ -565,7 +573,7 @@ void ICMP_Analyzer::NeighborAdvert(double t, const struct icmp* icmpp, int len, int opt_offset = sizeof(in6_addr); - ConnectionEvent(f, { + ConnectionEventFast(f, { BuildConnVal(), BuildICMPVal(icmpp, len, 1, ip_hdr), val_mgr->GetBool(icmpp->icmp_num_addrs & 0x80), // Router @@ -581,6 +589,10 @@ void ICMP_Analyzer::NeighborSolicit(double t, const struct icmp* icmpp, int len, int caplen, const u_char*& data, const IP_Hdr* ip_hdr) { EventHandlerPtr f = icmp_neighbor_solicitation; + + if ( ! f ) + return; + IPAddr tgtaddr; if ( caplen >= (int)sizeof(in6_addr) ) @@ -588,7 +600,7 @@ void ICMP_Analyzer::NeighborSolicit(double t, const struct icmp* icmpp, int len, int opt_offset = sizeof(in6_addr); - ConnectionEvent(f, { + ConnectionEventFast(f, { BuildConnVal(), BuildICMPVal(icmpp, len, 1, ip_hdr), new AddrVal(tgtaddr), @@ -601,6 +613,10 @@ void ICMP_Analyzer::Redirect(double t, const struct icmp* icmpp, int len, int caplen, const u_char*& data, const IP_Hdr* ip_hdr) { EventHandlerPtr f = icmp_redirect; + + if ( ! f ) + return; + IPAddr tgtaddr, dstaddr; if ( caplen >= (int)sizeof(in6_addr) ) @@ -611,7 +627,7 @@ void ICMP_Analyzer::Redirect(double t, const struct icmp* icmpp, int len, int opt_offset = 2 * sizeof(in6_addr); - ConnectionEvent(f, { + ConnectionEventFast(f, { BuildConnVal(), BuildICMPVal(icmpp, len, 1, ip_hdr), new AddrVal(tgtaddr), @@ -626,7 +642,10 @@ void ICMP_Analyzer::RouterSolicit(double t, const struct icmp* icmpp, int len, { EventHandlerPtr f = icmp_router_solicitation; - ConnectionEvent(f, { + if ( ! f ) + return; + + ConnectionEventFast(f, { BuildConnVal(), BuildICMPVal(icmpp, len, 1, ip_hdr), BuildNDOptionsVal(caplen, data), @@ -652,7 +671,7 @@ void ICMP_Analyzer::Context4(double t, const struct icmp* icmpp, if ( f ) { - ConnectionEvent(f, { + ConnectionEventFast(f, { BuildConnVal(), BuildICMPVal(icmpp, len, 0, ip_hdr), val_mgr->GetCount(icmpp->icmp_code), @@ -692,7 +711,7 @@ void ICMP_Analyzer::Context6(double t, const struct icmp* icmpp, if ( f ) { - ConnectionEvent(f, { + ConnectionEventFast(f, { BuildConnVal(), BuildICMPVal(icmpp, len, 1, ip_hdr), val_mgr->GetCount(icmpp->icmp_code), diff --git a/src/analyzer/protocol/ident/Ident.cc b/src/analyzer/protocol/ident/Ident.cc index ba32968c3b..ba00d9215b 100644 --- a/src/analyzer/protocol/ident/Ident.cc +++ b/src/analyzer/protocol/ident/Ident.cc @@ -83,7 +83,7 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) Weird("ident_request_addendum", s.CheckString()); } - ConnectionEvent(ident_request, { + ConnectionEventFast(ident_request, { BuildConnVal(), val_mgr->GetPort(local_port, TRANSPORT_TCP), val_mgr->GetPort(remote_port, TRANSPORT_TCP), @@ -143,12 +143,13 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) if ( is_error ) { - ConnectionEvent(ident_error, { - BuildConnVal(), - val_mgr->GetPort(local_port, TRANSPORT_TCP), - val_mgr->GetPort(remote_port, TRANSPORT_TCP), - new StringVal(end_of_line - line, line), - }); + if ( ident_error ) + ConnectionEventFast(ident_error, { + BuildConnVal(), + val_mgr->GetPort(local_port, TRANSPORT_TCP), + val_mgr->GetPort(remote_port, TRANSPORT_TCP), + new StringVal(end_of_line - line, line), + }); } else @@ -176,7 +177,7 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) line = skip_whitespace(colon + 1, end_of_line); - ConnectionEvent(ident_reply, { + ConnectionEventFast(ident_reply, { BuildConnVal(), val_mgr->GetPort(local_port, TRANSPORT_TCP), val_mgr->GetPort(remote_port, TRANSPORT_TCP), diff --git a/src/analyzer/protocol/imap/imap-analyzer.pac b/src/analyzer/protocol/imap/imap-analyzer.pac index 353aadb7ce..ac1652086e 100644 --- a/src/analyzer/protocol/imap/imap-analyzer.pac +++ b/src/analyzer/protocol/imap/imap-analyzer.pac @@ -43,7 +43,9 @@ refine connection IMAP_Conn += { if ( commands == "ok" ) { bro_analyzer()->StartTLS(); - BifEvent::generate_imap_starttls(bro_analyzer(), bro_analyzer()->Conn()); + + if ( imap_starttls ) + BifEvent::generate_imap_starttls(bro_analyzer(), bro_analyzer()->Conn()); } else reporter->Weird(bro_analyzer()->Conn(), "IMAP: server refused StartTLS"); @@ -54,6 +56,9 @@ refine connection IMAP_Conn += { function proc_server_capability(capabilities: Capability[]): bool %{ + if ( ! imap_capabilities ) + return true; + VectorVal* capv = new VectorVal(internal_type("string_vec")->AsVectorType()); for ( unsigned int i = 0; i< capabilities->size(); i++ ) { diff --git a/src/analyzer/protocol/interconn/InterConn.cc b/src/analyzer/protocol/interconn/InterConn.cc index 39749a0deb..057280a0fa 100644 --- a/src/analyzer/protocol/interconn/InterConn.cc +++ b/src/analyzer/protocol/interconn/InterConn.cc @@ -241,16 +241,18 @@ void InterConn_Analyzer::StatTimer(double t, int is_expire) void InterConn_Analyzer::StatEvent() { - Conn()->ConnectionEvent(interconn_stats, this, { - Conn()->BuildConnVal(), - orig_endp->BuildStats(), - resp_endp->BuildStats(), - }); + if ( interconn_stats ) + Conn()->ConnectionEventFast(interconn_stats, this, { + Conn()->BuildConnVal(), + orig_endp->BuildStats(), + resp_endp->BuildStats(), + }); } void InterConn_Analyzer::RemoveEvent() { - Conn()->ConnectionEvent(interconn_remove_conn, this, {Conn()->BuildConnVal()}); + if ( interconn_remove_conn ) + Conn()->ConnectionEventFast(interconn_remove_conn, this, {Conn()->BuildConnVal()}); } InterConnTimer::InterConnTimer(double t, InterConn_Analyzer* a) diff --git a/src/analyzer/protocol/irc/IRC.cc b/src/analyzer/protocol/irc/IRC.cc index cd48d8469c..c5db109434 100644 --- a/src/analyzer/protocol/irc/IRC.cc +++ b/src/analyzer/protocol/irc/IRC.cc @@ -233,7 +233,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) // else ### } - ConnectionEvent(irc_network_info, { + ConnectionEventFast(irc_network_info, { BuildConnVal(), val_mgr->GetBool(orig), val_mgr->GetInt(users), @@ -281,7 +281,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) Unref(idx); } - ConnectionEvent(irc_names_info, { + ConnectionEventFast(irc_names_info, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(type.c_str()), @@ -315,7 +315,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) // else ### } - ConnectionEvent(irc_server_info, { + ConnectionEventFast(irc_server_info, { BuildConnVal(), val_mgr->GetBool(orig), val_mgr->GetInt(users), @@ -337,7 +337,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( parts[i] == ":channels" ) channels = atoi(parts[i - 1].c_str()); - ConnectionEvent(irc_channel_info, { + ConnectionEventFast(irc_channel_info, { BuildConnVal(), val_mgr->GetBool(orig), val_mgr->GetInt(channels), @@ -369,7 +369,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) break; } - ConnectionEvent(irc_global_users, { + ConnectionEventFast(irc_global_users, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(eop - prefix, prefix), @@ -412,7 +412,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) vl.append(new StringVal(real_name.c_str())); - ConnectionEvent(irc_whois_user_line, std::move(vl)); + ConnectionEventFast(irc_whois_user_line, std::move(vl)); } break; @@ -433,7 +433,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) return; } - ConnectionEvent(irc_whois_operator_line, { + ConnectionEventFast(irc_whois_operator_line, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(parts[0].c_str()), @@ -472,7 +472,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) Unref(idx); } - ConnectionEvent(irc_whois_channel_line, { + ConnectionEventFast(irc_whois_channel_line, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(nick.c_str()), @@ -503,7 +503,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( *t == ':' ) ++t; - ConnectionEvent(irc_channel_topic, { + ConnectionEventFast(irc_channel_topic, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(parts[1].c_str()), @@ -537,7 +537,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( parts[7][0] == ':' ) parts[7] = parts[7].substr(1); - ConnectionEvent(irc_who_line, { + ConnectionEventFast(irc_who_line, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(parts[0].c_str()), @@ -560,7 +560,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) case 436: if ( irc_invalid_nick ) { - ConnectionEvent(irc_invalid_nick, { + ConnectionEventFast(irc_invalid_nick, { BuildConnVal(), val_mgr->GetBool(orig), }); @@ -572,7 +572,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) case 491: // user is not operator if ( irc_oper_response ) { - ConnectionEvent(irc_oper_response, { + ConnectionEventFast(irc_oper_response, { BuildConnVal(), val_mgr->GetBool(orig), val_mgr->GetBool(code == 381), @@ -587,13 +587,14 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) // All other server replies. default: - ConnectionEvent(irc_reply, { - BuildConnVal(), - val_mgr->GetBool(orig), - new StringVal(prefix.c_str()), - val_mgr->GetCount(code), - new StringVal(params.c_str()), - }); + if ( irc_reply ) + ConnectionEventFast(irc_reply, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + val_mgr->GetCount(code), + new StringVal(params.c_str()), + }); break; } return; @@ -657,30 +658,32 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) } - ConnectionEvent(irc_dcc_message, { - BuildConnVal(), - val_mgr->GetBool(orig), - new StringVal(prefix.c_str()), - new StringVal(target.c_str()), - new StringVal(parts[1].c_str()), - new StringVal(parts[2].c_str()), - new AddrVal(htonl(raw_ip)), - val_mgr->GetCount(atoi(parts[4].c_str())), - parts.size() >= 6 ? - val_mgr->GetCount(atoi(parts[5].c_str())) : - val_mgr->GetCount(0), - }); + if ( irc_dcc_message ) + ConnectionEventFast(irc_dcc_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(target.c_str()), + new StringVal(parts[1].c_str()), + new StringVal(parts[2].c_str()), + new AddrVal(htonl(raw_ip)), + val_mgr->GetCount(atoi(parts[4].c_str())), + parts.size() >= 6 ? + val_mgr->GetCount(atoi(parts[5].c_str())) : + val_mgr->GetCount(0), + }); } else { - ConnectionEvent(irc_privmsg_message, { - BuildConnVal(), - val_mgr->GetBool(orig), - new StringVal(prefix.c_str()), - new StringVal(target.c_str()), - new StringVal(message.c_str()), - }); + if ( irc_privmsg_message ) + ConnectionEventFast(irc_privmsg_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(target.c_str()), + new StringVal(message.c_str()), + }); } } @@ -699,7 +702,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( message[0] == ':' ) message = message.substr(1); - ConnectionEvent(irc_notice_message, { + ConnectionEventFast(irc_notice_message, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(prefix.c_str()), @@ -723,7 +726,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( message[0] == ':' ) message = message.substr(1); - ConnectionEvent(irc_squery_message, { + ConnectionEventFast(irc_squery_message, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(prefix.c_str()), @@ -763,7 +766,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) const char* name = realname.c_str(); vl.append(new StringVal(*name == ':' ? name + 1 : name)); - ConnectionEvent(irc_user_message, std::move(vl)); + ConnectionEventFast(irc_user_message, std::move(vl)); } else if ( irc_oper_message && command == "OPER" ) @@ -772,7 +775,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) vector parts = SplitWords(params, ' '); if ( parts.size() == 2 ) { - ConnectionEvent(irc_oper_message, { + ConnectionEventFast(irc_oper_message, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(parts[0].c_str()), @@ -814,7 +817,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) else vl.append(val_mgr->GetEmptyString()); - ConnectionEvent(irc_kick_message, std::move(vl)); + ConnectionEventFast(irc_kick_message, std::move(vl)); } else if ( irc_join_message && command == "JOIN" ) @@ -862,7 +865,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) Unref(info); } - ConnectionEvent(irc_join_message, { + ConnectionEventFast(irc_join_message, { BuildConnVal(), val_mgr->GetBool(orig), list, @@ -923,7 +926,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) Unref(info); } - ConnectionEvent(irc_join_message, { + ConnectionEventFast(irc_join_message, { BuildConnVal(), val_mgr->GetBool(orig), list, @@ -963,7 +966,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) Unref(idx); } - ConnectionEvent(irc_part_message, { + ConnectionEventFast(irc_part_message, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(nick.c_str()), @@ -986,7 +989,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) nickname = prefix.substr(0, pos); } - ConnectionEvent(irc_quit_message, { + ConnectionEventFast(irc_quit_message, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(nickname.c_str()), @@ -1000,7 +1003,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( nick[0] == ':' ) nick = nick.substr(1); - ConnectionEvent(irc_nick_message, { + ConnectionEventFast(irc_nick_message, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(prefix.c_str()), @@ -1025,7 +1028,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( parts.size() > 0 && parts[0].size() > 0 && parts[0][0] == ':' ) parts[0] = parts[0].substr(1); - ConnectionEvent(irc_who_message, { + ConnectionEventFast(irc_who_message, { BuildConnVal(), val_mgr->GetBool(orig), parts.size() > 0 ? @@ -1055,7 +1058,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) else users = parts[0]; - ConnectionEvent(irc_whois_message, { + ConnectionEventFast(irc_whois_message, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(server.c_str()), @@ -1068,7 +1071,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( params[0] == ':' ) params = params.substr(1); - ConnectionEvent(irc_error_message, { + ConnectionEventFast(irc_error_message, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(prefix.c_str()), @@ -1084,7 +1087,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( parts[1].size() > 0 && parts[1][0] == ':' ) parts[1] = parts[1].substr(1); - ConnectionEvent(irc_invite_message, { + ConnectionEventFast(irc_invite_message, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(prefix.c_str()), @@ -1100,7 +1103,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { if ( params.size() > 0 ) { - ConnectionEvent(irc_mode_message, { + ConnectionEventFast(irc_mode_message, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(prefix.c_str()), @@ -1114,7 +1117,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) else if ( irc_password_message && command == "PASS" ) { - ConnectionEvent(irc_password_message, { + ConnectionEventFast(irc_password_message, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(params.c_str()), @@ -1136,7 +1139,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) message = message.substr(1); } - ConnectionEvent(irc_squit_message, { + ConnectionEventFast(irc_squit_message, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(prefix.c_str()), @@ -1150,7 +1153,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { if ( irc_request ) { - ConnectionEvent(irc_request, { + ConnectionEventFast(irc_request, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(prefix.c_str()), @@ -1164,7 +1167,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { if ( irc_message ) { - ConnectionEvent(irc_message, { + ConnectionEventFast(irc_message, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(prefix.c_str()), @@ -1199,7 +1202,8 @@ void IRC_Analyzer::StartTLS() if ( ssl ) AddChildAnalyzer(ssl); - ConnectionEvent(irc_starttls, {BuildConnVal()}); + if ( irc_starttls ) + ConnectionEventFast(irc_starttls, {BuildConnVal()}); } vector IRC_Analyzer::SplitWords(const string input, const char split) diff --git a/src/analyzer/protocol/login/Login.cc b/src/analyzer/protocol/login/Login.cc index 326c126ae9..31aba64755 100644 --- a/src/analyzer/protocol/login/Login.cc +++ b/src/analyzer/protocol/login/Login.cc @@ -289,7 +289,7 @@ void Login_Analyzer::AuthenticationDialog(bool orig, char* line) { if ( authentication_skipped ) { - ConnectionEvent(authentication_skipped, {BuildConnVal()}); + ConnectionEventFast(authentication_skipped, {BuildConnVal()}); } state = LOGIN_STATE_SKIP; @@ -332,7 +332,7 @@ void Login_Analyzer::SetEnv(bool orig, char* name, char* val) else if ( login_terminal && streq(name, "TERM") ) { - ConnectionEvent(login_terminal, { + ConnectionEventFast(login_terminal, { BuildConnVal(), new StringVal(val), }); @@ -340,7 +340,7 @@ void Login_Analyzer::SetEnv(bool orig, char* name, char* val) else if ( login_display && streq(name, "DISPLAY") ) { - ConnectionEvent(login_display, { + ConnectionEventFast(login_display, { BuildConnVal(), new StringVal(val), }); @@ -348,7 +348,7 @@ void Login_Analyzer::SetEnv(bool orig, char* name, char* val) else if ( login_prompt && streq(name, "TTYPROMPT") ) { - ConnectionEvent(login_prompt, { + ConnectionEventFast(login_prompt, { BuildConnVal(), new StringVal(val), }); @@ -425,7 +425,7 @@ void Login_Analyzer::LoginEvent(EventHandlerPtr f, const char* line, Val* password = HaveTypeahead() ? PopUserTextVal() : new StringVal(""); - ConnectionEvent(f, { + ConnectionEventFast(f, { BuildConnVal(), username->Ref(), client_name ? client_name->Ref() : val_mgr->GetEmptyString(), @@ -444,7 +444,10 @@ const char* Login_Analyzer::GetUsername(const char* line) const void Login_Analyzer::LineEvent(EventHandlerPtr f, const char* line) { - ConnectionEvent(f, { + if ( ! f ) + return; + + ConnectionEventFast(f, { BuildConnVal(), new StringVal(line), }); @@ -457,7 +460,7 @@ void Login_Analyzer::Confused(const char* msg, const char* line) if ( login_confused ) { - ConnectionEvent(login_confused, { + ConnectionEventFast(login_confused, { BuildConnVal(), new StringVal(msg), new StringVal(line), @@ -483,7 +486,7 @@ void Login_Analyzer::ConfusionText(const char* line) { if ( login_confused_text ) { - ConnectionEvent(login_confused_text, { + ConnectionEventFast(login_confused_text, { BuildConnVal(), new StringVal(line), }); diff --git a/src/analyzer/protocol/login/NVT.cc b/src/analyzer/protocol/login/NVT.cc index 53ad3c202d..ea651ece42 100644 --- a/src/analyzer/protocol/login/NVT.cc +++ b/src/analyzer/protocol/login/NVT.cc @@ -461,7 +461,7 @@ void NVT_Analyzer::SetTerminal(const u_char* terminal, int len) { if ( login_terminal ) { - ConnectionEvent(login_terminal, { + ConnectionEventFast(login_terminal, { BuildConnVal(), new StringVal(new BroString(terminal, len, 0)), }); diff --git a/src/analyzer/protocol/login/RSH.cc b/src/analyzer/protocol/login/RSH.cc index 4688bf9280..b3cca3f5c4 100644 --- a/src/analyzer/protocol/login/RSH.cc +++ b/src/analyzer/protocol/login/RSH.cc @@ -183,11 +183,11 @@ void Rsh_Analyzer::DeliverStream(int len, const u_char* data, bool orig) else vl.append(val_mgr->GetFalse()); - ConnectionEvent(rsh_request, std::move(vl)); + ConnectionEventFast(rsh_request, std::move(vl)); } else - ConnectionEvent(rsh_reply, std::move(vl)); + ConnectionEventFast(rsh_reply, std::move(vl)); } void Rsh_Analyzer::ClientUserName(const char* s) diff --git a/src/analyzer/protocol/login/Rlogin.cc b/src/analyzer/protocol/login/Rlogin.cc index 10d9e23e91..0c7386e59f 100644 --- a/src/analyzer/protocol/login/Rlogin.cc +++ b/src/analyzer/protocol/login/Rlogin.cc @@ -244,7 +244,7 @@ void Rlogin_Analyzer::TerminalType(const char* s) { if ( login_terminal ) { - ConnectionEvent(login_terminal, { + ConnectionEventFast(login_terminal, { BuildConnVal(), new StringVal(s), }); diff --git a/src/analyzer/protocol/mime/MIME.cc b/src/analyzer/protocol/mime/MIME.cc index edb5316bac..35b9832020 100644 --- a/src/analyzer/protocol/mime/MIME.cc +++ b/src/analyzer/protocol/mime/MIME.cc @@ -1358,7 +1358,7 @@ void MIME_Mail::Done() hash_final(md5_hash, digest); md5_hash = nullptr; - analyzer->ConnectionEvent(mime_content_hash, { + analyzer->ConnectionEventFast(mime_content_hash, { analyzer->BuildConnVal(), val_mgr->GetCount(content_hash_length), new StringVal(new BroString(1, digest, 16)), @@ -1386,7 +1386,7 @@ void MIME_Mail::BeginEntity(MIME_Entity* /* entity */) cur_entity_id.clear(); if ( mime_begin_entity ) - analyzer->ConnectionEvent(mime_begin_entity, {analyzer->BuildConnVal()}); + analyzer->ConnectionEventFast(mime_begin_entity, {analyzer->BuildConnVal()}); buffer_start = data_start = 0; ASSERT(entity_content.size() == 0); @@ -1398,8 +1398,7 @@ void MIME_Mail::EndEntity(MIME_Entity* /* entity */) { BroString* s = concatenate(entity_content); - - analyzer->ConnectionEvent(mime_entity_data, { + analyzer->ConnectionEventFast(mime_entity_data, { analyzer->BuildConnVal(), val_mgr->GetCount(s->Len()), new StringVal(s), @@ -1412,7 +1411,7 @@ void MIME_Mail::EndEntity(MIME_Entity* /* entity */) } if ( mime_end_entity ) - analyzer->ConnectionEvent(mime_end_entity, {analyzer->BuildConnVal()}); + analyzer->ConnectionEventFast(mime_end_entity, {analyzer->BuildConnVal()}); file_mgr->EndOfFile(analyzer->GetAnalyzerTag(), analyzer->Conn()); cur_entity_id.clear(); @@ -1422,7 +1421,7 @@ void MIME_Mail::SubmitHeader(MIME_Header* h) { if ( mime_one_header ) { - analyzer->ConnectionEvent(mime_one_header, { + analyzer->ConnectionEventFast(mime_one_header, { analyzer->BuildConnVal(), BuildHeaderVal(h), }); @@ -1433,7 +1432,7 @@ void MIME_Mail::SubmitAllHeaders(MIME_HeaderList& hlist) { if ( mime_all_headers ) { - analyzer->ConnectionEvent(mime_all_headers, { + analyzer->ConnectionEventFast(mime_all_headers, { analyzer->BuildConnVal(), BuildHeaderTable(hlist), }); @@ -1470,7 +1469,7 @@ void MIME_Mail::SubmitData(int len, const char* buf) const char* data = (char*) data_buffer->Bytes() + data_start; int data_len = (buf + len) - data; - analyzer->ConnectionEvent(mime_segment_data, { + analyzer->ConnectionEventFast(mime_segment_data, { analyzer->BuildConnVal(), val_mgr->GetCount(data_len), new StringVal(data_len, data), @@ -1517,7 +1516,7 @@ void MIME_Mail::SubmitAllData() BroString* s = concatenate(all_content); delete_strings(all_content); - analyzer->ConnectionEvent(mime_all_data, { + analyzer->ConnectionEventFast(mime_all_data, { analyzer->BuildConnVal(), val_mgr->GetCount(s->Len()), new StringVal(s), @@ -1546,7 +1545,7 @@ void MIME_Mail::SubmitEvent(int event_type, const char* detail) if ( mime_event ) { - analyzer->ConnectionEvent(mime_event, { + analyzer->ConnectionEventFast(mime_event, { analyzer->BuildConnVal(), new StringVal(category), new StringVal(detail), diff --git a/src/analyzer/protocol/ncp/NCP.cc b/src/analyzer/protocol/ncp/NCP.cc index ceb480292b..de13e4a6e7 100644 --- a/src/analyzer/protocol/ncp/NCP.cc +++ b/src/analyzer/protocol/ncp/NCP.cc @@ -63,7 +63,7 @@ void NCP_Session::DeliverFrame(const binpac::NCP::ncp_frame* frame) { if ( frame->is_orig() ) { - analyzer->ConnectionEvent(f, { + analyzer->ConnectionEventFast(f, { analyzer->BuildConnVal(), val_mgr->GetCount(frame->frame_type()), val_mgr->GetCount(frame->body_length()), @@ -72,7 +72,7 @@ void NCP_Session::DeliverFrame(const binpac::NCP::ncp_frame* frame) } else { - analyzer->ConnectionEvent(f, { + analyzer->ConnectionEventFast(f, { analyzer->BuildConnVal(), val_mgr->GetCount(frame->frame_type()), val_mgr->GetCount(frame->body_length()), diff --git a/src/analyzer/protocol/netbios/NetbiosSSN.cc b/src/analyzer/protocol/netbios/NetbiosSSN.cc index 5dc07f7d0d..c643f8ced7 100644 --- a/src/analyzer/protocol/netbios/NetbiosSSN.cc +++ b/src/analyzer/protocol/netbios/NetbiosSSN.cc @@ -58,7 +58,7 @@ int NetbiosSSN_Interpreter::ParseMessage(unsigned int type, unsigned int flags, { if ( netbios_session_message ) { - analyzer->ConnectionEvent(netbios_session_message, { + analyzer->ConnectionEventFast(netbios_session_message, { analyzer->BuildConnVal(), val_mgr->GetBool(is_query), val_mgr->GetCount(type), @@ -330,14 +330,14 @@ void NetbiosSSN_Interpreter::Event(EventHandlerPtr event, const u_char* data, if ( is_orig >= 0 ) { - analyzer->ConnectionEvent(event, { + analyzer->ConnectionEventFast(event, { analyzer->BuildConnVal(), val_mgr->GetBool(is_orig), new StringVal(new BroString(data, len, 0)), }); } else - analyzer->ConnectionEvent(event, { + analyzer->ConnectionEventFast(event, { analyzer->BuildConnVal(), new StringVal(new BroString(data, len, 0)), }); diff --git a/src/analyzer/protocol/ntlm/ntlm-analyzer.pac b/src/analyzer/protocol/ntlm/ntlm-analyzer.pac index c72a9d249a..0f0d842570 100644 --- a/src/analyzer/protocol/ntlm/ntlm-analyzer.pac +++ b/src/analyzer/protocol/ntlm/ntlm-analyzer.pac @@ -94,6 +94,9 @@ refine connection NTLM_Conn += { function proc_ntlm_negotiate(val: NTLM_Negotiate): bool %{ + if ( ! ntlm_negotiate ) + return true; + RecordVal* result = new RecordVal(BifType::Record::NTLM::Negotiate); result->Assign(0, build_negotiate_flag_record(${val.flags})); @@ -115,6 +118,9 @@ refine connection NTLM_Conn += { function proc_ntlm_challenge(val: NTLM_Challenge): bool %{ + if ( ! ntlm_challenge ) + return true; + RecordVal* result = new RecordVal(BifType::Record::NTLM::Challenge); result->Assign(0, build_negotiate_flag_record(${val.flags})); @@ -136,6 +142,9 @@ refine connection NTLM_Conn += { function proc_ntlm_authenticate(val: NTLM_Authenticate): bool %{ + if ( ! ntlm_authenticate ) + return true; + RecordVal* result = new RecordVal(BifType::Record::NTLM::Authenticate); result->Assign(0, build_negotiate_flag_record(${val.flags})); diff --git a/src/analyzer/protocol/ntp/NTP.cc b/src/analyzer/protocol/ntp/NTP.cc index 2e6988d13f..a4c147b464 100644 --- a/src/analyzer/protocol/ntp/NTP.cc +++ b/src/analyzer/protocol/ntp/NTP.cc @@ -62,6 +62,9 @@ void NTP_Analyzer::Message(const u_char* data, int len) len -= sizeof *ntp_data; data += sizeof *ntp_data; + if ( ! ntp_message ) + return; + RecordVal* msg = new RecordVal(ntp_msg); unsigned int code = ntp_data->status & 0x7; @@ -78,7 +81,7 @@ void NTP_Analyzer::Message(const u_char* data, int len) msg->Assign(9, new Val(LongFloat(ntp_data->rec), TYPE_TIME)); msg->Assign(10, new Val(LongFloat(ntp_data->xmt), TYPE_TIME)); - ConnectionEvent(ntp_message, { + ConnectionEventFast(ntp_message, { BuildConnVal(), msg, new StringVal(new BroString(data, len, 0)), diff --git a/src/analyzer/protocol/pop3/POP3.cc b/src/analyzer/protocol/pop3/POP3.cc index e7ccf3907c..d8601ed3ba 100644 --- a/src/analyzer/protocol/pop3/POP3.cc +++ b/src/analyzer/protocol/pop3/POP3.cc @@ -833,7 +833,8 @@ void POP3_Analyzer::StartTLS() if ( ssl ) AddChildAnalyzer(ssl); - ConnectionEvent(pop3_starttls, {BuildConnVal()}); + if ( pop3_starttls ) + ConnectionEventFast(pop3_starttls, {BuildConnVal()}); } void POP3_Analyzer::AuthSuccessfull() @@ -932,5 +933,5 @@ void POP3_Analyzer::POP3Event(EventHandlerPtr event, bool is_orig, if ( arg2 ) vl.append(new StringVal(arg2)); - ConnectionEvent(event, std::move(vl)); + ConnectionEventFast(event, std::move(vl)); } diff --git a/src/analyzer/protocol/rfb/rfb-analyzer.pac b/src/analyzer/protocol/rfb/rfb-analyzer.pac index 39a792ba89..67adba8681 100644 --- a/src/analyzer/protocol/rfb/rfb-analyzer.pac +++ b/src/analyzer/protocol/rfb/rfb-analyzer.pac @@ -1,7 +1,8 @@ refine flow RFB_Flow += { function proc_rfb_message(msg: RFB_PDU): bool %{ - BifEvent::generate_rfb_event(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn()); + if ( rfb_event ) + BifEvent::generate_rfb_event(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn()); return true; %} @@ -9,44 +10,51 @@ refine flow RFB_Flow += { %{ if (client) { - BifEvent::generate_rfb_client_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(major), bytestring_to_val(minor)); + if ( rfb_client_version ) + BifEvent::generate_rfb_client_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(major), bytestring_to_val(minor)); connection()->bro_analyzer()->ProtocolConfirmation(); } else { - BifEvent::generate_rfb_server_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(major), bytestring_to_val(minor)); + if ( rfb_server_version ) + BifEvent::generate_rfb_server_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(major), bytestring_to_val(minor)); } return true; %} function proc_rfb_share_flag(shared: bool) : bool %{ - BifEvent::generate_rfb_share_flag(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), shared); + if ( rfb_share_flag ) + BifEvent::generate_rfb_share_flag(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), shared); return true; %} function proc_security_types(msg: RFBSecurityTypes) : bool %{ - BifEvent::generate_rfb_authentication_type(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${msg.sectype}); + if ( rfb_authentication_type ) + BifEvent::generate_rfb_authentication_type(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${msg.sectype}); return true; %} function proc_security_types37(msg: RFBAuthTypeSelected) : bool %{ - BifEvent::generate_rfb_authentication_type(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${msg.type}); + if ( rfb_authentication_type ) + BifEvent::generate_rfb_authentication_type(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${msg.type}); return true; %} function proc_handle_server_params(msg:RFBServerInit) : bool %{ - BifEvent::generate_rfb_server_parameters(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(${msg.name}), ${msg.width}, ${msg.height}); + if ( rfb_server_parameters ) + BifEvent::generate_rfb_server_parameters(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(${msg.name}), ${msg.width}, ${msg.height}); return true; %} function proc_handle_security_result(result : uint32) : bool %{ - BifEvent::generate_rfb_auth_result(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), result); + if ( rfb_auth_result ) + BifEvent::generate_rfb_auth_result(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), result); return true; %} }; diff --git a/src/analyzer/protocol/rpc/MOUNT.cc b/src/analyzer/protocol/rpc/MOUNT.cc index 1cea8e0211..4473826830 100644 --- a/src/analyzer/protocol/rpc/MOUNT.cc +++ b/src/analyzer/protocol/rpc/MOUNT.cc @@ -95,7 +95,7 @@ int MOUNT_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status { auto vl = event_common_vl(c, rpc_status, mount_status, start_time, last_time, reply_len, 0); - analyzer->ConnectionEvent(mount_reply_status, std::move(vl)); + analyzer->ConnectionEventFast(mount_reply_status, std::move(vl)); } if ( ! rpc_success ) @@ -173,7 +173,7 @@ int MOUNT_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status if ( reply ) vl.append(reply); - analyzer->ConnectionEvent(event, std::move(vl)); + analyzer->ConnectionEventFast(event, std::move(vl)); } else Unref(reply); diff --git a/src/analyzer/protocol/rpc/NFS.cc b/src/analyzer/protocol/rpc/NFS.cc index 3453263dd0..089d89ea98 100644 --- a/src/analyzer/protocol/rpc/NFS.cc +++ b/src/analyzer/protocol/rpc/NFS.cc @@ -149,7 +149,7 @@ int NFS_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status, { auto vl = event_common_vl(c, rpc_status, nfs_status, start_time, last_time, reply_len, 0); - analyzer->ConnectionEvent(nfs_reply_status, std::move(vl)); + analyzer->ConnectionEventFast(nfs_reply_status, std::move(vl)); } if ( ! rpc_success ) @@ -285,7 +285,7 @@ int NFS_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status, if ( reply ) vl.append(reply); - analyzer->ConnectionEvent(event, std::move(vl)); + analyzer->ConnectionEventFast(event, std::move(vl)); } else Unref(reply); diff --git a/src/analyzer/protocol/rpc/Portmap.cc b/src/analyzer/protocol/rpc/Portmap.cc index 8333f615fa..cb3944519f 100644 --- a/src/analyzer/protocol/rpc/Portmap.cc +++ b/src/analyzer/protocol/rpc/Portmap.cc @@ -261,7 +261,7 @@ uint32 PortmapperInterp::CheckPort(uint32 port) { if ( pm_bad_port ) { - analyzer->ConnectionEvent(pm_bad_port, { + analyzer->ConnectionEventFast(pm_bad_port, { analyzer->BuildConnVal(), val_mgr->GetCount(port), }); @@ -300,7 +300,7 @@ void PortmapperInterp::Event(EventHandlerPtr f, Val* request, BifEnum::rpc_statu vl.append(request); } - analyzer->ConnectionEvent(f, std::move(vl)); + analyzer->ConnectionEventFast(f, std::move(vl)); } Portmapper_Analyzer::Portmapper_Analyzer(Connection* conn) diff --git a/src/analyzer/protocol/rpc/RPC.cc b/src/analyzer/protocol/rpc/RPC.cc index 781ba20681..be0be02232 100644 --- a/src/analyzer/protocol/rpc/RPC.cc +++ b/src/analyzer/protocol/rpc/RPC.cc @@ -330,7 +330,7 @@ void RPC_Interpreter::Event_RPC_Dialogue(RPC_CallInfo* c, BifEnum::rpc_status st { if ( rpc_dialogue ) { - analyzer->ConnectionEvent(rpc_dialogue, { + analyzer->ConnectionEventFast(rpc_dialogue, { analyzer->BuildConnVal(), val_mgr->GetCount(c->Program()), val_mgr->GetCount(c->Version()), @@ -347,7 +347,7 @@ void RPC_Interpreter::Event_RPC_Call(RPC_CallInfo* c) { if ( rpc_call ) { - analyzer->ConnectionEvent(rpc_call, { + analyzer->ConnectionEventFast(rpc_call, { analyzer->BuildConnVal(), val_mgr->GetCount(c->XID()), val_mgr->GetCount(c->Program()), @@ -362,7 +362,7 @@ void RPC_Interpreter::Event_RPC_Reply(uint32_t xid, BifEnum::rpc_status status, { if ( rpc_reply ) { - analyzer->ConnectionEvent(rpc_reply, { + analyzer->ConnectionEventFast(rpc_reply, { analyzer->BuildConnVal(), val_mgr->GetCount(xid), BifType::Enum::rpc_status->GetVal(status), diff --git a/src/analyzer/protocol/smb/smb1-com-nt-create-andx.pac b/src/analyzer/protocol/smb/smb1-com-nt-create-andx.pac index 0cdae1cefb..01eae48d0b 100644 --- a/src/analyzer/protocol/smb/smb1-com-nt-create-andx.pac +++ b/src/analyzer/protocol/smb/smb1-com-nt-create-andx.pac @@ -6,8 +6,10 @@ refine connection SMB_Conn += { BifConst::SMB::pipe_filenames->AsTable()->Lookup(filename->CheckString()) ) { set_tree_is_pipe(${header.tid}); - BifEvent::generate_smb_pipe_connect_heuristic(bro_analyzer(), - bro_analyzer()->Conn()); + + if ( smb_pipe_connect_heuristic ) + BifEvent::generate_smb_pipe_connect_heuristic(bro_analyzer(), + bro_analyzer()->Conn()); } if ( smb1_nt_create_andx_request ) diff --git a/src/analyzer/protocol/smb/smb1-protocol.pac b/src/analyzer/protocol/smb/smb1-protocol.pac index 4ba86d1b75..d5df7a3fca 100644 --- a/src/analyzer/protocol/smb/smb1-protocol.pac +++ b/src/analyzer/protocol/smb/smb1-protocol.pac @@ -66,9 +66,10 @@ refine connection SMB_Conn += { } else { - BifEvent::generate_smb1_error(bro_analyzer(), - bro_analyzer()->Conn(), - BuildHeaderVal(h), is_orig); + if ( smb1_error ) + BifEvent::generate_smb1_error(bro_analyzer(), + bro_analyzer()->Conn(), + BuildHeaderVal(h), is_orig); } return true; %} diff --git a/src/analyzer/protocol/smb/smb2-com-create.pac b/src/analyzer/protocol/smb/smb2-com-create.pac index 2f7dfc4d26..d3df094f51 100644 --- a/src/analyzer/protocol/smb/smb2-com-create.pac +++ b/src/analyzer/protocol/smb/smb2-com-create.pac @@ -7,8 +7,10 @@ refine connection SMB_Conn += { BifConst::SMB::pipe_filenames->AsTable()->Lookup(filename->CheckString()) ) { set_tree_is_pipe(${h.tree_id}); - BifEvent::generate_smb_pipe_connect_heuristic(bro_analyzer(), - bro_analyzer()->Conn()); + + if ( smb_pipe_connect_heuristic ) + BifEvent::generate_smb_pipe_connect_heuristic(bro_analyzer(), + bro_analyzer()->Conn()); } if ( smb2_create_request ) diff --git a/src/analyzer/protocol/smtp/SMTP.cc b/src/analyzer/protocol/smtp/SMTP.cc index dff1677fc3..aa049c994b 100644 --- a/src/analyzer/protocol/smtp/SMTP.cc +++ b/src/analyzer/protocol/smtp/SMTP.cc @@ -220,7 +220,7 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig) if ( smtp_data && ! skip_data ) { - ConnectionEvent(smtp_data, { + ConnectionEventFast(smtp_data, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(data_len, line), @@ -350,7 +350,7 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig) break; } - ConnectionEvent(smtp_reply, { + ConnectionEventFast(smtp_reply, { BuildConnVal(), val_mgr->GetBool(orig), val_mgr->GetCount(reply_code), @@ -410,7 +410,8 @@ void SMTP_Analyzer::StartTLS() if ( ssl ) AddChildAnalyzer(ssl); - ConnectionEvent(smtp_starttls, {BuildConnVal()}); + if ( smtp_starttls ) + ConnectionEventFast(smtp_starttls, {BuildConnVal()}); } @@ -852,12 +853,14 @@ void SMTP_Analyzer::RequestEvent(int cmd_len, const char* cmd, int arg_len, const char* arg) { ProtocolConfirmation(); - ConnectionEvent(smtp_request, { - BuildConnVal(), - val_mgr->GetBool(orig_is_sender), - (new StringVal(cmd_len, cmd))->ToUpper(), - new StringVal(arg_len, arg), - }); + + if ( smtp_request ) + ConnectionEventFast(smtp_request, { + BuildConnVal(), + val_mgr->GetBool(orig_is_sender), + (new StringVal(cmd_len, cmd))->ToUpper(), + new StringVal(arg_len, arg), + }); } void SMTP_Analyzer::Unexpected(const int is_sender, const char* msg, @@ -872,7 +875,7 @@ void SMTP_Analyzer::Unexpected(const int is_sender, const char* msg, if ( ! orig_is_sender ) is_orig = ! is_orig; - ConnectionEvent(smtp_unexpected, { + ConnectionEventFast(smtp_unexpected, { BuildConnVal(), val_mgr->GetBool(is_orig), new StringVal(msg), diff --git a/src/analyzer/protocol/socks/socks-analyzer.pac b/src/analyzer/protocol/socks/socks-analyzer.pac index f625851d0a..b0ec62e2b9 100644 --- a/src/analyzer/protocol/socks/socks-analyzer.pac +++ b/src/analyzer/protocol/socks/socks-analyzer.pac @@ -22,18 +22,22 @@ refine connection SOCKS_Conn += { function socks4_request(request: SOCKS4_Request): bool %{ - RecordVal* sa = new RecordVal(socks_address); - sa->Assign(0, new AddrVal(htonl(${request.addr}))); - if ( ${request.v4a} ) - sa->Assign(1, array_to_string(${request.name})); + if ( socks_request ) + { + RecordVal* sa = new RecordVal(socks_address); + sa->Assign(0, new AddrVal(htonl(${request.addr}))); - BifEvent::generate_socks_request(bro_analyzer(), - bro_analyzer()->Conn(), - 4, - ${request.command}, - sa, - val_mgr->GetPort(${request.port}, TRANSPORT_TCP), - array_to_string(${request.user})); + if ( ${request.v4a} ) + sa->Assign(1, array_to_string(${request.name})); + + BifEvent::generate_socks_request(bro_analyzer(), + bro_analyzer()->Conn(), + 4, + ${request.command}, + sa, + val_mgr->GetPort(${request.port}, TRANSPORT_TCP), + array_to_string(${request.user})); + } static_cast(bro_analyzer())->EndpointDone(true); @@ -42,15 +46,18 @@ refine connection SOCKS_Conn += { function socks4_reply(reply: SOCKS4_Reply): bool %{ - RecordVal* sa = new RecordVal(socks_address); - sa->Assign(0, new AddrVal(htonl(${reply.addr}))); + if ( socks_reply ) + { + RecordVal* sa = new RecordVal(socks_address); + sa->Assign(0, new AddrVal(htonl(${reply.addr}))); - BifEvent::generate_socks_reply(bro_analyzer(), - bro_analyzer()->Conn(), - 4, - ${reply.status}, - sa, - val_mgr->GetPort(${reply.port}, TRANSPORT_TCP)); + BifEvent::generate_socks_reply(bro_analyzer(), + bro_analyzer()->Conn(), + 4, + ${reply.status}, + sa, + val_mgr->GetPort(${reply.port}, TRANSPORT_TCP)); + } bro_analyzer()->ProtocolConfirmation(); static_cast(bro_analyzer())->EndpointDone(false); @@ -97,13 +104,16 @@ refine connection SOCKS_Conn += { return false; } - BifEvent::generate_socks_request(bro_analyzer(), - bro_analyzer()->Conn(), - 5, - ${request.command}, - sa, - val_mgr->GetPort(${request.port}, TRANSPORT_TCP), - val_mgr->GetEmptyString()); + if ( socks_request ) + BifEvent::generate_socks_request(bro_analyzer(), + bro_analyzer()->Conn(), + 5, + ${request.command}, + sa, + val_mgr->GetPort(${request.port}, TRANSPORT_TCP), + val_mgr->GetEmptyString()); + else + Unref(sa); static_cast(bro_analyzer())->EndpointDone(true); @@ -136,12 +146,15 @@ refine connection SOCKS_Conn += { return false; } - BifEvent::generate_socks_reply(bro_analyzer(), - bro_analyzer()->Conn(), - 5, - ${reply.reply}, - sa, - val_mgr->GetPort(${reply.port}, TRANSPORT_TCP)); + if ( socks_reply ) + BifEvent::generate_socks_reply(bro_analyzer(), + bro_analyzer()->Conn(), + 5, + ${reply.reply}, + sa, + val_mgr->GetPort(${reply.port}, TRANSPORT_TCP)); + else + Unref(sa); bro_analyzer()->ProtocolConfirmation(); static_cast(bro_analyzer())->EndpointDone(false); @@ -150,6 +163,9 @@ refine connection SOCKS_Conn += { function socks5_auth_request_userpass(request: SOCKS5_Auth_Request_UserPass_v1): bool %{ + if ( ! socks_login_userpass_request ) + return true; + StringVal* user = new StringVal(${request.username}.length(), (const char*) ${request.username}.begin()); StringVal* pass = new StringVal(${request.password}.length(), (const char*) ${request.password}.begin()); @@ -173,9 +189,10 @@ refine connection SOCKS_Conn += { function socks5_auth_reply_userpass(reply: SOCKS5_Auth_Reply_UserPass_v1): bool %{ - BifEvent::generate_socks_login_userpass_reply(bro_analyzer(), - bro_analyzer()->Conn(), - ${reply.code}); + if ( socks_login_userpass_reply ) + BifEvent::generate_socks_login_userpass_reply(bro_analyzer(), + bro_analyzer()->Conn(), + ${reply.code}); return true; %} diff --git a/src/analyzer/protocol/ssl/ssl-analyzer.pac b/src/analyzer/protocol/ssl/ssl-analyzer.pac index bf35218873..7d23ecc75e 100644 --- a/src/analyzer/protocol/ssl/ssl-analyzer.pac +++ b/src/analyzer/protocol/ssl/ssl-analyzer.pac @@ -17,8 +17,8 @@ refine connection SSL_Conn += { function proc_v2_client_master_key(rec: SSLRecord, cipher_kind: int) : bool %{ - BifEvent::generate_ssl_established(bro_analyzer(), - bro_analyzer()->Conn()); + if ( ssl_established ) + BifEvent::generate_ssl_established(bro_analyzer(), bro_analyzer()->Conn()); return true; %} diff --git a/src/analyzer/protocol/ssl/ssl-dtls-analyzer.pac b/src/analyzer/protocol/ssl/ssl-dtls-analyzer.pac index d92f850d28..56573fd48e 100644 --- a/src/analyzer/protocol/ssl/ssl-dtls-analyzer.pac +++ b/src/analyzer/protocol/ssl/ssl-dtls-analyzer.pac @@ -31,8 +31,9 @@ refine connection SSL_Conn += { function proc_alert(rec: SSLRecord, level : int, desc : int) : bool %{ - BifEvent::generate_ssl_alert(bro_analyzer(), bro_analyzer()->Conn(), - ${rec.is_orig}, level, desc); + if ( ssl_alert ) + BifEvent::generate_ssl_alert(bro_analyzer(), bro_analyzer()->Conn(), + ${rec.is_orig}, level, desc); return true; %} function proc_unknown_record(rec: SSLRecord) : bool @@ -50,8 +51,8 @@ refine connection SSL_Conn += { established_ == false ) { established_ = true; - BifEvent::generate_ssl_established(bro_analyzer(), - bro_analyzer()->Conn()); + if ( ssl_established ) + BifEvent::generate_ssl_established(bro_analyzer(), bro_analyzer()->Conn()); } if ( ssl_encrypted_data ) @@ -72,9 +73,10 @@ refine connection SSL_Conn += { function proc_heartbeat(rec : SSLRecord, type: uint8, payload_length: uint16, data: bytestring) : bool %{ - BifEvent::generate_ssl_heartbeat(bro_analyzer(), - bro_analyzer()->Conn(), ${rec.is_orig}, ${rec.length}, type, payload_length, - new StringVal(data.length(), (const char*) data.data())); + if ( ssl_heartbeat ) + BifEvent::generate_ssl_heartbeat(bro_analyzer(), + bro_analyzer()->Conn(), ${rec.is_orig}, ${rec.length}, type, payload_length, + new StringVal(data.length(), (const char*) data.data())); return true; %} @@ -93,8 +95,9 @@ refine connection SSL_Conn += { function proc_ccs(rec: SSLRecord) : bool %{ - BifEvent::generate_ssl_change_cipher_spec(bro_analyzer(), - bro_analyzer()->Conn(), ${rec.is_orig}); + if ( ssl_change_cipher_spec ) + BifEvent::generate_ssl_change_cipher_spec(bro_analyzer(), + bro_analyzer()->Conn(), ${rec.is_orig}); return true; %} diff --git a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac index 5cf250c366..ecaaf8c20d 100644 --- a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac +++ b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac @@ -72,6 +72,9 @@ refine connection Handshake_Conn += { function proc_ec_point_formats(rec: HandshakeRecord, point_format_list: uint8[]) : bool %{ + if ( ! ssl_extension_ec_point_formats ) + return true; + VectorVal* points = new VectorVal(internal_type("index_vec")->AsVectorType()); if ( point_format_list ) @@ -88,6 +91,9 @@ refine connection Handshake_Conn += { function proc_elliptic_curves(rec: HandshakeRecord, list: uint16[]) : bool %{ + if ( ! ssl_extension_elliptic_curves ) + return true; + VectorVal* curves = new VectorVal(internal_type("index_vec")->AsVectorType()); if ( list ) @@ -104,6 +110,9 @@ refine connection Handshake_Conn += { function proc_client_key_share(rec: HandshakeRecord, keyshare: KeyShareEntry[]) : bool %{ + if ( ! ssl_extension_key_share ) + return true; + VectorVal* nglist = new VectorVal(internal_type("index_vec")->AsVectorType()); if ( keyshare ) @@ -113,11 +122,15 @@ refine connection Handshake_Conn += { } BifEvent::generate_ssl_extension_key_share(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, nglist); + return true; %} function proc_server_key_share(rec: HandshakeRecord, keyshare: KeyShareEntry) : bool %{ + if ( ! ssl_extension_key_share ) + return true; + VectorVal* nglist = new VectorVal(internal_type("index_vec")->AsVectorType()); nglist->Assign(0u, val_mgr->GetCount(keyshare->namedgroup())); @@ -127,6 +140,9 @@ refine connection Handshake_Conn += { function proc_signature_algorithm(rec: HandshakeRecord, supported_signature_algorithms: SignatureAndHashAlgorithm[]) : bool %{ + if ( ! ssl_extension_signature_algorithm ) + return true; + VectorVal* slist = new VectorVal(internal_type("signature_and_hashalgorithm_vec")->AsVectorType()); if ( supported_signature_algorithms ) @@ -147,6 +163,9 @@ refine connection Handshake_Conn += { function proc_apnl(rec: HandshakeRecord, protocols: ProtocolName[]) : bool %{ + if ( ! ssl_extension_application_layer_protocol_negotiation ) + return true; + VectorVal* plist = new VectorVal(internal_type("string_vec")->AsVectorType()); if ( protocols ) @@ -183,14 +202,20 @@ refine connection Handshake_Conn += { } } - BifEvent::generate_ssl_extension_server_name(bro_analyzer(), bro_analyzer()->Conn(), - ${rec.is_orig}, servers); + if ( ssl_extension_server_name ) + BifEvent::generate_ssl_extension_server_name(bro_analyzer(), bro_analyzer()->Conn(), + ${rec.is_orig}, servers); + else + Unref(servers); return true; %} function proc_supported_versions(rec: HandshakeRecord, versions_list: uint16[]) : bool %{ + if ( ! ssl_extension_supported_versions ) + return true; + VectorVal* versions = new VectorVal(internal_type("index_vec")->AsVectorType()); if ( versions_list ) @@ -207,6 +232,9 @@ refine connection Handshake_Conn += { function proc_one_supported_version(rec: HandshakeRecord, version: uint16) : bool %{ + if ( ! ssl_extension_supported_versions ) + return true; + VectorVal* versions = new VectorVal(internal_type("index_vec")->AsVectorType()); versions->Assign(0u, val_mgr->GetCount(version)); @@ -218,6 +246,9 @@ refine connection Handshake_Conn += { function proc_psk_key_exchange_modes(rec: HandshakeRecord, mode_list: uint8[]) : bool %{ + if ( ! ssl_extension_psk_key_exchange_modes ) + return true; + VectorVal* modes = new VectorVal(internal_type("index_vec")->AsVectorType()); if ( mode_list ) @@ -272,10 +303,11 @@ refine connection Handshake_Conn += { response.length(), bro_analyzer()->GetAnalyzerTag(), bro_analyzer()->Conn(), false, file_id, "application/ocsp-response"); - BifEvent::generate_ssl_stapled_ocsp(bro_analyzer(), - bro_analyzer()->Conn(), ${rec.is_orig}, - new StringVal(response.length(), - (const char*) response.data())); + if ( ssl_stapled_ocsp ) + BifEvent::generate_ssl_stapled_ocsp(bro_analyzer(), + bro_analyzer()->Conn(), + ${rec.is_orig}, + new StringVal(response.length(), (const char*) response.data())); file_mgr->EndOfFile(file_id); } @@ -288,26 +320,32 @@ refine connection Handshake_Conn += { if ( ${kex.curve_type} != NAMED_CURVE ) return true; - BifEvent::generate_ssl_server_curve(bro_analyzer(), - bro_analyzer()->Conn(), ${kex.params.curve}); - BifEvent::generate_ssl_ecdh_server_params(bro_analyzer(), - bro_analyzer()->Conn(), ${kex.params.curve}, new StringVal(${kex.params.point}.length(), (const char*)${kex.params.point}.data())); + if ( ssl_server_curve ) + BifEvent::generate_ssl_server_curve(bro_analyzer(), + bro_analyzer()->Conn(), ${kex.params.curve}); - RecordVal* ha = new RecordVal(BifType::Record::SSL::SignatureAndHashAlgorithm); - if ( ${kex.signed_params.uses_signature_and_hashalgorithm} ) + if ( ssl_ecdh_server_params ) + BifEvent::generate_ssl_ecdh_server_params(bro_analyzer(), + bro_analyzer()->Conn(), ${kex.params.curve}, new StringVal(${kex.params.point}.length(), (const char*)${kex.params.point}.data())); + + if ( ssl_server_signature ) { - ha->Assign(0, val_mgr->GetCount(${kex.signed_params.algorithm.HashAlgorithm})); - ha->Assign(1, val_mgr->GetCount(${kex.signed_params.algorithm.SignatureAlgorithm})); - } + RecordVal* ha = new RecordVal(BifType::Record::SSL::SignatureAndHashAlgorithm); + if ( ${kex.signed_params.uses_signature_and_hashalgorithm} ) + { + ha->Assign(0, val_mgr->GetCount(${kex.signed_params.algorithm.HashAlgorithm})); + ha->Assign(1, val_mgr->GetCount(${kex.signed_params.algorithm.SignatureAlgorithm})); + } else - { - // set to impossible value - ha->Assign(0, val_mgr->GetCount(256)); - ha->Assign(1, val_mgr->GetCount(256)); - } + { + // set to impossible value + ha->Assign(0, val_mgr->GetCount(256)); + ha->Assign(1, val_mgr->GetCount(256)); + } - BifEvent::generate_ssl_server_signature(bro_analyzer(), - bro_analyzer()->Conn(), ha, new StringVal(${kex.signed_params.signature}.length(), (const char*)(${kex.signed_params.signature}).data())); + BifEvent::generate_ssl_server_signature(bro_analyzer(), + bro_analyzer()->Conn(), ha, new StringVal(${kex.signed_params.signature}.length(), (const char*)(${kex.signed_params.signature}).data())); + } return true; %} @@ -317,34 +355,46 @@ refine connection Handshake_Conn += { if ( ${kex.curve_type} != NAMED_CURVE ) return true; - BifEvent::generate_ssl_server_curve(bro_analyzer(), - bro_analyzer()->Conn(), ${kex.params.curve}); - BifEvent::generate_ssl_ecdh_server_params(bro_analyzer(), - bro_analyzer()->Conn(), ${kex.params.curve}, new StringVal(${kex.params.point}.length(), (const char*)${kex.params.point}.data())); + if ( ssl_server_curve ) + BifEvent::generate_ssl_server_curve(bro_analyzer(), + bro_analyzer()->Conn(), ${kex.params.curve}); + + if ( ssl_ecdh_server_params ) + BifEvent::generate_ssl_ecdh_server_params(bro_analyzer(), + bro_analyzer()->Conn(), ${kex.params.curve}, new StringVal(${kex.params.point}.length(), (const char*)${kex.params.point}.data())); return true; %} function proc_rsa_client_key_exchange(rec: HandshakeRecord, rsa_pms: bytestring) : bool %{ - BifEvent::generate_ssl_rsa_client_pms(bro_analyzer(), bro_analyzer()->Conn(), new StringVal(rsa_pms.length(), (const char*)rsa_pms.data())); + if ( ssl_rsa_client_pms ) + BifEvent::generate_ssl_rsa_client_pms(bro_analyzer(), bro_analyzer()->Conn(), new StringVal(rsa_pms.length(), (const char*)rsa_pms.data())); + return true; %} function proc_dh_client_key_exchange(rec: HandshakeRecord, Yc: bytestring) : bool %{ - BifEvent::generate_ssl_dh_client_params(bro_analyzer(), bro_analyzer()->Conn(), new StringVal(Yc.length(), (const char*)Yc.data())); + if ( ssl_dh_client_params ) + BifEvent::generate_ssl_dh_client_params(bro_analyzer(), bro_analyzer()->Conn(), new StringVal(Yc.length(), (const char*)Yc.data())); + return true; %} function proc_ecdh_client_key_exchange(rec: HandshakeRecord, point: bytestring) : bool %{ - BifEvent::generate_ssl_ecdh_client_params(bro_analyzer(), bro_analyzer()->Conn(), new StringVal(point.length(), (const char*)point.data())); + if ( ssl_ecdh_client_params ) + BifEvent::generate_ssl_ecdh_client_params(bro_analyzer(), bro_analyzer()->Conn(), new StringVal(point.length(), (const char*)point.data())); + return true; %} function proc_signedcertificatetimestamp(rec: HandshakeRecord, version: uint8, logid: const_bytestring, timestamp: uint64, digitally_signed_algorithms: SignatureAndHashAlgorithm, digitally_signed_signature: const_bytestring) : bool %{ + if ( ! ssl_extension_signed_certificate_timestamp ) + return true; + RecordVal* ha = new RecordVal(BifType::Record::SSL::SignatureAndHashAlgorithm); ha->Assign(0, val_mgr->GetCount(digitally_signed_algorithms->HashAlgorithm())); ha->Assign(1, val_mgr->GetCount(digitally_signed_algorithms->SignatureAlgorithm())); @@ -363,50 +413,56 @@ refine connection Handshake_Conn += { function proc_dhe_server_key_exchange(rec: HandshakeRecord, p: bytestring, g: bytestring, Ys: bytestring, signed_params: ServerKeyExchangeSignature) : bool %{ - BifEvent::generate_ssl_dh_server_params(bro_analyzer(), - bro_analyzer()->Conn(), - new StringVal(p.length(), (const char*) p.data()), - new StringVal(g.length(), (const char*) g.data()), - new StringVal(Ys.length(), (const char*) Ys.data()) - ); + if ( ssl_ecdh_server_params ) + BifEvent::generate_ssl_dh_server_params(bro_analyzer(), + bro_analyzer()->Conn(), + new StringVal(p.length(), (const char*) p.data()), + new StringVal(g.length(), (const char*) g.data()), + new StringVal(Ys.length(), (const char*) Ys.data()) + ); - RecordVal* ha = new RecordVal(BifType::Record::SSL::SignatureAndHashAlgorithm); - if ( ${signed_params.uses_signature_and_hashalgorithm} ) + if ( ssl_server_signature ) { - ha->Assign(0, val_mgr->GetCount(${signed_params.algorithm.HashAlgorithm})); - ha->Assign(1, val_mgr->GetCount(${signed_params.algorithm.SignatureAlgorithm})); - } - else - { - // set to impossible value - ha->Assign(0, val_mgr->GetCount(256)); - ha->Assign(1, val_mgr->GetCount(256)); - } + RecordVal* ha = new RecordVal(BifType::Record::SSL::SignatureAndHashAlgorithm); + if ( ${signed_params.uses_signature_and_hashalgorithm} ) + { + ha->Assign(0, val_mgr->GetCount(${signed_params.algorithm.HashAlgorithm})); + ha->Assign(1, val_mgr->GetCount(${signed_params.algorithm.SignatureAlgorithm})); + } + else + { + // set to impossible value + ha->Assign(0, val_mgr->GetCount(256)); + ha->Assign(1, val_mgr->GetCount(256)); + } - BifEvent::generate_ssl_server_signature(bro_analyzer(), - bro_analyzer()->Conn(), ha, - new StringVal(${signed_params.signature}.length(), (const char*)(${signed_params.signature}).data()) - ); + BifEvent::generate_ssl_server_signature(bro_analyzer(), + bro_analyzer()->Conn(), ha, + new StringVal(${signed_params.signature}.length(), (const char*)(${signed_params.signature}).data()) + ); + } return true; %} function proc_dh_anon_server_key_exchange(rec: HandshakeRecord, p: bytestring, g: bytestring, Ys: bytestring) : bool %{ - BifEvent::generate_ssl_dh_server_params(bro_analyzer(), - bro_analyzer()->Conn(), - new StringVal(p.length(), (const char*) p.data()), - new StringVal(g.length(), (const char*) g.data()), - new StringVal(Ys.length(), (const char*) Ys.data()) - ); + if ( ssl_dh_server_params ) + BifEvent::generate_ssl_dh_server_params(bro_analyzer(), + bro_analyzer()->Conn(), + new StringVal(p.length(), (const char*) p.data()), + new StringVal(g.length(), (const char*) g.data()), + new StringVal(Ys.length(), (const char*) Ys.data()) + ); return true; %} function proc_handshake(is_orig: bool, msg_type: uint8, length: uint24) : bool %{ - BifEvent::generate_ssl_handshake_message(bro_analyzer(), - bro_analyzer()->Conn(), is_orig, msg_type, to_int()(length)); + if ( ssl_handshake_message ) + BifEvent::generate_ssl_handshake_message(bro_analyzer(), + bro_analyzer()->Conn(), is_orig, msg_type, to_int()(length)); return true; %} diff --git a/src/analyzer/protocol/stepping-stone/SteppingStone.cc b/src/analyzer/protocol/stepping-stone/SteppingStone.cc index f4b4f78c89..29315faa74 100644 --- a/src/analyzer/protocol/stepping-stone/SteppingStone.cc +++ b/src/analyzer/protocol/stepping-stone/SteppingStone.cc @@ -140,15 +140,18 @@ void SteppingStoneEndpoint::Event(EventHandlerPtr f, int id1, int id2) return; if ( id2 >= 0 ) - endp->TCP()->ConnectionEvent(f, {val_mgr->GetInt(id1), val_mgr->GetInt(id2)}); + endp->TCP()->ConnectionEventFast(f, {val_mgr->GetInt(id1), val_mgr->GetInt(id2)}); else - endp->TCP()->ConnectionEvent(f, {val_mgr->GetInt(id1)}); + endp->TCP()->ConnectionEventFast(f, {val_mgr->GetInt(id1)}); } void SteppingStoneEndpoint::CreateEndpEvent(int is_orig) { - endp->TCP()->ConnectionEvent(stp_create_endp, { + if ( ! stp_create_endp ) + return; + + endp->TCP()->ConnectionEventFast(stp_create_endp, { endp->TCP()->BuildConnVal(), val_mgr->GetInt(stp_id), val_mgr->GetBool(is_orig), diff --git a/src/analyzer/protocol/syslog/syslog-analyzer.pac b/src/analyzer/protocol/syslog/syslog-analyzer.pac index 46e2cc171d..2bbdfd3754 100644 --- a/src/analyzer/protocol/syslog/syslog-analyzer.pac +++ b/src/analyzer/protocol/syslog/syslog-analyzer.pac @@ -11,6 +11,9 @@ flow Syslog_Flow function process_syslog_message(m: Syslog_Message): bool %{ + if ( ! syslog_message ) + return true; + if ( ${m.has_pri} ) BifEvent::generate_syslog_message( connection()->bro_analyzer(), diff --git a/src/analyzer/protocol/tcp/TCP.cc b/src/analyzer/protocol/tcp/TCP.cc index a90e0f32c4..fa2250270a 100644 --- a/src/analyzer/protocol/tcp/TCP.cc +++ b/src/analyzer/protocol/tcp/TCP.cc @@ -299,7 +299,7 @@ static void passive_fingerprint(TCP_Analyzer* tcp, bool is_orig, if ( OS_val ) { // found new OS version - tcp->ConnectionEvent(OS_version_found, { + tcp->ConnectionEventFast(OS_version_found, { tcp->BuildConnVal(), src_addr_val->Ref(), OS_val, @@ -965,7 +965,7 @@ void TCP_Analyzer::GeneratePacketEvent( const u_char* data, int len, int caplen, int is_orig, TCP_Flags flags) { - ConnectionEvent(tcp_packet, { + ConnectionEventFast(tcp_packet, { BuildConnVal(), val_mgr->GetBool(is_orig), new StringVal(flags.AsString()), @@ -1280,7 +1280,7 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, if ( connection_SYN_packet ) { - ConnectionEvent(connection_SYN_packet, { + ConnectionEventFast(connection_SYN_packet, { BuildConnVal(), SYN_vals->Ref(), }); @@ -1500,7 +1500,7 @@ int TCP_Analyzer::TCPOptionEvent(unsigned int opt, { if ( tcp_option ) { - analyzer->ConnectionEvent(tcp_option, { + analyzer->ConnectionEventFast(tcp_option, { analyzer->BuildConnVal(), val_mgr->GetBool(is_orig), val_mgr->GetCount(opt), @@ -1821,7 +1821,7 @@ void TCP_Analyzer::EndpointEOF(TCP_Reassembler* endp) { if ( connection_EOF ) { - ConnectionEvent(connection_EOF, { + ConnectionEventFast(connection_EOF, { BuildConnVal(), val_mgr->GetBool(endp->IsOrig()), }); @@ -2103,7 +2103,7 @@ int TCPStats_Endpoint::DataSent(double /* t */, uint64 seq, int len, int caplen, if ( tcp_rexmit ) { - endp->TCP()->ConnectionEvent(tcp_rexmit, { + endp->TCP()->ConnectionEventFast(tcp_rexmit, { endp->TCP()->BuildConnVal(), val_mgr->GetBool(endp->IsOrig()), val_mgr->GetCount(seq), @@ -2158,11 +2158,12 @@ void TCPStats_Analyzer::Done() { TCP_ApplicationAnalyzer::Done(); - ConnectionEvent(conn_stats, { - BuildConnVal(), - orig_stats->BuildStats(), - resp_stats->BuildStats(), - }); + if ( conn_stats ) + ConnectionEventFast(conn_stats, { + BuildConnVal(), + orig_stats->BuildStats(), + resp_stats->BuildStats(), + }); } void TCPStats_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, uint64 seq, const IP_Hdr* ip, int caplen) diff --git a/src/analyzer/protocol/tcp/TCP_Endpoint.cc b/src/analyzer/protocol/tcp/TCP_Endpoint.cc index ce58398f2d..b588adbe29 100644 --- a/src/analyzer/protocol/tcp/TCP_Endpoint.cc +++ b/src/analyzer/protocol/tcp/TCP_Endpoint.cc @@ -237,7 +237,7 @@ int TCP_Endpoint::DataSent(double t, uint64 seq, int len, int caplen, if ( contents_file_write_failure ) { - tcp_analyzer->ConnectionEvent(contents_file_write_failure, { + tcp_analyzer->ConnectionEventFast(contents_file_write_failure, { Conn()->BuildConnVal(), val_mgr->GetBool(IsOrig()), new StringVal(buf), diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.cc b/src/analyzer/protocol/tcp/TCP_Reassembler.cc index 5ad6d2e460..3db1b50352 100644 --- a/src/analyzer/protocol/tcp/TCP_Reassembler.cc +++ b/src/analyzer/protocol/tcp/TCP_Reassembler.cc @@ -136,7 +136,7 @@ void TCP_Reassembler::Gap(uint64 seq, uint64 len) if ( report_gap(endp, endp->peer) ) { - dst_analyzer->ConnectionEvent(content_gap, { + dst_analyzer->ConnectionEventFast(content_gap, { dst_analyzer->BuildConnVal(), val_mgr->GetBool(IsOrig()), val_mgr->GetCount(seq), @@ -335,7 +335,7 @@ void TCP_Reassembler::RecordBlock(DataBlock* b, BroFile* f) if ( contents_file_write_failure ) { - tcp_analyzer->ConnectionEvent(contents_file_write_failure, { + tcp_analyzer->ConnectionEventFast(contents_file_write_failure, { Endpoint()->Conn()->BuildConnVal(), val_mgr->GetBool(IsOrig()), new StringVal("TCP reassembler content write failure"), @@ -352,7 +352,7 @@ void TCP_Reassembler::RecordGap(uint64 start_seq, uint64 upper_seq, BroFile* f) if ( contents_file_write_failure ) { - tcp_analyzer->ConnectionEvent(contents_file_write_failure, { + tcp_analyzer->ConnectionEventFast(contents_file_write_failure, { Endpoint()->Conn()->BuildConnVal(), val_mgr->GetBool(IsOrig()), new StringVal("TCP reassembler gap write failure"), @@ -425,7 +425,7 @@ void TCP_Reassembler::Overlap(const u_char* b1, const u_char* b2, uint64 n) BroString* b1_s = new BroString((const u_char*) b1, n, 0); BroString* b2_s = new BroString((const u_char*) b2, n, 0); - tcp_analyzer->ConnectionEvent(rexmit_inconsistency, { + tcp_analyzer->ConnectionEventFast(rexmit_inconsistency, { tcp_analyzer->BuildConnVal(), new StringVal(b1_s), new StringVal(b2_s), @@ -596,7 +596,7 @@ void TCP_Reassembler::DeliverBlock(uint64 seq, int len, const u_char* data) if ( deliver_tcp_contents ) { - tcp_analyzer->ConnectionEvent(tcp_contents, { + tcp_analyzer->ConnectionEventFast(tcp_contents, { tcp_analyzer->BuildConnVal(), val_mgr->GetBool(IsOrig()), val_mgr->GetCount(seq), diff --git a/src/analyzer/protocol/udp/UDP.cc b/src/analyzer/protocol/udp/UDP.cc index 6123c42e91..74375e673c 100644 --- a/src/analyzer/protocol/udp/UDP.cc +++ b/src/analyzer/protocol/udp/UDP.cc @@ -157,7 +157,7 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, if ( do_udp_contents ) { - ConnectionEvent(udp_contents, { + ConnectionEventFast(udp_contents, { BuildConnVal(), val_mgr->GetBool(is_orig), new StringVal(len, (const char*) data), diff --git a/src/analyzer/protocol/xmpp/xmpp-analyzer.pac b/src/analyzer/protocol/xmpp/xmpp-analyzer.pac index 5253ce050b..26a9c69b5b 100644 --- a/src/analyzer/protocol/xmpp/xmpp-analyzer.pac +++ b/src/analyzer/protocol/xmpp/xmpp-analyzer.pac @@ -32,7 +32,8 @@ refine connection XMPP_Conn += { if ( !is_orig && ( token == "proceed" || token_no_ns == "proceed" ) && client_starttls ) { bro_analyzer()->StartTLS(); - BifEvent::generate_xmpp_starttls(bro_analyzer(), bro_analyzer()->Conn()); + if ( xmpp_starttls ) + BifEvent::generate_xmpp_starttls(bro_analyzer(), bro_analyzer()->Conn()); } else if ( !is_orig && token == "proceed" ) reporter->Weird(bro_analyzer()->Conn(), "XMPP: proceed without starttls"); diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc index c9d1d7a1e3..96a37490a2 100644 --- a/src/broker/Manager.cc +++ b/src/broker/Manager.cc @@ -1016,7 +1016,7 @@ void Manager::ProcessEvent(const broker::topic& topic, broker::bro::Event ev) } if ( static_cast(vl.length()) == args.size() ) - mgr.QueueEvent(handler, std::move(vl), SOURCE_BROKER); + mgr.QueueEventFast(handler, std::move(vl), SOURCE_BROKER); else { loop_over_list(vl, i) @@ -1247,6 +1247,9 @@ void Manager::ProcessStatus(broker::status stat) break; } + if ( ! event ) + return; + auto ei = internal_type("Broker::EndpointInfo")->AsRecordType(); auto endpoint_info = new RecordVal(ei); @@ -1275,7 +1278,7 @@ void Manager::ProcessStatus(broker::status stat) auto str = stat.message(); auto msg = new StringVal(str ? *str : ""); - mgr.QueueEvent(event, {endpoint_info, msg}); + mgr.QueueEventFast(event, {endpoint_info, msg}); } void Manager::ProcessError(broker::error err) @@ -1352,7 +1355,7 @@ void Manager::ProcessError(broker::error err) msg = fmt("[%s] %s", caf::to_string(err.category()).c_str(), caf::to_string(err.context()).c_str()); } - mgr.QueueEvent(Broker::error, { + mgr.QueueEventFast(Broker::error, { BifType::Enum::Broker::ErrorCode->GetVal(ec), new StringVal(msg), }); diff --git a/src/file_analysis/File.cc b/src/file_analysis/File.cc index faa6b280b0..b3680c2a2c 100644 --- a/src/file_analysis/File.cc +++ b/src/file_analysis/File.cc @@ -637,7 +637,7 @@ void File::FileEvent(EventHandlerPtr h, val_list* vl) void File::FileEvent(EventHandlerPtr h, val_list vl) { - mgr.QueueEvent(h, std::move(vl)); + mgr.QueueEventFast(h, std::move(vl)); if ( h == file_new || h == file_over_new_connection || h == file_sniff || diff --git a/src/file_analysis/Manager.cc b/src/file_analysis/Manager.cc index 134418a476..da6099b1fe 100644 --- a/src/file_analysis/Manager.cc +++ b/src/file_analysis/Manager.cc @@ -443,7 +443,7 @@ string Manager::GetFileID(analyzer::Tag tag, Connection* c, bool is_orig) EnumVal* tagval = tag.AsEnumVal(); Ref(tagval); - mgr.QueueEvent(get_file_handle, { + mgr.QueueEventFast(get_file_handle, { tagval, c->BuildConnVal(), val_mgr->GetBool(is_orig), diff --git a/src/file_analysis/analyzer/data_event/DataEvent.cc b/src/file_analysis/analyzer/data_event/DataEvent.cc index 8aa688b879..5d692383e1 100644 --- a/src/file_analysis/analyzer/data_event/DataEvent.cc +++ b/src/file_analysis/analyzer/data_event/DataEvent.cc @@ -41,7 +41,7 @@ bool DataEvent::DeliverChunk(const u_char* data, uint64 len, uint64 offset) { if ( ! chunk_event ) return true; - mgr.QueueEvent(chunk_event, { + mgr.QueueEventFast(chunk_event, { GetFile()->GetVal()->Ref(), new StringVal(new BroString(data, len, 0)), val_mgr->GetCount(offset), @@ -54,7 +54,7 @@ bool DataEvent::DeliverStream(const u_char* data, uint64 len) { if ( ! stream_event ) return true; - mgr.QueueEvent(stream_event, { + mgr.QueueEventFast(stream_event, { GetFile()->GetVal()->Ref(), new StringVal(new BroString(data, len, 0)), }); diff --git a/src/file_analysis/analyzer/entropy/Entropy.cc b/src/file_analysis/analyzer/entropy/Entropy.cc index 873b8e2fcf..a0a561a1cc 100644 --- a/src/file_analysis/analyzer/entropy/Entropy.cc +++ b/src/file_analysis/analyzer/entropy/Entropy.cc @@ -53,6 +53,9 @@ void Entropy::Finalize() if ( ! fed ) return; + if ( ! file_entropy ) + return; + double montepi, scc, ent, mean, chisq; montepi = scc = ent = mean = chisq = 0.0; entropy->Get(&ent, &chisq, &mean, &montepi, &scc); @@ -64,7 +67,7 @@ void Entropy::Finalize() ent_result->Assign(3, new Val(montepi, TYPE_DOUBLE)); ent_result->Assign(4, new Val(scc, TYPE_DOUBLE)); - mgr.QueueEvent(file_entropy, { + mgr.QueueEventFast(file_entropy, { GetFile()->GetVal()->Ref(), ent_result, }); diff --git a/src/file_analysis/analyzer/hash/Hash.cc b/src/file_analysis/analyzer/hash/Hash.cc index 07bcb0babd..7b2ecb5799 100644 --- a/src/file_analysis/analyzer/hash/Hash.cc +++ b/src/file_analysis/analyzer/hash/Hash.cc @@ -48,7 +48,10 @@ void Hash::Finalize() if ( ! hash->IsValid() || ! fed ) return; - mgr.QueueEvent(file_hash, { + if ( ! file_hash ) + return; + + mgr.QueueEventFast(file_hash, { GetFile()->GetVal()->Ref(), new StringVal(kind), hash->Get(), diff --git a/src/file_analysis/analyzer/unified2/unified2-analyzer.pac b/src/file_analysis/analyzer/unified2/unified2-analyzer.pac index ee874c4d37..a4a7da5081 100644 --- a/src/file_analysis/analyzer/unified2/unified2-analyzer.pac +++ b/src/file_analysis/analyzer/unified2/unified2-analyzer.pac @@ -81,7 +81,7 @@ refine flow Flow += { ids_event->Assign(11, to_port(${ev.dst_p}, ${ev.protocol})); ids_event->Assign(17, val_mgr->GetCount(${ev.packet_action})); - mgr.QueueEvent(::unified2_event, { + mgr.QueueEventFast(::unified2_event, { connection()->bro_analyzer()->GetFile()->GetVal()->Ref(), ids_event, }, @@ -113,7 +113,7 @@ refine flow Flow += { ids_event->Assign(15, val_mgr->GetCount(${ev.mpls_label})); ids_event->Assign(16, val_mgr->GetCount(${ev.vlan_id})); - mgr.QueueEvent(::unified2_event, { + mgr.QueueEventFast(::unified2_event, { connection()->bro_analyzer()->GetFile()->GetVal()->Ref(), ids_event, }, @@ -135,7 +135,7 @@ refine flow Flow += { packet->Assign(4, val_mgr->GetCount(${pkt.link_type})); packet->Assign(5, bytestring_to_val(${pkt.packet_data})); - mgr.QueueEvent(::unified2_packet, { + mgr.QueueEventFast(::unified2_packet, { connection()->bro_analyzer()->GetFile()->GetVal()->Ref(), packet, }, diff --git a/src/file_analysis/analyzer/x509/OCSP.cc b/src/file_analysis/analyzer/x509/OCSP.cc index 3681c6fd44..d55931c946 100644 --- a/src/file_analysis/analyzer/x509/OCSP.cc +++ b/src/file_analysis/analyzer/x509/OCSP.cc @@ -427,10 +427,11 @@ void file_analysis::OCSP::ParseRequest(OCSP_REQUEST* req) // TODO: try to parse out general name ? #endif - mgr.QueueEvent(ocsp_request, { - GetFile()->GetVal()->Ref(), - val_mgr->GetCount(version), - }); + if ( ocsp_request ) + mgr.QueueEventFast(ocsp_request, { + GetFile()->GetVal()->Ref(), + val_mgr->GetCount(version), + }); BIO *bio = BIO_new(BIO_s_mem()); @@ -470,10 +471,11 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) const char *status_str = OCSP_response_status_str(OCSP_response_status(resp)); StringVal* status_val = new StringVal(strlen(status_str), status_str); - mgr.QueueEvent(ocsp_response_status, { - GetFile()->GetVal()->Ref(), - status_val->Ref(), - }); + if ( ocsp_response_status ) + mgr.QueueEventFast(ocsp_response_status, { + GetFile()->GetVal()->Ref(), + status_val->Ref(), + }); //if (!resp_bytes) // { @@ -491,12 +493,18 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) // get the basic response basic_resp = OCSP_response_get1_basic(resp); if ( !basic_resp ) + { + Unref(status_val); goto clean_up; + } #if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) resp_data = basic_resp->tbsResponseData; if ( !resp_data ) + { + Unref(status_val); goto clean_up; + } #endif vl.append(GetFile()->GetVal()->Ref()); diff --git a/src/file_analysis/analyzer/x509/X509.cc b/src/file_analysis/analyzer/x509/X509.cc index c33f20a800..524aae1f27 100644 --- a/src/file_analysis/analyzer/x509/X509.cc +++ b/src/file_analysis/analyzer/x509/X509.cc @@ -221,16 +221,20 @@ void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex) if ( constr ) { - RecordVal* pBasicConstraint = new RecordVal(BifType::Record::X509::BasicConstraints); - pBasicConstraint->Assign(0, val_mgr->GetBool(constr->ca ? 1 : 0)); + if ( x509_ext_basic_constraints ) + { + RecordVal* pBasicConstraint = new RecordVal(BifType::Record::X509::BasicConstraints); + pBasicConstraint->Assign(0, val_mgr->GetBool(constr->ca ? 1 : 0)); - if ( constr->pathlen ) - pBasicConstraint->Assign(1, val_mgr->GetCount((int32_t) ASN1_INTEGER_get(constr->pathlen))); + if ( constr->pathlen ) + pBasicConstraint->Assign(1, val_mgr->GetCount((int32_t) ASN1_INTEGER_get(constr->pathlen))); + + mgr.QueueEventFast(x509_ext_basic_constraints, { + GetFile()->GetVal()->Ref(), + pBasicConstraint, + }); + } - mgr.QueueEvent(x509_ext_basic_constraints, { - GetFile()->GetVal()->Ref(), - pBasicConstraint, - }); BASIC_CONSTRAINTS_free(constr); } diff --git a/src/file_analysis/analyzer/x509/x509-extension.pac b/src/file_analysis/analyzer/x509/x509-extension.pac index 396debbbbe..b6a6611d3c 100644 --- a/src/file_analysis/analyzer/x509/x509-extension.pac +++ b/src/file_analysis/analyzer/x509/x509-extension.pac @@ -35,6 +35,9 @@ refine connection MockConnection += { function proc_signedcertificatetimestamp(rec: HandshakeRecord, version: uint8, logid: const_bytestring, timestamp: uint64, digitally_signed_algorithms: SignatureAndHashAlgorithm, digitally_signed_signature: const_bytestring) : bool %{ + if ( ! x509_ocsp_ext_signed_certificate_timestamp ) + return true; + BifEvent::generate_x509_ocsp_ext_signed_certificate_timestamp((analyzer::Analyzer *) bro_analyzer(), bro_analyzer()->GetFile()->GetVal()->Ref(), version, diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index 108869be9f..39496671a2 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -715,7 +715,7 @@ bool Manager::Write(EnumVal* id, RecordVal* columns) // Raise the log event. if ( stream->event ) - mgr.QueueEvent(stream->event, {columns->Ref()}, SOURCE_LOCAL); + mgr.QueueEventFast(stream->event, {columns->Ref()}, SOURCE_LOCAL); // Send to each of our filters. for ( list::iterator i = stream->filters.begin(); diff --git a/src/main.cc b/src/main.cc index 56300fc1a2..7afdb876bd 100644 --- a/src/main.cc +++ b/src/main.cc @@ -340,7 +340,7 @@ void terminate_bro() EventHandlerPtr bro_done = internal_handler("bro_done"); if ( bro_done ) - mgr.QueueEvent(bro_done, val_list{}); + mgr.QueueEventFast(bro_done, val_list{}); timer_mgr->Expire(); mgr.Drain(); @@ -1138,7 +1138,7 @@ int main(int argc, char** argv) EventHandlerPtr bro_init = internal_handler("bro_init"); if ( bro_init ) - mgr.QueueEvent(bro_init, val_list{}); + mgr.QueueEventFast(bro_init, val_list{}); EventRegistry::string_list* dead_handlers = event_registry->UnusedHandlers(); @@ -1184,16 +1184,19 @@ int main(int argc, char** argv) if ( override_ignore_checksums ) ignore_checksums = 1; - // Queue events reporting loaded scripts. - for ( std::list::iterator i = files_scanned.begin(); i != files_scanned.end(); i++ ) + if ( bro_script_loaded ) { - if ( i->skipped ) - continue; + // Queue events reporting loaded scripts. + for ( std::list::iterator i = files_scanned.begin(); i != files_scanned.end(); i++ ) + { + if ( i->skipped ) + continue; - mgr.QueueEvent(bro_script_loaded, { - new StringVal(i->name.c_str()), - val_mgr->GetCount(i->include_level), - }); + mgr.QueueEventFast(bro_script_loaded, { + new StringVal(i->name.c_str()), + val_mgr->GetCount(i->include_level), + }); + } } reporter->ReportViaEvents(true); From 4e0c1997a0f34901fc93efb93f215d9f3d3ce852 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Thu, 11 Apr 2019 23:32:58 -0500 Subject: [PATCH 017/247] Update tests and baselines due to renaming all scripts --- .../btest/Baseline/core.load-prefixes/output | 4 +- .../Baseline/core.pcap.filter-error/output | 2 +- .../canonified_loaded_scripts.log | 346 ++++----- .../Baseline/coverage.bare-mode-errors/errors | 36 +- .../canonified_loaded_scripts.log | 734 +++++++++--------- .../coverage.init-default/missing_loads | 20 +- .../Baseline/doc.broxygen.all_scripts/.stderr | 20 +- .../Baseline/doc.broxygen.example/example.rst | 6 +- .../Baseline/doc.broxygen.package/test.rst | 4 +- .../doc.broxygen.script_index/test.rst | 4 +- .../doc.broxygen.script_summary/test.rst | 2 +- .../language.index-assignment-invalid/out | 2 +- .../output | 2 +- .../out1 | 2 +- .../scripts.base.misc.version/.stderr | 8 +- testing/btest/core/ip-broken-header.bro | 2 +- testing/btest/core/load-prefixes.bro | 10 +- .../btest/coverage/bare-load-baseline.test | 2 +- testing/btest/coverage/bare-mode-errors.test | 2 +- testing/btest/coverage/find-bro-logs.test | 2 +- testing/btest/coverage/init-default.test | 16 +- testing/btest/coverage/test-all-policy.test | 14 +- testing/btest/doc/broxygen/example.bro | 4 +- testing/btest/doc/broxygen/script_summary.bro | 2 +- .../logging/ascii-json-optional.bro | 2 +- .../scripts/base/protocols/modbus/policy.bro | 4 +- .../base/protocols/ssl/cve-2015-3194.test | 2 +- .../base/protocols/ssl/keyexchange.test | 2 +- .../btest/scripts/policy/misc/dump-events.bro | 6 +- .../btest/scripts/policy/misc/weird-stats.bro | 2 +- .../protocols/ssl/validate-certs-no-cache.bro | 2 +- .../policy/protocols/ssl/validate-certs.bro | 2 +- .../policy/protocols/ssl/validate-sct.bro | 2 +- 33 files changed, 635 insertions(+), 635 deletions(-) diff --git a/testing/btest/Baseline/core.load-prefixes/output b/testing/btest/Baseline/core.load-prefixes/output index 2969d774cf..05e54cb3b9 100644 --- a/testing/btest/Baseline/core.load-prefixes/output +++ b/testing/btest/Baseline/core.load-prefixes/output @@ -1,4 +1,4 @@ -loaded lcl2.base.utils.site.bro -loaded lcl.base.utils.site.bro +loaded lcl2.base.utils.site.zeek +loaded lcl.base.utils.site.zeek loaded lcl2.base.protocols.http.bro loaded lcl.base.protocols.http.zeek diff --git a/testing/btest/Baseline/core.pcap.filter-error/output b/testing/btest/Baseline/core.pcap.filter-error/output index 82804bb483..f52fdf7e0a 100644 --- a/testing/btest/Baseline/core.pcap.filter-error/output +++ b/testing/btest/Baseline/core.pcap.filter-error/output @@ -1,3 +1,3 @@ -fatal error in /home/robin/bro/master/scripts/base/frameworks/packet-filter/./main.bro, line 282: Bad pcap filter 'kaputt' +fatal error in /home/robin/bro/master/scripts/base/frameworks/packet-filter/./main.zeek, line 282: Bad pcap filter 'kaputt' ---- error, cannot compile BPF filter "kaputt, too" diff --git a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log index 4eeaa4b07b..f533fd8be2 100644 --- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log @@ -6,177 +6,177 @@ #open 2018-06-08-16-37-15 #fields name #types string -scripts/base/init-bare.bro - build/scripts/base/bif/const.bif.bro - build/scripts/base/bif/types.bif.bro - build/scripts/base/bif/bro.bif.bro - build/scripts/base/bif/stats.bif.bro - build/scripts/base/bif/reporter.bif.bro - build/scripts/base/bif/strings.bif.bro - build/scripts/base/bif/option.bif.bro - build/scripts/base/bif/plugins/Bro_SNMP.types.bif.bro - build/scripts/base/bif/plugins/Bro_KRB.types.bif.bro - build/scripts/base/bif/event.bif.bro -scripts/base/init-frameworks-and-bifs.bro - scripts/base/frameworks/logging/__load__.bro - scripts/base/frameworks/logging/main.bro - build/scripts/base/bif/logging.bif.bro - scripts/base/frameworks/logging/postprocessors/__load__.bro - scripts/base/frameworks/logging/postprocessors/scp.bro - scripts/base/frameworks/logging/postprocessors/sftp.bro - scripts/base/frameworks/logging/writers/ascii.bro - scripts/base/frameworks/logging/writers/sqlite.bro - scripts/base/frameworks/logging/writers/none.bro - scripts/base/frameworks/broker/__load__.bro - scripts/base/frameworks/broker/main.bro - build/scripts/base/bif/comm.bif.bro - build/scripts/base/bif/messaging.bif.bro - scripts/base/frameworks/broker/store.bro - build/scripts/base/bif/data.bif.bro - build/scripts/base/bif/store.bif.bro - scripts/base/frameworks/broker/log.bro - scripts/base/frameworks/input/__load__.bro - scripts/base/frameworks/input/main.bro - build/scripts/base/bif/input.bif.bro - scripts/base/frameworks/input/readers/ascii.bro - scripts/base/frameworks/input/readers/raw.bro - scripts/base/frameworks/input/readers/benchmark.bro - scripts/base/frameworks/input/readers/binary.bro - scripts/base/frameworks/input/readers/config.bro - scripts/base/frameworks/input/readers/sqlite.bro - scripts/base/frameworks/analyzer/__load__.bro - scripts/base/frameworks/analyzer/main.bro - scripts/base/frameworks/packet-filter/utils.bro - build/scripts/base/bif/analyzer.bif.bro - scripts/base/frameworks/files/__load__.bro - scripts/base/frameworks/files/main.bro - build/scripts/base/bif/file_analysis.bif.bro - scripts/base/utils/site.bro - scripts/base/utils/patterns.bro - scripts/base/frameworks/files/magic/__load__.bro - build/scripts/base/bif/__load__.bro - build/scripts/base/bif/broxygen.bif.bro - build/scripts/base/bif/pcap.bif.bro - build/scripts/base/bif/bloom-filter.bif.bro - build/scripts/base/bif/cardinality-counter.bif.bro - build/scripts/base/bif/top-k.bif.bro - build/scripts/base/bif/plugins/__load__.bro - build/scripts/base/bif/plugins/Bro_ARP.events.bif.bro - build/scripts/base/bif/plugins/Bro_BackDoor.events.bif.bro - build/scripts/base/bif/plugins/Bro_BitTorrent.events.bif.bro - build/scripts/base/bif/plugins/Bro_ConnSize.events.bif.bro - build/scripts/base/bif/plugins/Bro_ConnSize.functions.bif.bro - build/scripts/base/bif/plugins/Bro_DCE_RPC.consts.bif.bro - build/scripts/base/bif/plugins/Bro_DCE_RPC.types.bif.bro - build/scripts/base/bif/plugins/Bro_DCE_RPC.events.bif.bro - build/scripts/base/bif/plugins/Bro_DHCP.events.bif.bro - build/scripts/base/bif/plugins/Bro_DHCP.types.bif.bro - build/scripts/base/bif/plugins/Bro_DNP3.events.bif.bro - build/scripts/base/bif/plugins/Bro_DNS.events.bif.bro - build/scripts/base/bif/plugins/Bro_File.events.bif.bro - build/scripts/base/bif/plugins/Bro_Finger.events.bif.bro - build/scripts/base/bif/plugins/Bro_FTP.events.bif.bro - build/scripts/base/bif/plugins/Bro_FTP.functions.bif.bro - build/scripts/base/bif/plugins/Bro_Gnutella.events.bif.bro - build/scripts/base/bif/plugins/Bro_GSSAPI.events.bif.bro - build/scripts/base/bif/plugins/Bro_GTPv1.events.bif.bro - build/scripts/base/bif/plugins/Bro_HTTP.events.bif.bro - build/scripts/base/bif/plugins/Bro_HTTP.functions.bif.bro - build/scripts/base/bif/plugins/Bro_ICMP.events.bif.bro - build/scripts/base/bif/plugins/Bro_Ident.events.bif.bro - build/scripts/base/bif/plugins/Bro_IMAP.events.bif.bro - build/scripts/base/bif/plugins/Bro_InterConn.events.bif.bro - build/scripts/base/bif/plugins/Bro_IRC.events.bif.bro - build/scripts/base/bif/plugins/Bro_KRB.events.bif.bro - build/scripts/base/bif/plugins/Bro_Login.events.bif.bro - build/scripts/base/bif/plugins/Bro_Login.functions.bif.bro - build/scripts/base/bif/plugins/Bro_MIME.events.bif.bro - build/scripts/base/bif/plugins/Bro_Modbus.events.bif.bro - build/scripts/base/bif/plugins/Bro_MySQL.events.bif.bro - build/scripts/base/bif/plugins/Bro_NCP.events.bif.bro - build/scripts/base/bif/plugins/Bro_NCP.consts.bif.bro - build/scripts/base/bif/plugins/Bro_NetBIOS.events.bif.bro - build/scripts/base/bif/plugins/Bro_NetBIOS.functions.bif.bro - build/scripts/base/bif/plugins/Bro_NTLM.types.bif.bro - build/scripts/base/bif/plugins/Bro_NTLM.events.bif.bro - build/scripts/base/bif/plugins/Bro_NTP.events.bif.bro - build/scripts/base/bif/plugins/Bro_POP3.events.bif.bro - build/scripts/base/bif/plugins/Bro_RADIUS.events.bif.bro - build/scripts/base/bif/plugins/Bro_RDP.events.bif.bro - build/scripts/base/bif/plugins/Bro_RDP.types.bif.bro - build/scripts/base/bif/plugins/Bro_RFB.events.bif.bro - build/scripts/base/bif/plugins/Bro_RPC.events.bif.bro - build/scripts/base/bif/plugins/Bro_SIP.events.bif.bro - build/scripts/base/bif/plugins/Bro_SNMP.events.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_check_directory.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_close.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_create_directory.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_echo.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_logoff_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_negotiate.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_nt_create_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_nt_cancel.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_query_information.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_read_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_session_setup_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction_secondary.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction2.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction2_secondary.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_tree_connect_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_tree_disconnect.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_write_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_events.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_close.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_create.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_negotiate.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_read.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_session_setup.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_set_info.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_connect.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_disconnect.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_write.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_transform_header.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_events.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.events.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.consts.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.types.bif.bro - build/scripts/base/bif/plugins/Bro_SMTP.events.bif.bro - build/scripts/base/bif/plugins/Bro_SMTP.functions.bif.bro - build/scripts/base/bif/plugins/Bro_SOCKS.events.bif.bro - build/scripts/base/bif/plugins/Bro_SSH.types.bif.bro - build/scripts/base/bif/plugins/Bro_SSH.events.bif.bro - build/scripts/base/bif/plugins/Bro_SSL.types.bif.bro - build/scripts/base/bif/plugins/Bro_SSL.events.bif.bro - build/scripts/base/bif/plugins/Bro_SSL.functions.bif.bro - build/scripts/base/bif/plugins/Bro_SteppingStone.events.bif.bro - build/scripts/base/bif/plugins/Bro_Syslog.events.bif.bro - build/scripts/base/bif/plugins/Bro_TCP.events.bif.bro - build/scripts/base/bif/plugins/Bro_TCP.functions.bif.bro - build/scripts/base/bif/plugins/Bro_Teredo.events.bif.bro - build/scripts/base/bif/plugins/Bro_UDP.events.bif.bro - build/scripts/base/bif/plugins/Bro_VXLAN.events.bif.bro - build/scripts/base/bif/plugins/Bro_XMPP.events.bif.bro - build/scripts/base/bif/plugins/Bro_FileEntropy.events.bif.bro - build/scripts/base/bif/plugins/Bro_FileExtract.events.bif.bro - build/scripts/base/bif/plugins/Bro_FileExtract.functions.bif.bro - build/scripts/base/bif/plugins/Bro_FileHash.events.bif.bro - build/scripts/base/bif/plugins/Bro_PE.events.bif.bro - build/scripts/base/bif/plugins/Bro_Unified2.events.bif.bro - build/scripts/base/bif/plugins/Bro_Unified2.types.bif.bro - build/scripts/base/bif/plugins/Bro_X509.events.bif.bro - build/scripts/base/bif/plugins/Bro_X509.types.bif.bro - build/scripts/base/bif/plugins/Bro_X509.functions.bif.bro - build/scripts/base/bif/plugins/Bro_X509.ocsp_events.bif.bro - build/scripts/base/bif/plugins/Bro_AsciiReader.ascii.bif.bro - build/scripts/base/bif/plugins/Bro_BenchmarkReader.benchmark.bif.bro - build/scripts/base/bif/plugins/Bro_BinaryReader.binary.bif.bro - build/scripts/base/bif/plugins/Bro_ConfigReader.config.bif.bro - build/scripts/base/bif/plugins/Bro_RawReader.raw.bif.bro - build/scripts/base/bif/plugins/Bro_SQLiteReader.sqlite.bif.bro - build/scripts/base/bif/plugins/Bro_AsciiWriter.ascii.bif.bro - build/scripts/base/bif/plugins/Bro_NoneWriter.none.bif.bro - build/scripts/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.bro -scripts/policy/misc/loaded-scripts.bro - scripts/base/utils/paths.bro +scripts/base/init-bare.zeek + build/scripts/base/bif/const.bif.zeek + build/scripts/base/bif/types.bif.zeek + build/scripts/base/bif/bro.bif.zeek + build/scripts/base/bif/stats.bif.zeek + build/scripts/base/bif/reporter.bif.zeek + build/scripts/base/bif/strings.bif.zeek + build/scripts/base/bif/option.bif.zeek + build/scripts/base/bif/plugins/Bro_SNMP.types.bif.zeek + build/scripts/base/bif/plugins/Bro_KRB.types.bif.zeek + build/scripts/base/bif/event.bif.zeek +scripts/base/init-frameworks-and-bifs.zeek + scripts/base/frameworks/logging/__load__.zeek + scripts/base/frameworks/logging/main.zeek + build/scripts/base/bif/logging.bif.zeek + scripts/base/frameworks/logging/postprocessors/__load__.zeek + scripts/base/frameworks/logging/postprocessors/scp.zeek + scripts/base/frameworks/logging/postprocessors/sftp.zeek + scripts/base/frameworks/logging/writers/ascii.zeek + scripts/base/frameworks/logging/writers/sqlite.zeek + scripts/base/frameworks/logging/writers/none.zeek + scripts/base/frameworks/broker/__load__.zeek + scripts/base/frameworks/broker/main.zeek + build/scripts/base/bif/comm.bif.zeek + build/scripts/base/bif/messaging.bif.zeek + scripts/base/frameworks/broker/store.zeek + build/scripts/base/bif/data.bif.zeek + build/scripts/base/bif/store.bif.zeek + scripts/base/frameworks/broker/log.zeek + scripts/base/frameworks/input/__load__.zeek + scripts/base/frameworks/input/main.zeek + build/scripts/base/bif/input.bif.zeek + scripts/base/frameworks/input/readers/ascii.zeek + scripts/base/frameworks/input/readers/raw.zeek + scripts/base/frameworks/input/readers/benchmark.zeek + scripts/base/frameworks/input/readers/binary.zeek + scripts/base/frameworks/input/readers/config.zeek + scripts/base/frameworks/input/readers/sqlite.zeek + scripts/base/frameworks/analyzer/__load__.zeek + scripts/base/frameworks/analyzer/main.zeek + scripts/base/frameworks/packet-filter/utils.zeek + build/scripts/base/bif/analyzer.bif.zeek + scripts/base/frameworks/files/__load__.zeek + scripts/base/frameworks/files/main.zeek + build/scripts/base/bif/file_analysis.bif.zeek + scripts/base/utils/site.zeek + scripts/base/utils/patterns.zeek + scripts/base/frameworks/files/magic/__load__.zeek + build/scripts/base/bif/__load__.zeek + build/scripts/base/bif/broxygen.bif.zeek + build/scripts/base/bif/pcap.bif.zeek + build/scripts/base/bif/bloom-filter.bif.zeek + build/scripts/base/bif/cardinality-counter.bif.zeek + build/scripts/base/bif/top-k.bif.zeek + build/scripts/base/bif/plugins/__load__.zeek + build/scripts/base/bif/plugins/Bro_ARP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_BackDoor.events.bif.zeek + build/scripts/base/bif/plugins/Bro_BitTorrent.events.bif.zeek + build/scripts/base/bif/plugins/Bro_ConnSize.events.bif.zeek + build/scripts/base/bif/plugins/Bro_ConnSize.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_DCE_RPC.consts.bif.zeek + build/scripts/base/bif/plugins/Bro_DCE_RPC.types.bif.zeek + build/scripts/base/bif/plugins/Bro_DCE_RPC.events.bif.zeek + build/scripts/base/bif/plugins/Bro_DHCP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_DHCP.types.bif.zeek + build/scripts/base/bif/plugins/Bro_DNP3.events.bif.zeek + build/scripts/base/bif/plugins/Bro_DNS.events.bif.zeek + build/scripts/base/bif/plugins/Bro_File.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Finger.events.bif.zeek + build/scripts/base/bif/plugins/Bro_FTP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_FTP.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_Gnutella.events.bif.zeek + build/scripts/base/bif/plugins/Bro_GSSAPI.events.bif.zeek + build/scripts/base/bif/plugins/Bro_GTPv1.events.bif.zeek + build/scripts/base/bif/plugins/Bro_HTTP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_HTTP.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_ICMP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Ident.events.bif.zeek + build/scripts/base/bif/plugins/Bro_IMAP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_InterConn.events.bif.zeek + build/scripts/base/bif/plugins/Bro_IRC.events.bif.zeek + build/scripts/base/bif/plugins/Bro_KRB.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Login.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Login.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_MIME.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Modbus.events.bif.zeek + build/scripts/base/bif/plugins/Bro_MySQL.events.bif.zeek + build/scripts/base/bif/plugins/Bro_NCP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_NCP.consts.bif.zeek + build/scripts/base/bif/plugins/Bro_NetBIOS.events.bif.zeek + build/scripts/base/bif/plugins/Bro_NetBIOS.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_NTLM.types.bif.zeek + build/scripts/base/bif/plugins/Bro_NTLM.events.bif.zeek + build/scripts/base/bif/plugins/Bro_NTP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_POP3.events.bif.zeek + build/scripts/base/bif/plugins/Bro_RADIUS.events.bif.zeek + build/scripts/base/bif/plugins/Bro_RDP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_RDP.types.bif.zeek + build/scripts/base/bif/plugins/Bro_RFB.events.bif.zeek + build/scripts/base/bif/plugins/Bro_RPC.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SIP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SNMP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_check_directory.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_close.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_create_directory.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_echo.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_logoff_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_negotiate.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_nt_create_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_nt_cancel.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_query_information.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_read_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_session_setup_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction_secondary.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction2.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction2_secondary.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_tree_connect_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_tree_disconnect.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_write_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_events.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_close.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_create.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_negotiate.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_read.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_session_setup.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_set_info.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_connect.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_disconnect.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_write.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_transform_header.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_events.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.consts.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.types.bif.zeek + build/scripts/base/bif/plugins/Bro_SMTP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SMTP.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_SOCKS.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SSH.types.bif.zeek + build/scripts/base/bif/plugins/Bro_SSH.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SSL.types.bif.zeek + build/scripts/base/bif/plugins/Bro_SSL.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SSL.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_SteppingStone.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Syslog.events.bif.zeek + build/scripts/base/bif/plugins/Bro_TCP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_TCP.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_Teredo.events.bif.zeek + build/scripts/base/bif/plugins/Bro_UDP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_VXLAN.events.bif.zeek + build/scripts/base/bif/plugins/Bro_XMPP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_FileEntropy.events.bif.zeek + build/scripts/base/bif/plugins/Bro_FileExtract.events.bif.zeek + build/scripts/base/bif/plugins/Bro_FileExtract.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_FileHash.events.bif.zeek + build/scripts/base/bif/plugins/Bro_PE.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Unified2.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Unified2.types.bif.zeek + build/scripts/base/bif/plugins/Bro_X509.events.bif.zeek + build/scripts/base/bif/plugins/Bro_X509.types.bif.zeek + build/scripts/base/bif/plugins/Bro_X509.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_X509.ocsp_events.bif.zeek + build/scripts/base/bif/plugins/Bro_AsciiReader.ascii.bif.zeek + build/scripts/base/bif/plugins/Bro_BenchmarkReader.benchmark.bif.zeek + build/scripts/base/bif/plugins/Bro_BinaryReader.binary.bif.zeek + build/scripts/base/bif/plugins/Bro_ConfigReader.config.bif.zeek + build/scripts/base/bif/plugins/Bro_RawReader.raw.bif.zeek + build/scripts/base/bif/plugins/Bro_SQLiteReader.sqlite.bif.zeek + build/scripts/base/bif/plugins/Bro_AsciiWriter.ascii.bif.zeek + build/scripts/base/bif/plugins/Bro_NoneWriter.none.bif.zeek + build/scripts/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.zeek +scripts/policy/misc/loaded-scripts.zeek + scripts/base/utils/paths.zeek #close 2018-06-08-16-37-15 diff --git a/testing/btest/Baseline/coverage.bare-mode-errors/errors b/testing/btest/Baseline/coverage.bare-mode-errors/errors index e11a4ca00f..68129bbab6 100644 --- a/testing/btest/Baseline/coverage.bare-mode-errors/errors +++ b/testing/btest/Baseline/coverage.bare-mode-errors/errors @@ -1,18 +1,18 @@ -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 245: deprecated (dhcp_discover) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 248: deprecated (dhcp_offer) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 251: deprecated (dhcp_request) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 254: deprecated (dhcp_decline) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 257: deprecated (dhcp_ack) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 260: deprecated (dhcp_nak) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 263: deprecated (dhcp_release) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 266: deprecated (dhcp_inform) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/smb/__load__.bro, line 1: deprecated script loaded from /Users/jon/projects/bro/bro/testing/btest/../../scripts//broxygen/__load__.bro:10 "Use '@load base/protocols/smb' instead" -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.bro, line 245: deprecated (dhcp_discover) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.bro, line 248: deprecated (dhcp_offer) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.bro, line 251: deprecated (dhcp_request) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.bro, line 254: deprecated (dhcp_decline) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.bro, line 257: deprecated (dhcp_ack) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.bro, line 260: deprecated (dhcp_nak) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.bro, line 263: deprecated (dhcp_release) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.bro, line 266: deprecated (dhcp_inform) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/smb/__load__.bro, line 1: deprecated script loaded from command line arguments "Use '@load base/protocols/smb' instead" +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 245: deprecated (dhcp_discover) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 248: deprecated (dhcp_offer) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 251: deprecated (dhcp_request) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 254: deprecated (dhcp_decline) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 257: deprecated (dhcp_ack) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 260: deprecated (dhcp_nak) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 263: deprecated (dhcp_release) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 266: deprecated (dhcp_inform) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from /Users/jon/projects/bro/bro/testing/btest/../../scripts//broxygen/__load__.zeek:10 "Use '@load base/protocols/smb' instead" +warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 245: deprecated (dhcp_discover) +warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 248: deprecated (dhcp_offer) +warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 251: deprecated (dhcp_request) +warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 254: deprecated (dhcp_decline) +warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 257: deprecated (dhcp_ack) +warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 260: deprecated (dhcp_nak) +warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 263: deprecated (dhcp_release) +warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 266: deprecated (dhcp_inform) +warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from command line arguments "Use '@load base/protocols/smb' instead" diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log index eaca1c489a..45185bed09 100644 --- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log @@ -6,371 +6,371 @@ #open 2018-09-05-20-33-08 #fields name #types string -scripts/base/init-bare.bro - build/scripts/base/bif/const.bif.bro - build/scripts/base/bif/types.bif.bro - build/scripts/base/bif/bro.bif.bro - build/scripts/base/bif/stats.bif.bro - build/scripts/base/bif/reporter.bif.bro - build/scripts/base/bif/strings.bif.bro - build/scripts/base/bif/option.bif.bro - build/scripts/base/bif/plugins/Bro_SNMP.types.bif.bro - build/scripts/base/bif/plugins/Bro_KRB.types.bif.bro - build/scripts/base/bif/event.bif.bro -scripts/base/init-frameworks-and-bifs.bro - scripts/base/frameworks/logging/__load__.bro - scripts/base/frameworks/logging/main.bro - build/scripts/base/bif/logging.bif.bro - scripts/base/frameworks/logging/postprocessors/__load__.bro - scripts/base/frameworks/logging/postprocessors/scp.bro - scripts/base/frameworks/logging/postprocessors/sftp.bro - scripts/base/frameworks/logging/writers/ascii.bro - scripts/base/frameworks/logging/writers/sqlite.bro - scripts/base/frameworks/logging/writers/none.bro - scripts/base/frameworks/broker/__load__.bro - scripts/base/frameworks/broker/main.bro - build/scripts/base/bif/comm.bif.bro - build/scripts/base/bif/messaging.bif.bro - scripts/base/frameworks/broker/store.bro - build/scripts/base/bif/data.bif.bro - build/scripts/base/bif/store.bif.bro - scripts/base/frameworks/broker/log.bro - scripts/base/frameworks/input/__load__.bro - scripts/base/frameworks/input/main.bro - build/scripts/base/bif/input.bif.bro - scripts/base/frameworks/input/readers/ascii.bro - scripts/base/frameworks/input/readers/raw.bro - scripts/base/frameworks/input/readers/benchmark.bro - scripts/base/frameworks/input/readers/binary.bro - scripts/base/frameworks/input/readers/config.bro - scripts/base/frameworks/input/readers/sqlite.bro - scripts/base/frameworks/analyzer/__load__.bro - scripts/base/frameworks/analyzer/main.bro - scripts/base/frameworks/packet-filter/utils.bro - build/scripts/base/bif/analyzer.bif.bro - scripts/base/frameworks/files/__load__.bro - scripts/base/frameworks/files/main.bro - build/scripts/base/bif/file_analysis.bif.bro - scripts/base/utils/site.bro - scripts/base/utils/patterns.bro - scripts/base/frameworks/files/magic/__load__.bro - build/scripts/base/bif/__load__.bro - build/scripts/base/bif/broxygen.bif.bro - build/scripts/base/bif/pcap.bif.bro - build/scripts/base/bif/bloom-filter.bif.bro - build/scripts/base/bif/cardinality-counter.bif.bro - build/scripts/base/bif/top-k.bif.bro - build/scripts/base/bif/plugins/__load__.bro - build/scripts/base/bif/plugins/Bro_ARP.events.bif.bro - build/scripts/base/bif/plugins/Bro_BackDoor.events.bif.bro - build/scripts/base/bif/plugins/Bro_BitTorrent.events.bif.bro - build/scripts/base/bif/plugins/Bro_ConnSize.events.bif.bro - build/scripts/base/bif/plugins/Bro_ConnSize.functions.bif.bro - build/scripts/base/bif/plugins/Bro_DCE_RPC.consts.bif.bro - build/scripts/base/bif/plugins/Bro_DCE_RPC.types.bif.bro - build/scripts/base/bif/plugins/Bro_DCE_RPC.events.bif.bro - build/scripts/base/bif/plugins/Bro_DHCP.events.bif.bro - build/scripts/base/bif/plugins/Bro_DHCP.types.bif.bro - build/scripts/base/bif/plugins/Bro_DNP3.events.bif.bro - build/scripts/base/bif/plugins/Bro_DNS.events.bif.bro - build/scripts/base/bif/plugins/Bro_File.events.bif.bro - build/scripts/base/bif/plugins/Bro_Finger.events.bif.bro - build/scripts/base/bif/plugins/Bro_FTP.events.bif.bro - build/scripts/base/bif/plugins/Bro_FTP.functions.bif.bro - build/scripts/base/bif/plugins/Bro_Gnutella.events.bif.bro - build/scripts/base/bif/plugins/Bro_GSSAPI.events.bif.bro - build/scripts/base/bif/plugins/Bro_GTPv1.events.bif.bro - build/scripts/base/bif/plugins/Bro_HTTP.events.bif.bro - build/scripts/base/bif/plugins/Bro_HTTP.functions.bif.bro - build/scripts/base/bif/plugins/Bro_ICMP.events.bif.bro - build/scripts/base/bif/plugins/Bro_Ident.events.bif.bro - build/scripts/base/bif/plugins/Bro_IMAP.events.bif.bro - build/scripts/base/bif/plugins/Bro_InterConn.events.bif.bro - build/scripts/base/bif/plugins/Bro_IRC.events.bif.bro - build/scripts/base/bif/plugins/Bro_KRB.events.bif.bro - build/scripts/base/bif/plugins/Bro_Login.events.bif.bro - build/scripts/base/bif/plugins/Bro_Login.functions.bif.bro - build/scripts/base/bif/plugins/Bro_MIME.events.bif.bro - build/scripts/base/bif/plugins/Bro_Modbus.events.bif.bro - build/scripts/base/bif/plugins/Bro_MySQL.events.bif.bro - build/scripts/base/bif/plugins/Bro_NCP.events.bif.bro - build/scripts/base/bif/plugins/Bro_NCP.consts.bif.bro - build/scripts/base/bif/plugins/Bro_NetBIOS.events.bif.bro - build/scripts/base/bif/plugins/Bro_NetBIOS.functions.bif.bro - build/scripts/base/bif/plugins/Bro_NTLM.types.bif.bro - build/scripts/base/bif/plugins/Bro_NTLM.events.bif.bro - build/scripts/base/bif/plugins/Bro_NTP.events.bif.bro - build/scripts/base/bif/plugins/Bro_POP3.events.bif.bro - build/scripts/base/bif/plugins/Bro_RADIUS.events.bif.bro - build/scripts/base/bif/plugins/Bro_RDP.events.bif.bro - build/scripts/base/bif/plugins/Bro_RDP.types.bif.bro - build/scripts/base/bif/plugins/Bro_RFB.events.bif.bro - build/scripts/base/bif/plugins/Bro_RPC.events.bif.bro - build/scripts/base/bif/plugins/Bro_SIP.events.bif.bro - build/scripts/base/bif/plugins/Bro_SNMP.events.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_check_directory.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_close.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_create_directory.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_echo.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_logoff_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_negotiate.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_nt_create_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_nt_cancel.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_query_information.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_read_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_session_setup_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction_secondary.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction2.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction2_secondary.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_tree_connect_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_tree_disconnect.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_write_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_events.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_close.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_create.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_negotiate.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_read.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_session_setup.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_set_info.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_connect.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_disconnect.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_write.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_transform_header.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_events.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.events.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.consts.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.types.bif.bro - build/scripts/base/bif/plugins/Bro_SMTP.events.bif.bro - build/scripts/base/bif/plugins/Bro_SMTP.functions.bif.bro - build/scripts/base/bif/plugins/Bro_SOCKS.events.bif.bro - build/scripts/base/bif/plugins/Bro_SSH.types.bif.bro - build/scripts/base/bif/plugins/Bro_SSH.events.bif.bro - build/scripts/base/bif/plugins/Bro_SSL.types.bif.bro - build/scripts/base/bif/plugins/Bro_SSL.events.bif.bro - build/scripts/base/bif/plugins/Bro_SSL.functions.bif.bro - build/scripts/base/bif/plugins/Bro_SteppingStone.events.bif.bro - build/scripts/base/bif/plugins/Bro_Syslog.events.bif.bro - build/scripts/base/bif/plugins/Bro_TCP.events.bif.bro - build/scripts/base/bif/plugins/Bro_TCP.functions.bif.bro - build/scripts/base/bif/plugins/Bro_Teredo.events.bif.bro - build/scripts/base/bif/plugins/Bro_UDP.events.bif.bro - build/scripts/base/bif/plugins/Bro_VXLAN.events.bif.bro - build/scripts/base/bif/plugins/Bro_XMPP.events.bif.bro - build/scripts/base/bif/plugins/Bro_FileEntropy.events.bif.bro - build/scripts/base/bif/plugins/Bro_FileExtract.events.bif.bro - build/scripts/base/bif/plugins/Bro_FileExtract.functions.bif.bro - build/scripts/base/bif/plugins/Bro_FileHash.events.bif.bro - build/scripts/base/bif/plugins/Bro_PE.events.bif.bro - build/scripts/base/bif/plugins/Bro_Unified2.events.bif.bro - build/scripts/base/bif/plugins/Bro_Unified2.types.bif.bro - build/scripts/base/bif/plugins/Bro_X509.events.bif.bro - build/scripts/base/bif/plugins/Bro_X509.types.bif.bro - build/scripts/base/bif/plugins/Bro_X509.functions.bif.bro - build/scripts/base/bif/plugins/Bro_X509.ocsp_events.bif.bro - build/scripts/base/bif/plugins/Bro_AsciiReader.ascii.bif.bro - build/scripts/base/bif/plugins/Bro_BenchmarkReader.benchmark.bif.bro - build/scripts/base/bif/plugins/Bro_BinaryReader.binary.bif.bro - build/scripts/base/bif/plugins/Bro_ConfigReader.config.bif.bro - build/scripts/base/bif/plugins/Bro_RawReader.raw.bif.bro - build/scripts/base/bif/plugins/Bro_SQLiteReader.sqlite.bif.bro - build/scripts/base/bif/plugins/Bro_AsciiWriter.ascii.bif.bro - build/scripts/base/bif/plugins/Bro_NoneWriter.none.bif.bro - build/scripts/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.bro -scripts/base/init-default.bro - scripts/base/utils/active-http.bro - scripts/base/utils/exec.bro - scripts/base/utils/addrs.bro - scripts/base/utils/conn-ids.bro - scripts/base/utils/dir.bro - scripts/base/frameworks/reporter/__load__.bro - scripts/base/frameworks/reporter/main.bro - scripts/base/utils/paths.bro - scripts/base/utils/directions-and-hosts.bro - scripts/base/utils/email.bro - scripts/base/utils/files.bro - scripts/base/utils/geoip-distance.bro - scripts/base/utils/hash_hrw.bro - scripts/base/utils/numbers.bro - scripts/base/utils/queue.bro - scripts/base/utils/strings.bro - scripts/base/utils/thresholds.bro - scripts/base/utils/time.bro - scripts/base/utils/urls.bro - scripts/base/frameworks/notice/__load__.bro - scripts/base/frameworks/notice/main.bro - scripts/base/frameworks/cluster/__load__.bro - scripts/base/frameworks/cluster/main.bro - scripts/base/frameworks/control/__load__.bro - scripts/base/frameworks/control/main.bro - scripts/base/frameworks/cluster/pools.bro - scripts/base/frameworks/notice/weird.bro - scripts/base/frameworks/notice/actions/drop.bro - scripts/base/frameworks/netcontrol/__load__.bro - scripts/base/frameworks/netcontrol/types.bro - scripts/base/frameworks/netcontrol/main.bro - scripts/base/frameworks/netcontrol/plugin.bro - scripts/base/frameworks/netcontrol/plugins/__load__.bro - scripts/base/frameworks/netcontrol/plugins/debug.bro - scripts/base/frameworks/netcontrol/plugins/openflow.bro - scripts/base/frameworks/openflow/__load__.bro - scripts/base/frameworks/openflow/consts.bro - scripts/base/frameworks/openflow/types.bro - scripts/base/frameworks/openflow/main.bro - scripts/base/frameworks/openflow/plugins/__load__.bro - scripts/base/frameworks/openflow/plugins/ryu.bro - scripts/base/utils/json.bro - scripts/base/frameworks/openflow/plugins/log.bro - scripts/base/frameworks/openflow/plugins/broker.bro - scripts/base/frameworks/openflow/non-cluster.bro - scripts/base/frameworks/netcontrol/plugins/packetfilter.bro - scripts/base/frameworks/netcontrol/plugins/broker.bro - scripts/base/frameworks/netcontrol/plugins/acld.bro - scripts/base/frameworks/netcontrol/drop.bro - scripts/base/frameworks/netcontrol/shunt.bro - scripts/base/frameworks/netcontrol/catch-and-release.bro - scripts/base/frameworks/netcontrol/non-cluster.bro - scripts/base/frameworks/notice/actions/email_admin.bro - scripts/base/frameworks/notice/actions/page.bro - scripts/base/frameworks/notice/actions/add-geodata.bro - scripts/base/frameworks/notice/actions/pp-alarms.bro - scripts/base/frameworks/dpd/__load__.bro - scripts/base/frameworks/dpd/main.bro - scripts/base/frameworks/signatures/__load__.bro - scripts/base/frameworks/signatures/main.bro - scripts/base/frameworks/packet-filter/__load__.bro - scripts/base/frameworks/packet-filter/main.bro - scripts/base/frameworks/packet-filter/netstats.bro - scripts/base/frameworks/software/__load__.bro - scripts/base/frameworks/software/main.bro - scripts/base/frameworks/intel/__load__.bro - scripts/base/frameworks/intel/main.bro - scripts/base/frameworks/intel/files.bro - scripts/base/frameworks/intel/input.bro - scripts/base/frameworks/config/__load__.bro - scripts/base/frameworks/config/main.bro - scripts/base/frameworks/config/input.bro - scripts/base/frameworks/config/weird.bro - scripts/base/frameworks/sumstats/__load__.bro - scripts/base/frameworks/sumstats/main.bro - scripts/base/frameworks/sumstats/plugins/__load__.bro - scripts/base/frameworks/sumstats/plugins/average.bro - scripts/base/frameworks/sumstats/plugins/hll_unique.bro - scripts/base/frameworks/sumstats/plugins/last.bro - scripts/base/frameworks/sumstats/plugins/max.bro - scripts/base/frameworks/sumstats/plugins/min.bro - scripts/base/frameworks/sumstats/plugins/sample.bro - scripts/base/frameworks/sumstats/plugins/std-dev.bro - scripts/base/frameworks/sumstats/plugins/variance.bro - scripts/base/frameworks/sumstats/plugins/sum.bro - scripts/base/frameworks/sumstats/plugins/topk.bro - scripts/base/frameworks/sumstats/plugins/unique.bro - scripts/base/frameworks/sumstats/non-cluster.bro - scripts/base/frameworks/tunnels/__load__.bro - scripts/base/frameworks/tunnels/main.bro - scripts/base/protocols/conn/__load__.bro - scripts/base/protocols/conn/main.bro - scripts/base/protocols/conn/contents.bro - scripts/base/protocols/conn/inactivity.bro - scripts/base/protocols/conn/polling.bro - scripts/base/protocols/conn/thresholds.bro - scripts/base/protocols/dce-rpc/__load__.bro - scripts/base/protocols/dce-rpc/consts.bro - scripts/base/protocols/dce-rpc/main.bro - scripts/base/protocols/dhcp/__load__.bro - scripts/base/protocols/dhcp/consts.bro - scripts/base/protocols/dhcp/main.bro - scripts/base/protocols/dnp3/__load__.bro - scripts/base/protocols/dnp3/main.bro - scripts/base/protocols/dnp3/consts.bro - scripts/base/protocols/dns/__load__.bro - scripts/base/protocols/dns/consts.bro - scripts/base/protocols/dns/main.bro - scripts/base/protocols/ftp/__load__.bro - scripts/base/protocols/ftp/utils-commands.bro - scripts/base/protocols/ftp/info.bro - scripts/base/protocols/ftp/main.bro - scripts/base/protocols/ftp/utils.bro - scripts/base/protocols/ftp/files.bro - scripts/base/protocols/ftp/gridftp.bro - scripts/base/protocols/ssl/__load__.bro - scripts/base/protocols/ssl/consts.bro - scripts/base/protocols/ssl/main.bro - scripts/base/protocols/ssl/mozilla-ca-list.bro - scripts/base/protocols/ssl/ct-list.bro - scripts/base/protocols/ssl/files.bro - scripts/base/files/x509/__load__.bro - scripts/base/files/x509/main.bro - scripts/base/files/hash/__load__.bro - scripts/base/files/hash/main.bro - scripts/base/protocols/http/__load__.bro - scripts/base/protocols/http/main.bro - scripts/base/protocols/http/entities.bro - scripts/base/protocols/http/utils.bro - scripts/base/protocols/http/files.bro - scripts/base/protocols/imap/__load__.bro - scripts/base/protocols/imap/main.bro - scripts/base/protocols/irc/__load__.bro - scripts/base/protocols/irc/main.bro - scripts/base/protocols/irc/dcc-send.bro - scripts/base/protocols/irc/files.bro - scripts/base/protocols/krb/__load__.bro - scripts/base/protocols/krb/main.bro - scripts/base/protocols/krb/consts.bro - scripts/base/protocols/krb/files.bro - scripts/base/protocols/modbus/__load__.bro - scripts/base/protocols/modbus/consts.bro - scripts/base/protocols/modbus/main.bro - scripts/base/protocols/mysql/__load__.bro - scripts/base/protocols/mysql/main.bro - scripts/base/protocols/mysql/consts.bro - scripts/base/protocols/ntlm/__load__.bro - scripts/base/protocols/ntlm/main.bro - scripts/base/protocols/pop3/__load__.bro - scripts/base/protocols/radius/__load__.bro - scripts/base/protocols/radius/main.bro - scripts/base/protocols/radius/consts.bro - scripts/base/protocols/rdp/__load__.bro - scripts/base/protocols/rdp/consts.bro - scripts/base/protocols/rdp/main.bro - scripts/base/protocols/rfb/__load__.bro - scripts/base/protocols/rfb/main.bro - scripts/base/protocols/sip/__load__.bro - scripts/base/protocols/sip/main.bro - scripts/base/protocols/snmp/__load__.bro - scripts/base/protocols/snmp/main.bro - scripts/base/protocols/smb/__load__.bro - scripts/base/protocols/smb/consts.bro - scripts/base/protocols/smb/const-dos-error.bro - scripts/base/protocols/smb/const-nt-status.bro - scripts/base/protocols/smb/main.bro - scripts/base/protocols/smb/smb1-main.bro - scripts/base/protocols/smb/smb2-main.bro - scripts/base/protocols/smb/files.bro - scripts/base/protocols/smtp/__load__.bro - scripts/base/protocols/smtp/main.bro - scripts/base/protocols/smtp/entities.bro - scripts/base/protocols/smtp/files.bro - scripts/base/protocols/socks/__load__.bro - scripts/base/protocols/socks/consts.bro - scripts/base/protocols/socks/main.bro - scripts/base/protocols/ssh/__load__.bro - scripts/base/protocols/ssh/main.bro - scripts/base/protocols/syslog/__load__.bro - scripts/base/protocols/syslog/consts.bro - scripts/base/protocols/syslog/main.bro - scripts/base/protocols/tunnels/__load__.bro - scripts/base/protocols/xmpp/__load__.bro - scripts/base/protocols/xmpp/main.bro - scripts/base/files/pe/__load__.bro - scripts/base/files/pe/consts.bro - scripts/base/files/pe/main.bro - scripts/base/files/extract/__load__.bro - scripts/base/files/extract/main.bro - scripts/base/files/unified2/__load__.bro - scripts/base/files/unified2/main.bro - scripts/base/misc/find-checksum-offloading.bro - scripts/base/misc/find-filtered-trace.bro - scripts/base/misc/version.bro -scripts/policy/misc/loaded-scripts.bro +scripts/base/init-bare.zeek + build/scripts/base/bif/const.bif.zeek + build/scripts/base/bif/types.bif.zeek + build/scripts/base/bif/bro.bif.zeek + build/scripts/base/bif/stats.bif.zeek + build/scripts/base/bif/reporter.bif.zeek + build/scripts/base/bif/strings.bif.zeek + build/scripts/base/bif/option.bif.zeek + build/scripts/base/bif/plugins/Bro_SNMP.types.bif.zeek + build/scripts/base/bif/plugins/Bro_KRB.types.bif.zeek + build/scripts/base/bif/event.bif.zeek +scripts/base/init-frameworks-and-bifs.zeek + scripts/base/frameworks/logging/__load__.zeek + scripts/base/frameworks/logging/main.zeek + build/scripts/base/bif/logging.bif.zeek + scripts/base/frameworks/logging/postprocessors/__load__.zeek + scripts/base/frameworks/logging/postprocessors/scp.zeek + scripts/base/frameworks/logging/postprocessors/sftp.zeek + scripts/base/frameworks/logging/writers/ascii.zeek + scripts/base/frameworks/logging/writers/sqlite.zeek + scripts/base/frameworks/logging/writers/none.zeek + scripts/base/frameworks/broker/__load__.zeek + scripts/base/frameworks/broker/main.zeek + build/scripts/base/bif/comm.bif.zeek + build/scripts/base/bif/messaging.bif.zeek + scripts/base/frameworks/broker/store.zeek + build/scripts/base/bif/data.bif.zeek + build/scripts/base/bif/store.bif.zeek + scripts/base/frameworks/broker/log.zeek + scripts/base/frameworks/input/__load__.zeek + scripts/base/frameworks/input/main.zeek + build/scripts/base/bif/input.bif.zeek + scripts/base/frameworks/input/readers/ascii.zeek + scripts/base/frameworks/input/readers/raw.zeek + scripts/base/frameworks/input/readers/benchmark.zeek + scripts/base/frameworks/input/readers/binary.zeek + scripts/base/frameworks/input/readers/config.zeek + scripts/base/frameworks/input/readers/sqlite.zeek + scripts/base/frameworks/analyzer/__load__.zeek + scripts/base/frameworks/analyzer/main.zeek + scripts/base/frameworks/packet-filter/utils.zeek + build/scripts/base/bif/analyzer.bif.zeek + scripts/base/frameworks/files/__load__.zeek + scripts/base/frameworks/files/main.zeek + build/scripts/base/bif/file_analysis.bif.zeek + scripts/base/utils/site.zeek + scripts/base/utils/patterns.zeek + scripts/base/frameworks/files/magic/__load__.zeek + build/scripts/base/bif/__load__.zeek + build/scripts/base/bif/broxygen.bif.zeek + build/scripts/base/bif/pcap.bif.zeek + build/scripts/base/bif/bloom-filter.bif.zeek + build/scripts/base/bif/cardinality-counter.bif.zeek + build/scripts/base/bif/top-k.bif.zeek + build/scripts/base/bif/plugins/__load__.zeek + build/scripts/base/bif/plugins/Bro_ARP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_BackDoor.events.bif.zeek + build/scripts/base/bif/plugins/Bro_BitTorrent.events.bif.zeek + build/scripts/base/bif/plugins/Bro_ConnSize.events.bif.zeek + build/scripts/base/bif/plugins/Bro_ConnSize.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_DCE_RPC.consts.bif.zeek + build/scripts/base/bif/plugins/Bro_DCE_RPC.types.bif.zeek + build/scripts/base/bif/plugins/Bro_DCE_RPC.events.bif.zeek + build/scripts/base/bif/plugins/Bro_DHCP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_DHCP.types.bif.zeek + build/scripts/base/bif/plugins/Bro_DNP3.events.bif.zeek + build/scripts/base/bif/plugins/Bro_DNS.events.bif.zeek + build/scripts/base/bif/plugins/Bro_File.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Finger.events.bif.zeek + build/scripts/base/bif/plugins/Bro_FTP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_FTP.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_Gnutella.events.bif.zeek + build/scripts/base/bif/plugins/Bro_GSSAPI.events.bif.zeek + build/scripts/base/bif/plugins/Bro_GTPv1.events.bif.zeek + build/scripts/base/bif/plugins/Bro_HTTP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_HTTP.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_ICMP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Ident.events.bif.zeek + build/scripts/base/bif/plugins/Bro_IMAP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_InterConn.events.bif.zeek + build/scripts/base/bif/plugins/Bro_IRC.events.bif.zeek + build/scripts/base/bif/plugins/Bro_KRB.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Login.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Login.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_MIME.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Modbus.events.bif.zeek + build/scripts/base/bif/plugins/Bro_MySQL.events.bif.zeek + build/scripts/base/bif/plugins/Bro_NCP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_NCP.consts.bif.zeek + build/scripts/base/bif/plugins/Bro_NetBIOS.events.bif.zeek + build/scripts/base/bif/plugins/Bro_NetBIOS.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_NTLM.types.bif.zeek + build/scripts/base/bif/plugins/Bro_NTLM.events.bif.zeek + build/scripts/base/bif/plugins/Bro_NTP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_POP3.events.bif.zeek + build/scripts/base/bif/plugins/Bro_RADIUS.events.bif.zeek + build/scripts/base/bif/plugins/Bro_RDP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_RDP.types.bif.zeek + build/scripts/base/bif/plugins/Bro_RFB.events.bif.zeek + build/scripts/base/bif/plugins/Bro_RPC.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SIP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SNMP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_check_directory.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_close.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_create_directory.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_echo.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_logoff_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_negotiate.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_nt_create_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_nt_cancel.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_query_information.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_read_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_session_setup_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction_secondary.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction2.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction2_secondary.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_tree_connect_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_tree_disconnect.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_write_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_events.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_close.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_create.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_negotiate.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_read.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_session_setup.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_set_info.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_connect.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_disconnect.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_write.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_transform_header.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_events.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.consts.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.types.bif.zeek + build/scripts/base/bif/plugins/Bro_SMTP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SMTP.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_SOCKS.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SSH.types.bif.zeek + build/scripts/base/bif/plugins/Bro_SSH.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SSL.types.bif.zeek + build/scripts/base/bif/plugins/Bro_SSL.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SSL.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_SteppingStone.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Syslog.events.bif.zeek + build/scripts/base/bif/plugins/Bro_TCP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_TCP.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_Teredo.events.bif.zeek + build/scripts/base/bif/plugins/Bro_UDP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_VXLAN.events.bif.zeek + build/scripts/base/bif/plugins/Bro_XMPP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_FileEntropy.events.bif.zeek + build/scripts/base/bif/plugins/Bro_FileExtract.events.bif.zeek + build/scripts/base/bif/plugins/Bro_FileExtract.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_FileHash.events.bif.zeek + build/scripts/base/bif/plugins/Bro_PE.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Unified2.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Unified2.types.bif.zeek + build/scripts/base/bif/plugins/Bro_X509.events.bif.zeek + build/scripts/base/bif/plugins/Bro_X509.types.bif.zeek + build/scripts/base/bif/plugins/Bro_X509.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_X509.ocsp_events.bif.zeek + build/scripts/base/bif/plugins/Bro_AsciiReader.ascii.bif.zeek + build/scripts/base/bif/plugins/Bro_BenchmarkReader.benchmark.bif.zeek + build/scripts/base/bif/plugins/Bro_BinaryReader.binary.bif.zeek + build/scripts/base/bif/plugins/Bro_ConfigReader.config.bif.zeek + build/scripts/base/bif/plugins/Bro_RawReader.raw.bif.zeek + build/scripts/base/bif/plugins/Bro_SQLiteReader.sqlite.bif.zeek + build/scripts/base/bif/plugins/Bro_AsciiWriter.ascii.bif.zeek + build/scripts/base/bif/plugins/Bro_NoneWriter.none.bif.zeek + build/scripts/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.zeek +scripts/base/init-default.zeek + scripts/base/utils/active-http.zeek + scripts/base/utils/exec.zeek + scripts/base/utils/addrs.zeek + scripts/base/utils/conn-ids.zeek + scripts/base/utils/dir.zeek + scripts/base/frameworks/reporter/__load__.zeek + scripts/base/frameworks/reporter/main.zeek + scripts/base/utils/paths.zeek + scripts/base/utils/directions-and-hosts.zeek + scripts/base/utils/email.zeek + scripts/base/utils/files.zeek + scripts/base/utils/geoip-distance.zeek + scripts/base/utils/hash_hrw.zeek + scripts/base/utils/numbers.zeek + scripts/base/utils/queue.zeek + scripts/base/utils/strings.zeek + scripts/base/utils/thresholds.zeek + scripts/base/utils/time.zeek + scripts/base/utils/urls.zeek + scripts/base/frameworks/notice/__load__.zeek + scripts/base/frameworks/notice/main.zeek + scripts/base/frameworks/cluster/__load__.zeek + scripts/base/frameworks/cluster/main.zeek + scripts/base/frameworks/control/__load__.zeek + scripts/base/frameworks/control/main.zeek + scripts/base/frameworks/cluster/pools.zeek + scripts/base/frameworks/notice/weird.zeek + scripts/base/frameworks/notice/actions/drop.zeek + scripts/base/frameworks/netcontrol/__load__.zeek + scripts/base/frameworks/netcontrol/types.zeek + scripts/base/frameworks/netcontrol/main.zeek + scripts/base/frameworks/netcontrol/plugin.zeek + scripts/base/frameworks/netcontrol/plugins/__load__.zeek + scripts/base/frameworks/netcontrol/plugins/debug.zeek + scripts/base/frameworks/netcontrol/plugins/openflow.zeek + scripts/base/frameworks/openflow/__load__.zeek + scripts/base/frameworks/openflow/consts.zeek + scripts/base/frameworks/openflow/types.zeek + scripts/base/frameworks/openflow/main.zeek + scripts/base/frameworks/openflow/plugins/__load__.zeek + scripts/base/frameworks/openflow/plugins/ryu.zeek + scripts/base/utils/json.zeek + scripts/base/frameworks/openflow/plugins/log.zeek + scripts/base/frameworks/openflow/plugins/broker.zeek + scripts/base/frameworks/openflow/non-cluster.zeek + scripts/base/frameworks/netcontrol/plugins/packetfilter.zeek + scripts/base/frameworks/netcontrol/plugins/broker.zeek + scripts/base/frameworks/netcontrol/plugins/acld.zeek + scripts/base/frameworks/netcontrol/drop.zeek + scripts/base/frameworks/netcontrol/shunt.zeek + scripts/base/frameworks/netcontrol/catch-and-release.zeek + scripts/base/frameworks/netcontrol/non-cluster.zeek + scripts/base/frameworks/notice/actions/email_admin.zeek + scripts/base/frameworks/notice/actions/page.zeek + scripts/base/frameworks/notice/actions/add-geodata.zeek + scripts/base/frameworks/notice/actions/pp-alarms.zeek + scripts/base/frameworks/dpd/__load__.zeek + scripts/base/frameworks/dpd/main.zeek + scripts/base/frameworks/signatures/__load__.zeek + scripts/base/frameworks/signatures/main.zeek + scripts/base/frameworks/packet-filter/__load__.zeek + scripts/base/frameworks/packet-filter/main.zeek + scripts/base/frameworks/packet-filter/netstats.zeek + scripts/base/frameworks/software/__load__.zeek + scripts/base/frameworks/software/main.zeek + scripts/base/frameworks/intel/__load__.zeek + scripts/base/frameworks/intel/main.zeek + scripts/base/frameworks/intel/files.zeek + scripts/base/frameworks/intel/input.zeek + scripts/base/frameworks/config/__load__.zeek + scripts/base/frameworks/config/main.zeek + scripts/base/frameworks/config/input.zeek + scripts/base/frameworks/config/weird.zeek + scripts/base/frameworks/sumstats/__load__.zeek + scripts/base/frameworks/sumstats/main.zeek + scripts/base/frameworks/sumstats/plugins/__load__.zeek + scripts/base/frameworks/sumstats/plugins/average.zeek + scripts/base/frameworks/sumstats/plugins/hll_unique.zeek + scripts/base/frameworks/sumstats/plugins/last.zeek + scripts/base/frameworks/sumstats/plugins/max.zeek + scripts/base/frameworks/sumstats/plugins/min.zeek + scripts/base/frameworks/sumstats/plugins/sample.zeek + scripts/base/frameworks/sumstats/plugins/std-dev.zeek + scripts/base/frameworks/sumstats/plugins/variance.zeek + scripts/base/frameworks/sumstats/plugins/sum.zeek + scripts/base/frameworks/sumstats/plugins/topk.zeek + scripts/base/frameworks/sumstats/plugins/unique.zeek + scripts/base/frameworks/sumstats/non-cluster.zeek + scripts/base/frameworks/tunnels/__load__.zeek + scripts/base/frameworks/tunnels/main.zeek + scripts/base/protocols/conn/__load__.zeek + scripts/base/protocols/conn/main.zeek + scripts/base/protocols/conn/contents.zeek + scripts/base/protocols/conn/inactivity.zeek + scripts/base/protocols/conn/polling.zeek + scripts/base/protocols/conn/thresholds.zeek + scripts/base/protocols/dce-rpc/__load__.zeek + scripts/base/protocols/dce-rpc/consts.zeek + scripts/base/protocols/dce-rpc/main.zeek + scripts/base/protocols/dhcp/__load__.zeek + scripts/base/protocols/dhcp/consts.zeek + scripts/base/protocols/dhcp/main.zeek + scripts/base/protocols/dnp3/__load__.zeek + scripts/base/protocols/dnp3/main.zeek + scripts/base/protocols/dnp3/consts.zeek + scripts/base/protocols/dns/__load__.zeek + scripts/base/protocols/dns/consts.zeek + scripts/base/protocols/dns/main.zeek + scripts/base/protocols/ftp/__load__.zeek + scripts/base/protocols/ftp/utils-commands.zeek + scripts/base/protocols/ftp/info.zeek + scripts/base/protocols/ftp/main.zeek + scripts/base/protocols/ftp/utils.zeek + scripts/base/protocols/ftp/files.zeek + scripts/base/protocols/ftp/gridftp.zeek + scripts/base/protocols/ssl/__load__.zeek + scripts/base/protocols/ssl/consts.zeek + scripts/base/protocols/ssl/main.zeek + scripts/base/protocols/ssl/mozilla-ca-list.zeek + scripts/base/protocols/ssl/ct-list.zeek + scripts/base/protocols/ssl/files.zeek + scripts/base/files/x509/__load__.zeek + scripts/base/files/x509/main.zeek + scripts/base/files/hash/__load__.zeek + scripts/base/files/hash/main.zeek + scripts/base/protocols/http/__load__.zeek + scripts/base/protocols/http/main.zeek + scripts/base/protocols/http/entities.zeek + scripts/base/protocols/http/utils.zeek + scripts/base/protocols/http/files.zeek + scripts/base/protocols/imap/__load__.zeek + scripts/base/protocols/imap/main.zeek + scripts/base/protocols/irc/__load__.zeek + scripts/base/protocols/irc/main.zeek + scripts/base/protocols/irc/dcc-send.zeek + scripts/base/protocols/irc/files.zeek + scripts/base/protocols/krb/__load__.zeek + scripts/base/protocols/krb/main.zeek + scripts/base/protocols/krb/consts.zeek + scripts/base/protocols/krb/files.zeek + scripts/base/protocols/modbus/__load__.zeek + scripts/base/protocols/modbus/consts.zeek + scripts/base/protocols/modbus/main.zeek + scripts/base/protocols/mysql/__load__.zeek + scripts/base/protocols/mysql/main.zeek + scripts/base/protocols/mysql/consts.zeek + scripts/base/protocols/ntlm/__load__.zeek + scripts/base/protocols/ntlm/main.zeek + scripts/base/protocols/pop3/__load__.zeek + scripts/base/protocols/radius/__load__.zeek + scripts/base/protocols/radius/main.zeek + scripts/base/protocols/radius/consts.zeek + scripts/base/protocols/rdp/__load__.zeek + scripts/base/protocols/rdp/consts.zeek + scripts/base/protocols/rdp/main.zeek + scripts/base/protocols/rfb/__load__.zeek + scripts/base/protocols/rfb/main.zeek + scripts/base/protocols/sip/__load__.zeek + scripts/base/protocols/sip/main.zeek + scripts/base/protocols/snmp/__load__.zeek + scripts/base/protocols/snmp/main.zeek + scripts/base/protocols/smb/__load__.zeek + scripts/base/protocols/smb/consts.zeek + scripts/base/protocols/smb/const-dos-error.zeek + scripts/base/protocols/smb/const-nt-status.zeek + scripts/base/protocols/smb/main.zeek + scripts/base/protocols/smb/smb1-main.zeek + scripts/base/protocols/smb/smb2-main.zeek + scripts/base/protocols/smb/files.zeek + scripts/base/protocols/smtp/__load__.zeek + scripts/base/protocols/smtp/main.zeek + scripts/base/protocols/smtp/entities.zeek + scripts/base/protocols/smtp/files.zeek + scripts/base/protocols/socks/__load__.zeek + scripts/base/protocols/socks/consts.zeek + scripts/base/protocols/socks/main.zeek + scripts/base/protocols/ssh/__load__.zeek + scripts/base/protocols/ssh/main.zeek + scripts/base/protocols/syslog/__load__.zeek + scripts/base/protocols/syslog/consts.zeek + scripts/base/protocols/syslog/main.zeek + scripts/base/protocols/tunnels/__load__.zeek + scripts/base/protocols/xmpp/__load__.zeek + scripts/base/protocols/xmpp/main.zeek + scripts/base/files/pe/__load__.zeek + scripts/base/files/pe/consts.zeek + scripts/base/files/pe/main.zeek + scripts/base/files/extract/__load__.zeek + scripts/base/files/extract/main.zeek + scripts/base/files/unified2/__load__.zeek + scripts/base/files/unified2/main.zeek + scripts/base/misc/find-checksum-offloading.zeek + scripts/base/misc/find-filtered-trace.zeek + scripts/base/misc/version.zeek +scripts/policy/misc/loaded-scripts.zeek #close 2018-09-05-20-33-08 diff --git a/testing/btest/Baseline/coverage.init-default/missing_loads b/testing/btest/Baseline/coverage.init-default/missing_loads index 31966f11c1..893a603972 100644 --- a/testing/btest/Baseline/coverage.init-default/missing_loads +++ b/testing/btest/Baseline/coverage.init-default/missing_loads @@ -1,10 +1,10 @@ --./frameworks/cluster/nodes/logger.bro --./frameworks/cluster/nodes/manager.bro --./frameworks/cluster/nodes/proxy.bro --./frameworks/cluster/nodes/worker.bro --./frameworks/cluster/setup-connections.bro --./frameworks/intel/cluster.bro --./frameworks/netcontrol/cluster.bro --./frameworks/openflow/cluster.bro --./frameworks/packet-filter/cluster.bro --./frameworks/sumstats/cluster.bro +-./frameworks/cluster/nodes/logger.zeek +-./frameworks/cluster/nodes/manager.zeek +-./frameworks/cluster/nodes/proxy.zeek +-./frameworks/cluster/nodes/worker.zeek +-./frameworks/cluster/setup-connections.zeek +-./frameworks/intel/cluster.zeek +-./frameworks/netcontrol/cluster.zeek +-./frameworks/openflow/cluster.zeek +-./frameworks/packet-filter/cluster.zeek +-./frameworks/sumstats/cluster.zeek diff --git a/testing/btest/Baseline/doc.broxygen.all_scripts/.stderr b/testing/btest/Baseline/doc.broxygen.all_scripts/.stderr index da6c357abf..177214239c 100644 --- a/testing/btest/Baseline/doc.broxygen.all_scripts/.stderr +++ b/testing/btest/Baseline/doc.broxygen.all_scripts/.stderr @@ -1,11 +1,11 @@ -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 245: deprecated (dhcp_discover) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 248: deprecated (dhcp_offer) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 251: deprecated (dhcp_request) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 254: deprecated (dhcp_decline) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 257: deprecated (dhcp_ack) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 260: deprecated (dhcp_nak) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 263: deprecated (dhcp_release) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 266: deprecated (dhcp_inform) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/smb/__load__.bro, line 1: deprecated script loaded from /Users/jon/projects/bro/bro/scripts/broxygen/__load__.bro:10 "Use '@load base/protocols/smb' instead" -error in /Users/jon/projects/bro/bro/scripts/policy/frameworks/control/controller.bro, line 22: The '' control command is unknown. +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 245: deprecated (dhcp_discover) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 248: deprecated (dhcp_offer) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 251: deprecated (dhcp_request) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 254: deprecated (dhcp_decline) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 257: deprecated (dhcp_ack) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 260: deprecated (dhcp_nak) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 263: deprecated (dhcp_release) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 266: deprecated (dhcp_inform) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from /Users/jon/projects/bro/bro/scripts/broxygen/__load__.zeek:10 "Use '@load base/protocols/smb' instead" +error in /Users/jon/projects/bro/bro/scripts/policy/frameworks/control/controller.zeek, line 22: The '' control command is unknown. , line 1: received termination signal diff --git a/testing/btest/Baseline/doc.broxygen.example/example.rst b/testing/btest/Baseline/doc.broxygen.example/example.rst index d729ab85ee..e012c20051 100644 --- a/testing/btest/Baseline/doc.broxygen.example/example.rst +++ b/testing/btest/Baseline/doc.broxygen.example/example.rst @@ -1,7 +1,7 @@ :tocdepth: 3 -broxygen/example.bro -==================== +broxygen/example.zeek +===================== .. bro:namespace:: BroxygenExample This is an example script that demonstrates Broxygen-style @@ -27,7 +27,7 @@ And a custom directive does the equivalent references: .. bro:see:: BroxygenExample::a_var BroxygenExample::ONE SSH::Info :Namespace: BroxygenExample -:Imports: :doc:`base/frameworks/notice `, :doc:`base/protocols/http `, :doc:`policy/frameworks/software/vulnerable.bro ` +:Imports: :doc:`base/frameworks/notice `, :doc:`base/protocols/http `, :doc:`policy/frameworks/software/vulnerable.zeek ` Summary ~~~~~~~ diff --git a/testing/btest/Baseline/doc.broxygen.package/test.rst b/testing/btest/Baseline/doc.broxygen.package/test.rst index b96de2148b..7c1f32dd44 100644 --- a/testing/btest/Baseline/doc.broxygen.package/test.rst +++ b/testing/btest/Baseline/doc.broxygen.package/test.rst @@ -8,10 +8,10 @@ reference documentation for all Bro scripts (i.e. "Broxygen"). Its only purpose is to provide an easy way to load all known Bro scripts plus any extra scripts needed or used by the documentation process. -:doc:`/scripts/broxygen/__load__.bro` +:doc:`/scripts/broxygen/__load__.zeek` -:doc:`/scripts/broxygen/example.bro` +:doc:`/scripts/broxygen/example.zeek` This is an example script that demonstrates Broxygen-style documentation. It generally will make most sense when viewing diff --git a/testing/btest/Baseline/doc.broxygen.script_index/test.rst b/testing/btest/Baseline/doc.broxygen.script_index/test.rst index dda280facf..30d849c2e0 100644 --- a/testing/btest/Baseline/doc.broxygen.script_index/test.rst +++ b/testing/btest/Baseline/doc.broxygen.script_index/test.rst @@ -1,5 +1,5 @@ .. toctree:: :maxdepth: 1 - broxygen/__load__.bro - broxygen/example.bro + broxygen/__load__.zeek + broxygen/example.zeek diff --git a/testing/btest/Baseline/doc.broxygen.script_summary/test.rst b/testing/btest/Baseline/doc.broxygen.script_summary/test.rst index 125a579c81..509f2c9286 100644 --- a/testing/btest/Baseline/doc.broxygen.script_summary/test.rst +++ b/testing/btest/Baseline/doc.broxygen.script_summary/test.rst @@ -1,4 +1,4 @@ -:doc:`/scripts/broxygen/example.bro` +:doc:`/scripts/broxygen/example.zeek` This is an example script that demonstrates Broxygen-style documentation. It generally will make most sense when viewing the script's raw source code and comparing to the HTML-rendered diff --git a/testing/btest/Baseline/language.index-assignment-invalid/out b/testing/btest/Baseline/language.index-assignment-invalid/out index 3972a9f10e..44e82d16f6 100644 --- a/testing/btest/Baseline/language.index-assignment-invalid/out +++ b/testing/btest/Baseline/language.index-assignment-invalid/out @@ -1,4 +1,4 @@ -runtime error in /home/jon/pro/zeek/zeek/scripts/base/utils/queue.bro, line 152: vector index assignment failed for invalid type 'myrec', value: [a=T, b=hi, c=], expression: Queue::ret[Queue::j], call stack: +runtime error in /home/jon/pro/zeek/zeek/scripts/base/utils/queue.zeek, line 152: vector index assignment failed for invalid type 'myrec', value: [a=T, b=hi, c=], expression: Queue::ret[Queue::j], call stack: #0 Queue::get_vector([initialized=T, vals={[2] = test,[6] = jkl;,[4] = asdf,[1] = goodbye,[5] = 3,[0] = hello,[3] = [a=T, b=hi, c=]}, settings=[max_len=], top=7, bottom=0, size=0], [hello, goodbye, test]) at /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.bro:19 #1 bar(55) at /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.bro:27 #2 foo(hi, 13) at /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.bro:39 diff --git a/testing/btest/Baseline/scripts.base.frameworks.intel.remove-non-existing/output b/testing/btest/Baseline/scripts.base.frameworks.intel.remove-non-existing/output index 90d390518f..c6dec0f9aa 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.intel.remove-non-existing/output +++ b/testing/btest/Baseline/scripts.base.frameworks.intel.remove-non-existing/output @@ -6,6 +6,6 @@ #open 2019-03-24-20-20-10 #fields ts level message location #types time enum string string -0.000000 Reporter::INFO Tried to remove non-existing item '192.168.1.1' (Intel::ADDR). /home/jgras/devel/zeek/scripts/base/frameworks/intel/./main.bro, lines 563-564 +0.000000 Reporter::INFO Tried to remove non-existing item '192.168.1.1' (Intel::ADDR). /home/jgras/devel/zeek/scripts/base/frameworks/intel/./main.zeek, lines 563-564 0.000000 Reporter::INFO received termination signal (empty) #close 2019-03-24-20-20-10 diff --git a/testing/btest/Baseline/scripts.base.misc.find-filtered-trace/out1 b/testing/btest/Baseline/scripts.base.misc.find-filtered-trace/out1 index c2f791ba82..2f84ca097a 100644 --- a/testing/btest/Baseline/scripts.base.misc.find-filtered-trace/out1 +++ b/testing/btest/Baseline/scripts.base.misc.find-filtered-trace/out1 @@ -1 +1 @@ -1389719059.311687 warning in /Users/jsiwek/Projects/bro/bro/scripts/base/misc/find-filtered-trace.bro, line 48: The analyzed trace file was determined to contain only TCP control packets, which may indicate it's been pre-filtered. By default, Bro reports the missing segments for this type of trace, but the 'detect_filtered_trace' option may be toggled if that's not desired. +1389719059.311687 warning in /Users/jsiwek/Projects/bro/bro/scripts/base/misc/find-filtered-trace.zeek, line 48: The analyzed trace file was determined to contain only TCP control packets, which may indicate it's been pre-filtered. By default, Bro reports the missing segments for this type of trace, but the 'detect_filtered_trace' option may be toggled if that's not desired. diff --git a/testing/btest/Baseline/scripts.base.misc.version/.stderr b/testing/btest/Baseline/scripts.base.misc.version/.stderr index bfae6163df..28da0b203a 100644 --- a/testing/btest/Baseline/scripts.base.misc.version/.stderr +++ b/testing/btest/Baseline/scripts.base.misc.version/.stderr @@ -1,4 +1,4 @@ -error in /home/robin/bro/master/scripts/base/misc/version.bro, line 54: Version string 1 cannot be parsed -error in /home/robin/bro/master/scripts/base/misc/version.bro, line 54: Version string 12.5 cannot be parsed -error in /home/robin/bro/master/scripts/base/misc/version.bro, line 54: Version string 1.12-beta-drunk cannot be parsed -error in /home/robin/bro/master/scripts/base/misc/version.bro, line 54: Version string JustARandomString cannot be parsed +error in /home/robin/bro/master/scripts/base/misc/version.zeek, line 54: Version string 1 cannot be parsed +error in /home/robin/bro/master/scripts/base/misc/version.zeek, line 54: Version string 12.5 cannot be parsed +error in /home/robin/bro/master/scripts/base/misc/version.zeek, line 54: Version string 1.12-beta-drunk cannot be parsed +error in /home/robin/bro/master/scripts/base/misc/version.zeek, line 54: Version string JustARandomString cannot be parsed diff --git a/testing/btest/core/ip-broken-header.bro b/testing/btest/core/ip-broken-header.bro index 426e7a7bc0..a539628829 100644 --- a/testing/btest/core/ip-broken-header.bro +++ b/testing/btest/core/ip-broken-header.bro @@ -4,4 +4,4 @@ # @TEST-EXEC: gunzip -c $TRACES/trunc/mpls-6in6-broken.pcap.gz | bro -C -b -r - %INPUT # @TEST-EXEC: btest-diff weird.log -@load base/frameworks/notice/weird.bro +@load base/frameworks/notice/weird diff --git a/testing/btest/core/load-prefixes.bro b/testing/btest/core/load-prefixes.bro index 5d064c0d36..5147bd0250 100644 --- a/testing/btest/core/load-prefixes.bro +++ b/testing/btest/core/load-prefixes.bro @@ -8,14 +8,14 @@ @prefixes += lcl2 @TEST-END-FILE -# Since base/utils/site.bro is a script, only a script with the original file +# Since base/utils/site.zeek is a script, only a script with the original file # extension can be loaded here. -@TEST-START-FILE lcl.base.utils.site.bro -print "loaded lcl.base.utils.site.bro"; +@TEST-START-FILE lcl.base.utils.site.zeek +print "loaded lcl.base.utils.site.zeek"; @TEST-END-FILE -@TEST-START-FILE lcl2.base.utils.site.bro -print "loaded lcl2.base.utils.site.bro"; +@TEST-START-FILE lcl2.base.utils.site.zeek +print "loaded lcl2.base.utils.site.zeek"; @TEST-END-FILE # For a script package like base/protocols/http/, either of the recognized diff --git a/testing/btest/coverage/bare-load-baseline.test b/testing/btest/coverage/bare-load-baseline.test index e518e703fb..98ce72e4b8 100644 --- a/testing/btest/coverage/bare-load-baseline.test +++ b/testing/btest/coverage/bare-load-baseline.test @@ -1,6 +1,6 @@ # This test is meant to cover whether the set of scripts that get loaded by # default in bare mode matches a baseline of known defaults. The baseline -# should only need updating if something new is @load'd from init-bare.bro +# should only need updating if something new is @load'd from init-bare.zeek # (or from an @load'd descendent of it). # # As the output has absolute paths in it, we need to remove the common diff --git a/testing/btest/coverage/bare-mode-errors.test b/testing/btest/coverage/bare-mode-errors.test index 2310b66b4b..6f5e6983f6 100644 --- a/testing/btest/coverage/bare-mode-errors.test +++ b/testing/btest/coverage/bare-mode-errors.test @@ -5,5 +5,5 @@ # when writing a new bro scripts. # # @TEST-EXEC: test -d $DIST/scripts -# @TEST-EXEC: for script in `find $DIST/scripts/ -name \*\.bro`; do bro -b --parse-only $script >>errors 2>&1; done +# @TEST-EXEC: for script in `find $DIST/scripts/ -name \*\.zeek`; do bro -b --parse-only $script >>errors 2>&1; done # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-sort" btest-diff errors diff --git a/testing/btest/coverage/find-bro-logs.test b/testing/btest/coverage/find-bro-logs.test index e7bcf0578f..ee0e45262b 100644 --- a/testing/btest/coverage/find-bro-logs.test +++ b/testing/btest/coverage/find-bro-logs.test @@ -28,7 +28,7 @@ def find_scripts(): for r, d, f in os.walk(scriptdir): for fname in f: - if fname.endswith(".bro"): + if fname.endswith(".zeek") or fname.endswith(".bro"): scripts.append(os.path.join(r, fname)) return scripts diff --git a/testing/btest/coverage/init-default.test b/testing/btest/coverage/init-default.test index 537b5ca77d..edc0012ef1 100644 --- a/testing/btest/coverage/init-default.test +++ b/testing/btest/coverage/init-default.test @@ -1,19 +1,19 @@ -# Makes sure that all base/* scripts are loaded by default via init-default.bro; -# and that all scripts loaded there in there actually exist. +# Makes sure that all base/* scripts are loaded by default via +# init-default.zeek; and that all scripts loaded there actually exist. # # This test will fail if a new bro script is added under the scripts/base/ -# directory and it is not also added as an @load in base/init-default.bro. +# directory and it is not also added as an @load in base/init-default.zeek. # In some cases, a script in base is loaded based on the bro configuration # (e.g. cluster operation), and in such cases, the missing_loads baseline # can be adjusted to tolerate that. #@TEST-EXEC: test -d $DIST/scripts/base -#@TEST-EXEC: test -e $DIST/scripts/base/init-default.bro -#@TEST-EXEC: ( cd $DIST/scripts/base && find . -name '*.bro' ) | sort >"all scripts found" +#@TEST-EXEC: test -e $DIST/scripts/base/init-default.zeek +#@TEST-EXEC: ( cd $DIST/scripts/base && find . -name '*.zeek' ) | sort >"all scripts found" #@TEST-EXEC: bro misc/loaded-scripts #@TEST-EXEC: (test -L $BUILD && basename $(readlink $BUILD) || basename $BUILD) >buildprefix -#@TEST-EXEC: cat loaded_scripts.log | egrep -v "/build/scripts/|$(cat buildprefix)/scripts/|/loaded-scripts.bro|#" | sed 's#/./#/#g' >loaded_scripts.log.tmp +#@TEST-EXEC: cat loaded_scripts.log | egrep -v "/build/scripts/|$(cat buildprefix)/scripts/|/loaded-scripts.zeek|#" | sed 's#/./#/#g' >loaded_scripts.log.tmp #@TEST-EXEC: cat loaded_scripts.log.tmp | sed 's/ //g' | sed -e ':a' -e '$!N' -e 's/^\(.*\).*\n\1.*/\1/' -e 'ta' >prefix -#@TEST-EXEC: cat loaded_scripts.log.tmp | sed 's/ //g' | sed "s#`cat prefix`#./#g" | sort >init-default.bro -#@TEST-EXEC: diff -u "all scripts found" init-default.bro | egrep "^-[^-]" > missing_loads +#@TEST-EXEC: cat loaded_scripts.log.tmp | sed 's/ //g' | sed "s#`cat prefix`#./#g" | sort >init-default.zeek +#@TEST-EXEC: diff -u "all scripts found" init-default.zeek | egrep "^-[^-]" > missing_loads #@TEST-EXEC: btest-diff missing_loads diff --git a/testing/btest/coverage/test-all-policy.test b/testing/btest/coverage/test-all-policy.test index 3a545a02af..61e4297f83 100644 --- a/testing/btest/coverage/test-all-policy.test +++ b/testing/btest/coverage/test-all-policy.test @@ -1,12 +1,12 @@ # Makes sure that all policy/* scripts are loaded in -# scripts/test-all-policy.bro and that all scripts loaded there actually exist. +# scripts/test-all-policy.zeek and that all scripts loaded there actually exist. # # This test will fail if new bro scripts are added to the scripts/policy/ -# directory. Correcting that just involves updating scripts/test-all-policy.bro -# to @load the new bro scripts. +# directory. Correcting that just involves updating +# scripts/test-all-policy.zeek to @load the new bro scripts. -@TEST-EXEC: test -e $DIST/scripts/test-all-policy.bro +@TEST-EXEC: test -e $DIST/scripts/test-all-policy.zeek @TEST-EXEC: test -d $DIST/scripts -@TEST-EXEC: ( cd $DIST/scripts/policy && find . -name '*.bro' ) | sort >"all scripts found" -@TEST-EXEC: cat $DIST/scripts/test-all-policy.bro | grep '@load' | sed 'sm^\( *# *\)\{0,\}@load *m./mg' | sort >test-all-policy.bro -@TEST-EXEC: diff -u "all scripts found" test-all-policy.bro 1>&2 +@TEST-EXEC: ( cd $DIST/scripts/policy && find . -name '*.zeek' ) | sort >"all scripts found" +@TEST-EXEC: cat $DIST/scripts/test-all-policy.zeek | grep '@load' | sed 'sm^\( *# *\)\{0,\}@load *m./mg' | sort >test-all-policy.zeek +@TEST-EXEC: diff -u "all scripts found" test-all-policy.zeek 1>&2 diff --git a/testing/btest/doc/broxygen/example.bro b/testing/btest/doc/broxygen/example.bro index 22a6fc7418..7a7d30c92a 100644 --- a/testing/btest/doc/broxygen/example.bro +++ b/testing/btest/doc/broxygen/example.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: btest-diff example.rst @TEST-START-FILE broxygen.config -script broxygen/example.bro example.rst +script broxygen/example.zeek example.rst @TEST-END-FILE -@load broxygen/example.bro +@load broxygen/example diff --git a/testing/btest/doc/broxygen/script_summary.bro b/testing/btest/doc/broxygen/script_summary.bro index a517a08072..6ea5e95576 100644 --- a/testing/btest/doc/broxygen/script_summary.bro +++ b/testing/btest/doc/broxygen/script_summary.bro @@ -3,7 +3,7 @@ # @TEST-EXEC: btest-diff test.rst @TEST-START-FILE broxygen.config -script_summary broxygen/example.bro test.rst +script_summary broxygen/example.zeek test.rst @TEST-END-FILE @load broxygen diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-json-optional.bro b/testing/btest/scripts/base/frameworks/logging/ascii-json-optional.bro index c26683a338..e33f353d8b 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-json-optional.bro +++ b/testing/btest/scripts/base/frameworks/logging/ascii-json-optional.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT # @TEST-EXEC: btest-diff testing.log -@load tuning/json-logs.bro +@load tuning/json-logs module testing; diff --git a/testing/btest/scripts/base/protocols/modbus/policy.bro b/testing/btest/scripts/base/protocols/modbus/policy.bro index b28ebd3b4b..8d5b356698 100644 --- a/testing/btest/scripts/base/protocols/modbus/policy.bro +++ b/testing/btest/scripts/base/protocols/modbus/policy.bro @@ -5,5 +5,5 @@ # @TEST-EXEC: btest-diff known_modbus.log # -@load protocols/modbus/known-masters-slaves.bro -@load protocols/modbus/track-memmap.bro +@load protocols/modbus/known-masters-slaves +@load protocols/modbus/track-memmap diff --git a/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test b/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test index d2aa7b536f..878d2a3064 100644 --- a/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test +++ b/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test @@ -3,4 +3,4 @@ # @TEST-EXEC: bro -r $TRACES/tls/CVE-2015-3194.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log -@load protocols/ssl/validate-certs.bro +@load protocols/ssl/validate-certs diff --git a/testing/btest/scripts/base/protocols/ssl/keyexchange.test b/testing/btest/scripts/base/protocols/ssl/keyexchange.test index 6e1106ece7..9c65ea5dda 100644 --- a/testing/btest/scripts/base/protocols/ssl/keyexchange.test +++ b/testing/btest/scripts/base/protocols/ssl/keyexchange.test @@ -16,7 +16,7 @@ @load base/protocols/ssl @load base/files/x509 -@load protocols/ssl/extract-certs-pem.bro +@load protocols/ssl/extract-certs-pem module SSL; diff --git a/testing/btest/scripts/policy/misc/dump-events.bro b/testing/btest/scripts/policy/misc/dump-events.bro index 33c9c97534..d318266787 100644 --- a/testing/btest/scripts/policy/misc/dump-events.bro +++ b/testing/btest/scripts/policy/misc/dump-events.bro @@ -1,6 +1,6 @@ -# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events.bro %INPUT >all-events.log -# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events.bro %INPUT DumpEvents::include_args=F >all-events-no-args.log -# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events.bro %INPUT DumpEvents::include=/smtp_/ >smtp-events.log +# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events %INPUT >all-events.log +# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events %INPUT DumpEvents::include_args=F >all-events-no-args.log +# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events %INPUT DumpEvents::include=/smtp_/ >smtp-events.log # # @TEST-EXEC: btest-diff all-events.log # @TEST-EXEC: btest-diff all-events-no-args.log diff --git a/testing/btest/scripts/policy/misc/weird-stats.bro b/testing/btest/scripts/policy/misc/weird-stats.bro index b26fce8e47..d5b83e3c05 100644 --- a/testing/btest/scripts/policy/misc/weird-stats.bro +++ b/testing/btest/scripts/policy/misc/weird-stats.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff bro/weird_stats.log -@load misc/weird-stats.bro +@load misc/weird-stats redef exit_only_after_terminate = T; redef WeirdStats::weird_stat_interval = 5sec; diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.bro b/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.bro index 4a3ec44468..712e333037 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.bro +++ b/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.bro @@ -1,6 +1,6 @@ # @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap $SCRIPTS/external-ca-list.bro %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl.log -@load protocols/ssl/validate-certs.bro +@load protocols/ssl/validate-certs redef SSL::ssl_cache_intermediate_ca = F; diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-certs.bro b/testing/btest/scripts/policy/protocols/ssl/validate-certs.bro index 9a00919643..03803fe2fa 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-certs.bro +++ b/testing/btest/scripts/policy/protocols/ssl/validate-certs.bro @@ -4,4 +4,4 @@ # @TEST-EXEC: cat ssl.log >> ssl-all.log # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-all.log -@load protocols/ssl/validate-certs.bro +@load protocols/ssl/validate-certs diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-sct.bro b/testing/btest/scripts/policy/protocols/ssl/validate-sct.bro index 0e6065f937..8dbd358e17 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-sct.bro +++ b/testing/btest/scripts/policy/protocols/ssl/validate-sct.bro @@ -5,7 +5,7 @@ # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-all.log -@load protocols/ssl/validate-sct.bro +@load protocols/ssl/validate-sct module SSL; From 1c7e41e5067f2cbb51ea1612064993dfa28a06db Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 12 Apr 2019 13:21:10 -0700 Subject: [PATCH 018/247] Updating submodule(s). [nomail] --- aux/broker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/broker b/aux/broker index 7dab576984..de0c8e0ece 160000 --- a/aux/broker +++ b/aux/broker @@ -1 +1 @@ -Subproject commit 7dab576984dee1f58fe5ceb81f36b63128d58860 +Subproject commit de0c8e0ecea39dd556a16f4ecc0d482e936c38ac From f96bc81f8599b2733f378b3a7edf5b062a88e648 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 12 Apr 2019 16:44:14 -0700 Subject: [PATCH 019/247] Updating submodule(s). [nomail] --- aux/broctl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/broctl b/aux/broctl index afc0260abf..a49144d3dd 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit afc0260abf663f4b44d535d66d378fde7b0d5206 +Subproject commit a49144d3dd26d906ad906ace97db3d093c510142 From 8cefb9be422343034d5bda1fb95f5105a7e337d9 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Fri, 12 Apr 2019 22:29:40 +0200 Subject: [PATCH 020/247] Implement the zeek_init handler. Implements the change and a test. --- scripts/base/files/extract/main.bro | 2 +- scripts/base/files/pe/main.bro | 2 +- scripts/base/files/unified2/main.bro | 2 +- scripts/base/files/x509/main.bro | 2 +- scripts/base/frameworks/analyzer/main.bro | 2 +- scripts/base/frameworks/broker/log.bro | 2 +- scripts/base/frameworks/broker/main.bro | 4 +- scripts/base/frameworks/cluster/main.bro | 2 +- scripts/base/frameworks/cluster/pools.bro | 6 +-- .../frameworks/cluster/setup-connections.bro | 2 +- scripts/base/frameworks/config/input.bro | 2 +- scripts/base/frameworks/config/main.bro | 2 +- scripts/base/frameworks/config/weird.bro | 2 +- scripts/base/frameworks/dpd/main.bro | 2 +- scripts/base/frameworks/files/main.bro | 2 +- scripts/base/frameworks/intel/cluster.bro | 4 +- scripts/base/frameworks/intel/input.bro | 2 +- scripts/base/frameworks/intel/main.bro | 2 +- .../frameworks/logging/postprocessors/scp.bro | 2 +- .../logging/postprocessors/sftp.bro | 2 +- .../netcontrol/catch-and-release.bro | 6 +-- .../base/frameworks/netcontrol/cluster.bro | 4 +- scripts/base/frameworks/netcontrol/drop.bro | 2 +- scripts/base/frameworks/netcontrol/main.bro | 16 +++---- scripts/base/frameworks/netcontrol/shunt.bro | 2 +- .../frameworks/notice/actions/pp-alarms.bro | 2 +- scripts/base/frameworks/notice/main.bro | 4 +- scripts/base/frameworks/notice/weird.bro | 2 +- scripts/base/frameworks/openflow/cluster.bro | 2 +- .../base/frameworks/openflow/plugins/log.bro | 2 +- .../base/frameworks/packet-filter/main.bro | 4 +- .../frameworks/packet-filter/netstats.bro | 2 +- scripts/base/frameworks/reporter/main.bro | 2 +- scripts/base/frameworks/signatures/main.bro | 2 +- scripts/base/frameworks/software/main.bro | 2 +- scripts/base/frameworks/sumstats/cluster.bro | 4 +- scripts/base/frameworks/sumstats/main.bro | 2 +- scripts/base/frameworks/tunnels/main.bro | 2 +- .../base/misc/find-checksum-offloading.bro | 4 +- scripts/base/misc/find-filtered-trace.bro | 2 +- scripts/base/protocols/conn/main.bro | 2 +- scripts/base/protocols/dce-rpc/main.bro | 2 +- scripts/base/protocols/dhcp/main.bro | 6 +-- scripts/base/protocols/dnp3/main.bro | 2 +- scripts/base/protocols/dns/main.bro | 2 +- scripts/base/protocols/ftp/files.bro | 2 +- scripts/base/protocols/ftp/main.bro | 2 +- scripts/base/protocols/http/files.bro | 2 +- scripts/base/protocols/http/main.bro | 2 +- scripts/base/protocols/imap/main.bro | 2 +- scripts/base/protocols/irc/files.bro | 2 +- scripts/base/protocols/irc/main.bro | 2 +- scripts/base/protocols/krb/files.bro | 2 +- scripts/base/protocols/krb/main.bro | 2 +- scripts/base/protocols/modbus/main.bro | 2 +- scripts/base/protocols/mysql/main.bro | 2 +- scripts/base/protocols/ntlm/main.bro | 2 +- scripts/base/protocols/radius/main.bro | 2 +- scripts/base/protocols/rdp/main.bro | 2 +- scripts/base/protocols/rfb/main.bro | 2 +- scripts/base/protocols/sip/main.bro | 2 +- scripts/base/protocols/smb/files.bro | 2 +- scripts/base/protocols/smb/main.bro | 2 +- scripts/base/protocols/smtp/files.bro | 2 +- scripts/base/protocols/smtp/main.bro | 2 +- scripts/base/protocols/snmp/main.bro | 2 +- scripts/base/protocols/socks/main.bro | 2 +- scripts/base/protocols/ssh/main.bro | 2 +- scripts/base/protocols/ssl/files.bro | 2 +- scripts/base/protocols/ssl/main.bro | 2 +- scripts/base/protocols/syslog/main.bro | 2 +- scripts/base/protocols/xmpp/main.bro | 2 +- scripts/base/utils/exec.bro | 2 +- scripts/base/utils/site.bro | 2 +- scripts/broxygen/__load__.bro | 2 +- scripts/broxygen/example.bro | 2 +- scripts/policy/files/x509/log-ocsp.bro | 2 +- .../policy/frameworks/control/controllee.bro | 2 +- .../policy/frameworks/control/controller.bro | 2 +- .../policy/frameworks/packet-filter/shunt.bro | 2 +- .../policy/frameworks/software/vulnerable.bro | 2 +- scripts/policy/integration/barnyard2/main.bro | 2 +- scripts/policy/misc/capture-loss.bro | 2 +- .../policy/misc/detect-traceroute/main.bro | 2 +- scripts/policy/misc/load-balancing.bro | 2 +- scripts/policy/misc/loaded-scripts.bro | 2 +- scripts/policy/misc/profiling.bro | 2 +- scripts/policy/misc/scan.bro | 2 +- scripts/policy/misc/stats.bro | 4 +- scripts/policy/misc/trim-trace-file.bro | 2 +- scripts/policy/misc/weird-stats.bro | 2 +- scripts/policy/protocols/conn/known-hosts.bro | 4 +- .../policy/protocols/conn/known-services.bro | 4 +- .../protocols/ftp/detect-bruteforcing.bro | 2 +- scripts/policy/protocols/http/detect-sqli.bro | 2 +- .../protocols/modbus/known-masters-slaves.bro | 2 +- .../policy/protocols/modbus/track-memmap.bro | 2 +- scripts/policy/protocols/smb/log-cmds.bro | 2 +- .../protocols/ssh/detect-bruteforcing.bro | 2 +- scripts/policy/protocols/ssl/heartbleed.bro | 2 +- scripts/policy/protocols/ssl/known-certs.bro | 4 +- .../protocols/ssl/log-hostcerts-only.bro | 2 +- .../policy/protocols/ssl/validate-certs.bro | 2 +- scripts/policy/protocols/ssl/validate-sct.bro | 2 +- scripts/policy/tuning/defaults/warnings.bro | 2 +- src/Net.cc | 2 +- src/Val.cc | 2 +- src/analyzer/Manager.cc | 2 +- src/analyzer/Manager.h | 4 +- src/analyzer/protocol/tcp/events.bif | 2 +- src/bro.bif | 10 ++--- src/broker/Manager.cc | 6 +-- src/broker/Manager.h | 6 +-- src/event.bif | 34 +++++++++----- src/main.cc | 14 +++--- src/parse.y | 6 +++ testing/btest/Baseline/language.zeek_init/out | 4 ++ testing/btest/language/zeek_init.bro | 44 +++++++++++++++++++ 118 files changed, 229 insertions(+), 165 deletions(-) create mode 100644 testing/btest/Baseline/language.zeek_init/out create mode 100644 testing/btest/language/zeek_init.bro diff --git a/scripts/base/files/extract/main.bro b/scripts/base/files/extract/main.bro index b2d1907e01..eaae44a089 100644 --- a/scripts/base/files/extract/main.bro +++ b/scripts/base/files/extract/main.bro @@ -75,7 +75,7 @@ event file_extraction_limit(f: fa_file, args: Files::AnalyzerArgs, limit: count, f$info$extracted_size = limit; } -event bro_init() &priority=10 +event zeek_init() &priority=10 { Files::register_analyzer_add_callback(Files::ANALYZER_EXTRACT, on_add); } diff --git a/scripts/base/files/pe/main.bro b/scripts/base/files/pe/main.bro index 972e8a31c8..2016d53901 100644 --- a/scripts/base/files/pe/main.bro +++ b/scripts/base/files/pe/main.bro @@ -55,7 +55,7 @@ redef record fa_file += { const pe_mime_types = { "application/x-dosexec" }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Files::register_for_mime_types(Files::ANALYZER_PE, pe_mime_types); Log::create_stream(LOG, [$columns=Info, $ev=log_pe, $path="pe"]); diff --git a/scripts/base/files/unified2/main.bro b/scripts/base/files/unified2/main.bro index 4670ff35c1..1a9841d5b1 100644 --- a/scripts/base/files/unified2/main.bro +++ b/scripts/base/files/unified2/main.bro @@ -193,7 +193,7 @@ event Input::end_of_data(name: string, source: string) start_watching(); } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(Unified2::LOG, [$columns=Info, $ev=log_unified2, $path="unified2"]); diff --git a/scripts/base/files/x509/main.bro b/scripts/base/files/x509/main.bro index b6fdde5494..e674ae8888 100644 --- a/scripts/base/files/x509/main.bro +++ b/scripts/base/files/x509/main.bro @@ -29,7 +29,7 @@ export { global log_x509: event(rec: Info); } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(X509::LOG, [$columns=Info, $ev=log_x509, $path="x509"]); diff --git a/scripts/base/frameworks/analyzer/main.bro b/scripts/base/frameworks/analyzer/main.bro index 39b0d573fd..57a602f308 100644 --- a/scripts/base/frameworks/analyzer/main.bro +++ b/scripts/base/frameworks/analyzer/main.bro @@ -135,7 +135,7 @@ export { global ports: table[Analyzer::Tag] of set[port]; -event bro_init() &priority=5 +event zeek_init() &priority=5 { if ( disable_all ) __disable_all_analyzers(); diff --git a/scripts/base/frameworks/broker/log.bro b/scripts/base/frameworks/broker/log.bro index 2461cb8d54..bd76684b74 100644 --- a/scripts/base/frameworks/broker/log.bro +++ b/scripts/base/frameworks/broker/log.bro @@ -30,7 +30,7 @@ export { }; } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(Broker::LOG, [$columns=Info, $path="broker"]); } diff --git a/scripts/base/frameworks/broker/main.bro b/scripts/base/frameworks/broker/main.bro index 9be261eaf1..93ed69c3c5 100644 --- a/scripts/base/frameworks/broker/main.bro +++ b/scripts/base/frameworks/broker/main.bro @@ -298,7 +298,7 @@ export { ## Register interest in all peer event messages that use a certain topic ## prefix. Note that subscriptions may not be altered immediately after - ## calling (except during :bro:see:`bro_init`). + ## calling (except during :bro:see:`zeek_init`). ## ## topic_prefix: a prefix to match against remote message topics. ## e.g. an empty prefix matches everything and "a" matches @@ -309,7 +309,7 @@ export { ## Unregister interest in all peer event messages that use a topic prefix. ## Note that subscriptions may not be altered immediately after calling - ## (except during :bro:see:`bro_init`). + ## (except during :bro:see:`zeek_init`). ## ## topic_prefix: a prefix previously supplied to a successful call to ## :bro:see:`Broker::subscribe` or :bro:see:`Broker::forward`. diff --git a/scripts/base/frameworks/cluster/main.bro b/scripts/base/frameworks/cluster/main.bro index 2d492454d4..4a66315d1b 100644 --- a/scripts/base/frameworks/cluster/main.bro +++ b/scripts/base/frameworks/cluster/main.bro @@ -359,7 +359,7 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string) &priority=1 } } -event bro_init() &priority=5 +event zeek_init() &priority=5 { # If a node is given, but it's an unknown name we need to fail. if ( node != "" && node !in nodes ) diff --git a/scripts/base/frameworks/cluster/pools.bro b/scripts/base/frameworks/cluster/pools.bro index 8f4e92b922..40f9a9cbf1 100644 --- a/scripts/base/frameworks/cluster/pools.bro +++ b/scripts/base/frameworks/cluster/pools.bro @@ -324,7 +324,7 @@ function mark_pool_node_dead(pool: Pool, name: string): bool return T; } -event bro_init() +event zeek_init() { worker_pool = register_pool(worker_pool_spec); proxy_pool = register_pool(proxy_pool_spec); @@ -344,8 +344,8 @@ function pool_sorter(a: Pool, b: Pool): int return strcmp(a$spec$topic, b$spec$topic); } -# Needs to execute before the bro_init in setup-connections -event bro_init() &priority=-5 +# Needs to execute before the zeek_init in setup-connections +event zeek_init() &priority=-5 { if ( ! Cluster::is_enabled() ) return; diff --git a/scripts/base/frameworks/cluster/setup-connections.bro b/scripts/base/frameworks/cluster/setup-connections.bro index a90081c639..004dd22f2a 100644 --- a/scripts/base/frameworks/cluster/setup-connections.bro +++ b/scripts/base/frameworks/cluster/setup-connections.bro @@ -42,7 +42,7 @@ function connect_peers_with_type(node_type: NodeType) } } -event bro_init() &priority=-10 +event zeek_init() &priority=-10 { if ( getenv("BROCTL_CHECK_CONFIG") != "" ) return; diff --git a/scripts/base/frameworks/config/input.bro b/scripts/base/frameworks/config/input.bro index 7c1f37567b..9796d69f57 100644 --- a/scripts/base/frameworks/config/input.bro +++ b/scripts/base/frameworks/config/input.bro @@ -34,7 +34,7 @@ event config_line(description: Input::EventDescription, tpe: Input::Event, p: Ev { } -event bro_init() &priority=5 +event zeek_init() &priority=5 { if ( Cluster::is_enabled() && Cluster::local_node_type() != Cluster::MANAGER ) return; diff --git a/scripts/base/frameworks/config/main.bro b/scripts/base/frameworks/config/main.bro index 2f9dbfc720..aacebbc530 100644 --- a/scripts/base/frameworks/config/main.bro +++ b/scripts/base/frameworks/config/main.bro @@ -150,7 +150,7 @@ function config_option_changed(ID: string, new_value: any, location: string): an return new_value; } -event bro_init() &priority=10 +event zeek_init() &priority=10 { Log::create_stream(LOG, [$columns=Info, $ev=log_config, $path="config"]); diff --git a/scripts/base/frameworks/config/weird.bro b/scripts/base/frameworks/config/weird.bro index bc311e3029..5e55b0b188 100644 --- a/scripts/base/frameworks/config/weird.bro +++ b/scripts/base/frameworks/config/weird.bro @@ -35,7 +35,7 @@ function weird_option_change_interval(ID: string, new_value: interval, location: return new_value; } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Option::set_change_handler("Weird::sampling_whitelist", weird_option_change_sampling_whitelist, 5); Option::set_change_handler("Weird::sampling_threshold", weird_option_change_count, 5); diff --git a/scripts/base/frameworks/dpd/main.bro b/scripts/base/frameworks/dpd/main.bro index cce8b362d5..c6a3515bc3 100644 --- a/scripts/base/frameworks/dpd/main.bro +++ b/scripts/base/frameworks/dpd/main.bro @@ -39,7 +39,7 @@ redef record connection += { dpd: Info &optional; }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(DPD::LOG, [$columns=Info, $path="dpd"]); } diff --git a/scripts/base/frameworks/files/main.bro b/scripts/base/frameworks/files/main.bro index d3d37b30ab..fc75d68e8e 100644 --- a/scripts/base/frameworks/files/main.bro +++ b/scripts/base/frameworks/files/main.bro @@ -324,7 +324,7 @@ global mime_type_to_analyzers: table[string] of set[Files::Tag]; global analyzer_add_callbacks: table[Files::Tag] of function(f: fa_file, args: AnalyzerArgs) = table(); -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(Files::LOG, [$columns=Info, $ev=log_files, $path="files"]); } diff --git a/scripts/base/frameworks/intel/cluster.bro b/scripts/base/frameworks/intel/cluster.bro index b71e8c47ea..2d51ffb200 100644 --- a/scripts/base/frameworks/intel/cluster.bro +++ b/scripts/base/frameworks/intel/cluster.bro @@ -16,7 +16,7 @@ redef have_full_data = F; @endif @if ( Cluster::local_node_type() == Cluster::MANAGER ) -event bro_init() +event zeek_init() { Broker::auto_publish(Cluster::worker_topic, remove_indicator); } @@ -67,7 +67,7 @@ event Intel::match_remote(s: Seen) &priority=5 @endif @if ( Cluster::local_node_type() == Cluster::WORKER ) -event bro_init() +event zeek_init() { Broker::auto_publish(Cluster::manager_topic, match_remote); Broker::auto_publish(Cluster::manager_topic, remove_item); diff --git a/scripts/base/frameworks/intel/input.bro b/scripts/base/frameworks/intel/input.bro index aea3ac9a35..4dfa011fad 100644 --- a/scripts/base/frameworks/intel/input.bro +++ b/scripts/base/frameworks/intel/input.bro @@ -27,7 +27,7 @@ event Intel::read_entry(desc: Input::EventDescription, tpe: Input::Event, item: Intel::insert(item); } -event bro_init() &priority=5 +event zeek_init() &priority=5 { if ( ! Cluster::is_enabled() || Cluster::local_node_type() == Cluster::MANAGER ) diff --git a/scripts/base/frameworks/intel/main.bro b/scripts/base/frameworks/intel/main.bro index 4bc3b296dd..f59323369d 100644 --- a/scripts/base/frameworks/intel/main.bro +++ b/scripts/base/frameworks/intel/main.bro @@ -223,7 +223,7 @@ type MinDataStore: record { global min_data_store: MinDataStore &redef; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(LOG, [$columns=Info, $ev=log_intel, $path="intel"]); } diff --git a/scripts/base/frameworks/logging/postprocessors/scp.bro b/scripts/base/frameworks/logging/postprocessors/scp.bro index d63520abe6..462cb86b20 100644 --- a/scripts/base/frameworks/logging/postprocessors/scp.bro +++ b/scripts/base/frameworks/logging/postprocessors/scp.bro @@ -2,7 +2,7 @@ ##! to a logging filter in order to automatically SCP (secure copy) ##! a log stream (or a subset of it) to a remote host at configurable ##! rotation time intervals. Generally, to use this functionality -##! you must handle the :bro:id:`bro_init` event and do the following +##! you must handle the :bro:id:`zeek_init` event and do the following ##! in your handler: ##! ##! 1) Create a new :bro:type:`Log::Filter` record that defines a name/path, diff --git a/scripts/base/frameworks/logging/postprocessors/sftp.bro b/scripts/base/frameworks/logging/postprocessors/sftp.bro index 8c77899864..803851261f 100644 --- a/scripts/base/frameworks/logging/postprocessors/sftp.bro +++ b/scripts/base/frameworks/logging/postprocessors/sftp.bro @@ -2,7 +2,7 @@ ##! to a logging filter in order to automatically SFTP ##! a log stream (or a subset of it) to a remote host at configurable ##! rotation time intervals. Generally, to use this functionality -##! you must handle the :bro:id:`bro_init` event and do the following +##! you must handle the :bro:id:`zeek_init` event and do the following ##! in your handler: ##! ##! 1) Create a new :bro:type:`Log::Filter` record that defines a name/path, diff --git a/scripts/base/frameworks/netcontrol/catch-and-release.bro b/scripts/base/frameworks/netcontrol/catch-and-release.bro index 79de7d9662..83d9e1d7af 100644 --- a/scripts/base/frameworks/netcontrol/catch-and-release.bro +++ b/scripts/base/frameworks/netcontrol/catch-and-release.bro @@ -163,7 +163,7 @@ export { # Set that is used to only send seen notifications to the master every ~30 seconds. global catch_release_recently_notified: set[addr] &create_expire=30secs; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(NetControl::CATCH_RELEASE, [$columns=CatchReleaseInfo, $ev=log_netcontrol_catch_release, $path="netcontrol_catch_release"]); } @@ -227,13 +227,13 @@ global blocks: table[addr] of BlockInfo = {} @if ( Cluster::is_enabled() ) @if ( Cluster::local_node_type() == Cluster::MANAGER ) -event bro_init() +event zeek_init() { Broker::auto_publish(Cluster::worker_topic, NetControl::catch_release_block_new); Broker::auto_publish(Cluster::worker_topic, NetControl::catch_release_block_delete); } @else -event bro_init() +event zeek_init() { Broker::auto_publish(Cluster::manager_topic, NetControl::catch_release_add); Broker::auto_publish(Cluster::manager_topic, NetControl::catch_release_delete); diff --git a/scripts/base/frameworks/netcontrol/cluster.bro b/scripts/base/frameworks/netcontrol/cluster.bro index d70ab6d1c1..3fbd4cd6a1 100644 --- a/scripts/base/frameworks/netcontrol/cluster.bro +++ b/scripts/base/frameworks/netcontrol/cluster.bro @@ -17,7 +17,7 @@ export { } @if ( Cluster::local_node_type() == Cluster::MANAGER ) -event bro_init() +event zeek_init() { Broker::auto_publish(Cluster::worker_topic, NetControl::rule_added); Broker::auto_publish(Cluster::worker_topic, NetControl::rule_removed); @@ -28,7 +28,7 @@ event bro_init() Broker::auto_publish(Cluster::worker_topic, NetControl::rule_destroyed); } @else -event bro_init() +event zeek_init() { Broker::auto_publish(Cluster::manager_topic, NetControl::cluster_netcontrol_add_rule); Broker::auto_publish(Cluster::manager_topic, NetControl::cluster_netcontrol_remove_rule); diff --git a/scripts/base/frameworks/netcontrol/drop.bro b/scripts/base/frameworks/netcontrol/drop.bro index 8b31996057..40304e1187 100644 --- a/scripts/base/frameworks/netcontrol/drop.bro +++ b/scripts/base/frameworks/netcontrol/drop.bro @@ -55,7 +55,7 @@ export { global log_netcontrol_drop: event(rec: DropInfo); } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(NetControl::DROP, [$columns=DropInfo, $ev=log_netcontrol_drop, $path="netcontrol_drop"]); } diff --git a/scripts/base/frameworks/netcontrol/main.bro b/scripts/base/frameworks/netcontrol/main.bro index a9418508af..b85d42046a 100644 --- a/scripts/base/frameworks/netcontrol/main.bro +++ b/scripts/base/frameworks/netcontrol/main.bro @@ -262,7 +262,7 @@ export { ##### Plugin functions ## Function called by plugins once they finished their activation. After all - ## plugins defined in bro_init finished to activate, rules will start to be sent + ## plugins defined in zeek_init finished to activate, rules will start to be sent ## to the plugins. Rules that scripts try to set before the backends are ready ## will be discarded. global plugin_activated: function(p: PluginState); @@ -338,13 +338,13 @@ redef record Rule += { }; # Variable tracking the state of plugin activation. Once all plugins that -# have been added in bro_init are activated, this will switch to T and +# have been added in zeek_init are activated, this will switch to T and # the event NetControl::init_done will be raised. global plugins_active: bool = F; -# Set to true at the end of bro_init (with very low priority). +# Set to true at the end of zeek_init (with very low priority). # Used to track when plugin activation could potentially be finished -global bro_init_done: bool = F; +global zeek_init_done: bool = F; # The counters that are used to generate the rule and plugin IDs global rule_counter: count = 1; @@ -364,7 +364,7 @@ global rules_by_subnets: table[subnet] of set[string]; # There always only can be one rule of each type for one entity. global rule_entities: table[Entity, RuleType] of Rule; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(NetControl::LOG, [$columns=Info, $ev=log_netcontrol, $path="netcontrol"]); } @@ -613,18 +613,18 @@ function plugin_activated(p: PluginState) plugin_ids[id]$_activated = T; log_msg("activation finished", p); - if ( bro_init_done ) + if ( zeek_init_done ) check_plugins(); } -event bro_init() &priority=-5 +event zeek_init() &priority=-5 { event NetControl::init(); } event NetControl::init() &priority=-20 { - bro_init_done = T; + zeek_init_done = T; check_plugins(); diff --git a/scripts/base/frameworks/netcontrol/shunt.bro b/scripts/base/frameworks/netcontrol/shunt.bro index 1275be1560..58923a0cb3 100644 --- a/scripts/base/frameworks/netcontrol/shunt.bro +++ b/scripts/base/frameworks/netcontrol/shunt.bro @@ -36,7 +36,7 @@ export { global log_netcontrol_shunt: event(rec: ShuntInfo); } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(NetControl::SHUNT, [$columns=ShuntInfo, $ev=log_netcontrol_shunt, $path="netcontrol_shunt"]); } diff --git a/scripts/base/frameworks/notice/actions/pp-alarms.bro b/scripts/base/frameworks/notice/actions/pp-alarms.bro index a385d8c626..02fe65e163 100644 --- a/scripts/base/frameworks/notice/actions/pp-alarms.bro +++ b/scripts/base/frameworks/notice/actions/pp-alarms.bro @@ -95,7 +95,7 @@ function pp_postprocessor(info: Log::RotationInfo): bool return T; } -event bro_init() +event zeek_init() { if ( ! want_pp() ) return; diff --git a/scripts/base/frameworks/notice/main.bro b/scripts/base/frameworks/notice/main.bro index 881e5d7467..5b2625e0db 100644 --- a/scripts/base/frameworks/notice/main.bro +++ b/scripts/base/frameworks/notice/main.bro @@ -385,7 +385,7 @@ function log_mailing_postprocessor(info: Log::RotationInfo): bool return T; } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(Notice::LOG, [$columns=Info, $ev=log_notice, $path="notice"]); @@ -531,7 +531,7 @@ event Notice::begin_suppression(ts: time, suppress_for: interval, note: Type, suppressing[note, identifier] = suppress_until; } -event bro_init() +event zeek_init() { if ( ! Cluster::is_enabled() ) return; diff --git a/scripts/base/frameworks/notice/weird.bro b/scripts/base/frameworks/notice/weird.bro index c7a1f3aefb..d91a93ce27 100644 --- a/scripts/base/frameworks/notice/weird.bro +++ b/scripts/base/frameworks/notice/weird.bro @@ -296,7 +296,7 @@ const notice_actions = { ACTION_NOTICE_ONCE, }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(Weird::LOG, [$columns=Info, $ev=log_weird, $path="weird"]); } diff --git a/scripts/base/frameworks/openflow/cluster.bro b/scripts/base/frameworks/openflow/cluster.bro index 9ae4274bb7..6ff005b877 100644 --- a/scripts/base/frameworks/openflow/cluster.bro +++ b/scripts/base/frameworks/openflow/cluster.bro @@ -15,7 +15,7 @@ export { @if ( Cluster::local_node_type() != Cluster::MANAGER ) # Workers need ability to forward commands to manager. -event bro_init() +event zeek_init() { Broker::auto_publish(Cluster::manager_topic, OpenFlow::cluster_flow_mod); Broker::auto_publish(Cluster::manager_topic, OpenFlow::cluster_flow_clear); diff --git a/scripts/base/frameworks/openflow/plugins/log.bro b/scripts/base/frameworks/openflow/plugins/log.bro index 2fd961cd4f..7f1ecf86ea 100644 --- a/scripts/base/frameworks/openflow/plugins/log.bro +++ b/scripts/base/frameworks/openflow/plugins/log.bro @@ -46,7 +46,7 @@ export { global log_openflow: event(rec: Info); } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(OpenFlow::LOG, [$columns=Info, $ev=log_openflow, $path="openflow"]); } diff --git a/scripts/base/frameworks/packet-filter/main.bro b/scripts/base/frameworks/packet-filter/main.bro index 9657f14c44..c06e801710 100644 --- a/scripts/base/frameworks/packet-filter/main.bro +++ b/scripts/base/frameworks/packet-filter/main.bro @@ -157,7 +157,7 @@ event filter_change_tracking() schedule 5min { filter_change_tracking() }; } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(PacketFilter::LOG, [$columns=Info, $path="packet_filter"]); @@ -175,7 +175,7 @@ event bro_init() &priority=5 } } -event bro_init() &priority=-5 +event zeek_init() &priority=-5 { install(); diff --git a/scripts/base/frameworks/packet-filter/netstats.bro b/scripts/base/frameworks/packet-filter/netstats.bro index 14545243d2..48b157b3eb 100644 --- a/scripts/base/frameworks/packet-filter/netstats.bro +++ b/scripts/base/frameworks/packet-filter/netstats.bro @@ -33,7 +33,7 @@ event net_stats_update(last_stat: NetStats) schedule stats_collection_interval { net_stats_update(ns) }; } -event bro_init() +event zeek_init() { # Since this currently only calculates packet drops, let's skip the stats # collection if reading traces. diff --git a/scripts/base/frameworks/reporter/main.bro b/scripts/base/frameworks/reporter/main.bro index 8cba29bdc2..3d4107a80e 100644 --- a/scripts/base/frameworks/reporter/main.bro +++ b/scripts/base/frameworks/reporter/main.bro @@ -35,7 +35,7 @@ export { }; } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(Reporter::LOG, [$columns=Info, $path="reporter"]); } diff --git a/scripts/base/frameworks/signatures/main.bro b/scripts/base/frameworks/signatures/main.bro index 70c446d046..da19416871 100644 --- a/scripts/base/frameworks/signatures/main.bro +++ b/scripts/base/frameworks/signatures/main.bro @@ -140,7 +140,7 @@ global count_per_orig: table[addr, string] of count global did_sig_log: set[string] &read_expire = 1 hr; -event bro_init() +event zeek_init() { Log::create_stream(Signatures::LOG, [$columns=Info, $ev=log_signature, $path="signatures"]); } diff --git a/scripts/base/frameworks/software/main.bro b/scripts/base/frameworks/software/main.bro index 068f34d1cf..291ca539a1 100644 --- a/scripts/base/frameworks/software/main.bro +++ b/scripts/base/frameworks/software/main.bro @@ -121,7 +121,7 @@ export { global register: event(info: Info); } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(Software::LOG, [$columns=Info, $ev=log_software, $path="software"]); } diff --git a/scripts/base/frameworks/sumstats/cluster.bro b/scripts/base/frameworks/sumstats/cluster.bro index f92b4112ff..670ad86fe1 100644 --- a/scripts/base/frameworks/sumstats/cluster.bro +++ b/scripts/base/frameworks/sumstats/cluster.bro @@ -61,7 +61,7 @@ global recent_global_view_keys: set[string, Key] &create_expire=1min; @if ( Cluster::local_node_type() != Cluster::MANAGER ) -event bro_init() &priority=100 +event zeek_init() &priority=100 { Broker::auto_publish(Cluster::manager_topic, SumStats::cluster_send_result); Broker::auto_publish(Cluster::manager_topic, SumStats::cluster_key_intermediate_response); @@ -209,7 +209,7 @@ function request_key(ss_name: string, key: Key): Result @if ( Cluster::local_node_type() == Cluster::MANAGER ) -event bro_init() &priority=100 +event zeek_init() &priority=100 { Broker::auto_publish(Cluster::worker_topic, SumStats::cluster_ss_request); Broker::auto_publish(Cluster::worker_topic, SumStats::cluster_get_result); diff --git a/scripts/base/frameworks/sumstats/main.bro b/scripts/base/frameworks/sumstats/main.bro index a37877f7e8..a312377111 100644 --- a/scripts/base/frameworks/sumstats/main.bro +++ b/scripts/base/frameworks/sumstats/main.bro @@ -270,7 +270,7 @@ function add_observe_plugin_dependency(calc: Calculation, depends_on: Calculatio calc_deps[calc] += depends_on; } -event bro_init() &priority=100000 +event zeek_init() &priority=100000 { # Call all of the plugin registration hooks hook register_observe_plugins(); diff --git a/scripts/base/frameworks/tunnels/main.bro b/scripts/base/frameworks/tunnels/main.bro index f90616e38e..f72a7d3445 100644 --- a/scripts/base/frameworks/tunnels/main.bro +++ b/scripts/base/frameworks/tunnels/main.bro @@ -87,7 +87,7 @@ const teredo_ports = { 3544/udp }; const gtpv1_ports = { 2152/udp, 2123/udp }; redef likely_server_ports += { ayiya_ports, teredo_ports, gtpv1_ports, vxlan_ports }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(Tunnel::LOG, [$columns=Info, $path="tunnel"]); diff --git a/scripts/base/misc/find-checksum-offloading.bro b/scripts/base/misc/find-checksum-offloading.bro index 334cf4a2db..1edd4f9799 100644 --- a/scripts/base/misc/find-checksum-offloading.bro +++ b/scripts/base/misc/find-checksum-offloading.bro @@ -62,7 +62,7 @@ event ChecksumOffloading::check() } } -event bro_init() +event zeek_init() { schedule check_interval { ChecksumOffloading::check() }; } @@ -81,7 +81,7 @@ event conn_weird(name: string, c: connection, addl: string) ++bad_udp_checksums; } -event bro_done() +event zeek_done() { event ChecksumOffloading::check(); } diff --git a/scripts/base/misc/find-filtered-trace.bro b/scripts/base/misc/find-filtered-trace.bro index a723b656a7..a756f78551 100644 --- a/scripts/base/misc/find-filtered-trace.bro +++ b/scripts/base/misc/find-filtered-trace.bro @@ -36,7 +36,7 @@ event connection_state_remove(c: connection) saw_tcp_conn_with_data = T; } -event bro_done() +event zeek_done() { if ( ! enable ) return; diff --git a/scripts/base/protocols/conn/main.bro b/scripts/base/protocols/conn/main.bro index e2209b6e22..77a9c63aac 100644 --- a/scripts/base/protocols/conn/main.bro +++ b/scripts/base/protocols/conn/main.bro @@ -155,7 +155,7 @@ redef record connection += { conn: Info &optional; }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(Conn::LOG, [$columns=Info, $ev=log_conn, $path="conn"]); } diff --git a/scripts/base/protocols/dce-rpc/main.bro b/scripts/base/protocols/dce-rpc/main.bro index 7013ae15e9..1b318265e8 100644 --- a/scripts/base/protocols/dce-rpc/main.bro +++ b/scripts/base/protocols/dce-rpc/main.bro @@ -59,7 +59,7 @@ redef record connection += { const ports = { 135/tcp }; redef likely_server_ports += { ports }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(DCE_RPC::LOG, [$columns=Info, $path="dce_rpc"]); Analyzer::register_for_ports(Analyzer::ANALYZER_DCE_RPC, ports); diff --git a/scripts/base/protocols/dhcp/main.bro b/scripts/base/protocols/dhcp/main.bro index b31c623afa..20998c082c 100644 --- a/scripts/base/protocols/dhcp/main.bro +++ b/scripts/base/protocols/dhcp/main.bro @@ -117,14 +117,14 @@ redef record Info += { const ports = { 67/udp, 68/udp, 4011/udp }; redef likely_server_ports += { 67/udp }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(DHCP::LOG, [$columns=Info, $ev=log_dhcp, $path="dhcp"]); Analyzer::register_for_ports(Analyzer::ANALYZER_DHCP, ports); } @if ( Cluster::is_enabled() ) -event bro_init() +event zeek_init() { Broker::auto_publish(Cluster::manager_topic, DHCP::aggregate_msgs); } @@ -264,7 +264,7 @@ event dhcp_message(c: connection, is_orig: bool, msg: DHCP::Msg, options: DHCP:: event DHCP::aggregate_msgs(network_time(), c$id, c$uid, is_orig, msg, options); } -event bro_done() &priority=-5 +event zeek_done() &priority=-5 { # Log any remaining data that hasn't already been logged! for ( i in DHCP::join_data ) diff --git a/scripts/base/protocols/dnp3/main.bro b/scripts/base/protocols/dnp3/main.bro index 35dd012d75..184816c59f 100644 --- a/scripts/base/protocols/dnp3/main.bro +++ b/scripts/base/protocols/dnp3/main.bro @@ -34,7 +34,7 @@ redef record connection += { const ports = { 20000/tcp , 20000/udp }; redef likely_server_ports += { ports }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(DNP3::LOG, [$columns=Info, $ev=log_dnp3, $path="dnp3"]); Analyzer::register_for_ports(Analyzer::ANALYZER_DNP3_TCP, ports); diff --git a/scripts/base/protocols/dns/main.bro b/scripts/base/protocols/dns/main.bro index f8e655d826..8504d614f6 100644 --- a/scripts/base/protocols/dns/main.bro +++ b/scripts/base/protocols/dns/main.bro @@ -154,7 +154,7 @@ redef record connection += { const ports = { 53/udp, 53/tcp, 137/udp, 5353/udp, 5355/udp }; redef likely_server_ports += { ports }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(DNS::LOG, [$columns=Info, $ev=log_dns, $path="dns"]); Analyzer::register_for_ports(Analyzer::ANALYZER_DNS, ports); diff --git a/scripts/base/protocols/ftp/files.bro b/scripts/base/protocols/ftp/files.bro index e84eda7a5a..f2c2625bdb 100644 --- a/scripts/base/protocols/ftp/files.bro +++ b/scripts/base/protocols/ftp/files.bro @@ -45,7 +45,7 @@ function describe_file(f: fa_file): string return ""; } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Files::register_protocol(Analyzer::ANALYZER_FTP_DATA, [$get_file_handle = FTP::get_file_handle, diff --git a/scripts/base/protocols/ftp/main.bro b/scripts/base/protocols/ftp/main.bro index 9b64345a12..78a4dbabff 100644 --- a/scripts/base/protocols/ftp/main.bro +++ b/scripts/base/protocols/ftp/main.bro @@ -50,7 +50,7 @@ redef record connection += { const ports = { 21/tcp, 2811/tcp }; redef likely_server_ports += { ports }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(FTP::LOG, [$columns=Info, $ev=log_ftp, $path="ftp"]); Analyzer::register_for_ports(Analyzer::ANALYZER_FTP, ports); diff --git a/scripts/base/protocols/http/files.bro b/scripts/base/protocols/http/files.bro index 078c6d2e66..a8a67762d4 100644 --- a/scripts/base/protocols/http/files.bro +++ b/scripts/base/protocols/http/files.bro @@ -48,7 +48,7 @@ function describe_file(f: fa_file): string return ""; } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Files::register_protocol(Analyzer::ANALYZER_HTTP, [$get_file_handle = HTTP::get_file_handle, diff --git a/scripts/base/protocols/http/main.bro b/scripts/base/protocols/http/main.bro index ea86367bb1..ef0561efb4 100644 --- a/scripts/base/protocols/http/main.bro +++ b/scripts/base/protocols/http/main.bro @@ -139,7 +139,7 @@ const ports = { redef likely_server_ports += { ports }; # Initialize the HTTP logging stream and ports. -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(HTTP::LOG, [$columns=Info, $ev=log_http, $path="http"]); Analyzer::register_for_ports(Analyzer::ANALYZER_HTTP, ports); diff --git a/scripts/base/protocols/imap/main.bro b/scripts/base/protocols/imap/main.bro index 9f0305c80c..30bfeab229 100644 --- a/scripts/base/protocols/imap/main.bro +++ b/scripts/base/protocols/imap/main.bro @@ -4,7 +4,7 @@ module IMAP; const ports = { 143/tcp }; redef likely_server_ports += { ports }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Analyzer::register_for_ports(Analyzer::ANALYZER_IMAP, ports); } diff --git a/scripts/base/protocols/irc/files.bro b/scripts/base/protocols/irc/files.bro index 759acdca81..59b178f4df 100644 --- a/scripts/base/protocols/irc/files.bro +++ b/scripts/base/protocols/irc/files.bro @@ -23,7 +23,7 @@ function get_file_handle(c: connection, is_orig: bool): string return cat(Analyzer::ANALYZER_IRC_DATA, c$start_time, c$id, is_orig); } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Files::register_protocol(Analyzer::ANALYZER_IRC_DATA, [$get_file_handle = IRC::get_file_handle]); diff --git a/scripts/base/protocols/irc/main.bro b/scripts/base/protocols/irc/main.bro index c2de29da6a..85a8795e88 100644 --- a/scripts/base/protocols/irc/main.bro +++ b/scripts/base/protocols/irc/main.bro @@ -41,7 +41,7 @@ redef record connection += { const ports = { 6666/tcp, 6667/tcp, 6668/tcp, 6669/tcp }; redef likely_server_ports += { ports }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(IRC::LOG, [$columns=Info, $ev=irc_log, $path="irc"]); Analyzer::register_for_ports(Analyzer::ANALYZER_IRC, ports); diff --git a/scripts/base/protocols/krb/files.bro b/scripts/base/protocols/krb/files.bro index 18ee4da83f..c7dde949f2 100644 --- a/scripts/base/protocols/krb/files.bro +++ b/scripts/base/protocols/krb/files.bro @@ -61,7 +61,7 @@ function describe_file(f: fa_file): string f$info$x509$certificate$issuer); } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Files::register_protocol(Analyzer::ANALYZER_KRB_TCP, [$get_file_handle = KRB::get_file_handle, diff --git a/scripts/base/protocols/krb/main.bro b/scripts/base/protocols/krb/main.bro index 076ea0e171..72103104d5 100644 --- a/scripts/base/protocols/krb/main.bro +++ b/scripts/base/protocols/krb/main.bro @@ -73,7 +73,7 @@ const tcp_ports = { 88/tcp }; const udp_ports = { 88/udp }; redef likely_server_ports += { tcp_ports, udp_ports }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Analyzer::register_for_ports(Analyzer::ANALYZER_KRB, udp_ports); Analyzer::register_for_ports(Analyzer::ANALYZER_KRB_TCP, tcp_ports); diff --git a/scripts/base/protocols/modbus/main.bro b/scripts/base/protocols/modbus/main.bro index 5a30d170e5..d8866cefa1 100644 --- a/scripts/base/protocols/modbus/main.bro +++ b/scripts/base/protocols/modbus/main.bro @@ -32,7 +32,7 @@ redef record connection += { const ports = { 502/tcp }; redef likely_server_ports += { ports }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(Modbus::LOG, [$columns=Info, $ev=log_modbus, $path="modbus"]); Analyzer::register_for_ports(Analyzer::ANALYZER_MODBUS, ports); diff --git a/scripts/base/protocols/mysql/main.bro b/scripts/base/protocols/mysql/main.bro index e4ba07cbca..e4c76dd5bc 100644 --- a/scripts/base/protocols/mysql/main.bro +++ b/scripts/base/protocols/mysql/main.bro @@ -37,7 +37,7 @@ redef record connection += { const ports = { 1434/tcp, 3306/tcp }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(mysql::LOG, [$columns=Info, $ev=log_mysql, $path="mysql"]); Analyzer::register_for_ports(Analyzer::ANALYZER_MYSQL, ports); diff --git a/scripts/base/protocols/ntlm/main.bro b/scripts/base/protocols/ntlm/main.bro index 88a484e090..231f90473d 100644 --- a/scripts/base/protocols/ntlm/main.bro +++ b/scripts/base/protocols/ntlm/main.bro @@ -42,7 +42,7 @@ redef record connection += { ntlm: Info &optional; }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(NTLM::LOG, [$columns=Info, $path="ntlm"]); } diff --git a/scripts/base/protocols/radius/main.bro b/scripts/base/protocols/radius/main.bro index ea30b27911..69a05cc8b3 100644 --- a/scripts/base/protocols/radius/main.bro +++ b/scripts/base/protocols/radius/main.bro @@ -56,7 +56,7 @@ redef record connection += { const ports = { 1812/udp }; redef likely_server_ports += { ports }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(RADIUS::LOG, [$columns=Info, $ev=log_radius, $path="radius"]); Analyzer::register_for_ports(Analyzer::ANALYZER_RADIUS, ports); diff --git a/scripts/base/protocols/rdp/main.bro b/scripts/base/protocols/rdp/main.bro index 30d5764ce3..39c3ef8fd8 100644 --- a/scripts/base/protocols/rdp/main.bro +++ b/scripts/base/protocols/rdp/main.bro @@ -86,7 +86,7 @@ redef record connection += { const ports = { 3389/tcp }; redef likely_server_ports += { ports }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(RDP::LOG, [$columns=RDP::Info, $ev=log_rdp, $path="rdp"]); Analyzer::register_for_ports(Analyzer::ANALYZER_RDP, ports); diff --git a/scripts/base/protocols/rfb/main.bro b/scripts/base/protocols/rfb/main.bro index ff05063538..ae9d3ca508 100644 --- a/scripts/base/protocols/rfb/main.bro +++ b/scripts/base/protocols/rfb/main.bro @@ -76,7 +76,7 @@ redef record connection += { rfb: Info &optional; }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(RFB::LOG, [$columns=Info, $ev=log_rfb, $path="rfb"]); } diff --git a/scripts/base/protocols/sip/main.bro b/scripts/base/protocols/sip/main.bro index 68ebb9b222..e0647e6494 100644 --- a/scripts/base/protocols/sip/main.bro +++ b/scripts/base/protocols/sip/main.bro @@ -98,7 +98,7 @@ redef record connection += { const ports = { 5060/udp }; redef likely_server_ports += { ports }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(SIP::LOG, [$columns=Info, $ev=log_sip, $path="sip"]); Analyzer::register_for_ports(Analyzer::ANALYZER_SIP, ports); diff --git a/scripts/base/protocols/smb/files.bro b/scripts/base/protocols/smb/files.bro index 5916624941..ac719d728f 100644 --- a/scripts/base/protocols/smb/files.bro +++ b/scripts/base/protocols/smb/files.bro @@ -46,7 +46,7 @@ function describe_file(f: fa_file): string return ""; } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Files::register_protocol(Analyzer::ANALYZER_SMB, [$get_file_handle = SMB::get_file_handle, diff --git a/scripts/base/protocols/smb/main.bro b/scripts/base/protocols/smb/main.bro index 07225548be..5524bde4f0 100644 --- a/scripts/base/protocols/smb/main.bro +++ b/scripts/base/protocols/smb/main.bro @@ -177,7 +177,7 @@ redef record FileInfo += { const ports = { 139/tcp, 445/tcp }; redef likely_server_ports += { ports }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(SMB::FILES_LOG, [$columns=SMB::FileInfo, $path="smb_files"]); Log::create_stream(SMB::MAPPING_LOG, [$columns=SMB::TreeInfo, $path="smb_mapping"]); diff --git a/scripts/base/protocols/smtp/files.bro b/scripts/base/protocols/smtp/files.bro index bf410fa201..cb38c27c97 100644 --- a/scripts/base/protocols/smtp/files.bro +++ b/scripts/base/protocols/smtp/files.bro @@ -38,7 +38,7 @@ function describe_file(f: fa_file): string return ""; } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Files::register_protocol(Analyzer::ANALYZER_SMTP, [$get_file_handle = SMTP::get_file_handle, diff --git a/scripts/base/protocols/smtp/main.bro b/scripts/base/protocols/smtp/main.bro index faa73d2412..b13bbadb8d 100644 --- a/scripts/base/protocols/smtp/main.bro +++ b/scripts/base/protocols/smtp/main.bro @@ -92,7 +92,7 @@ redef record connection += { const ports = { 25/tcp, 587/tcp }; redef likely_server_ports += { ports }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(SMTP::LOG, [$columns=SMTP::Info, $ev=log_smtp, $path="smtp"]); Analyzer::register_for_ports(Analyzer::ANALYZER_SMTP, ports); diff --git a/scripts/base/protocols/snmp/main.bro b/scripts/base/protocols/snmp/main.bro index ec45d59440..606d3e9c76 100644 --- a/scripts/base/protocols/snmp/main.bro +++ b/scripts/base/protocols/snmp/main.bro @@ -63,7 +63,7 @@ redef record connection += { const ports = { 161/udp, 162/udp }; redef likely_server_ports += { ports }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Analyzer::register_for_ports(Analyzer::ANALYZER_SNMP, ports); Log::create_stream(SNMP::LOG, [$columns=SNMP::Info, $ev=log_snmp, $path="snmp"]); diff --git a/scripts/base/protocols/socks/main.bro b/scripts/base/protocols/socks/main.bro index 341b6bbc84..2ca9dfc175 100644 --- a/scripts/base/protocols/socks/main.bro +++ b/scripts/base/protocols/socks/main.bro @@ -47,7 +47,7 @@ export { const ports = { 1080/tcp }; redef likely_server_ports += { ports }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(SOCKS::LOG, [$columns=Info, $ev=log_socks, $path="socks"]); Analyzer::register_for_ports(Analyzer::ANALYZER_SOCKS, ports); diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro index 4452424512..2e70bc1aba 100644 --- a/scripts/base/protocols/ssh/main.bro +++ b/scripts/base/protocols/ssh/main.bro @@ -136,7 +136,7 @@ redef record connection += { const ports = { 22/tcp }; redef likely_server_ports += { ports }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Analyzer::register_for_ports(Analyzer::ANALYZER_SSH, ports); Log::create_stream(SSH::LOG, [$columns=Info, $ev=log_ssh, $path="ssh"]); diff --git a/scripts/base/protocols/ssl/files.bro b/scripts/base/protocols/ssl/files.bro index ae13147d8e..fd3080b47d 100644 --- a/scripts/base/protocols/ssl/files.bro +++ b/scripts/base/protocols/ssl/files.bro @@ -79,7 +79,7 @@ function describe_file(f: fa_file): string f$info$x509$certificate$issuer); } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Files::register_protocol(Analyzer::ANALYZER_SSL, [$get_file_handle = SSL::get_file_handle, diff --git a/scripts/base/protocols/ssl/main.bro b/scripts/base/protocols/ssl/main.bro index 8abb6e1d3f..42d3e2ed62 100644 --- a/scripts/base/protocols/ssl/main.bro +++ b/scripts/base/protocols/ssl/main.bro @@ -137,7 +137,7 @@ const dtls_ports = { 443/udp }; redef likely_server_ports += { ssl_ports, dtls_ports }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(SSL::LOG, [$columns=Info, $ev=log_ssl, $path="ssl"]); Analyzer::register_for_ports(Analyzer::ANALYZER_SSL, ssl_ports); diff --git a/scripts/base/protocols/syslog/main.bro b/scripts/base/protocols/syslog/main.bro index 6e74760225..6b8cc7fb77 100644 --- a/scripts/base/protocols/syslog/main.bro +++ b/scripts/base/protocols/syslog/main.bro @@ -34,7 +34,7 @@ redef record connection += { const ports = { 514/udp }; redef likely_server_ports += { ports }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(Syslog::LOG, [$columns=Info, $path="syslog"]); Analyzer::register_for_ports(Analyzer::ANALYZER_SYSLOG, ports); diff --git a/scripts/base/protocols/xmpp/main.bro b/scripts/base/protocols/xmpp/main.bro index 3d7a4cbc37..587432561f 100644 --- a/scripts/base/protocols/xmpp/main.bro +++ b/scripts/base/protocols/xmpp/main.bro @@ -4,7 +4,7 @@ module XMPP; const ports = { 5222/tcp, 5269/tcp }; redef likely_server_ports += { ports }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Analyzer::register_for_ports(Analyzer::ANALYZER_XMPP, ports); } diff --git a/scripts/base/utils/exec.bro b/scripts/base/utils/exec.bro index 91053a1223..fe44853541 100644 --- a/scripts/base/utils/exec.bro +++ b/scripts/base/utils/exec.bro @@ -186,7 +186,7 @@ function run(cmd: Command): Result } } -event bro_done() +event zeek_done() { # We are punting here and just deleting any unprocessed files. for ( uid in pending_files ) diff --git a/scripts/base/utils/site.bro b/scripts/base/utils/site.bro index aa40e1b92b..541dcb3f9a 100644 --- a/scripts/base/utils/site.bro +++ b/scripts/base/utils/site.bro @@ -148,7 +148,7 @@ function get_emails(a: addr): string return fmt_email_string(find_all_emails(a)); } -event bro_init() &priority=10 +event zeek_init() &priority=10 { # Double backslashes are needed due to string parsing. local_dns_suffix_regex = set_to_regex(local_zones, "(^\\.?|\\.)(~~)$"); diff --git a/scripts/broxygen/__load__.bro b/scripts/broxygen/__load__.bro index 5d4ac5ea03..01f920407e 100644 --- a/scripts/broxygen/__load__.bro +++ b/scripts/broxygen/__load__.bro @@ -11,7 +11,7 @@ @load ./example.bro -event bro_init() +event zeek_init() { terminate(); } diff --git a/scripts/broxygen/example.bro b/scripts/broxygen/example.bro index 65cc5ff1c7..d241051b7d 100644 --- a/scripts/broxygen/example.bro +++ b/scripts/broxygen/example.bro @@ -189,6 +189,6 @@ type PrivateRecord: record { # Event handlers are also an implementation detail of a script, so they # don't show up anywhere in the generated documentation. -event bro_init() +event zeek_init() { } diff --git a/scripts/policy/files/x509/log-ocsp.bro b/scripts/policy/files/x509/log-ocsp.bro index e416535dd4..8cc9d5aef3 100644 --- a/scripts/policy/files/x509/log-ocsp.bro +++ b/scripts/policy/files/x509/log-ocsp.bro @@ -39,7 +39,7 @@ export { global log_ocsp: event(rec: Info); } -event bro_init() +event zeek_init() { Log::create_stream(LOG, [$columns=Info, $ev=log_ocsp, $path="ocsp"]); Files::register_for_mime_type(Files::ANALYZER_OCSP_REPLY, "application/ocsp-response"); diff --git a/scripts/policy/frameworks/control/controllee.bro b/scripts/policy/frameworks/control/controllee.bro index c3f08cda2b..89768ef997 100644 --- a/scripts/policy/frameworks/control/controllee.bro +++ b/scripts/policy/frameworks/control/controllee.bro @@ -12,7 +12,7 @@ module Control; -event bro_init() &priority=-10 +event zeek_init() &priority=-10 { Broker::subscribe(Control::topic_prefix + "/" + Broker::node_id()); Broker::auto_publish(Control::topic_prefix + "/id_value_response", diff --git a/scripts/policy/frameworks/control/controller.bro b/scripts/policy/frameworks/control/controller.bro index b81ce4b2d6..6befe70fe8 100644 --- a/scripts/policy/frameworks/control/controller.bro +++ b/scripts/policy/frameworks/control/controller.bro @@ -12,7 +12,7 @@ module Control; # Do some sanity checking and rework the communication nodes. -event bro_init() &priority=5 +event zeek_init() &priority=5 { # We know that some command was given because this script wouldn't be # loaded if there wasn't so we can feel free to throw an error here and diff --git a/scripts/policy/frameworks/packet-filter/shunt.bro b/scripts/policy/frameworks/packet-filter/shunt.bro index 97ae0c792d..13ff27252c 100644 --- a/scripts/policy/frameworks/packet-filter/shunt.bro +++ b/scripts/policy/frameworks/packet-filter/shunt.bro @@ -76,7 +76,7 @@ function shunt_filters() PacketFilter::exclude("shunt_filters", filter); } -event bro_init() &priority=5 +event zeek_init() &priority=5 { register_filter_plugin([ $func()={ return shunt_filters(); } diff --git a/scripts/policy/frameworks/software/vulnerable.bro b/scripts/policy/frameworks/software/vulnerable.bro index 92a6698af3..b8d8c43a12 100644 --- a/scripts/policy/frameworks/software/vulnerable.bro +++ b/scripts/policy/frameworks/software/vulnerable.bro @@ -117,7 +117,7 @@ function update_vulnerable_sw() event grab_vulnerable_versions(1); } -event bro_init() &priority=3 +event zeek_init() &priority=3 { update_vulnerable_sw(); } diff --git a/scripts/policy/integration/barnyard2/main.bro b/scripts/policy/integration/barnyard2/main.bro index 96c74043f7..7d0bb59d5a 100644 --- a/scripts/policy/integration/barnyard2/main.bro +++ b/scripts/policy/integration/barnyard2/main.bro @@ -24,7 +24,7 @@ export { global pid2cid: function(p: PacketID): conn_id; } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(Barnyard2::LOG, [$columns=Info, $path="barnyard2"]); } diff --git a/scripts/policy/misc/capture-loss.bro b/scripts/policy/misc/capture-loss.bro index 541f6577cc..302919597f 100644 --- a/scripts/policy/misc/capture-loss.bro +++ b/scripts/policy/misc/capture-loss.bro @@ -74,7 +74,7 @@ event CaptureLoss::take_measurement(last_ts: time, last_acks: count, last_gaps: schedule watch_interval { CaptureLoss::take_measurement(now, g$ack_events, g$gap_events) }; } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(LOG, [$columns=Info, $path="capture_loss"]); diff --git a/scripts/policy/misc/detect-traceroute/main.bro b/scripts/policy/misc/detect-traceroute/main.bro index 5cbb34e27e..8271277af6 100644 --- a/scripts/policy/misc/detect-traceroute/main.bro +++ b/scripts/policy/misc/detect-traceroute/main.bro @@ -53,7 +53,7 @@ export { global log_traceroute: event(rec: Traceroute::Info); } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(Traceroute::LOG, [$columns=Info, $ev=log_traceroute, $path="traceroute"]); diff --git a/scripts/policy/misc/load-balancing.bro b/scripts/policy/misc/load-balancing.bro index 40bbe238ca..62f352f12e 100644 --- a/scripts/policy/misc/load-balancing.bro +++ b/scripts/policy/misc/load-balancing.bro @@ -28,7 +28,7 @@ export { @if ( Cluster::is_enabled() ) -event bro_init() &priority=5 +event zeek_init() &priority=5 { if ( method != AUTO_BPF ) return; diff --git a/scripts/policy/misc/loaded-scripts.bro b/scripts/policy/misc/loaded-scripts.bro index bfc0aad114..fd616bba19 100644 --- a/scripts/policy/misc/loaded-scripts.bro +++ b/scripts/policy/misc/loaded-scripts.bro @@ -27,7 +27,7 @@ function get_indent(level: count): string return out; } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(LoadedScripts::LOG, [$columns=Info, $path="loaded_scripts"]); } diff --git a/scripts/policy/misc/profiling.bro b/scripts/policy/misc/profiling.bro index 613e78f860..5a0dfe5fcf 100644 --- a/scripts/policy/misc/profiling.bro +++ b/scripts/policy/misc/profiling.bro @@ -12,7 +12,7 @@ redef profiling_interval = 15 secs; ## :bro:id:`profiling_interval`). redef expensive_profiling_multiple = 20; -event bro_init() +event zeek_init() { set_buf(profiling_file, F); } diff --git a/scripts/policy/misc/scan.bro b/scripts/policy/misc/scan.bro index d70f8f9e79..6468767674 100644 --- a/scripts/policy/misc/scan.bro +++ b/scripts/policy/misc/scan.bro @@ -51,7 +51,7 @@ export { global Scan::port_scan_policy: hook(scanner: addr, victim: addr, scanned_port: port); } -event bro_init() &priority=5 +event zeek_init() &priority=5 { local r1: SumStats::Reducer = [$stream="scan.addr.fail", $apply=set(SumStats::UNIQUE), $unique_max=double_to_count(addr_scan_threshold+2)]; SumStats::create([$name="addr-scan", diff --git a/scripts/policy/misc/stats.bro b/scripts/policy/misc/stats.bro index 0bbf5c8aac..9c4ae4e792 100644 --- a/scripts/policy/misc/stats.bro +++ b/scripts/policy/misc/stats.bro @@ -82,7 +82,7 @@ export { global log_stats: event(rec: Info); } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(Stats::LOG, [$columns=Info, $ev=log_stats, $path="stats"]); } @@ -149,7 +149,7 @@ event check_stats(then: time, last_ns: NetStats, last_cs: ConnStats, last_ps: Pr schedule report_interval { check_stats(nettime, ns, cs, ps, es, rs, ts, fs, ds) }; } -event bro_init() +event zeek_init() { schedule report_interval { check_stats(network_time(), get_net_stats(), get_conn_stats(), get_proc_stats(), get_event_stats(), get_reassembler_stats(), get_timer_stats(), get_file_analysis_stats(), get_dns_stats()) }; } diff --git a/scripts/policy/misc/trim-trace-file.bro b/scripts/policy/misc/trim-trace-file.bro index 8f534ec005..2d78977d8c 100644 --- a/scripts/policy/misc/trim-trace-file.bro +++ b/scripts/policy/misc/trim-trace-file.bro @@ -30,7 +30,7 @@ event TrimTraceFile::go(first_trim: bool) schedule trim_interval { TrimTraceFile::go(F) }; } -event bro_init() +event zeek_init() { if ( trim_interval > 0 secs ) schedule trim_interval { TrimTraceFile::go(T) }; diff --git a/scripts/policy/misc/weird-stats.bro b/scripts/policy/misc/weird-stats.bro index ac0914d531..bc75e2057a 100644 --- a/scripts/policy/misc/weird-stats.bro +++ b/scripts/policy/misc/weird-stats.bro @@ -51,7 +51,7 @@ function weird_epoch_finished(ts: time) this_epoch_weirds = table(); } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(WeirdStats::LOG, [$columns = Info, $ev = log_weird_stats, diff --git a/scripts/policy/protocols/conn/known-hosts.bro b/scripts/policy/protocols/conn/known-hosts.bro index ef78630c6a..493784a859 100644 --- a/scripts/policy/protocols/conn/known-hosts.bro +++ b/scripts/policy/protocols/conn/known-hosts.bro @@ -61,7 +61,7 @@ export { global log_known_hosts: event(rec: HostsInfo); } -event bro_init() +event zeek_init() { if ( ! Known::use_host_store ) return; @@ -145,7 +145,7 @@ event Known::host_found(info: HostsInfo) event known_host_add(info); } -event bro_init() +event zeek_init() { Log::create_stream(Known::HOSTS_LOG, [$columns=HostsInfo, $ev=log_known_hosts, $path="known_hosts"]); } diff --git a/scripts/policy/protocols/conn/known-services.bro b/scripts/policy/protocols/conn/known-services.bro index f9e129839d..63d9f7fa71 100644 --- a/scripts/policy/protocols/conn/known-services.bro +++ b/scripts/policy/protocols/conn/known-services.bro @@ -80,7 +80,7 @@ redef record connection += { }; -event bro_init() +event zeek_init() { if ( ! Known::use_service_store ) return; @@ -216,7 +216,7 @@ event connection_state_remove(c: connection) &priority=-5 known_services_done(c); } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(Known::SERVICES_LOG, [$columns=ServicesInfo, $ev=log_known_services, diff --git a/scripts/policy/protocols/ftp/detect-bruteforcing.bro b/scripts/policy/protocols/ftp/detect-bruteforcing.bro index eb70688d47..4ac7b61efc 100644 --- a/scripts/policy/protocols/ftp/detect-bruteforcing.bro +++ b/scripts/policy/protocols/ftp/detect-bruteforcing.bro @@ -25,7 +25,7 @@ export { } -event bro_init() +event zeek_init() { local r1: SumStats::Reducer = [$stream="ftp.failed_auth", $apply=set(SumStats::UNIQUE), $unique_max=double_to_count(bruteforce_threshold+2)]; SumStats::create([$name="ftp-detect-bruteforcing", diff --git a/scripts/policy/protocols/http/detect-sqli.bro b/scripts/policy/protocols/http/detect-sqli.bro index 01c98ba0d7..3ad9efbfe2 100644 --- a/scripts/policy/protocols/http/detect-sqli.bro +++ b/scripts/policy/protocols/http/detect-sqli.bro @@ -67,7 +67,7 @@ function format_sqli_samples(samples: vector of SumStats::Observation): string return ret; } -event bro_init() &priority=3 +event zeek_init() &priority=3 { # Add filters to the metrics so that the metrics framework knows how to # determine when it looks like an actual attack and how to respond when diff --git a/scripts/policy/protocols/modbus/known-masters-slaves.bro b/scripts/policy/protocols/modbus/known-masters-slaves.bro index a49e1f81e4..4ce56570d8 100644 --- a/scripts/policy/protocols/modbus/known-masters-slaves.bro +++ b/scripts/policy/protocols/modbus/known-masters-slaves.bro @@ -33,7 +33,7 @@ export { global log_known_modbus: event(rec: ModbusInfo); } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(Known::MODBUS_LOG, [$columns=ModbusInfo, $ev=log_known_modbus, $path="known_modbus"]); } diff --git a/scripts/policy/protocols/modbus/track-memmap.bro b/scripts/policy/protocols/modbus/track-memmap.bro index 9a6e49e214..da2be29745 100644 --- a/scripts/policy/protocols/modbus/track-memmap.bro +++ b/scripts/policy/protocols/modbus/track-memmap.bro @@ -52,7 +52,7 @@ redef record Modbus::Info += { track_address: count &default=0; }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(Modbus::REGISTER_CHANGE_LOG, [$columns=MemmapInfo, $path="modbus_register_change"]); } diff --git a/scripts/policy/protocols/smb/log-cmds.bro b/scripts/policy/protocols/smb/log-cmds.bro index 53e309c5ea..88108276dc 100644 --- a/scripts/policy/protocols/smb/log-cmds.bro +++ b/scripts/policy/protocols/smb/log-cmds.bro @@ -25,7 +25,7 @@ const deferred_logging_cmds: set[string] = { "TREE_CONNECT_ANDX", }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(SMB::CMD_LOG, [$columns=SMB::CmdInfo, $path="smb_cmd"]); } diff --git a/scripts/policy/protocols/ssh/detect-bruteforcing.bro b/scripts/policy/protocols/ssh/detect-bruteforcing.bro index 55687e2afd..208f3db04c 100644 --- a/scripts/policy/protocols/ssh/detect-bruteforcing.bro +++ b/scripts/policy/protocols/ssh/detect-bruteforcing.bro @@ -39,7 +39,7 @@ export { const ignore_guessers: table[subnet] of subnet &redef; } -event bro_init() +event zeek_init() { local r1: SumStats::Reducer = [$stream="ssh.login.failure", $apply=set(SumStats::SUM, SumStats::SAMPLE), $num_samples=5]; SumStats::create([$name="detect-ssh-bruteforcing", diff --git a/scripts/policy/protocols/ssl/heartbleed.bro b/scripts/policy/protocols/ssl/heartbleed.bro index ae4395289d..483c1f4ce1 100644 --- a/scripts/policy/protocols/ssl/heartbleed.bro +++ b/scripts/policy/protocols/ssl/heartbleed.bro @@ -45,7 +45,7 @@ type min_length: record { global min_lengths: vector of min_length = vector(); global min_lengths_tls11: vector of min_length = vector(); -event bro_init() +event zeek_init() { # Minimum length a heartbeat packet must have for different cipher suites. # Note - tls 1.1f and 1.0 have different lengths :( diff --git a/scripts/policy/protocols/ssl/known-certs.bro b/scripts/policy/protocols/ssl/known-certs.bro index 63a371b3e1..3841b77d87 100644 --- a/scripts/policy/protocols/ssl/known-certs.bro +++ b/scripts/policy/protocols/ssl/known-certs.bro @@ -72,7 +72,7 @@ export { global log_known_certs: event(rec: CertsInfo); } -event bro_init() +event zeek_init() { if ( ! Known::use_cert_store ) return; @@ -193,7 +193,7 @@ event ssl_established(c: connection) &priority=3 event Known::cert_found(info, hash); } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(Known::CERTS_LOG, [$columns=CertsInfo, $ev=log_known_certs, $path="known_certs"]); } diff --git a/scripts/policy/protocols/ssl/log-hostcerts-only.bro b/scripts/policy/protocols/ssl/log-hostcerts-only.bro index 258820664f..3aefac088a 100644 --- a/scripts/policy/protocols/ssl/log-hostcerts-only.bro +++ b/scripts/policy/protocols/ssl/log-hostcerts-only.bro @@ -31,7 +31,7 @@ function host_certs_only(rec: X509::Info): bool return rec$logcert; } -event bro_init() &priority=2 +event zeek_init() &priority=2 { local f = Log::get_filter(X509::LOG, "default"); Log::remove_filter(X509::LOG, "default"); # disable default logging diff --git a/scripts/policy/protocols/ssl/validate-certs.bro b/scripts/policy/protocols/ssl/validate-certs.bro index bd76daeceb..6a85627b3c 100644 --- a/scripts/policy/protocols/ssl/validate-certs.bro +++ b/scripts/policy/protocols/ssl/validate-certs.bro @@ -62,7 +62,7 @@ export { global intermediate_cache: table[string] of vector of opaque of x509; @if ( Cluster::is_enabled() ) -event bro_init() +event zeek_init() { Broker::auto_publish(Cluster::worker_topic, SSL::intermediate_add); Broker::auto_publish(Cluster::manager_topic, SSL::new_intermediate); diff --git a/scripts/policy/protocols/ssl/validate-sct.bro b/scripts/policy/protocols/ssl/validate-sct.bro index 4d79bfd7ad..b4db3666eb 100644 --- a/scripts/policy/protocols/ssl/validate-sct.bro +++ b/scripts/policy/protocols/ssl/validate-sct.bro @@ -69,7 +69,7 @@ export { global recently_validated_scts: table[string] of bool = table() &read_expire=5mins &redef; -event bro_init() +event zeek_init() { Files::register_for_mime_type(Files::ANALYZER_OCSP_REPLY, "application/ocsp-response"); } diff --git a/scripts/policy/tuning/defaults/warnings.bro b/scripts/policy/tuning/defaults/warnings.bro index cedc3d62ad..6c31e82d4e 100644 --- a/scripts/policy/tuning/defaults/warnings.bro +++ b/scripts/policy/tuning/defaults/warnings.bro @@ -4,7 +4,7 @@ @load base/utils/site -event bro_init() &priority=-10 +event zeek_init() &priority=-10 { if ( |Site::local_nets| == 0 ) print "WARNING: No Site::local_nets have been defined. It's usually a good idea to define your local networks."; diff --git a/src/Net.cc b/src/Net.cc index d6cb6632b2..b61d365a2a 100644 --- a/src/Net.cc +++ b/src/Net.cc @@ -188,7 +188,7 @@ void net_init(name_list& interfaces, name_list& readfiles, else // have_pending_timers = 1, possibly. We don't set // that here, though, because at this point we don't know - // whether the user's bro_init() event will indeed set + // whether the user's zeek_init() event will indeed set // a timer. reading_traces = reading_live = 0; diff --git a/src/Val.cc b/src/Val.cc index b55a9090d3..340cef6bb5 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -2319,7 +2319,7 @@ void TableVal::DoExpire(double t) if ( v->ExpireAccessTime() == 0 ) { // This happens when we insert val while network_time - // hasn't been initialized yet (e.g. in bro_init()), and + // hasn't been initialized yet (e.g. in zeek_init()), and // also when bro_start_network_time hasn't been initialized // (e.g. before first packet). The expire_access_time is // correct, so we just need to wait. diff --git a/src/analyzer/Manager.cc b/src/analyzer/Manager.cc index 1546f846e5..c7e156b41e 100644 --- a/src/analyzer/Manager.cc +++ b/src/analyzer/Manager.cc @@ -113,7 +113,7 @@ void Manager::InitPostScript() void Manager::DumpDebug() { #ifdef DEBUG - DBG_LOG(DBG_ANALYZER, "Available analyzers after bro_init():"); + DBG_LOG(DBG_ANALYZER, "Available analyzers after zeek_init():"); list all_analyzers = GetComponents(); for ( list::const_iterator i = all_analyzers.begin(); i != all_analyzers.end(); ++i ) DBG_LOG(DBG_ANALYZER, " %s (%s)", (*i)->Name().c_str(), diff --git a/src/analyzer/Manager.h b/src/analyzer/Manager.h index 7f58a45cbf..8f6d982394 100644 --- a/src/analyzer/Manager.h +++ b/src/analyzer/Manager.h @@ -78,10 +78,10 @@ public: /** * Dumps out the state of all registered analyzers to the \c analyzer - * debug stream. Should be called only after any \c bro_init events + * debug stream. Should be called only after any \c zeek_init events * have executed to ensure that any of their changes are applied. */ - void DumpDebug(); // Called after bro_init() events. + void DumpDebug(); // Called after zeek_init() events. /** * Enables an analyzer type. Only enabled analyzers will be diff --git a/src/analyzer/protocol/tcp/events.bif b/src/analyzer/protocol/tcp/events.bif index d93ebe4819..3e053458ea 100644 --- a/src/analyzer/protocol/tcp/events.bif +++ b/src/analyzer/protocol/tcp/events.bif @@ -151,7 +151,7 @@ event connection_reset%(c: connection%); ## connection_first_ACK connection_half_finished connection_partial_close ## connection_rejected connection_reset connection_reused connection_state_remove ## connection_status_update connection_timeout scheduled_analyzer_applied -## new_connection new_connection_contents partial_connection bro_done +## new_connection new_connection_contents partial_connection zeek_done event connection_pending%(c: connection%); ## Generated for a SYN packet. Bro raises this event for every SYN packet seen diff --git a/src/bro.bif b/src/bro.bif index 96419ab83d..4440f823c7 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -2994,8 +2994,8 @@ function uuid_to_string%(uuid: string%): string ## ## .. note:: ## -## This function must be called at Bro startup time, e.g., in the event -## :bro:id:`bro_init`. +## This function must be called at Zeek startup time, e.g., in the event +## :bro:id:`zeek_init`. function merge_pattern%(p1: pattern, p2: pattern%): pattern &deprecated %{ RE_Matcher* re = new RE_Matcher(); @@ -3061,8 +3061,8 @@ function convert_for_pattern%(s: string%): string ## ## .. note:: ## -## This function must be called at Bro startup time, e.g., in the event -## :bro:id:`bro_init`. +## This function must be called at Zeek startup time, e.g., in the event +## :bro:id:`zeek_init`. function string_to_pattern%(s: string, convert: bool%): pattern %{ const char* ss = (const char*) (s->Bytes()); @@ -4953,7 +4953,7 @@ function enable_communication%(%): any &deprecated %{ if ( bro_start_network_time != 0.0 ) { - builtin_error("communication must be enabled in bro_init"); + builtin_error("communication must be enabled in zeek_init"); return 0; } diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc index d31198ced7..ec69308790 100644 --- a/src/broker/Manager.cc +++ b/src/broker/Manager.cc @@ -138,7 +138,7 @@ Manager::Manager(bool arg_reading_pcaps) { bound_port = 0; reading_pcaps = arg_reading_pcaps; - after_bro_init = false; + after_zeek_init = false; peer_count = 0; log_topic_func = nullptr; vector_of_data_type = nullptr; @@ -772,7 +772,7 @@ RecordVal* Manager::MakeEvent(val_list* args, Frame* frame) bool Manager::Subscribe(const string& topic_prefix) { DBG_LOG(DBG_BROKER, "Subscribing to topic prefix %s", topic_prefix.c_str()); - bstate->subscriber.add_topic(topic_prefix, ! after_bro_init); + bstate->subscriber.add_topic(topic_prefix, ! after_zeek_init); return true; } @@ -799,7 +799,7 @@ bool Manager::Unsubscribe(const string& topic_prefix) } DBG_LOG(DBG_BROKER, "Unsubscribing from topic prefix %s", topic_prefix.c_str()); - bstate->subscriber.remove_topic(topic_prefix, ! after_bro_init); + bstate->subscriber.remove_topic(topic_prefix, ! after_zeek_init); return true; } diff --git a/src/broker/Manager.h b/src/broker/Manager.h index 87aba80058..a0520698da 100644 --- a/src/broker/Manager.h +++ b/src/broker/Manager.h @@ -66,8 +66,8 @@ public: */ void InitPostScript(); - void BroInitDone() - { after_bro_init = true; } + void ZeekInitDone() + { after_zeek_init = true; } /** * Shuts Broker down at termination. @@ -380,7 +380,7 @@ private: uint16_t bound_port; bool reading_pcaps; - bool after_bro_init; + bool after_zeek_init; int peer_count; Func* log_topic_func; diff --git a/src/event.bif b/src/event.bif index ae00c9b653..4585003090 100644 --- a/src/event.bif +++ b/src/event.bif @@ -30,36 +30,46 @@ # # - .. todo:: -## Generated at Bro initialization time. The event engine generates this +## Generated at Zeek initialization time. The event engine generates this ## event just before normal input processing begins. It can be used to execute -## one-time initialization code at startup. At the time a handler runs, Bro will +## one-time initialization code at startup. At the time a handler runs, Zeek will ## have executed any global initializations and statements. ## -## .. bro:see:: bro_done +## .. bro:see:: zeek_done ## ## .. note:: ## -## When a ``bro_init`` handler executes, Bro has not yet seen any input +## When a ``zeek_init`` handler executes, Zeek has not yet seen any input ## packets and therefore :bro:id:`network_time` is not initialized yet. An -## artifact of that is that any timer installed in a ``bro_init`` handler +## artifact of that is that any timer installed in a ``zeek_init`` handler ## will fire immediately with the first packet. The standard way to work ## around that is to ignore the first time the timer fires and immediately ## reschedule. ## -event bro_init%(%); +event zeek_init%(%); -## Generated at Bro termination time. The event engine generates this event when -## Bro is about to terminate, either due to having exhausted reading its input -## trace file(s), receiving a termination signal, or because Bro was run without +## Deprecated synonym for ``zeek_init``. +## +## .. bro:see: zeek_init +event bro_init%(%) &deprecated; + +## Generated at Zeek termination time. The event engine generates this event when +## Zeek is about to terminate, either due to having exhausted reading its input +## trace file(s), receiving a termination signal, or because Zeek was run without ## a network input source and has finished executing any global statements. ## -## .. bro:see:: bro_init +## .. bro:see:: zeek_init ## ## .. note:: ## -## If Bro terminates due to an invocation of :bro:id:`exit`, then this event +## If Zeek terminates due to an invocation of :bro:id:`exit`, then this event ## is not generated. -event bro_done%(%); +event zeek_done%(%); + +## Deprecated synonym for ``zeek_done``. +## +## .. bro:see: zeek_done +event bro_done%(%) &deprecated; ## Generated for every new connection. This event is raised with the first ## packet of a previously unknown connection. Bro uses a flow-based definition diff --git a/src/main.cc b/src/main.cc index 1116b8c331..e7ff3c0655 100644 --- a/src/main.cc +++ b/src/main.cc @@ -339,9 +339,9 @@ void terminate_bro() brofiler.WriteStats(); - EventHandlerPtr bro_done = internal_handler("bro_done"); - if ( bro_done ) - mgr.QueueEvent(bro_done, new val_list); + EventHandlerPtr zeek_done = internal_handler("zeek_done"); + if ( zeek_done ) + mgr.QueueEvent(zeek_done, new val_list); timer_mgr->Expire(); mgr.Drain(); @@ -1136,9 +1136,9 @@ int main(int argc, char** argv) // we don't have any other source for it. net_update_time(current_time()); - EventHandlerPtr bro_init = internal_handler("bro_init"); - if ( bro_init ) //### this should be a function - mgr.QueueEvent(bro_init, new val_list); + EventHandlerPtr zeek_init = internal_handler("zeek_init"); + if ( zeek_init ) //### this should be a function + mgr.QueueEvent(zeek_init, new val_list); EventRegistry::string_list* dead_handlers = event_registry->UnusedHandlers(); @@ -1204,7 +1204,7 @@ int main(int argc, char** argv) if ( reporter->Errors() > 0 && ! getenv("ZEEK_ALLOW_INIT_ERRORS") ) reporter->FatalError("errors occurred while initializing"); - broker_mgr->BroInitDone(); + broker_mgr->ZeekInitDone(); analyzer_mgr->DumpDebug(); have_pending_timers = ! reading_traces && timer_mgr->Size() > 0; diff --git a/src/parse.y b/src/parse.y index c0980ce8de..22f33003cb 100644 --- a/src/parse.y +++ b/src/parse.y @@ -1171,6 +1171,12 @@ func_hdr: } | TOK_EVENT event_id func_params opt_attr { + // Gracefully handle the deprecation of bro_init and bro_done + if ( strncmp("bro_init", $2->Name(), 8) == 0 ) + $2 = lookup_ID("zeek_init", "GLOBAL"); + if ( strncmp("bro_done", $2->Name(), 8) == 0 ) + $2 = lookup_ID("zeek_done", "GLOBAL"); + begin_func($2, current_module.c_str(), FUNC_FLAVOR_EVENT, 0, $3, $4); $$ = $3; diff --git a/testing/btest/Baseline/language.zeek_init/out b/testing/btest/Baseline/language.zeek_init/out new file mode 100644 index 0000000000..31b2428745 --- /dev/null +++ b/testing/btest/Baseline/language.zeek_init/out @@ -0,0 +1,4 @@ +zeek init at priority 10! +bro init at priority 5! +zeek init at priority 0! +bro init at priority -10! diff --git a/testing/btest/language/zeek_init.bro b/testing/btest/language/zeek_init.bro new file mode 100644 index 0000000000..27f82d626c --- /dev/null +++ b/testing/btest/language/zeek_init.bro @@ -0,0 +1,44 @@ +# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: btest-diff out + + +event zeek_init() &priority=10 + { + print "zeek_init at priority 10!"; + } + +event bro_init() &priority=5 + { + print "bro_init at priority 5!"; + } + +event zeek_init() &priority=0 + { + print "zeek_init at priority 0!"; + } + +event bro_init() &priority=-10 + { + print "bro_init at priority -10!"; + } + + +event zeek_done() &priority=10 + { + print "zeek_done at priority 10!"; + } + +event bro_done() &priority=5 + { + print "bro_done at priority 5!"; + } + +event zeek_done() &priority=0 + { + print "zeek_done at priority 0!"; + } + +event bro_done() &priority=-10 + { + print "bro_done at priority -10!"; + } From 5db766bd883982f2c53c95b48eb07826e9da04c0 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Sun, 14 Apr 2019 08:19:08 -0400 Subject: [PATCH 021/247] Update docs and tests for bro_(init|done) -> zeek_(init|done) --- doc | 1 - .../Baseline/doc.broxygen.all_scripts/.stderr | 11 - .../Baseline/doc.broxygen.all_scripts/.stdout | 1 - .../Baseline/doc.broxygen.command_line/output | 1 - .../doc.broxygen.comment_retrieval_bifs/out | 70 ----- .../doc.broxygen.enums/autogen-reST-enums.rst | 60 ----- .../Baseline/doc.broxygen.example/example.rst | 248 ------------------ .../autogen-reST-func-params.rst | 30 --- .../Baseline/doc.broxygen.identifier/test.rst | 230 ---------------- .../Baseline/doc.broxygen.package/test.rst | 37 --- .../doc.broxygen.package_index/test.rst | 7 - .../autogen-reST-records.rst | 28 -- .../doc.broxygen.script_index/test.rst | 5 - .../doc.broxygen.script_summary/test.rst | 23 -- .../autogen-reST-type-aliases.rst | 44 ---- .../autogen-reST-vectors.rst | 33 --- .../doc.manual.connection_record_01/.stdout | 5 - .../doc.manual.connection_record_02/.stdout | 9 - .../doc.manual.data_struct_record_01/.stdout | 6 - .../doc.manual.data_struct_record_02/.stdout | 7 - .../.stdout | 8 - .../.stdout | 4 - .../.stdout | 4 - .../doc.manual.data_struct_vector/.stdout | 2 - .../.stdout | 4 - .../.stdout | 3 - .../doc.manual.data_type_const/.stdout | 4 - .../doc.manual.data_type_const_simple/.stdout | 0 .../doc.manual.data_type_declaration/.stdout | 1 - .../doc.manual.data_type_interval/.stdout | 15 -- .../doc.manual.data_type_local/.stdout | 1 - .../doc.manual.data_type_pattern_01/.stdout | 3 - .../doc.manual.data_type_pattern_02/.stdout | 2 - .../doc.manual.data_type_subnets/.stdout | 4 - .../doc.manual.data_type_time/.stdout | 8 - .../.stdout | 10 - .../factor.log | 19 -- .../factor-mod5.log | 15 -- .../factor-non5.log | 13 - .../factor-mod5.log | 15 -- .../factor-non5.log | 13 - .../.stdout | 0 .../.stdout | 0 .../.stdout | 0 .../.stdout | 0 .../doc.manual.using_bro_sandbox_01/.stdout | 0 .../doc.manual.using_bro_sandbox_01/conn.log | 43 --- .../doc.manual.using_bro_sandbox_01/http.log | 23 -- .../doc.manual.using_bro_sandbox_02/conn.log | 15 -- .../doc.manual.using_bro_sandbox_02/http.log | 26 -- testing/btest/Baseline/language.zeek_init/out | 12 +- testing/btest/Baseline/plugins.hooks/output | 14 +- .../all-events-no-args.log | 4 +- .../all-events.log | 4 +- testing/btest/bifs/all_set.bro | 2 +- testing/btest/bifs/analyzer_name.bro | 2 +- testing/btest/bifs/any_set.bro | 2 +- testing/btest/bifs/bloomfilter-seed.bro | 2 +- testing/btest/bifs/bloomfilter.bro | 2 +- testing/btest/bifs/bro_version.bro | 2 +- testing/btest/bifs/bytestring_to_count.bro | 2 +- testing/btest/bifs/bytestring_to_double.bro | 2 +- testing/btest/bifs/bytestring_to_hexstr.bro | 2 +- testing/btest/bifs/capture_state_updates.bro | 2 +- testing/btest/bifs/cat.bro | 2 +- testing/btest/bifs/cat_string_array.bro | 2 +- testing/btest/bifs/check_subnet.bro | 2 +- testing/btest/bifs/checkpoint_state.bro | 2 +- testing/btest/bifs/clear_table.bro | 2 +- testing/btest/bifs/convert_for_pattern.bro | 2 +- testing/btest/bifs/count_to_addr.bro | 2 +- testing/btest/bifs/create_file.bro | 2 +- testing/btest/bifs/current_analyzer.bro | 2 +- testing/btest/bifs/current_time.bro | 2 +- testing/btest/bifs/directory_operations.bro | 2 +- testing/btest/bifs/edit.bro | 2 +- testing/btest/bifs/enable_raw_output.test | 2 +- testing/btest/bifs/entropy_test.bro | 2 +- testing/btest/bifs/enum_to_int.bro | 2 +- testing/btest/bifs/escape_string.bro | 2 +- testing/btest/bifs/exit.bro | 2 +- testing/btest/bifs/file_mode.bro | 2 +- testing/btest/bifs/filter_subnet_table.bro | 2 +- testing/btest/bifs/find_all.bro | 2 +- testing/btest/bifs/find_entropy.bro | 2 +- testing/btest/bifs/find_last.bro | 2 +- testing/btest/bifs/fmt.bro | 2 +- testing/btest/bifs/fmt_ftp_port.bro | 2 +- testing/btest/bifs/get_matcher_stats.bro | 2 +- .../btest/bifs/get_port_transport_proto.bro | 2 +- testing/btest/bifs/gethostname.bro | 2 +- testing/btest/bifs/getpid.bro | 2 +- testing/btest/bifs/getsetenv.bro | 2 +- testing/btest/bifs/global_ids.bro | 2 +- testing/btest/bifs/global_sizes.bro | 2 +- testing/btest/bifs/haversine_distance.bro | 2 +- testing/btest/bifs/hexdump.bro | 2 +- testing/btest/bifs/hexstr_to_bytestring.bro | 2 +- testing/btest/bifs/hll_cardinality.bro | 2 +- testing/btest/bifs/hll_large_estimate.bro | 2 +- testing/btest/bifs/identify_data.bro | 2 +- .../btest/bifs/install_src_addr_filter.test | 2 +- testing/btest/bifs/is_ascii.bro | 2 +- testing/btest/bifs/is_local_interface.bro | 2 +- testing/btest/bifs/is_port.bro | 2 +- testing/btest/bifs/join_string.bro | 2 +- testing/btest/bifs/levenshtein_distance.bro | 2 +- testing/btest/bifs/lookup_ID.bro | 2 +- testing/btest/bifs/lowerupper.bro | 2 +- testing/btest/bifs/matching_subnets.bro | 2 +- testing/btest/bifs/math.bro | 2 +- testing/btest/bifs/merge_pattern.bro | 2 +- testing/btest/bifs/net_stats_trace.test | 2 +- testing/btest/bifs/netbios-functions.bro | 2 +- testing/btest/bifs/order.bro | 2 +- testing/btest/bifs/parse_ftp.bro | 2 +- testing/btest/bifs/rand.bro | 2 +- testing/btest/bifs/raw_bytes_to_v4_addr.bro | 2 +- testing/btest/bifs/reading_traces.bro | 2 +- testing/btest/bifs/record_type_to_vector.bro | 2 +- testing/btest/bifs/records_fields.bro | 2 +- testing/btest/bifs/resize.bro | 2 +- testing/btest/bifs/reverse.bro | 2 +- testing/btest/bifs/rotate_file.bro | 2 +- testing/btest/bifs/rotate_file_by_name.bro | 2 +- testing/btest/bifs/same_object.bro | 2 +- testing/btest/bifs/sort.bro | 2 +- testing/btest/bifs/sort_string_array.bro | 2 +- testing/btest/bifs/split.bro | 2 +- testing/btest/bifs/split_string.bro | 2 +- testing/btest/bifs/str_shell_escape.bro | 2 +- testing/btest/bifs/strcmp.bro | 2 +- testing/btest/bifs/strftime.bro | 2 +- testing/btest/bifs/string_fill.bro | 2 +- testing/btest/bifs/string_to_pattern.bro | 2 +- testing/btest/bifs/strip.bro | 2 +- testing/btest/bifs/strptime.bro | 2 +- testing/btest/bifs/strstr.bro | 2 +- testing/btest/bifs/sub.bro | 2 +- testing/btest/bifs/subst_string.bro | 2 +- testing/btest/bifs/system.bro | 2 +- testing/btest/bifs/system_env.bro | 2 +- testing/btest/bifs/to_count.bro | 2 +- testing/btest/bifs/to_double.bro | 2 +- testing/btest/bifs/to_int.bro | 2 +- testing/btest/bifs/to_interval.bro | 2 +- testing/btest/bifs/to_port.bro | 2 +- testing/btest/bifs/to_time.bro | 2 +- testing/btest/bifs/topk.bro | 2 +- testing/btest/bifs/type_name.bro | 2 +- testing/btest/bifs/uuid_to_string.bro | 2 +- testing/btest/bifs/val_size.bro | 2 +- testing/btest/broker/connect-on-retry.bro | 4 +- testing/btest/broker/disconnect.bro | 4 +- testing/btest/broker/error.bro | 2 +- testing/btest/broker/remote_event.bro | 4 +- testing/btest/broker/remote_event_any.bro | 4 +- testing/btest/broker/remote_event_auto.bro | 4 +- .../btest/broker/remote_event_ssl_auth.bro | 4 +- .../btest/broker/remote_event_vector_any.bro | 4 +- testing/btest/broker/remote_id.bro | 4 +- testing/btest/broker/remote_log.bro | 6 +- testing/btest/broker/remote_log_late_join.bro | 6 +- testing/btest/broker/remote_log_types.bro | 6 +- testing/btest/broker/ssl_auth_failure.bro | 4 +- testing/btest/broker/store/clone.bro | 4 +- testing/btest/broker/store/local.bro | 2 +- testing/btest/broker/store/ops.bro | 2 +- testing/btest/broker/store/record.bro | 2 +- testing/btest/broker/store/set.bro | 2 +- testing/btest/broker/store/sqlite.bro | 2 +- testing/btest/broker/store/table.bro | 2 +- .../btest/broker/store/type-conversion.bro | 2 +- testing/btest/broker/store/vector.bro | 2 +- testing/btest/broker/unpeer.bro | 4 +- testing/btest/core/discarder.bro | 8 +- testing/btest/core/div-by-zero.bro | 2 +- testing/btest/core/embedded-null.bro | 2 +- testing/btest/core/event-arg-reuse.bro | 2 +- testing/btest/core/fake_dns.bro | 2 +- .../core/file-caching-serialization.test | 2 +- testing/btest/core/global_opaque_val.bro | 2 +- testing/btest/core/leaks/basic-cluster.bro | 4 +- .../btest/core/leaks/broker/clone_store.bro | 4 +- .../btest/core/leaks/broker/master_store.bro | 2 +- .../btest/core/leaks/broker/remote_event.test | 4 +- .../btest/core/leaks/broker/remote_log.test | 6 +- testing/btest/core/leaks/exec.test | 2 +- testing/btest/core/leaks/hll_cluster.bro | 4 +- testing/btest/core/leaks/input-basic.bro | 2 +- testing/btest/core/leaks/input-errors.bro | 2 +- .../btest/core/leaks/input-missing-enum.bro | 2 +- .../btest/core/leaks/input-optional-event.bro | 2 +- .../btest/core/leaks/input-optional-table.bro | 2 +- testing/btest/core/leaks/input-raw.bro | 2 +- testing/btest/core/leaks/input-reread.bro | 2 +- testing/btest/core/leaks/input-sqlite.bro | 2 +- .../btest/core/leaks/input-with-remove.bro | 2 +- testing/btest/core/leaks/returnwhen.bro | 2 +- testing/btest/core/old_comm_usage.bro | 2 +- testing/btest/core/option-priorities.bro | 2 +- testing/btest/core/option-redef.bro | 2 +- testing/btest/core/pcap/dynamic-filter.bro | 2 +- testing/btest/core/pcap/filter-error.bro | 2 +- testing/btest/core/pcap/input-error.bro | 2 +- testing/btest/core/pcap/pseudo-realtime.bro | 2 +- testing/btest/core/reassembly.bro | 2 +- testing/btest/core/recursive-event.bro | 2 +- .../btest/core/reporter-error-in-handler.bro | 2 +- testing/btest/core/reporter-fmt-strings.bro | 2 +- testing/btest/core/reporter-parse-error.bro | 2 +- testing/btest/core/reporter-runtime-error.bro | 2 +- testing/btest/core/reporter-type-mismatch.bro | 2 +- testing/btest/core/reporter.bro | 4 +- testing/btest/core/vector-assignment.bro | 2 +- .../core/when-interpreter-exceptions.bro | 2 +- testing/btest/doc/broxygen/all_scripts.test | 14 - testing/btest/doc/broxygen/command_line.bro | 7 - .../doc/broxygen/comment_retrieval_bifs.bro | 111 -------- testing/btest/doc/broxygen/enums.bro | 43 --- testing/btest/doc/broxygen/example.bro | 8 - testing/btest/doc/broxygen/func-params.bro | 24 -- testing/btest/doc/broxygen/identifier.bro | 9 - testing/btest/doc/broxygen/package.bro | 9 - testing/btest/doc/broxygen/package_index.bro | 9 - testing/btest/doc/broxygen/records.bro | 26 -- testing/btest/doc/broxygen/script_index.bro | 9 - testing/btest/doc/broxygen/script_summary.bro | 9 - testing/btest/doc/broxygen/type-aliases.bro | 34 --- testing/btest/doc/broxygen/vectors.bro | 20 -- testing/btest/doc/record-add.bro | 36 --- testing/btest/doc/record-attr-check.bro | 9 - testing/btest/language/addr.bro | 2 +- testing/btest/language/any.bro | 2 +- testing/btest/language/at-if-event.bro | 8 +- testing/btest/language/at-if-invalid.bro | 2 +- testing/btest/language/at-if.bro | 2 +- testing/btest/language/at-ifdef.bro | 2 +- testing/btest/language/at-ifndef.bro | 2 +- testing/btest/language/at-load.bro | 2 +- .../btest/language/attr-default-coercion.bro | 2 +- testing/btest/language/bool.bro | 2 +- .../btest/language/conditional-expression.bro | 2 +- testing/btest/language/const.bro | 4 +- testing/btest/language/copy.bro | 2 +- testing/btest/language/count.bro | 2 +- testing/btest/language/deprecated.bro | 2 +- testing/btest/language/double.bro | 2 +- testing/btest/language/enum.bro | 2 +- testing/btest/language/event-local-var.bro | 2 +- testing/btest/language/event.bro | 2 +- testing/btest/language/expire-expr-error.bro | 2 +- testing/btest/language/expire-func-undef.bro | 2 +- testing/btest/language/expire-redef.bro | 2 +- testing/btest/language/expire_func.test | 2 +- testing/btest/language/expire_func_mod.bro | 2 +- testing/btest/language/expire_subnet.test | 2 +- testing/btest/language/file.bro | 2 +- testing/btest/language/for.bro | 2 +- testing/btest/language/func-assignment.bro | 2 +- testing/btest/language/function.bro | 2 +- testing/btest/language/hook.bro | 2 +- testing/btest/language/hook_calls.bro | 4 +- testing/btest/language/if.bro | 2 +- .../language/index-assignment-invalid.bro | 2 +- .../btest/language/init-in-anon-function.bro | 2 +- testing/btest/language/int.bro | 2 +- testing/btest/language/interval.bro | 2 +- testing/btest/language/module.bro | 2 +- testing/btest/language/named-table-ctors.bro | 2 +- testing/btest/language/next-test.bro | 2 +- testing/btest/language/no-module.bro | 2 +- testing/btest/language/null-statement.bro | 2 +- .../btest/language/outer_param_binding.bro | 2 +- testing/btest/language/pattern.bro | 2 +- testing/btest/language/port.bro | 2 +- testing/btest/language/precedence.bro | 2 +- testing/btest/language/raw_output_attr.test | 2 +- .../btest/language/record-ceorce-orphan.bro | 2 +- .../btest/language/record-coerce-clash.bro | 2 +- .../language/record-function-recursion.bro | 2 +- .../language/record-recursive-coercion.bro | 2 +- .../btest/language/record-type-checking.bro | 10 +- .../language/redef-same-prefixtable-idx.bro | 2 +- testing/btest/language/returnwhen.bro | 2 +- .../btest/language/set-opt-record-index.bro | 2 +- testing/btest/language/set-type-checking.bro | 12 +- testing/btest/language/set.bro | 2 +- testing/btest/language/short-circuit.bro | 2 +- testing/btest/language/string.bro | 2 +- testing/btest/language/strings.bro | 2 +- testing/btest/language/subnet.bro | 2 +- testing/btest/language/switch-incomplete.bro | 2 +- testing/btest/language/switch-statement.bro | 2 +- testing/btest/language/switch-types-vars.bro | 2 +- testing/btest/language/switch-types.bro | 2 +- testing/btest/language/table-init-attrs.bro | 2 +- testing/btest/language/table-init.bro | 2 +- .../btest/language/table-type-checking.bro | 10 +- testing/btest/language/table.bro | 2 +- testing/btest/language/time.bro | 2 +- testing/btest/language/timeout.bro | 2 +- testing/btest/language/type-cast-any.bro | 2 +- .../language/type-cast-error-dynamic.bro | 2 +- .../btest/language/type-cast-error-static.bro | 2 +- testing/btest/language/type-cast-same.bro | 2 +- testing/btest/language/type-check-any.bro | 2 +- testing/btest/language/type-check-vector.bro | 2 +- testing/btest/language/type-type-error.bro | 2 +- .../btest/language/undefined-delete-field.bro | 2 +- .../btest/language/uninitialized-local.bro | 2 +- .../btest/language/uninitialized-local2.bro | 2 +- testing/btest/language/vector-any-append.bro | 2 +- .../btest/language/vector-type-checking.bro | 10 +- testing/btest/language/vector.bro | 2 +- .../btest/language/when-unitialized-rhs.bro | 2 +- testing/btest/language/when.bro | 2 +- testing/btest/language/while.bro | 2 +- .../btest/plugins/bifs-and-scripts-install.sh | 4 +- testing/btest/plugins/bifs-and-scripts.sh | 4 +- testing/btest/plugins/logging-hooks.bro | 2 +- .../scripts/Demo/Foo/base/main.bro | 2 +- testing/btest/plugins/reader.bro | 2 +- testing/btest/plugins/reporter-hook.bro | 2 +- .../scripts/base/files/extract/limit.bro | 2 +- .../signed_certificate_timestamp_ocsp.test | 2 +- .../frameworks/analyzer/disable-analyzer.bro | 2 +- .../frameworks/analyzer/enable-analyzer.bro | 2 +- .../frameworks/analyzer/register-for-port.bro | 2 +- .../cluster/custom_pool_exclusivity.bro | 2 +- .../frameworks/cluster/custom_pool_limits.bro | 2 +- .../base/frameworks/cluster/forwarding.bro | 2 +- .../frameworks/cluster/log_distribution.bro | 2 +- .../frameworks/cluster/start-it-up-logger.bro | 2 +- .../base/frameworks/cluster/start-it-up.bro | 2 +- .../base/frameworks/config/basic_cluster.bro | 4 +- .../base/frameworks/config/cluster_resend.bro | 4 +- .../base/frameworks/config/read_config.bro | 2 +- .../frameworks/config/read_config_cluster.bro | 4 +- .../scripts/base/frameworks/config/weird.bro | 4 +- .../control/configuration_update.bro | 8 +- .../bifs/file_exists_lookup_file.bro | 2 +- .../file-analysis/bifs/register_mime_type.bro | 2 +- .../frameworks/file-analysis/input/basic.bro | 2 +- .../scripts/base/frameworks/input/basic.bro | 2 +- .../base/frameworks/input/bignumber.bro | 2 +- .../scripts/base/frameworks/input/binary.bro | 2 +- .../base/frameworks/input/config/basic.bro | 2 +- .../base/frameworks/input/config/errors.bro | 2 +- .../scripts/base/frameworks/input/default.bro | 2 +- .../frameworks/input/empty-values-hashing.bro | 2 +- .../base/frameworks/input/emptyvals.bro | 2 +- .../scripts/base/frameworks/input/errors.bro | 2 +- .../scripts/base/frameworks/input/event.bro | 2 +- .../base/frameworks/input/invalid-lines.bro | 2 +- .../base/frameworks/input/invalidnumbers.bro | 2 +- .../base/frameworks/input/invalidset.bro | 2 +- .../base/frameworks/input/invalidtext.bro | 2 +- .../base/frameworks/input/missing-enum.bro | 2 +- .../input/missing-file-initially.bro | 2 +- .../base/frameworks/input/missing-file.bro | 2 +- .../frameworks/input/onecolumn-norecord.bro | 2 +- .../frameworks/input/onecolumn-record.bro | 2 +- .../base/frameworks/input/optional.bro | 2 +- .../base/frameworks/input/port-embedded.bro | 2 +- .../scripts/base/frameworks/input/port.bro | 2 +- .../frameworks/input/predicate-stream.bro | 2 +- .../base/frameworks/input/predicate.bro | 2 +- .../base/frameworks/input/predicatemodify.bro | 2 +- .../input/predicatemodifyandreread.bro | 2 +- .../input/predicaterefusesecondsamerecord.bro | 2 +- .../base/frameworks/input/raw/basic.bro | 2 +- .../base/frameworks/input/raw/execute.bro | 2 +- .../frameworks/input/raw/executestdin.bro | 2 +- .../frameworks/input/raw/executestream.bro | 2 +- .../base/frameworks/input/raw/long.bro | 2 +- .../base/frameworks/input/raw/offset.bro | 2 +- .../base/frameworks/input/raw/rereadraw.bro | 2 +- .../base/frameworks/input/raw/stderr.bro | 2 +- .../base/frameworks/input/raw/streamraw.bro | 2 +- .../scripts/base/frameworks/input/repeat.bro | 2 +- .../scripts/base/frameworks/input/reread.bro | 2 +- .../scripts/base/frameworks/input/set.bro | 2 +- .../base/frameworks/input/setseparator.bro | 2 +- .../base/frameworks/input/setspecialcases.bro | 2 +- .../base/frameworks/input/sqlite/basic.bro | 2 +- .../base/frameworks/input/sqlite/error.bro | 2 +- .../base/frameworks/input/sqlite/port.bro | 2 +- .../base/frameworks/input/sqlite/types.bro | 2 +- .../scripts/base/frameworks/input/stream.bro | 2 +- .../base/frameworks/input/subrecord-event.bro | 2 +- .../base/frameworks/input/subrecord.bro | 2 +- .../base/frameworks/input/tableevent.bro | 2 +- .../base/frameworks/input/twotables.bro | 2 +- .../frameworks/input/unsupported_types.bro | 2 +- .../scripts/base/frameworks/input/windows.bro | 12 +- .../base/frameworks/intel/expire-item.bro | 2 +- .../base/frameworks/intel/input-and-match.bro | 2 +- .../base/frameworks/intel/match-subnet.bro | 2 +- .../intel/read-file-dist-cluster.bro | 2 +- .../frameworks/intel/remove-non-existing.bro | 2 +- .../base/frameworks/logging/adapt-filter.bro | 2 +- .../base/frameworks/logging/ascii-binary.bro | 2 +- .../base/frameworks/logging/ascii-double.bro | 2 +- .../base/frameworks/logging/ascii-empty.bro | 2 +- .../logging/ascii-escape-binary.bro | 2 +- .../logging/ascii-escape-empty-str.bro | 2 +- .../logging/ascii-escape-notset-str.bro | 2 +- .../logging/ascii-escape-set-separator.bro | 2 +- .../base/frameworks/logging/ascii-escape.bro | 2 +- .../frameworks/logging/ascii-gz-rotate.bro | 2 +- .../base/frameworks/logging/ascii-gz.bro | 2 +- .../logging/ascii-json-iso-timestamps.bro | 2 +- .../logging/ascii-json-optional.bro | 2 +- .../base/frameworks/logging/ascii-json.bro | 2 +- .../logging/ascii-line-like-comment.bro | 2 +- .../base/frameworks/logging/ascii-options.bro | 2 +- .../frameworks/logging/ascii-timestamps.bro | 2 +- .../base/frameworks/logging/ascii-tsv.bro | 2 +- .../base/frameworks/logging/attr-extend.bro | 2 +- .../scripts/base/frameworks/logging/attr.bro | 2 +- .../frameworks/logging/disable-stream.bro | 2 +- .../base/frameworks/logging/empty-event.bro | 2 +- .../base/frameworks/logging/enable-stream.bro | 2 +- .../base/frameworks/logging/events.bro | 2 +- .../base/frameworks/logging/exclude.bro | 2 +- .../logging/field-extension-cluster-error.bro | 2 +- .../logging/field-extension-cluster.bro | 2 +- .../scripts/base/frameworks/logging/file.bro | 2 +- .../base/frameworks/logging/include.bro | 2 +- .../base/frameworks/logging/no-local.bro | 2 +- .../base/frameworks/logging/none-debug.bro | 2 +- .../logging/path-func-column-demote.bro | 2 +- .../base/frameworks/logging/path-func.bro | 2 +- .../scripts/base/frameworks/logging/pred.bro | 2 +- .../base/frameworks/logging/remove.bro | 2 +- .../base/frameworks/logging/rotate-custom.bro | 2 +- .../base/frameworks/logging/rotate.bro | 2 +- .../base/frameworks/logging/sqlite/error.bro | 2 +- .../base/frameworks/logging/sqlite/set.bro | 2 +- .../logging/sqlite/simultaneous-writes.bro | 2 +- .../base/frameworks/logging/sqlite/types.bro | 2 +- .../base/frameworks/logging/stdout.bro | 2 +- .../base/frameworks/logging/test-logging.bro | 2 +- .../scripts/base/frameworks/logging/types.bro | 2 +- .../base/frameworks/logging/unset-record.bro | 2 +- .../scripts/base/frameworks/logging/vec.bro | 2 +- .../logging/writer-path-conflict.bro | 2 +- .../base/frameworks/netcontrol/acld-hook.bro | 4 +- .../base/frameworks/netcontrol/acld.bro | 4 +- .../frameworks/netcontrol/basic-cluster.bro | 2 +- .../base/frameworks/netcontrol/broker.bro | 4 +- .../frameworks/notice/suppression-disable.bro | 2 +- .../base/frameworks/notice/suppression.bro | 2 +- .../base/frameworks/openflow/broker-basic.bro | 4 +- .../base/frameworks/openflow/log-basic.bro | 2 +- .../base/frameworks/openflow/log-cluster.bro | 4 +- .../base/frameworks/openflow/ryu-basic.bro | 2 +- .../frameworks/reporter/disable-stderr.bro | 2 +- .../base/frameworks/reporter/stderr.bro | 2 +- .../frameworks/software/version-parsing.bro | 2 +- .../frameworks/sumstats/basic-cluster.bro | 4 +- .../base/frameworks/sumstats/basic.bro | 2 +- .../sumstats/cluster-intermediate-update.bro | 2 +- .../base/frameworks/sumstats/last-cluster.bro | 2 +- .../frameworks/sumstats/on-demand-cluster.bro | 4 +- .../base/frameworks/sumstats/on-demand.bro | 2 +- .../frameworks/sumstats/sample-cluster.bro | 4 +- .../base/frameworks/sumstats/sample.bro | 2 +- .../base/frameworks/sumstats/thresholding.bro | 2 +- .../base/frameworks/sumstats/topk-cluster.bro | 4 +- .../scripts/base/frameworks/sumstats/topk.bro | 2 +- .../protocols/http/content-range-gap-skip.bro | 2 +- .../base/protocols/http/http-pipelining.bro | 2 +- .../scripts/base/protocols/irc/basic.test | 2 +- .../scripts/base/protocols/krb/smb2_krb.test | 2 +- .../base/protocols/krb/smb2_krb_nokeytab.test | 2 +- .../scripts/base/protocols/mount/basic.test | 2 +- .../scripts/base/protocols/ncp/event.bro | 2 +- .../base/protocols/ncp/frame_size_tuning.bro | 2 +- .../scripts/base/protocols/nfs/basic.test | 2 +- .../scripts/base/protocols/pop3/starttls.bro | 2 +- .../base/protocols/smb/disabled-dce-rpc.test | 2 +- .../btest/scripts/base/protocols/ssl/dpd.test | 2 +- .../base/protocols/ssl/ocsp-http-get.test | 2 +- .../base/protocols/ssl/ocsp-request-only.test | 2 +- .../protocols/ssl/ocsp-request-response.test | 2 +- .../protocols/ssl/ocsp-response-only.test | 2 +- .../base/protocols/ssl/ocsp-revoked.test | 2 +- .../btest/scripts/base/utils/active-http.test | 2 +- testing/btest/scripts/base/utils/addrs.test | 2 +- .../scripts/base/utils/decompose_uri.bro | 2 +- testing/btest/scripts/base/utils/dir.test | 2 +- .../base/utils/directions-and-hosts.test | 2 +- testing/btest/scripts/base/utils/exec.test | 2 +- testing/btest/scripts/base/utils/files.test | 4 +- testing/btest/scripts/base/utils/json.test | 2 +- testing/btest/scripts/base/utils/queue.test | 4 +- testing/btest/scripts/base/utils/site.test | 2 +- .../policy/frameworks/intel/seen/certs.bro | 2 +- .../policy/frameworks/intel/seen/smtp.bro | 2 +- .../policy/frameworks/intel/whitelisting.bro | 2 +- .../frameworks/software/version-changes.bro | 2 +- .../policy/frameworks/software/vulnerable.bro | 2 +- .../btest/scripts/policy/misc/weird-stats.bro | 2 +- .../http/test-sql-injection-regex.bro | 4 +- testing/btest/signatures/dpd.bro | 2 +- testing/scripts/file-analysis-test.bro | 2 +- 508 files changed, 532 insertions(+), 2016 deletions(-) delete mode 160000 doc delete mode 100644 testing/btest/Baseline/doc.broxygen.all_scripts/.stderr delete mode 100644 testing/btest/Baseline/doc.broxygen.all_scripts/.stdout delete mode 100644 testing/btest/Baseline/doc.broxygen.command_line/output delete mode 100644 testing/btest/Baseline/doc.broxygen.comment_retrieval_bifs/out delete mode 100644 testing/btest/Baseline/doc.broxygen.enums/autogen-reST-enums.rst delete mode 100644 testing/btest/Baseline/doc.broxygen.example/example.rst delete mode 100644 testing/btest/Baseline/doc.broxygen.func-params/autogen-reST-func-params.rst delete mode 100644 testing/btest/Baseline/doc.broxygen.identifier/test.rst delete mode 100644 testing/btest/Baseline/doc.broxygen.package/test.rst delete mode 100644 testing/btest/Baseline/doc.broxygen.package_index/test.rst delete mode 100644 testing/btest/Baseline/doc.broxygen.records/autogen-reST-records.rst delete mode 100644 testing/btest/Baseline/doc.broxygen.script_index/test.rst delete mode 100644 testing/btest/Baseline/doc.broxygen.script_summary/test.rst delete mode 100644 testing/btest/Baseline/doc.broxygen.type-aliases/autogen-reST-type-aliases.rst delete mode 100644 testing/btest/Baseline/doc.broxygen.vectors/autogen-reST-vectors.rst delete mode 100644 testing/btest/Baseline/doc.manual.connection_record_01/.stdout delete mode 100644 testing/btest/Baseline/doc.manual.connection_record_02/.stdout delete mode 100644 testing/btest/Baseline/doc.manual.data_struct_record_01/.stdout delete mode 100644 testing/btest/Baseline/doc.manual.data_struct_record_02/.stdout delete mode 100644 testing/btest/Baseline/doc.manual.data_struct_set_declaration/.stdout delete mode 100644 testing/btest/Baseline/doc.manual.data_struct_table_complex/.stdout delete mode 100644 testing/btest/Baseline/doc.manual.data_struct_table_declaration/.stdout delete mode 100644 testing/btest/Baseline/doc.manual.data_struct_vector/.stdout delete mode 100644 testing/btest/Baseline/doc.manual.data_struct_vector_declaration/.stdout delete mode 100644 testing/btest/Baseline/doc.manual.data_struct_vector_iter/.stdout delete mode 100644 testing/btest/Baseline/doc.manual.data_type_const/.stdout delete mode 100644 testing/btest/Baseline/doc.manual.data_type_const_simple/.stdout delete mode 100644 testing/btest/Baseline/doc.manual.data_type_declaration/.stdout delete mode 100644 testing/btest/Baseline/doc.manual.data_type_interval/.stdout delete mode 100644 testing/btest/Baseline/doc.manual.data_type_local/.stdout delete mode 100644 testing/btest/Baseline/doc.manual.data_type_pattern_01/.stdout delete mode 100644 testing/btest/Baseline/doc.manual.data_type_pattern_02/.stdout delete mode 100644 testing/btest/Baseline/doc.manual.data_type_subnets/.stdout delete mode 100644 testing/btest/Baseline/doc.manual.data_type_time/.stdout delete mode 100644 testing/btest/Baseline/doc.manual.framework_logging_factorial_01/.stdout delete mode 100644 testing/btest/Baseline/doc.manual.framework_logging_factorial_02/factor.log delete mode 100644 testing/btest/Baseline/doc.manual.framework_logging_factorial_03/factor-mod5.log delete mode 100644 testing/btest/Baseline/doc.manual.framework_logging_factorial_03/factor-non5.log delete mode 100644 testing/btest/Baseline/doc.manual.framework_logging_factorial_04/factor-mod5.log delete mode 100644 testing/btest/Baseline/doc.manual.framework_logging_factorial_04/factor-non5.log delete mode 100644 testing/btest/Baseline/doc.manual.framework_notice_hook_01/.stdout delete mode 100644 testing/btest/Baseline/doc.manual.framework_notice_hook_suppression_01/.stdout delete mode 100644 testing/btest/Baseline/doc.manual.framework_notice_shortcuts_01/.stdout delete mode 100644 testing/btest/Baseline/doc.manual.framework_notice_shortcuts_02/.stdout delete mode 100644 testing/btest/Baseline/doc.manual.using_bro_sandbox_01/.stdout delete mode 100644 testing/btest/Baseline/doc.manual.using_bro_sandbox_01/conn.log delete mode 100644 testing/btest/Baseline/doc.manual.using_bro_sandbox_01/http.log delete mode 100644 testing/btest/Baseline/doc.manual.using_bro_sandbox_02/conn.log delete mode 100644 testing/btest/Baseline/doc.manual.using_bro_sandbox_02/http.log delete mode 100644 testing/btest/doc/broxygen/all_scripts.test delete mode 100644 testing/btest/doc/broxygen/command_line.bro delete mode 100644 testing/btest/doc/broxygen/comment_retrieval_bifs.bro delete mode 100644 testing/btest/doc/broxygen/enums.bro delete mode 100644 testing/btest/doc/broxygen/example.bro delete mode 100644 testing/btest/doc/broxygen/func-params.bro delete mode 100644 testing/btest/doc/broxygen/identifier.bro delete mode 100644 testing/btest/doc/broxygen/package.bro delete mode 100644 testing/btest/doc/broxygen/package_index.bro delete mode 100644 testing/btest/doc/broxygen/records.bro delete mode 100644 testing/btest/doc/broxygen/script_index.bro delete mode 100644 testing/btest/doc/broxygen/script_summary.bro delete mode 100644 testing/btest/doc/broxygen/type-aliases.bro delete mode 100644 testing/btest/doc/broxygen/vectors.bro delete mode 100644 testing/btest/doc/record-add.bro delete mode 100644 testing/btest/doc/record-attr-check.bro diff --git a/doc b/doc deleted file mode 160000 index e9f6728f13..0000000000 --- a/doc +++ /dev/null @@ -1 +0,0 @@ -Subproject commit e9f6728f13165148ca8ffe0b373148ff78b10c6a diff --git a/testing/btest/Baseline/doc.broxygen.all_scripts/.stderr b/testing/btest/Baseline/doc.broxygen.all_scripts/.stderr deleted file mode 100644 index da6c357abf..0000000000 --- a/testing/btest/Baseline/doc.broxygen.all_scripts/.stderr +++ /dev/null @@ -1,11 +0,0 @@ -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 245: deprecated (dhcp_discover) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 248: deprecated (dhcp_offer) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 251: deprecated (dhcp_request) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 254: deprecated (dhcp_decline) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 257: deprecated (dhcp_ack) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 260: deprecated (dhcp_nak) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 263: deprecated (dhcp_release) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 266: deprecated (dhcp_inform) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/smb/__load__.bro, line 1: deprecated script loaded from /Users/jon/projects/bro/bro/scripts/broxygen/__load__.bro:10 "Use '@load base/protocols/smb' instead" -error in /Users/jon/projects/bro/bro/scripts/policy/frameworks/control/controller.bro, line 22: The '' control command is unknown. -, line 1: received termination signal diff --git a/testing/btest/Baseline/doc.broxygen.all_scripts/.stdout b/testing/btest/Baseline/doc.broxygen.all_scripts/.stdout deleted file mode 100644 index bfc3c033df..0000000000 --- a/testing/btest/Baseline/doc.broxygen.all_scripts/.stdout +++ /dev/null @@ -1 +0,0 @@ -WARNING: No Site::local_nets have been defined. It's usually a good idea to define your local networks. diff --git a/testing/btest/Baseline/doc.broxygen.command_line/output b/testing/btest/Baseline/doc.broxygen.command_line/output deleted file mode 100644 index f599e28b8a..0000000000 --- a/testing/btest/Baseline/doc.broxygen.command_line/output +++ /dev/null @@ -1 +0,0 @@ -10 diff --git a/testing/btest/Baseline/doc.broxygen.comment_retrieval_bifs/out b/testing/btest/Baseline/doc.broxygen.comment_retrieval_bifs/out deleted file mode 100644 index 2a01fa0a94..0000000000 --- a/testing/btest/Baseline/doc.broxygen.comment_retrieval_bifs/out +++ /dev/null @@ -1,70 +0,0 @@ -This is a test script. -With some summary comments. -myvar: - Hello world. This is an option. - With some more description here. - And here. - Maybe just one more. -print_lines: - This function prints a string line by line. - - lines: A string to print line by line, w/ lines delimited by newline chars. - And some more comments on the function implementation. -mytype: - This is an alias for count. -myrecord: - My record type. -myrecord$aaa: - The first field. - Does something... - Done w/ aaa. -myrecord$bbb: - The second field. - Done w/ bbb. - No really, done w/ bbb. -myrecord$ccc: - Third field. - Done w/ ccc. -myrecord$ddd: - Fourth field. - Done w/ ddd. -myrecord$eee: - First redef'd field. - With two lines of comments. - And two post-notation comments. - Done w/ eee. -myrecord$fff: - Second redef'd field. - Done w/ fff. -myrecord$ggg: - Third redef'd field. - Done w/ ggg. -myenum: - My enum type; -FIRST: - First enum value. - I know, the name isn't clever. - Done w/ first. -SECOND: - Second enum value. - Done w/ second. -THIRD: - Third enum value. - Done w/ third. - Done w/ third again. -FORTH: - SIC. - It's a programming language. - Using Reverse Polish Notation. - Done w/ forth. -FIFTH: - First redef'd enum val. - Done w/ fifth. -SIXTH: - Second redef'd enum val. - Done w/ sixth. -SEVENTH: - Third redef'd enum val. - Lucky number seven. - Still works with comma. - Done w/ seventh. diff --git a/testing/btest/Baseline/doc.broxygen.enums/autogen-reST-enums.rst b/testing/btest/Baseline/doc.broxygen.enums/autogen-reST-enums.rst deleted file mode 100644 index c98d2792df..0000000000 --- a/testing/btest/Baseline/doc.broxygen.enums/autogen-reST-enums.rst +++ /dev/null @@ -1,60 +0,0 @@ -.. bro:type:: TestEnum1 - - :Type: :bro:type:`enum` - - .. bro:enum:: ONE TestEnum1 - - like this - - .. bro:enum:: TWO TestEnum1 - - or like this - - .. bro:enum:: THREE TestEnum1 - - multiple - comments - and even - more comments - - .. bro:enum:: FOUR TestEnum1 - - adding another - value - - .. bro:enum:: FIVE TestEnum1 - - adding another - value - - There's tons of ways an enum can look... - -.. bro:type:: TestEnum2 - - :Type: :bro:type:`enum` - - .. bro:enum:: A TestEnum2 - - like this - - .. bro:enum:: B TestEnum2 - - or like this - - .. bro:enum:: C TestEnum2 - - multiple - comments - and even - more comments - - The final comma is optional - -.. bro:id:: TestEnumVal - - :Type: :bro:type:`TestEnum1` - :Attributes: :bro:attr:`&redef` - :Default: ``ONE`` - - this should reference the TestEnum1 type and not a generic "enum" type - diff --git a/testing/btest/Baseline/doc.broxygen.example/example.rst b/testing/btest/Baseline/doc.broxygen.example/example.rst deleted file mode 100644 index d729ab85ee..0000000000 --- a/testing/btest/Baseline/doc.broxygen.example/example.rst +++ /dev/null @@ -1,248 +0,0 @@ -:tocdepth: 3 - -broxygen/example.bro -==================== -.. bro:namespace:: BroxygenExample - -This is an example script that demonstrates Broxygen-style -documentation. It generally will make most sense when viewing -the script's raw source code and comparing to the HTML-rendered -version. - -Comments in the from ``##!`` are meant to summarize the script's -purpose. They are transferred directly in to the generated -`reStructuredText `_ -(reST) document associated with the script. - -.. tip:: You can embed directives and roles within ``##``-stylized comments. - -There's also a custom role to reference any identifier node in -the Bro Sphinx domain that's good for "see alsos", e.g. - -See also: :bro:see:`BroxygenExample::a_var`, -:bro:see:`BroxygenExample::ONE`, :bro:see:`SSH::Info` - -And a custom directive does the equivalent references: - -.. bro:see:: BroxygenExample::a_var BroxygenExample::ONE SSH::Info - -:Namespace: BroxygenExample -:Imports: :doc:`base/frameworks/notice `, :doc:`base/protocols/http `, :doc:`policy/frameworks/software/vulnerable.bro ` - -Summary -~~~~~~~ -Redefinable Options -################### -==================================================================================== ======================================================= -:bro:id:`BroxygenExample::an_option`: :bro:type:`set` :bro:attr:`&redef` Add documentation for "an_option" here. -:bro:id:`BroxygenExample::option_with_init`: :bro:type:`interval` :bro:attr:`&redef` Default initialization will be generated automatically. -==================================================================================== ======================================================= - -State Variables -############### -======================================================================== ======================================================================== -:bro:id:`BroxygenExample::a_var`: :bro:type:`bool` Put some documentation for "a_var" here. -:bro:id:`BroxygenExample::summary_test`: :bro:type:`string` The first sentence for a particular identifier's summary text ends here. -:bro:id:`BroxygenExample::var_without_explicit_type`: :bro:type:`string` Types are inferred, that information is self-documenting. -======================================================================== ======================================================================== - -Types -##### -================================================================================= =========================================================== -:bro:type:`BroxygenExample::ComplexRecord`: :bro:type:`record` :bro:attr:`&redef` General documentation for a type "ComplexRecord" goes here. -:bro:type:`BroxygenExample::Info`: :bro:type:`record` An example record to be used with a logging stream. -:bro:type:`BroxygenExample::SimpleEnum`: :bro:type:`enum` Documentation for the "SimpleEnum" type goes here. -:bro:type:`BroxygenExample::SimpleRecord`: :bro:type:`record` General documentation for a type "SimpleRecord" goes here. -================================================================================= =========================================================== - -Redefinitions -############# -============================================================= ==================================================================== -:bro:type:`BroxygenExample::SimpleEnum`: :bro:type:`enum` Document the "SimpleEnum" redef here with any special info regarding - the *redef* itself. -:bro:type:`BroxygenExample::SimpleRecord`: :bro:type:`record` Document the record extension *redef* itself here. -:bro:type:`Log::ID`: :bro:type:`enum` -:bro:type:`Notice::Type`: :bro:type:`enum` -============================================================= ==================================================================== - -Events -###### -====================================================== ========================== -:bro:id:`BroxygenExample::an_event`: :bro:type:`event` Summarize "an_event" here. -====================================================== ========================== - -Functions -######### -=========================================================== ======================================= -:bro:id:`BroxygenExample::a_function`: :bro:type:`function` Summarize purpose of "a_function" here. -=========================================================== ======================================= - - -Detailed Interface -~~~~~~~~~~~~~~~~~~ -Redefinable Options -################### -.. bro:id:: BroxygenExample::an_option - - :Type: :bro:type:`set` [:bro:type:`addr`, :bro:type:`addr`, :bro:type:`string`] - :Attributes: :bro:attr:`&redef` - :Default: ``{}`` - - Add documentation for "an_option" here. - The type/attribute information is all generated automatically. - -.. bro:id:: BroxygenExample::option_with_init - - :Type: :bro:type:`interval` - :Attributes: :bro:attr:`&redef` - :Default: ``10.0 msecs`` - - Default initialization will be generated automatically. - More docs can be added here. - -State Variables -############### -.. bro:id:: BroxygenExample::a_var - - :Type: :bro:type:`bool` - - Put some documentation for "a_var" here. Any global/non-const that - isn't a function/event/hook is classified as a "state variable" - in the generated docs. - -.. bro:id:: BroxygenExample::summary_test - - :Type: :bro:type:`string` - - The first sentence for a particular identifier's summary text ends here. - And this second sentence doesn't show in the short description provided - by the table of all identifiers declared by this script. - -.. bro:id:: BroxygenExample::var_without_explicit_type - - :Type: :bro:type:`string` - :Default: ``"this works"`` - - Types are inferred, that information is self-documenting. - -Types -##### -.. bro:type:: BroxygenExample::ComplexRecord - - :Type: :bro:type:`record` - - field1: :bro:type:`count` - Counts something. - - field2: :bro:type:`bool` - Toggles something. - - field3: :bro:type:`BroxygenExample::SimpleRecord` - Broxygen automatically tracks types - and cross-references are automatically - inserted in to generated docs. - - msg: :bro:type:`string` :bro:attr:`&default` = ``"blah"`` :bro:attr:`&optional` - Attributes are self-documenting. - :Attributes: :bro:attr:`&redef` - - General documentation for a type "ComplexRecord" goes here. - -.. bro:type:: BroxygenExample::Info - - :Type: :bro:type:`record` - - ts: :bro:type:`time` :bro:attr:`&log` - - uid: :bro:type:`string` :bro:attr:`&log` - - status: :bro:type:`count` :bro:attr:`&log` :bro:attr:`&optional` - - An example record to be used with a logging stream. - Nothing special about it. If another script redefs this type - to add fields, the generated documentation will show all original - fields plus the extensions and the scripts which contributed to it - (provided they are also @load'ed). - -.. bro:type:: BroxygenExample::SimpleEnum - - :Type: :bro:type:`enum` - - .. bro:enum:: BroxygenExample::ONE BroxygenExample::SimpleEnum - - Documentation for particular enum values is added like this. - And can also span multiple lines. - - .. bro:enum:: BroxygenExample::TWO BroxygenExample::SimpleEnum - - Or this style is valid to document the preceding enum value. - - .. bro:enum:: BroxygenExample::THREE BroxygenExample::SimpleEnum - - .. bro:enum:: BroxygenExample::FOUR BroxygenExample::SimpleEnum - - And some documentation for "FOUR". - - .. bro:enum:: BroxygenExample::FIVE BroxygenExample::SimpleEnum - - Also "FIVE". - - Documentation for the "SimpleEnum" type goes here. - It can span multiple lines. - -.. bro:type:: BroxygenExample::SimpleRecord - - :Type: :bro:type:`record` - - field1: :bro:type:`count` - Counts something. - - field2: :bro:type:`bool` - Toggles something. - - field_ext: :bro:type:`string` :bro:attr:`&optional` - Document the extending field like this. - Or here, like this. - - General documentation for a type "SimpleRecord" goes here. - The way fields can be documented is similar to what's already seen - for enums. - -Events -###### -.. bro:id:: BroxygenExample::an_event - - :Type: :bro:type:`event` (name: :bro:type:`string`) - - Summarize "an_event" here. - Give more details about "an_event" here. - - BroxygenExample::a_function should not be confused as a parameter - in the generated docs, but it also doesn't generate a cross-reference - link. Use the see role instead: :bro:see:`BroxygenExample::a_function`. - - - :name: Describe the argument here. - -Functions -######### -.. bro:id:: BroxygenExample::a_function - - :Type: :bro:type:`function` (tag: :bro:type:`string`, msg: :bro:type:`string`) : :bro:type:`string` - - Summarize purpose of "a_function" here. - Give more details about "a_function" here. - Separating the documentation of the params/return values with - empty comments is optional, but improves readability of script. - - - :tag: Function arguments can be described - like this. - - - :msg: Another param. - - - :returns: Describe the return type here. - - diff --git a/testing/btest/Baseline/doc.broxygen.func-params/autogen-reST-func-params.rst b/testing/btest/Baseline/doc.broxygen.func-params/autogen-reST-func-params.rst deleted file mode 100644 index 06f196b73c..0000000000 --- a/testing/btest/Baseline/doc.broxygen.func-params/autogen-reST-func-params.rst +++ /dev/null @@ -1,30 +0,0 @@ -.. bro:id:: test_func_params_func - - :Type: :bro:type:`function` (i: :bro:type:`int`, j: :bro:type:`int`) : :bro:type:`string` - - This is a global function declaration. - - - :i: First param. - - :j: Second param. - - - :returns: A string. - -.. bro:type:: test_func_params_rec - - :Type: :bro:type:`record` - - field_func: :bro:type:`function` (i: :bro:type:`int`, j: :bro:type:`int`) : :bro:type:`string` - This is a record field function. - - - :i: First param. - - :j: Second param. - - - :returns: A string. - - diff --git a/testing/btest/Baseline/doc.broxygen.identifier/test.rst b/testing/btest/Baseline/doc.broxygen.identifier/test.rst deleted file mode 100644 index 0c7c44581d..0000000000 --- a/testing/btest/Baseline/doc.broxygen.identifier/test.rst +++ /dev/null @@ -1,230 +0,0 @@ -.. bro:id:: BroxygenExample::Broxygen_One - - :Type: :bro:type:`Notice::Type` - - Any number of this type of comment - will document "Broxygen_One". - -.. bro:id:: BroxygenExample::Broxygen_Two - - :Type: :bro:type:`Notice::Type` - - Any number of this type of comment - will document "BROXYGEN_TWO". - -.. bro:id:: BroxygenExample::Broxygen_Three - - :Type: :bro:type:`Notice::Type` - - -.. bro:id:: BroxygenExample::Broxygen_Four - - :Type: :bro:type:`Notice::Type` - - Omitting comments is fine, and so is mixing ``##`` and ``##<``, but - it's probably best to use only one style consistently. - -.. bro:id:: BroxygenExample::LOG - - :Type: :bro:type:`Log::ID` - - -.. bro:type:: BroxygenExample::SimpleEnum - - :Type: :bro:type:`enum` - - .. bro:enum:: BroxygenExample::ONE BroxygenExample::SimpleEnum - - Documentation for particular enum values is added like this. - And can also span multiple lines. - - .. bro:enum:: BroxygenExample::TWO BroxygenExample::SimpleEnum - - Or this style is valid to document the preceding enum value. - - .. bro:enum:: BroxygenExample::THREE BroxygenExample::SimpleEnum - - .. bro:enum:: BroxygenExample::FOUR BroxygenExample::SimpleEnum - - And some documentation for "FOUR". - - .. bro:enum:: BroxygenExample::FIVE BroxygenExample::SimpleEnum - - Also "FIVE". - - Documentation for the "SimpleEnum" type goes here. - It can span multiple lines. - -.. bro:id:: BroxygenExample::ONE - - :Type: :bro:type:`BroxygenExample::SimpleEnum` - - Documentation for particular enum values is added like this. - And can also span multiple lines. - -.. bro:id:: BroxygenExample::TWO - - :Type: :bro:type:`BroxygenExample::SimpleEnum` - - Or this style is valid to document the preceding enum value. - -.. bro:id:: BroxygenExample::THREE - - :Type: :bro:type:`BroxygenExample::SimpleEnum` - - -.. bro:id:: BroxygenExample::FOUR - - :Type: :bro:type:`BroxygenExample::SimpleEnum` - - And some documentation for "FOUR". - -.. bro:id:: BroxygenExample::FIVE - - :Type: :bro:type:`BroxygenExample::SimpleEnum` - - Also "FIVE". - -.. bro:type:: BroxygenExample::SimpleRecord - - :Type: :bro:type:`record` - - field1: :bro:type:`count` - Counts something. - - field2: :bro:type:`bool` - Toggles something. - - field_ext: :bro:type:`string` :bro:attr:`&optional` - Document the extending field like this. - Or here, like this. - - General documentation for a type "SimpleRecord" goes here. - The way fields can be documented is similar to what's already seen - for enums. - -.. bro:type:: BroxygenExample::ComplexRecord - - :Type: :bro:type:`record` - - field1: :bro:type:`count` - Counts something. - - field2: :bro:type:`bool` - Toggles something. - - field3: :bro:type:`BroxygenExample::SimpleRecord` - Broxygen automatically tracks types - and cross-references are automatically - inserted in to generated docs. - - msg: :bro:type:`string` :bro:attr:`&default` = ``"blah"`` :bro:attr:`&optional` - Attributes are self-documenting. - :Attributes: :bro:attr:`&redef` - - General documentation for a type "ComplexRecord" goes here. - -.. bro:type:: BroxygenExample::Info - - :Type: :bro:type:`record` - - ts: :bro:type:`time` :bro:attr:`&log` - - uid: :bro:type:`string` :bro:attr:`&log` - - status: :bro:type:`count` :bro:attr:`&log` :bro:attr:`&optional` - - An example record to be used with a logging stream. - Nothing special about it. If another script redefs this type - to add fields, the generated documentation will show all original - fields plus the extensions and the scripts which contributed to it - (provided they are also @load'ed). - -.. bro:id:: BroxygenExample::an_option - - :Type: :bro:type:`set` [:bro:type:`addr`, :bro:type:`addr`, :bro:type:`string`] - :Attributes: :bro:attr:`&redef` - :Default: ``{}`` - - Add documentation for "an_option" here. - The type/attribute information is all generated automatically. - -.. bro:id:: BroxygenExample::option_with_init - - :Type: :bro:type:`interval` - :Attributes: :bro:attr:`&redef` - :Default: ``10.0 msecs`` - - Default initialization will be generated automatically. - More docs can be added here. - -.. bro:id:: BroxygenExample::a_var - - :Type: :bro:type:`bool` - - Put some documentation for "a_var" here. Any global/non-const that - isn't a function/event/hook is classified as a "state variable" - in the generated docs. - -.. bro:id:: BroxygenExample::var_without_explicit_type - - :Type: :bro:type:`string` - :Default: ``"this works"`` - - Types are inferred, that information is self-documenting. - -.. bro:id:: BroxygenExample::summary_test - - :Type: :bro:type:`string` - - The first sentence for a particular identifier's summary text ends here. - And this second sentence doesn't show in the short description provided - by the table of all identifiers declared by this script. - -.. bro:id:: BroxygenExample::a_function - - :Type: :bro:type:`function` (tag: :bro:type:`string`, msg: :bro:type:`string`) : :bro:type:`string` - - Summarize purpose of "a_function" here. - Give more details about "a_function" here. - Separating the documentation of the params/return values with - empty comments is optional, but improves readability of script. - - - :tag: Function arguments can be described - like this. - - - :msg: Another param. - - - :returns: Describe the return type here. - -.. bro:id:: BroxygenExample::an_event - - :Type: :bro:type:`event` (name: :bro:type:`string`) - - Summarize "an_event" here. - Give more details about "an_event" here. - - BroxygenExample::a_function should not be confused as a parameter - in the generated docs, but it also doesn't generate a cross-reference - link. Use the see role instead: :bro:see:`BroxygenExample::a_function`. - - - :name: Describe the argument here. - -.. bro:id:: BroxygenExample::function_without_proto - - :Type: :bro:type:`function` (tag: :bro:type:`string`) : :bro:type:`string` - - -.. bro:type:: BroxygenExample::PrivateRecord - - :Type: :bro:type:`record` - - field1: :bro:type:`bool` - - field2: :bro:type:`count` - - diff --git a/testing/btest/Baseline/doc.broxygen.package/test.rst b/testing/btest/Baseline/doc.broxygen.package/test.rst deleted file mode 100644 index b96de2148b..0000000000 --- a/testing/btest/Baseline/doc.broxygen.package/test.rst +++ /dev/null @@ -1,37 +0,0 @@ -:orphan: - -Package: broxygen -================= - -This package is loaded during the process which automatically generates -reference documentation for all Bro scripts (i.e. "Broxygen"). Its only -purpose is to provide an easy way to load all known Bro scripts plus any -extra scripts needed or used by the documentation process. - -:doc:`/scripts/broxygen/__load__.bro` - - -:doc:`/scripts/broxygen/example.bro` - - This is an example script that demonstrates Broxygen-style - documentation. It generally will make most sense when viewing - the script's raw source code and comparing to the HTML-rendered - version. - - Comments in the from ``##!`` are meant to summarize the script's - purpose. They are transferred directly in to the generated - `reStructuredText `_ - (reST) document associated with the script. - - .. tip:: You can embed directives and roles within ``##``-stylized comments. - - There's also a custom role to reference any identifier node in - the Bro Sphinx domain that's good for "see alsos", e.g. - - See also: :bro:see:`BroxygenExample::a_var`, - :bro:see:`BroxygenExample::ONE`, :bro:see:`SSH::Info` - - And a custom directive does the equivalent references: - - .. bro:see:: BroxygenExample::a_var BroxygenExample::ONE SSH::Info - diff --git a/testing/btest/Baseline/doc.broxygen.package_index/test.rst b/testing/btest/Baseline/doc.broxygen.package_index/test.rst deleted file mode 100644 index f551ab1cd3..0000000000 --- a/testing/btest/Baseline/doc.broxygen.package_index/test.rst +++ /dev/null @@ -1,7 +0,0 @@ -:doc:`broxygen ` - - This package is loaded during the process which automatically generates - reference documentation for all Bro scripts (i.e. "Broxygen"). Its only - purpose is to provide an easy way to load all known Bro scripts plus any - extra scripts needed or used by the documentation process. - diff --git a/testing/btest/Baseline/doc.broxygen.records/autogen-reST-records.rst b/testing/btest/Baseline/doc.broxygen.records/autogen-reST-records.rst deleted file mode 100644 index 60d80f6b07..0000000000 --- a/testing/btest/Baseline/doc.broxygen.records/autogen-reST-records.rst +++ /dev/null @@ -1,28 +0,0 @@ -.. bro:type:: TestRecord1 - - :Type: :bro:type:`record` - - field1: :bro:type:`bool` - - field2: :bro:type:`count` - - -.. bro:type:: TestRecord2 - - :Type: :bro:type:`record` - - A: :bro:type:`count` - document ``A`` - - B: :bro:type:`bool` - document ``B`` - - C: :bro:type:`TestRecord1` - and now ``C`` - is a declared type - - D: :bro:type:`set` [:bro:type:`count`, :bro:type:`bool`] - sets/tables should show the index types - - Here's the ways records and record fields can be documented. - diff --git a/testing/btest/Baseline/doc.broxygen.script_index/test.rst b/testing/btest/Baseline/doc.broxygen.script_index/test.rst deleted file mode 100644 index dda280facf..0000000000 --- a/testing/btest/Baseline/doc.broxygen.script_index/test.rst +++ /dev/null @@ -1,5 +0,0 @@ -.. toctree:: - :maxdepth: 1 - - broxygen/__load__.bro - broxygen/example.bro diff --git a/testing/btest/Baseline/doc.broxygen.script_summary/test.rst b/testing/btest/Baseline/doc.broxygen.script_summary/test.rst deleted file mode 100644 index 125a579c81..0000000000 --- a/testing/btest/Baseline/doc.broxygen.script_summary/test.rst +++ /dev/null @@ -1,23 +0,0 @@ -:doc:`/scripts/broxygen/example.bro` - This is an example script that demonstrates Broxygen-style - documentation. It generally will make most sense when viewing - the script's raw source code and comparing to the HTML-rendered - version. - - Comments in the from ``##!`` are meant to summarize the script's - purpose. They are transferred directly in to the generated - `reStructuredText `_ - (reST) document associated with the script. - - .. tip:: You can embed directives and roles within ``##``-stylized comments. - - There's also a custom role to reference any identifier node in - the Bro Sphinx domain that's good for "see alsos", e.g. - - See also: :bro:see:`BroxygenExample::a_var`, - :bro:see:`BroxygenExample::ONE`, :bro:see:`SSH::Info` - - And a custom directive does the equivalent references: - - .. bro:see:: BroxygenExample::a_var BroxygenExample::ONE SSH::Info - diff --git a/testing/btest/Baseline/doc.broxygen.type-aliases/autogen-reST-type-aliases.rst b/testing/btest/Baseline/doc.broxygen.type-aliases/autogen-reST-type-aliases.rst deleted file mode 100644 index 3a26b8adc6..0000000000 --- a/testing/btest/Baseline/doc.broxygen.type-aliases/autogen-reST-type-aliases.rst +++ /dev/null @@ -1,44 +0,0 @@ -.. bro:type:: BroxygenTest::TypeAlias - - :Type: :bro:type:`bool` - - This is just an alias for a builtin type ``bool``. - -.. bro:type:: BroxygenTest::NotTypeAlias - - :Type: :bro:type:`bool` - - This type should get its own comments, not associated w/ TypeAlias. - -.. bro:type:: BroxygenTest::OtherTypeAlias - - :Type: :bro:type:`bool` - - This cross references ``bool`` in the description of its type - instead of ``TypeAlias`` just because it seems more useful -- - one doesn't have to click through the full type alias chain to - find out what the actual type is... - -.. bro:id:: BroxygenTest::a - - :Type: :bro:type:`BroxygenTest::TypeAlias` - - But this should reference a type of ``TypeAlias``. - -.. bro:id:: BroxygenTest::b - - :Type: :bro:type:`BroxygenTest::OtherTypeAlias` - - And this should reference a type of ``OtherTypeAlias``. - -.. bro:type:: BroxygenTest::MyRecord - - :Type: :bro:type:`record` - - f1: :bro:type:`BroxygenTest::TypeAlias` - - f2: :bro:type:`BroxygenTest::OtherTypeAlias` - - f3: :bro:type:`bool` - - diff --git a/testing/btest/Baseline/doc.broxygen.vectors/autogen-reST-vectors.rst b/testing/btest/Baseline/doc.broxygen.vectors/autogen-reST-vectors.rst deleted file mode 100644 index 37eabb9419..0000000000 --- a/testing/btest/Baseline/doc.broxygen.vectors/autogen-reST-vectors.rst +++ /dev/null @@ -1,33 +0,0 @@ -.. bro:id:: test_vector0 - - :Type: :bro:type:`vector` of :bro:type:`string` - :Default: - - :: - - [] - - Yield type is documented/cross-referenced for primitize types. - -.. bro:id:: test_vector1 - - :Type: :bro:type:`vector` of :bro:type:`TestRecord` - :Default: - - :: - - [] - - Yield type is documented/cross-referenced for composite types. - -.. bro:id:: test_vector2 - - :Type: :bro:type:`vector` of :bro:type:`vector` of :bro:type:`TestRecord` - :Default: - - :: - - [] - - Just showing an even fancier yield type. - diff --git a/testing/btest/Baseline/doc.manual.connection_record_01/.stdout b/testing/btest/Baseline/doc.manual.connection_record_01/.stdout deleted file mode 100644 index 7f134460e3..0000000000 --- a/testing/btest/Baseline/doc.manual.connection_record_01/.stdout +++ /dev/null @@ -1,5 +0,0 @@ -[id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], orig=[size=29, state=5, num_pkts=6, num_bytes_ip=273, flow_label=0], resp=[size=44, state=5, num_pkts=5, num_bytes_ip=248, flow_label=0], start_time=930613226.067666, duration=0.709643, service={ - -}, addl=, hot=0, history=ShADadFf, uid=UWkUyAuUGXf, tunnel=, conn=[ts=930613226.067666, uid=UWkUyAuUGXf, id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], proto=tcp, service=, duration=0.709643, orig_bytes=29, resp_bytes=44, conn_state=SF, local_orig=, missed_bytes=0, history=ShADadFf, orig_pkts=6, orig_ip_bytes=273, resp_pkts=5, resp_ip_bytes=248, tunnel_parents={ - -}], extract_orig=F, extract_resp=F] diff --git a/testing/btest/Baseline/doc.manual.connection_record_02/.stdout b/testing/btest/Baseline/doc.manual.connection_record_02/.stdout deleted file mode 100644 index 824dd03097..0000000000 --- a/testing/btest/Baseline/doc.manual.connection_record_02/.stdout +++ /dev/null @@ -1,9 +0,0 @@ -[id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], orig=[size=29, state=5, num_pkts=6, num_bytes_ip=273, flow_label=0], resp=[size=44, state=5, num_pkts=5, num_bytes_ip=248, flow_label=0], start_time=930613226.067666, duration=0.709643, service={ - -}, addl=, hot=0, history=ShADadFf, uid=UWkUyAuUGXf, tunnel=, conn=[ts=930613226.067666, uid=UWkUyAuUGXf, id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], proto=tcp, service=, duration=0.709643, orig_bytes=29, resp_bytes=44, conn_state=SF, local_orig=, missed_bytes=0, history=ShADadFf, orig_pkts=6, orig_ip_bytes=273, resp_pkts=5, resp_ip_bytes=248, tunnel_parents={ - -}], extract_orig=F, extract_resp=F, dns=, dns_state=[pending={ - -}, finished_answers={ -34798 -}]] diff --git a/testing/btest/Baseline/doc.manual.data_struct_record_01/.stdout b/testing/btest/Baseline/doc.manual.data_struct_record_01/.stdout deleted file mode 100644 index 4e628b9ae7..0000000000 --- a/testing/btest/Baseline/doc.manual.data_struct_record_01/.stdout +++ /dev/null @@ -1,6 +0,0 @@ -Service: dns(RFC1035) - port: 53/tcp - port: 53/udp -Service: http(RFC2616) - port: 80/tcp - port: 8080/tcp diff --git a/testing/btest/Baseline/doc.manual.data_struct_record_02/.stdout b/testing/btest/Baseline/doc.manual.data_struct_record_02/.stdout deleted file mode 100644 index 0428764bea..0000000000 --- a/testing/btest/Baseline/doc.manual.data_struct_record_02/.stdout +++ /dev/null @@ -1,7 +0,0 @@ -System: morlock - Service: dns(RFC1035) - port: 53/tcp - port: 53/udp - Service: http(RFC2616) - port: 80/tcp - port: 8080/tcp diff --git a/testing/btest/Baseline/doc.manual.data_struct_set_declaration/.stdout b/testing/btest/Baseline/doc.manual.data_struct_set_declaration/.stdout deleted file mode 100644 index d1aa16c7d3..0000000000 --- a/testing/btest/Baseline/doc.manual.data_struct_set_declaration/.stdout +++ /dev/null @@ -1,8 +0,0 @@ -SSL Port: 993/tcp -SSL Port: 22/tcp -SSL Port: 587/tcp -SSL Port: 443/tcp -Non-SSL Port: 143/tcp -Non-SSL Port: 25/tcp -Non-SSL Port: 80/tcp -Non-SSL Port: 23/tcp diff --git a/testing/btest/Baseline/doc.manual.data_struct_table_complex/.stdout b/testing/btest/Baseline/doc.manual.data_struct_table_complex/.stdout deleted file mode 100644 index e22f36a244..0000000000 --- a/testing/btest/Baseline/doc.manual.data_struct_table_complex/.stdout +++ /dev/null @@ -1,4 +0,0 @@ -Kiru was released in 1968 by Toho studios, directed by Kihachi Okamoto and starring Tatsuya Nakadai -Goyokin was released in 1969 by Fuji studios, directed by Hideo Gosha and starring Tatsuya Nakadai -Harakiri was released in 1962 by Shochiku Eiga studios, directed by Masaki Kobayashi and starring Tatsuya Nakadai -Tasogare Seibei was released in 2002 by Eisei Gekijo studios, directed by Yoji Yamada and starring Hiroyuki Sanada diff --git a/testing/btest/Baseline/doc.manual.data_struct_table_declaration/.stdout b/testing/btest/Baseline/doc.manual.data_struct_table_declaration/.stdout deleted file mode 100644 index 19b1648904..0000000000 --- a/testing/btest/Baseline/doc.manual.data_struct_table_declaration/.stdout +++ /dev/null @@ -1,4 +0,0 @@ -Service Name: IMAPS - Common Port: 993/tcp -Service Name: HTTPS - Common Port: 443/tcp -Service Name: SSH - Common Port: 22/tcp -Service Name: SMTPS - Common Port: 587/tcp diff --git a/testing/btest/Baseline/doc.manual.data_struct_vector/.stdout b/testing/btest/Baseline/doc.manual.data_struct_vector/.stdout deleted file mode 100644 index 8348ce7198..0000000000 --- a/testing/btest/Baseline/doc.manual.data_struct_vector/.stdout +++ /dev/null @@ -1,2 +0,0 @@ -[1, 2, 3, 4] -[1, 2, 3, 4] diff --git a/testing/btest/Baseline/doc.manual.data_struct_vector_declaration/.stdout b/testing/btest/Baseline/doc.manual.data_struct_vector_declaration/.stdout deleted file mode 100644 index 48ce5d9c56..0000000000 --- a/testing/btest/Baseline/doc.manual.data_struct_vector_declaration/.stdout +++ /dev/null @@ -1,4 +0,0 @@ -contents of v1: [1, 2, 3, 4] -length of v1: 4 -contents of v1: [1, 2, 3, 4] -length of v2: 4 diff --git a/testing/btest/Baseline/doc.manual.data_struct_vector_iter/.stdout b/testing/btest/Baseline/doc.manual.data_struct_vector_iter/.stdout deleted file mode 100644 index 0326e6580e..0000000000 --- a/testing/btest/Baseline/doc.manual.data_struct_vector_iter/.stdout +++ /dev/null @@ -1,3 +0,0 @@ -1.2.0.0/18 -2.3.0.0/18 -3.4.0.0/18 diff --git a/testing/btest/Baseline/doc.manual.data_type_const/.stdout b/testing/btest/Baseline/doc.manual.data_type_const/.stdout deleted file mode 100644 index 0e49670a83..0000000000 --- a/testing/btest/Baseline/doc.manual.data_type_const/.stdout +++ /dev/null @@ -1,4 +0,0 @@ -{ -[6666/tcp] = IRC, -[80/tcp] = WWW -} diff --git a/testing/btest/Baseline/doc.manual.data_type_const_simple/.stdout b/testing/btest/Baseline/doc.manual.data_type_const_simple/.stdout deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/testing/btest/Baseline/doc.manual.data_type_declaration/.stdout b/testing/btest/Baseline/doc.manual.data_type_declaration/.stdout deleted file mode 100644 index a6f28b5e52..0000000000 --- a/testing/btest/Baseline/doc.manual.data_type_declaration/.stdout +++ /dev/null @@ -1 +0,0 @@ -A: 10, B: 10 diff --git a/testing/btest/Baseline/doc.manual.data_type_interval/.stdout b/testing/btest/Baseline/doc.manual.data_type_interval/.stdout deleted file mode 100644 index 1cd5999711..0000000000 --- a/testing/btest/Baseline/doc.manual.data_type_interval/.stdout +++ /dev/null @@ -1,15 +0,0 @@ -2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.118 -2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3 - Time since last connection: 132.0 msecs 97.0 usecs -2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3 - Time since last connection: 177.0 usecs -2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3 - Time since last connection: 2.0 msecs 177.0 usecs -2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3 - Time since last connection: 33.0 msecs 898.0 usecs -2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3 - Time since last connection: 35.0 usecs -2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3 - Time since last connection: 2.0 msecs 532.0 usecs -2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.2 - Time since last connection: 7.0 msecs 866.0 usecs diff --git a/testing/btest/Baseline/doc.manual.data_type_local/.stdout b/testing/btest/Baseline/doc.manual.data_type_local/.stdout deleted file mode 100644 index e150c0b19d..0000000000 --- a/testing/btest/Baseline/doc.manual.data_type_local/.stdout +++ /dev/null @@ -1 +0,0 @@ -i + 2 = 12 diff --git a/testing/btest/Baseline/doc.manual.data_type_pattern_01/.stdout b/testing/btest/Baseline/doc.manual.data_type_pattern_01/.stdout deleted file mode 100644 index 11358a776e..0000000000 --- a/testing/btest/Baseline/doc.manual.data_type_pattern_01/.stdout +++ /dev/null @@ -1,3 +0,0 @@ -The - brown fox jumped over the - dog. diff --git a/testing/btest/Baseline/doc.manual.data_type_pattern_02/.stdout b/testing/btest/Baseline/doc.manual.data_type_pattern_02/.stdout deleted file mode 100644 index 808dc3d572..0000000000 --- a/testing/btest/Baseline/doc.manual.data_type_pattern_02/.stdout +++ /dev/null @@ -1,2 +0,0 @@ -equality and /^?(equal)$?/ are not equal -equality and /^?(equality)$?/ are equal diff --git a/testing/btest/Baseline/doc.manual.data_type_subnets/.stdout b/testing/btest/Baseline/doc.manual.data_type_subnets/.stdout deleted file mode 100644 index facaaabe64..0000000000 --- a/testing/btest/Baseline/doc.manual.data_type_subnets/.stdout +++ /dev/null @@ -1,4 +0,0 @@ -172.16.4.56 belongs to subnet 172.16.0.0/20 -172.16.47.254 belongs to subnet 172.16.32.0/20 -172.16.22.45 belongs to subnet 172.16.16.0/20 -172.16.1.1 belongs to subnet 172.16.0.0/20 diff --git a/testing/btest/Baseline/doc.manual.data_type_time/.stdout b/testing/btest/Baseline/doc.manual.data_type_time/.stdout deleted file mode 100644 index 149cb40e2a..0000000000 --- a/testing/btest/Baseline/doc.manual.data_type_time/.stdout +++ /dev/null @@ -1,8 +0,0 @@ -2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.118^J -2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J -2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J -2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J -2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J -2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J -2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J -2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.2^J diff --git a/testing/btest/Baseline/doc.manual.framework_logging_factorial_01/.stdout b/testing/btest/Baseline/doc.manual.framework_logging_factorial_01/.stdout deleted file mode 100644 index db47b283d0..0000000000 --- a/testing/btest/Baseline/doc.manual.framework_logging_factorial_01/.stdout +++ /dev/null @@ -1,10 +0,0 @@ -1 -2 -6 -24 -120 -720 -5040 -40320 -362880 -3628800 diff --git a/testing/btest/Baseline/doc.manual.framework_logging_factorial_02/factor.log b/testing/btest/Baseline/doc.manual.framework_logging_factorial_02/factor.log deleted file mode 100644 index c643116265..0000000000 --- a/testing/btest/Baseline/doc.manual.framework_logging_factorial_02/factor.log +++ /dev/null @@ -1,19 +0,0 @@ -#separator \x09 -#set_separator , -#empty_field (empty) -#unset_field - -#path factor -#open 2013-03-19-03-25-33 -#fields num factorial_num -#types count count -1 1 -2 2 -3 6 -4 24 -5 120 -6 720 -7 5040 -8 40320 -9 362880 -10 3628800 -#close 2013-03-19-03-25-33 diff --git a/testing/btest/Baseline/doc.manual.framework_logging_factorial_03/factor-mod5.log b/testing/btest/Baseline/doc.manual.framework_logging_factorial_03/factor-mod5.log deleted file mode 100644 index 2a466484d6..0000000000 --- a/testing/btest/Baseline/doc.manual.framework_logging_factorial_03/factor-mod5.log +++ /dev/null @@ -1,15 +0,0 @@ -#separator \x09 -#set_separator , -#empty_field (empty) -#unset_field - -#path factor-mod5 -#open 2013-03-20-03-22-52 -#fields num factorial_num -#types count count -5 120 -6 720 -7 5040 -8 40320 -9 362880 -10 3628800 -#close 2013-03-20-03-22-52 diff --git a/testing/btest/Baseline/doc.manual.framework_logging_factorial_03/factor-non5.log b/testing/btest/Baseline/doc.manual.framework_logging_factorial_03/factor-non5.log deleted file mode 100644 index 4430dcc8a4..0000000000 --- a/testing/btest/Baseline/doc.manual.framework_logging_factorial_03/factor-non5.log +++ /dev/null @@ -1,13 +0,0 @@ -#separator \x09 -#set_separator , -#empty_field (empty) -#unset_field - -#path factor-non5 -#open 2013-03-20-03-22-52 -#fields num factorial_num -#types count count -1 1 -2 2 -3 6 -4 24 -#close 2013-03-20-03-22-52 diff --git a/testing/btest/Baseline/doc.manual.framework_logging_factorial_04/factor-mod5.log b/testing/btest/Baseline/doc.manual.framework_logging_factorial_04/factor-mod5.log deleted file mode 100644 index 6b50ca55e7..0000000000 --- a/testing/btest/Baseline/doc.manual.framework_logging_factorial_04/factor-mod5.log +++ /dev/null @@ -1,15 +0,0 @@ -#separator \x09 -#set_separator , -#empty_field (empty) -#unset_field - -#path factor-mod5 -#open 2013-03-25-02-00-12 -#fields num factorial_num -#types count count -5 120 -6 720 -7 5040 -8 40320 -9 362880 -10 3628800 -#close 2013-03-25-02-00-12 diff --git a/testing/btest/Baseline/doc.manual.framework_logging_factorial_04/factor-non5.log b/testing/btest/Baseline/doc.manual.framework_logging_factorial_04/factor-non5.log deleted file mode 100644 index d272ba48a9..0000000000 --- a/testing/btest/Baseline/doc.manual.framework_logging_factorial_04/factor-non5.log +++ /dev/null @@ -1,13 +0,0 @@ -#separator \x09 -#set_separator , -#empty_field (empty) -#unset_field - -#path factor-non5 -#open 2013-03-25-02-00-12 -#fields num factorial_num -#types count count -1 1 -2 2 -3 6 -4 24 -#close 2013-03-25-02-00-12 diff --git a/testing/btest/Baseline/doc.manual.framework_notice_hook_01/.stdout b/testing/btest/Baseline/doc.manual.framework_notice_hook_01/.stdout deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/testing/btest/Baseline/doc.manual.framework_notice_hook_suppression_01/.stdout b/testing/btest/Baseline/doc.manual.framework_notice_hook_suppression_01/.stdout deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/testing/btest/Baseline/doc.manual.framework_notice_shortcuts_01/.stdout b/testing/btest/Baseline/doc.manual.framework_notice_shortcuts_01/.stdout deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/testing/btest/Baseline/doc.manual.framework_notice_shortcuts_02/.stdout b/testing/btest/Baseline/doc.manual.framework_notice_shortcuts_02/.stdout deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/testing/btest/Baseline/doc.manual.using_bro_sandbox_01/.stdout b/testing/btest/Baseline/doc.manual.using_bro_sandbox_01/.stdout deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/testing/btest/Baseline/doc.manual.using_bro_sandbox_01/conn.log b/testing/btest/Baseline/doc.manual.using_bro_sandbox_01/conn.log deleted file mode 100644 index 6eb08725f5..0000000000 --- a/testing/btest/Baseline/doc.manual.using_bro_sandbox_01/conn.log +++ /dev/null @@ -1,43 +0,0 @@ -#separator \x09 -#set_separator , -#empty_field (empty) -#unset_field - -#path conn -#open 2013-05-05-20-51-24 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents -#types time string addr port addr port enum string interval count count string bool count string count count count count table[string] -1300475167.096535 UWkUyAuUGXf 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - 0 D 1 73 0 0 - -1300475167.097012 arKYeMETxOg fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - 0 D 1 199 0 0 - -1300475167.099816 k6kgXLOoSKl 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - 0 D 1 179 0 0 - -1300475168.853899 TEfuqmmG4bh 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF - 0 Dd 1 66 1 117 - -1300475168.854378 FrJExwHcSal 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF - 0 Dd 1 80 1 127 - -1300475168.854837 5OKnoww6xl4 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF - 0 Dd 1 66 1 211 - -1300475168.857956 fRFu0wcOle6 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF - 0 Dd 1 66 1 117 - -1300475168.858306 qSsw6ESzHV4 141.142.220.118 59816 141.142.2.2 53 udp dns 0.000343 52 99 SF - 0 Dd 1 80 1 127 - -1300475168.858713 iE6yhOq3SF 141.142.220.118 59714 141.142.2.2 53 udp dns 0.000375 38 183 SF - 0 Dd 1 66 1 211 - -1300475168.891644 qCaWGmzFtM5 141.142.220.118 58206 141.142.2.2 53 udp dns 0.000339 38 89 SF - 0 Dd 1 66 1 117 - -1300475168.892037 70MGiRM1Qf4 141.142.220.118 38911 141.142.2.2 53 udp dns 0.000335 52 99 SF - 0 Dd 1 80 1 127 - -1300475168.892414 h5DsfNtYzi1 141.142.220.118 59746 141.142.2.2 53 udp dns 0.000421 38 183 SF - 0 Dd 1 66 1 211 - -1300475168.893988 c4Zw9TmAE05 141.142.220.118 45000 141.142.2.2 53 udp dns 0.000384 38 89 SF - 0 Dd 1 66 1 117 - -1300475168.894422 EAr0uf4mhq 141.142.220.118 48479 141.142.2.2 53 udp dns 0.000317 52 99 SF - 0 Dd 1 80 1 127 - -1300475168.894787 GvmoxJFXdTa 141.142.220.118 48128 141.142.2.2 53 udp dns 0.000423 38 183 SF - 0 Dd 1 66 1 211 - -1300475168.901749 slFea8xwSmb 141.142.220.118 56056 141.142.2.2 53 udp dns 0.000402 36 131 SF - 0 Dd 1 64 1 159 - -1300475168.902195 UfGkYA2HI2g 141.142.220.118 55092 141.142.2.2 53 udp dns 0.000374 36 198 SF - 0 Dd 1 64 1 226 - -1300475169.899438 BWaU4aSuwkc 141.142.220.44 5353 224.0.0.251 5353 udp dns - - - S0 - 0 D 1 85 0 0 - -1300475170.862384 10XodEwRycf 141.142.220.226 137 141.142.220.255 137 udp dns 2.613017 350 0 S0 - 0 D 7 546 0 0 - -1300475171.675372 zno26fFZkrh fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp dns 0.100096 66 0 S0 - 0 D 2 162 0 0 - -1300475171.677081 v5rgkJBig5l 141.142.220.226 55131 224.0.0.252 5355 udp dns 0.100021 66 0 S0 - 0 D 2 122 0 0 - -1300475173.116749 eWZCH7OONC1 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp dns 0.099801 66 0 S0 - 0 D 2 162 0 0 - -1300475173.117362 0Pwk3ntf8O3 141.142.220.226 55671 224.0.0.252 5355 udp dns 0.099849 66 0 S0 - 0 D 2 122 0 0 - -1300475173.153679 0HKorjr8Zp7 141.142.220.238 56641 141.142.220.255 137 udp dns - - - S0 - 0 D 1 78 0 0 - -1300475168.859163 GSxOnSLghOa 141.142.220.118 49998 208.80.152.3 80 tcp http 0.215893 1130 734 S1 - 0 ShADad 6 1450 4 950 - -1300475168.652003 nQcgTWjvg4c 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - 0 DdA 2 567 1 402 - -1300475168.895267 0Q4FH8sESw5 141.142.220.118 50001 208.80.152.3 80 tcp http 0.227284 1178 734 S1 - 0 ShADad 6 1498 4 950 - -1300475168.902635 i2rO3KD1Syg 141.142.220.118 35642 208.80.152.2 80 tcp http 0.120041 534 412 S1 - 0 ShADad 4 750 3 576 - -1300475168.892936 Tw8jXtpTGu6 141.142.220.118 50000 208.80.152.3 80 tcp http 0.229603 1148 734 S1 - 0 ShADad 6 1468 4 950 - -1300475168.855305 3PKsZ2Uye21 141.142.220.118 49996 208.80.152.3 80 tcp http 0.218501 1171 733 S1 - 0 ShADad 6 1491 4 949 - -1300475168.892913 P654jzLoe3a 141.142.220.118 49999 208.80.152.3 80 tcp http 0.220961 1137 733 S1 - 0 ShADad 6 1457 4 949 - -1300475169.780331 2cx26uAvUPl 141.142.220.235 6705 173.192.163.128 80 tcp - - - - OTH - 0 h 0 0 1 48 - -1300475168.724007 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 tcp http 0.119905 525 232 S1 - 0 ShADad 4 741 3 396 - -1300475168.855330 VW0XPVINV8a 141.142.220.118 49997 208.80.152.3 80 tcp http 0.219720 1125 734 S1 - 0 ShADad 6 1445 4 950 - -#close 2013-05-05-20-51-24 diff --git a/testing/btest/Baseline/doc.manual.using_bro_sandbox_01/http.log b/testing/btest/Baseline/doc.manual.using_bro_sandbox_01/http.log deleted file mode 100644 index 617c1f0e6e..0000000000 --- a/testing/btest/Baseline/doc.manual.using_bro_sandbox_01/http.log +++ /dev/null @@ -1,23 +0,0 @@ -#separator \x09 -#set_separator , -#empty_field (empty) -#unset_field - -#path http -#open 2013-05-05-21-12-40 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file -#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file -1300475168.784020 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 1 GET bits.wikimedia.org /skins-1.5/monobook/main.css http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - -1300475168.916018 VW0XPVINV8a 141.142.220.118 49997 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - -1300475168.916183 3PKsZ2Uye21 141.142.220.118 49996 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - -1300475168.918358 GSxOnSLghOa 141.142.220.118 49998 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - -1300475168.952307 Tw8jXtpTGu6 141.142.220.118 50000 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - -1300475168.952296 P654jzLoe3a 141.142.220.118 49999 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/4/4a/Wiktionary-logo-en-35px.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - -1300475168.954820 0Q4FH8sESw5 141.142.220.118 50001 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikiquote-logo.svg/35px-Wikiquote-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - -1300475168.962687 i2rO3KD1Syg 141.142.220.118 35642 208.80.152.2 80 1 GET meta.wikimedia.org /images/wikimedia-button.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - -1300475168.975934 VW0XPVINV8a 141.142.220.118 49997 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikibooks-logo.svg/35px-Wikibooks-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - -1300475168.976436 3PKsZ2Uye21 141.142.220.118 49996 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/d/df/Wikispecies-logo.svg/35px-Wikispecies-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - -1300475168.979264 GSxOnSLghOa 141.142.220.118 49998 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4c/Wikisource-logo.svg/35px-Wikisource-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - -1300475169.014619 Tw8jXtpTGu6 141.142.220.118 50000 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4a/Commons-logo.svg/35px-Commons-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - -1300475169.014593 P654jzLoe3a 141.142.220.118 49999 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/9/91/Wikiversity-logo.svg/35px-Wikiversity-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - -1300475169.014927 0Q4FH8sESw5 141.142.220.118 50001 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - -#close 2013-05-05-21-12-40 diff --git a/testing/btest/Baseline/doc.manual.using_bro_sandbox_02/conn.log b/testing/btest/Baseline/doc.manual.using_bro_sandbox_02/conn.log deleted file mode 100644 index cc68286986..0000000000 --- a/testing/btest/Baseline/doc.manual.using_bro_sandbox_02/conn.log +++ /dev/null @@ -1,15 +0,0 @@ -#separator \x09 -#set_separator , -#empty_field (empty) -#unset_field - -#path conn -#open 2013-05-07-14-38-27 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents -#types time string addr port addr port enum string interval count count string bool count string count count count count table[string] -1320329757.771503 j4u32Pc5bif 10.0.2.15 49286 192.150.187.43 80 tcp http 15.161537 2899 1127 S2 - 0 ShADadF 20 3719 19 1891 - -1320329757.771262 nQcgTWjvg4c 10.0.2.15 49285 192.150.187.43 80 tcp http 15.161772 889 377 S2 - 0 ShADadF 8 1229 8 701 - -1320329757.761327 arKYeMETxOg 10.0.2.15 49283 192.150.187.43 80 tcp http 15.168898 459 189 S2 - 0 ShADadF 5 679 4 353 - -1320329757.458867 UWkUyAuUGXf 10.0.2.15 49282 192.150.187.43 80 tcp http 15.471378 1824 751 S2 - 0 ShADadF 12 2324 13 1275 - -1320329757.761638 k6kgXLOoSKl 10.0.2.15 49284 192.150.187.43 80 tcp http 15.168613 898 376 S2 - 0 ShADadF 8 1238 8 700 - -1320329757.771755 TEfuqmmG4bh 10.0.2.15 49287 192.150.187.43 80 tcp http 15.161267 900 376 S2 - 0 ShADadF 8 1240 8 700 - -#close 2013-05-07-14-38-27 diff --git a/testing/btest/Baseline/doc.manual.using_bro_sandbox_02/http.log b/testing/btest/Baseline/doc.manual.using_bro_sandbox_02/http.log deleted file mode 100644 index 031a9ce2ce..0000000000 --- a/testing/btest/Baseline/doc.manual.using_bro_sandbox_02/http.log +++ /dev/null @@ -1,26 +0,0 @@ -#separator \x09 -#set_separator , -#empty_field (empty) -#unset_field - -#path http -#open 2013-05-07-14-38-27 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file -#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file -1320329757.460004 UWkUyAuUGXf 10.0.2.15 49282 192.150.187.43 80 1 GET bro-ids.org / - Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - - -1320329757.772457 UWkUyAuUGXf 10.0.2.15 49282 192.150.187.43 80 2 GET bro-ids.org /css/pygments.css http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - - -1320329757.874406 UWkUyAuUGXf 10.0.2.15 49282 192.150.187.43 80 3 GET bro-ids.org /js/jquery.zrssfeed.js http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - - -1320329757.775110 k6kgXLOoSKl 10.0.2.15 49284 192.150.187.43 80 1 GET bro-ids.org /css/960.css http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - - -1320329757.776072 TEfuqmmG4bh 10.0.2.15 49287 192.150.187.43 80 1 GET bro-ids.org /js/jquery.cycle.all.min.js http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - - -1320329757.776421 nQcgTWjvg4c 10.0.2.15 49285 192.150.187.43 80 1 GET bro-ids.org /js/jquery.tweet.js http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - - -1320329757.776240 j4u32Pc5bif 10.0.2.15 49286 192.150.187.43 80 1 GET bro-ids.org /js/jquery.fancybox-1.3.4.pack.js http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - - -1320329757.775251 arKYeMETxOg 10.0.2.15 49283 192.150.187.43 80 1 GET bro-ids.org /css/bro-ids.css http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - - -1320329757.975651 UWkUyAuUGXf 10.0.2.15 49282 192.150.187.43 80 4 GET bro-ids.org /js/jquery.tableofcontents.js http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - - -1320329757.979943 k6kgXLOoSKl 10.0.2.15 49284 192.150.187.43 80 2 GET bro-ids.org /js/superfish.js http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - - -1320329757.985656 TEfuqmmG4bh 10.0.2.15 49287 192.150.187.43 80 2 GET bro-ids.org /js/hoverIntent.js http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - - -1320329757.989904 nQcgTWjvg4c 10.0.2.15 49285 192.150.187.43 80 2 GET bro-ids.org /js/general.js http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - - -1320329757.991315 j4u32Pc5bif 10.0.2.15 49286 192.150.187.43 80 2 GET bro-ids.org /js/jquery.collapse.js http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - - -1320329758.172397 j4u32Pc5bif 10.0.2.15 49286 192.150.187.43 80 3 GET bro-ids.org /css/print.css http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - - -1320329759.998388 j4u32Pc5bif 10.0.2.15 49286 192.150.187.43 80 4 GET bro-ids.org /documentation/index.html http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - - -1320329760.146412 j4u32Pc5bif 10.0.2.15 49286 192.150.187.43 80 5 GET bro-ids.org /js/breadcrumbs.js http://bro-ids.org/documentation/index.html Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - - -1320329762.971726 j4u32Pc5bif 10.0.2.15 49286 192.150.187.43 80 6 GET bro-ids.org /documentation/reporting-problems.html http://bro-ids.org/documentation/index.html Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - - -#close 2013-05-07-14-38-27 diff --git a/testing/btest/Baseline/language.zeek_init/out b/testing/btest/Baseline/language.zeek_init/out index 31b2428745..aa17ec8aa8 100644 --- a/testing/btest/Baseline/language.zeek_init/out +++ b/testing/btest/Baseline/language.zeek_init/out @@ -1,4 +1,8 @@ -zeek init at priority 10! -bro init at priority 5! -zeek init at priority 0! -bro init at priority -10! +zeek_init at priority 10! +bro_init at priority 5! +zeek_init at priority 0! +bro_init at priority -10! +zeek_done at priority 10! +bro_done at priority 5! +zeek_done at priority 0! +bro_done at priority -10! diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output index 04908bed0b..1fb96d9d3c 100644 --- a/testing/btest/Baseline/plugins.hooks/output +++ b/testing/btest/Baseline/plugins.hooks/output @@ -562,7 +562,7 @@ 0.000000 MetaHookPost CallFunction(SumStats::register_observe_plugins, , ()) -> 0.000000 MetaHookPost CallFunction(Unified2::mappings_initialized, , ()) -> 0.000000 MetaHookPost CallFunction(Unified2::start_watching, , ()) -> -0.000000 MetaHookPost CallFunction(bro_init, , ()) -> +0.000000 MetaHookPost CallFunction(zeek_init, , ()) -> 0.000000 MetaHookPost CallFunction(current_time, , ()) -> 0.000000 MetaHookPost CallFunction(filter_change_tracking, , ()) -> 0.000000 MetaHookPost CallFunction(getenv, , (BRO_DEFAULT_LISTEN_ADDRESS)) -> @@ -899,7 +899,7 @@ 0.000000 MetaHookPost LogInit(Log::WRITER_ASCII, default, true, true, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}) -> 0.000000 MetaHookPost LogWrite(Log::WRITER_ASCII, default, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}, ) -> true 0.000000 MetaHookPost QueueEvent(NetControl::init()) -> false -0.000000 MetaHookPost QueueEvent(bro_init()) -> false +0.000000 MetaHookPost QueueEvent(zeek_init()) -> false 0.000000 MetaHookPost QueueEvent(filter_change_tracking()) -> false 0.000000 MetaHookPre CallFunction(Analyzer::__disable_analyzer, , (Analyzer::ANALYZER_BACKDOOR)) 0.000000 MetaHookPre CallFunction(Analyzer::__disable_analyzer, , (Analyzer::ANALYZER_INTERCONN)) @@ -1465,7 +1465,7 @@ 0.000000 MetaHookPre CallFunction(SumStats::register_observe_plugins, , ()) 0.000000 MetaHookPre CallFunction(Unified2::mappings_initialized, , ()) 0.000000 MetaHookPre CallFunction(Unified2::start_watching, , ()) -0.000000 MetaHookPre CallFunction(bro_init, , ()) +0.000000 MetaHookPre CallFunction(zeek_init, , ()) 0.000000 MetaHookPre CallFunction(current_time, , ()) 0.000000 MetaHookPre CallFunction(filter_change_tracking, , ()) 0.000000 MetaHookPre CallFunction(getenv, , (BRO_DEFAULT_LISTEN_ADDRESS)) @@ -1802,7 +1802,7 @@ 0.000000 MetaHookPre LogInit(Log::WRITER_ASCII, default, true, true, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}) 0.000000 MetaHookPre LogWrite(Log::WRITER_ASCII, default, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}, ) 0.000000 MetaHookPre QueueEvent(NetControl::init()) -0.000000 MetaHookPre QueueEvent(bro_init()) +0.000000 MetaHookPre QueueEvent(zeek_init()) 0.000000 MetaHookPre QueueEvent(filter_change_tracking()) 0.000000 | HookCallFunction Analyzer::__disable_analyzer(Analyzer::ANALYZER_BACKDOOR) 0.000000 | HookCallFunction Analyzer::__disable_analyzer(Analyzer::ANALYZER_INTERCONN) @@ -2367,7 +2367,7 @@ 0.000000 | HookCallFunction SumStats::register_observe_plugins() 0.000000 | HookCallFunction Unified2::mappings_initialized() 0.000000 | HookCallFunction Unified2::start_watching() -0.000000 | HookCallFunction bro_init() +0.000000 | HookCallFunction zeek_init() 0.000000 | HookCallFunction current_time() 0.000000 | HookCallFunction filter_change_tracking() 0.000000 | HookCallFunction getenv(BRO_DEFAULT_LISTEN_ADDRESS) @@ -2704,7 +2704,7 @@ 0.000000 | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)} 0.000000 | HookLogWrite packet_filter [ts=1554405757.770254, node=bro, filter=ip or not ip, init=T, success=T] 0.000000 | HookQueueEvent NetControl::init() -0.000000 | HookQueueEvent bro_init() +0.000000 | HookQueueEvent zeek_init() 0.000000 | HookQueueEvent filter_change_tracking() 1362692526.869344 MetaHookPost BroObjDtor() -> 1362692526.869344 MetaHookPost CallFunction(ChecksumOffloading::check, , ()) -> @@ -3240,7 +3240,7 @@ 1362692527.080972 | HookLogInit conn 1/1 {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string])} 1362692527.080972 | HookLogWrite conn [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id.orig_h=141.142.228.5, id.orig_p=59856, id.resp_h=192.150.187.43, id.resp_p=80, proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=] 1362692527.080972 | HookQueueEvent ChecksumOffloading::check() -1362692527.080972 | HookQueueEvent bro_done() +1362692527.080972 | HookQueueEvent zeek_done() 1362692527.080972 | HookQueueEvent connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]) 1362692527.080972 | HookQueueEvent filter_change_tracking() 1362692527.080972 | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) diff --git a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events-no-args.log b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events-no-args.log index b4be2cc92f..44e1435514 100644 --- a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events-no-args.log +++ b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events-no-args.log @@ -1,4 +1,4 @@ - 0.000000 bro_init + 0.000000 zeek_init 0.000000 NetControl::init 0.000000 filter_change_tracking 1254722767.492060 ChecksumOffloading::check @@ -226,5 +226,5 @@ 1437831800.217854 connection_state_remove 1437831800.217854 connection_pending 1437831800.217854 connection_state_remove -1437831800.217854 bro_done +1437831800.217854 zeek_done 1437831800.217854 ChecksumOffloading::check diff --git a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log index 8f6550e2e2..9182b8f999 100644 --- a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log +++ b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log @@ -1,4 +1,4 @@ - 0.000000 bro_init + 0.000000 zeek_init 0.000000 NetControl::init 0.000000 filter_change_tracking 1254722767.492060 ChecksumOffloading::check @@ -1072,5 +1072,5 @@ 1437831800.217854 connection_state_remove [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49655/tcp, resp_h=17.167.150.73, resp_p=443/tcp], orig=[size=2249, state=4, num_pkts=15, num_bytes_ip=2873, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=3653, state=4, num_pkts=13, num_bytes_ip=4185, flow_label=0, l2_addr=cc:b2:55:f4:62:92], start_time=1437831799.461152, duration=0.756702, service={\x0aSSL\x0a}, history=ShADda, uid=C3eiCBGOLw3VtHfOj, tunnel=, vlan=, inner_vlan=, dpd=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=[ts=1437831799.611764, uid=C3eiCBGOLw3VtHfOj, id=[orig_h=192.168.133.100, orig_p=49655/tcp, resp_h=17.167.150.73, resp_p=443/tcp], version_num=771, version=TLSv12, cipher=TLS_RSA_WITH_RC4_128_MD5, curve=, server_name=p31-keyvalueservice.icloud.com, session_id=, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=T, server_appdata=0, client_appdata=F, last_alert=, next_protocol=, analyzer_id=, established=T, logged=T, delay_tokens=, cert_chain=[[ts=1437831799.764576, fuid=F1vce92FT1oRjKI328, tx_hosts={\x0a\x0917.167.150.73\x0a}, rx_hosts={\x0a\x09192.168.133.100\x0a}, conn_uids={\x0aC3eiCBGOLw3VtHfOj\x0a}, source=SSL, depth=0, analyzers={\x0aMD5,\x0aSHA1,\x0aX509\x0a}, mime_type=application/x-x509-user-cert, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=1406, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=1bf9696d9f337805383427e88781d001, sha1=f5ccb1a724133607548b00d8eb402efca3076d58, sha256=, x509=[ts=1437831799.764576, id=F1vce92FT1oRjKI328, certificate=[version=3, serial=053FCE9BA6805B00, subject=C=US,ST=California,O=Apple Inc.,OU=management:idms.group.506364,CN=*.icloud.com, issuer=C=US,O=Apple Inc.,OU=Certification Authority,CN=Apple IST CA 2 - G1, cn=*.icloud.com, not_valid_before=1424184331.0, not_valid_after=1489848331.0, key_alg=rsaEncryption, sig_alg=sha256WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=], handle=, extensions=[[name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.apple.com/ocsp04-appleistca2g101\x0a], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=8E:51:A1:0E:0A:9B:1C:04:F7:59:D3:69:2E:23:16:91:0E:AD:06:FB], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:D8:7A:94:44:7C:90:70:90:16:9E:DD:17:9C:01:44:03:86:D6:2A:29\x0a], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.2.840.113635.100.5.11.4\x0a User Notice:\x0a Explicit Text: Reliance on this certificate by any party assumes acceptance of any applicable terms and conditions of use and/or certification practice statements.\x0a CPS: http://www.apple.com/certificateauthority/rpa\x0a], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=\x0aFull Name:\x0a URI:http://crl.apple.com/appleistca2g1.crl\x0a], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Digital Signature, Key Encipherment], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:*.icloud.com]], san=[dns=[*.icloud.com], uri=, email=, ip=, other_fields=F], basic_constraints=[ca=F, path_len=]], extracted=, extracted_cutoff=, extracted_size=], [ts=1437831799.764576, fuid=Fxp53s3wA5G3zdEJg8, tx_hosts={\x0a\x0917.167.150.73\x0a}, rx_hosts={\x0a\x09192.168.133.100\x0a}, conn_uids={\x0aC3eiCBGOLw3VtHfOj\x0a}, source=SSL, depth=0, analyzers={\x0aMD5,\x0aSHA1,\x0aX509\x0a}, mime_type=application/x-x509-ca-cert, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=1092, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=48f0e38385112eeca5fc9ffd402eaecd, sha1=8e8321ca08b08e3726fe1d82996884eeb5f0d655, sha256=, x509=[ts=1437831799.764576, id=Fxp53s3wA5G3zdEJg8, certificate=[version=3, serial=023A74, subject=C=US,O=Apple Inc.,OU=Certification Authority,CN=Apple IST CA 2 - G1, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, cn=Apple IST CA 2 - G1, not_valid_before=1402933322.0, not_valid_after=1653061322.0, key_alg=rsaEncryption, sig_alg=sha256WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=], handle=, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E\x0a], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=D8:7A:94:44:7C:90:70:90:16:9E:DD:17:9C:01:44:03:86:D6:2A:29], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=\x0aFull Name:\x0a URI:http://g.symcb.com/crls/gtglobal.crl\x0a], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://g.symcd.com\x0a], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.54\x0a CPS: http://www.geotrust.com/resources/cps\x0a]], san=, basic_constraints=[ca=T, path_len=0]], extracted=, extracted_cutoff=, extracted_size=]], cert_chain_fuids=[F1vce92FT1oRjKI328, Fxp53s3wA5G3zdEJg8], client_cert_chain=[], client_cert_chain_fuids=[], subject=C=US,ST=California,O=Apple Inc.,OU=management:idms.group.506364,CN=*.icloud.com, issuer=C=US,O=Apple Inc.,OU=Certification Authority,CN=Apple IST CA 2 - G1, client_subject=, client_issuer=, server_depth=0, client_depth=0], http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=] -1437831800.217854 bro_done +1437831800.217854 zeek_done 1437831800.217854 ChecksumOffloading::check diff --git a/testing/btest/bifs/all_set.bro b/testing/btest/bifs/all_set.bro index 56f7b6e7f2..86a56ed9fa 100644 --- a/testing/btest/bifs/all_set.bro +++ b/testing/btest/bifs/all_set.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = vector( T, F, T ); print all_set(a); diff --git a/testing/btest/bifs/analyzer_name.bro b/testing/btest/bifs/analyzer_name.bro index 266d1c159f..b763aabe08 100644 --- a/testing/btest/bifs/analyzer_name.bro +++ b/testing/btest/bifs/analyzer_name.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = Analyzer::ANALYZER_PIA_TCP; print Analyzer::name(a); diff --git a/testing/btest/bifs/any_set.bro b/testing/btest/bifs/any_set.bro index b3e9e3c711..e19a467206 100644 --- a/testing/btest/bifs/any_set.bro +++ b/testing/btest/bifs/any_set.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = vector( F, T, F ); print any_set(a); diff --git a/testing/btest/bifs/bloomfilter-seed.bro b/testing/btest/bifs/bloomfilter-seed.bro index 436638e2af..24531de915 100644 --- a/testing/btest/bifs/bloomfilter-seed.bro +++ b/testing/btest/bifs/bloomfilter-seed.bro @@ -34,7 +34,7 @@ function test_bloom_filter() } -event bro_init() +event zeek_init() { test_bloom_filter(); } diff --git a/testing/btest/bifs/bloomfilter.bro b/testing/btest/bifs/bloomfilter.bro index c0ccc2a552..dbad5acf5a 100644 --- a/testing/btest/bifs/bloomfilter.bro +++ b/testing/btest/bifs/bloomfilter.bro @@ -88,7 +88,7 @@ function test_counting_bloom_filter() print bloomfilter_lookup(bf_merged, "baz"); } -event bro_init() +event zeek_init() { test_basic_bloom_filter(); test_counting_bloom_filter(); diff --git a/testing/btest/bifs/bro_version.bro b/testing/btest/bifs/bro_version.bro index 35975559a5..f4de22e09d 100644 --- a/testing/btest/bifs/bro_version.bro +++ b/testing/btest/bifs/bro_version.bro @@ -1,7 +1,7 @@ # # @TEST-EXEC: bro -b %INPUT -event bro_init() +event zeek_init() { local a = bro_version(); if ( |a| == 0 ) diff --git a/testing/btest/bifs/bytestring_to_count.bro b/testing/btest/bifs/bytestring_to_count.bro index db50929cb7..5d15bde38b 100644 --- a/testing/btest/bifs/bytestring_to_count.bro +++ b/testing/btest/bifs/bytestring_to_count.bro @@ -3,7 +3,7 @@ # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { # unsupported byte lengths diff --git a/testing/btest/bifs/bytestring_to_double.bro b/testing/btest/bifs/bytestring_to_double.bro index 78820b207c..6ebcbe503b 100644 --- a/testing/btest/bifs/bytestring_to_double.bro +++ b/testing/btest/bifs/bytestring_to_double.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local s1 = "\x43\x26\x4f\xa0\x71\x30\x80\x00"; # 3.14e15 local s2 = "\xc3\x26\x4f\xa0\x71\x30\x80\x00"; #-3.14e15 diff --git a/testing/btest/bifs/bytestring_to_hexstr.bro b/testing/btest/bifs/bytestring_to_hexstr.bro index 4087047f40..0b3e8154ab 100644 --- a/testing/btest/bifs/bytestring_to_hexstr.bro +++ b/testing/btest/bifs/bytestring_to_hexstr.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { print bytestring_to_hexstr("04"); print bytestring_to_hexstr(""); diff --git a/testing/btest/bifs/capture_state_updates.bro b/testing/btest/bifs/capture_state_updates.bro index 6a44e0f86f..17d015a661 100644 --- a/testing/btest/bifs/capture_state_updates.bro +++ b/testing/btest/bifs/capture_state_updates.bro @@ -3,7 +3,7 @@ # @TEST-EXEC: btest-diff out # @TEST-EXEC: test -f testfile -event bro_init() +event zeek_init() { print capture_state_updates("testfile"); } diff --git a/testing/btest/bifs/cat.bro b/testing/btest/bifs/cat.bro index e923d5d066..5e811f147e 100644 --- a/testing/btest/bifs/cat.bro +++ b/testing/btest/bifs/cat.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = "foo"; local b = 3; diff --git a/testing/btest/bifs/cat_string_array.bro b/testing/btest/bifs/cat_string_array.bro index e799f4b282..f9aa3f266d 100644 --- a/testing/btest/bifs/cat_string_array.bro +++ b/testing/btest/bifs/cat_string_array.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a: string_array = { [0] = "this", [1] = "is", [2] = "a", [3] = "test" diff --git a/testing/btest/bifs/check_subnet.bro b/testing/btest/bifs/check_subnet.bro index b725cae73c..d476be1bc8 100644 --- a/testing/btest/bifs/check_subnet.bro +++ b/testing/btest/bifs/check_subnet.bro @@ -30,7 +30,7 @@ function check_member(s: subnet) } -event bro_init() +event zeek_init() { check_member(10.2.0.2/32); check_member(10.2.0.2/31); diff --git a/testing/btest/bifs/checkpoint_state.bro b/testing/btest/bifs/checkpoint_state.bro index 7a46516ba0..e9eeeccb75 100644 --- a/testing/btest/bifs/checkpoint_state.bro +++ b/testing/btest/bifs/checkpoint_state.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT # @TEST-EXEC: test -f .state/state.bst -event bro_init() +event zeek_init() { local a = checkpoint_state(); if ( a != T ) diff --git a/testing/btest/bifs/clear_table.bro b/testing/btest/bifs/clear_table.bro index 9485eba1f5..a6c2e67341 100644 --- a/testing/btest/bifs/clear_table.bro +++ b/testing/btest/bifs/clear_table.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT > out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local mytable: table[string] of string = { ["key1"] = "val1" }; diff --git a/testing/btest/bifs/convert_for_pattern.bro b/testing/btest/bifs/convert_for_pattern.bro index b99b010f97..1828284f37 100644 --- a/testing/btest/bifs/convert_for_pattern.bro +++ b/testing/btest/bifs/convert_for_pattern.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { print convert_for_pattern("foo"); print convert_for_pattern(""); diff --git a/testing/btest/bifs/count_to_addr.bro b/testing/btest/bifs/count_to_addr.bro index 993a701bc8..4abbaf8d1e 100644 --- a/testing/btest/bifs/count_to_addr.bro +++ b/testing/btest/bifs/count_to_addr.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = "1"; print count_to_v4_addr(to_count(a)); diff --git a/testing/btest/bifs/create_file.bro b/testing/btest/bifs/create_file.bro index af2cfb4979..db7d38d087 100644 --- a/testing/btest/bifs/create_file.bro +++ b/testing/btest/bifs/create_file.bro @@ -5,7 +5,7 @@ # @TEST-EXEC: btest-diff testfile2 # @TEST-EXEC: test -f testdir/testfile4 -event bro_init() +event zeek_init() { # Test that creating a file works as expected local a = open("testfile"); diff --git a/testing/btest/bifs/current_analyzer.bro b/testing/btest/bifs/current_analyzer.bro index e221d7aed0..8678907320 100644 --- a/testing/btest/bifs/current_analyzer.bro +++ b/testing/btest/bifs/current_analyzer.bro @@ -1,7 +1,7 @@ # # @TEST-EXEC: bro -b %INPUT -event bro_init() +event zeek_init() { local a = current_analyzer(); if ( a != 0 ) diff --git a/testing/btest/bifs/current_time.bro b/testing/btest/bifs/current_time.bro index 9d4899aa06..4d2712ae98 100644 --- a/testing/btest/bifs/current_time.bro +++ b/testing/btest/bifs/current_time.bro @@ -1,7 +1,7 @@ # # @TEST-EXEC: bro -b %INPUT -event bro_init() +event zeek_init() { local a = current_time(); if ( a <= double_to_time(0) ) diff --git a/testing/btest/bifs/directory_operations.bro b/testing/btest/bifs/directory_operations.bro index 9db34511b2..0a5a8b0413 100644 --- a/testing/btest/bifs/directory_operations.bro +++ b/testing/btest/bifs/directory_operations.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { # Test succesful operations... print mkdir("testdir"); diff --git a/testing/btest/bifs/edit.bro b/testing/btest/bifs/edit.bro index 346c0bdbf7..ba6ebdef38 100644 --- a/testing/btest/bifs/edit.bro +++ b/testing/btest/bifs/edit.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = "hello there"; diff --git a/testing/btest/bifs/enable_raw_output.test b/testing/btest/bifs/enable_raw_output.test index ebaff36c8f..14bd2110ee 100644 --- a/testing/btest/bifs/enable_raw_output.test +++ b/testing/btest/bifs/enable_raw_output.test @@ -6,7 +6,7 @@ # @TEST-EXEC: btest-diff output # @TEST-EXEC: cmp myfile hookfile -event bro_init() +event zeek_init() { local myfile: file; myfile = open("myfile"); diff --git a/testing/btest/bifs/entropy_test.bro b/testing/btest/bifs/entropy_test.bro index 2a2dd422d1..11effd1159 100644 --- a/testing/btest/bifs/entropy_test.bro +++ b/testing/btest/bifs/entropy_test.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = "dh3Hie02uh^s#Sdf9L3frd243h$d78r2G4cM6*Q05d(7rh46f!0|4-f"; local handle = entropy_test_init(); diff --git a/testing/btest/bifs/enum_to_int.bro b/testing/btest/bifs/enum_to_int.bro index 3d577d2920..b48c925c8f 100644 --- a/testing/btest/bifs/enum_to_int.bro +++ b/testing/btest/bifs/enum_to_int.bro @@ -16,7 +16,7 @@ export { }; } -event bro_init() +event zeek_init() { diff --git a/testing/btest/bifs/escape_string.bro b/testing/btest/bifs/escape_string.bro index fd796497be..4ae79a869a 100644 --- a/testing/btest/bifs/escape_string.bro +++ b/testing/btest/bifs/escape_string.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = "Test \0string"; diff --git a/testing/btest/bifs/exit.bro b/testing/btest/bifs/exit.bro index b942a5e81c..03ea13efd3 100644 --- a/testing/btest/bifs/exit.bro +++ b/testing/btest/bifs/exit.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out || test $? -eq 7 # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { print "hello"; exit(7); diff --git a/testing/btest/bifs/file_mode.bro b/testing/btest/bifs/file_mode.bro index 62bee05c6c..de43439080 100644 --- a/testing/btest/bifs/file_mode.bro +++ b/testing/btest/bifs/file_mode.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = 420; # octal: 0644 print file_mode(a); diff --git a/testing/btest/bifs/filter_subnet_table.bro b/testing/btest/bifs/filter_subnet_table.bro index 7659096a71..79829bc252 100644 --- a/testing/btest/bifs/filter_subnet_table.bro +++ b/testing/btest/bifs/filter_subnet_table.bro @@ -32,7 +32,7 @@ global testb: table[subnet] of string = { }; -event bro_init() +event zeek_init() { local c = filter_subnet_table(10.2.0.2/32, testa); print c; diff --git a/testing/btest/bifs/find_all.bro b/testing/btest/bifs/find_all.bro index 4fe451a9d4..cb7e7b35d0 100644 --- a/testing/btest/bifs/find_all.bro +++ b/testing/btest/bifs/find_all.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = "this is a test"; local pat = /hi|es/; diff --git a/testing/btest/bifs/find_entropy.bro b/testing/btest/bifs/find_entropy.bro index 2eb24fe118..771a6221f7 100644 --- a/testing/btest/bifs/find_entropy.bro +++ b/testing/btest/bifs/find_entropy.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = "dh3Hie02uh^s#Sdf9L3frd243h$d78r2G4cM6*Q05d(7rh46f!0|4-f"; local b = "0011000aaabbbbcccc000011111000000000aaaabbbbcccc0000000"; diff --git a/testing/btest/bifs/find_last.bro b/testing/btest/bifs/find_last.bro index 00ae2a874d..0eab201464 100644 --- a/testing/btest/bifs/find_last.bro +++ b/testing/btest/bifs/find_last.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = "this is a test"; local pat = /hi|es/; diff --git a/testing/btest/bifs/fmt.bro b/testing/btest/bifs/fmt.bro index 7fc4dc38d7..979dbafe67 100644 --- a/testing/btest/bifs/fmt.bro +++ b/testing/btest/bifs/fmt.bro @@ -4,7 +4,7 @@ type color: enum { Red, Blue }; -event bro_init() +event zeek_init() { local a = Blue; local b = vector( 1, 2, 3); diff --git a/testing/btest/bifs/fmt_ftp_port.bro b/testing/btest/bifs/fmt_ftp_port.bro index 6a7b4d20c7..b265c0ad67 100644 --- a/testing/btest/bifs/fmt_ftp_port.bro +++ b/testing/btest/bifs/fmt_ftp_port.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = 192.168.0.2; local b = 257/tcp; diff --git a/testing/btest/bifs/get_matcher_stats.bro b/testing/btest/bifs/get_matcher_stats.bro index eeaa8cb86a..76d019caca 100644 --- a/testing/btest/bifs/get_matcher_stats.bro +++ b/testing/btest/bifs/get_matcher_stats.bro @@ -10,7 +10,7 @@ signature my_ftp_client { } @TEST-END-FILE -event bro_init() +event zeek_init() { local a = get_matcher_stats(); if ( a$matchers == 0 ) diff --git a/testing/btest/bifs/get_port_transport_proto.bro b/testing/btest/bifs/get_port_transport_proto.bro index ae3c496d88..18dfdd4974 100644 --- a/testing/btest/bifs/get_port_transport_proto.bro +++ b/testing/btest/bifs/get_port_transport_proto.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = 123/tcp; local b = 123/udp; diff --git a/testing/btest/bifs/gethostname.bro b/testing/btest/bifs/gethostname.bro index 1d760525cb..b30407190d 100644 --- a/testing/btest/bifs/gethostname.bro +++ b/testing/btest/bifs/gethostname.bro @@ -1,7 +1,7 @@ # # @TEST-EXEC: bro -b %INPUT -event bro_init() +event zeek_init() { local a = gethostname(); if ( |a| == 0 ) diff --git a/testing/btest/bifs/getpid.bro b/testing/btest/bifs/getpid.bro index 1852b1287e..a7348d4743 100644 --- a/testing/btest/bifs/getpid.bro +++ b/testing/btest/bifs/getpid.bro @@ -1,7 +1,7 @@ # # @TEST-EXEC: bro -b %INPUT -event bro_init() +event zeek_init() { local a = getpid(); if ( a == 0 ) diff --git a/testing/btest/bifs/getsetenv.bro b/testing/btest/bifs/getsetenv.bro index d217a14ea9..24fecb7800 100644 --- a/testing/btest/bifs/getsetenv.bro +++ b/testing/btest/bifs/getsetenv.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: TESTBRO=testvalue bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = getenv("NOTDEFINED"); local b = getenv("TESTBRO"); diff --git a/testing/btest/bifs/global_ids.bro b/testing/btest/bifs/global_ids.bro index 2dcb6e844d..a6d7b306cb 100644 --- a/testing/btest/bifs/global_ids.bro +++ b/testing/btest/bifs/global_ids.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = global_ids(); for ( i in a ) diff --git a/testing/btest/bifs/global_sizes.bro b/testing/btest/bifs/global_sizes.bro index 4b0805172c..1eb2abbd87 100644 --- a/testing/btest/bifs/global_sizes.bro +++ b/testing/btest/bifs/global_sizes.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = global_sizes(); for ( i in a ) diff --git a/testing/btest/bifs/haversine_distance.bro b/testing/btest/bifs/haversine_distance.bro index b0a87a2c2d..0d2e7891c0 100644 --- a/testing/btest/bifs/haversine_distance.bro +++ b/testing/btest/bifs/haversine_distance.bro @@ -7,7 +7,7 @@ function test(la1: double, lo1: double, la2: double, lo2: double) print fmt("%.4e", haversine_distance(la1, lo1, la2, lo2)); } -event bro_init() +event zeek_init() { # Test two arbitrary locations. test(37.866798, -122.253601, 48.25, 11.65); diff --git a/testing/btest/bifs/hexdump.bro b/testing/btest/bifs/hexdump.bro index 1c86ce0db8..10e1855a19 100644 --- a/testing/btest/bifs/hexdump.bro +++ b/testing/btest/bifs/hexdump.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = "abc\xffdefghijklmnopqrstuvwxyz"; diff --git a/testing/btest/bifs/hexstr_to_bytestring.bro b/testing/btest/bifs/hexstr_to_bytestring.bro index f0815a6269..0d41ca00a1 100644 --- a/testing/btest/bifs/hexstr_to_bytestring.bro +++ b/testing/btest/bifs/hexstr_to_bytestring.bro @@ -3,7 +3,7 @@ # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff .stderr -event bro_init() +event zeek_init() { print hexstr_to_bytestring("3034"); print hexstr_to_bytestring(""); diff --git a/testing/btest/bifs/hll_cardinality.bro b/testing/btest/bifs/hll_cardinality.bro index d1b0807416..6bb9c83708 100644 --- a/testing/btest/bifs/hll_cardinality.bro +++ b/testing/btest/bifs/hll_cardinality.bro @@ -3,7 +3,7 @@ # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff .stderr -event bro_init() +event zeek_init() { local c1 = hll_cardinality_init(0.01, 0.95); local c2 = hll_cardinality_init(0.01, 0.95); diff --git a/testing/btest/bifs/hll_large_estimate.bro b/testing/btest/bifs/hll_large_estimate.bro index b17b50678d..520b9633e3 100644 --- a/testing/btest/bifs/hll_large_estimate.bro +++ b/testing/btest/bifs/hll_large_estimate.bro @@ -6,7 +6,7 @@ # @TEST-EXEC: head -n1 out2 >> out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local cp: opaque of cardinality = hll_cardinality_init(0.1, 1.0); local base: count = 2130706432; # 127.0.0.0 diff --git a/testing/btest/bifs/identify_data.bro b/testing/btest/bifs/identify_data.bro index 048c409553..283c50fc86 100644 --- a/testing/btest/bifs/identify_data.bro +++ b/testing/btest/bifs/identify_data.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT | sed 's/; charset=.*//g' >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { # plain text local a = "This is a test"; diff --git a/testing/btest/bifs/install_src_addr_filter.test b/testing/btest/bifs/install_src_addr_filter.test index 5b387832de..0ee0c85c43 100644 --- a/testing/btest/bifs/install_src_addr_filter.test +++ b/testing/btest/bifs/install_src_addr_filter.test @@ -1,7 +1,7 @@ # @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT >output # @TEST-EXEC: btest-diff output -event bro_init() +event zeek_init() { install_src_addr_filter(141.142.220.118, TH_SYN, 100.0); } diff --git a/testing/btest/bifs/is_ascii.bro b/testing/btest/bifs/is_ascii.bro index fa2d39d2d8..7930dafa58 100644 --- a/testing/btest/bifs/is_ascii.bro +++ b/testing/btest/bifs/is_ascii.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = "this is a test\xfe"; local b = "this is a test\x7f"; diff --git a/testing/btest/bifs/is_local_interface.bro b/testing/btest/bifs/is_local_interface.bro index ac21b04bd3..8667babb85 100644 --- a/testing/btest/bifs/is_local_interface.bro +++ b/testing/btest/bifs/is_local_interface.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { print is_local_interface(127.0.0.1); print is_local_interface(1.2.3.4); diff --git a/testing/btest/bifs/is_port.bro b/testing/btest/bifs/is_port.bro index 2fe4964913..709c142070 100644 --- a/testing/btest/bifs/is_port.bro +++ b/testing/btest/bifs/is_port.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = 123/tcp; local b = 123/udp; diff --git a/testing/btest/bifs/join_string.bro b/testing/btest/bifs/join_string.bro index 0b2d94029a..1ea1afa5c2 100644 --- a/testing/btest/bifs/join_string.bro +++ b/testing/btest/bifs/join_string.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a: string_array = { [1] = "this", [2] = "is", [3] = "a", [4] = "test" diff --git a/testing/btest/bifs/levenshtein_distance.bro b/testing/btest/bifs/levenshtein_distance.bro index 86d5e386f4..b877a68a22 100644 --- a/testing/btest/bifs/levenshtein_distance.bro +++ b/testing/btest/bifs/levenshtein_distance.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = "this is a string"; local b = "this is a tring"; diff --git a/testing/btest/bifs/lookup_ID.bro b/testing/btest/bifs/lookup_ID.bro index e263c192da..94e7bf0180 100644 --- a/testing/btest/bifs/lookup_ID.bro +++ b/testing/btest/bifs/lookup_ID.bro @@ -4,7 +4,7 @@ global a = "bro test"; -event bro_init() +event zeek_init() { local b = "local value"; diff --git a/testing/btest/bifs/lowerupper.bro b/testing/btest/bifs/lowerupper.bro index 77e6b1c9d1..2cb04bfdaa 100644 --- a/testing/btest/bifs/lowerupper.bro +++ b/testing/btest/bifs/lowerupper.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = "this is a Test"; diff --git a/testing/btest/bifs/matching_subnets.bro b/testing/btest/bifs/matching_subnets.bro index 87effed19f..3d38d32182 100644 --- a/testing/btest/bifs/matching_subnets.bro +++ b/testing/btest/bifs/matching_subnets.bro @@ -16,7 +16,7 @@ global testt: set[subnet] = { [2607:f8b0:4007:807::200e]/128 }; -event bro_init() +event zeek_init() { print testt; local c = matching_subnets(10.2.0.2/32, testt); diff --git a/testing/btest/bifs/math.bro b/testing/btest/bifs/math.bro index 84ace8620c..288838ffc1 100644 --- a/testing/btest/bifs/math.bro +++ b/testing/btest/bifs/math.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = 3.14; local b = 2.71; diff --git a/testing/btest/bifs/merge_pattern.bro b/testing/btest/bifs/merge_pattern.bro index de4a3afd6a..2d99137b56 100644 --- a/testing/btest/bifs/merge_pattern.bro +++ b/testing/btest/bifs/merge_pattern.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = /foo/; local b = /b[a-z]+/; diff --git a/testing/btest/bifs/net_stats_trace.test b/testing/btest/bifs/net_stats_trace.test index cd9ee52a27..1cc1ba5567 100644 --- a/testing/btest/bifs/net_stats_trace.test +++ b/testing/btest/bifs/net_stats_trace.test @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -r $TRACES/wikipedia.trace >output %INPUT # @TEST-EXEC: btest-diff output -event bro_done() +event zeek_done() { print get_net_stats(); } diff --git a/testing/btest/bifs/netbios-functions.bro b/testing/btest/bifs/netbios-functions.bro index 9b075e8729..8e65f1d5ec 100644 --- a/testing/btest/bifs/netbios-functions.bro +++ b/testing/btest/bifs/netbios-functions.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local names_to_decode = set( "ejfdebfeebfacacacacacacacacacaaa", # ISATAP diff --git a/testing/btest/bifs/order.bro b/testing/btest/bifs/order.bro index cb4b050686..34c8e8c101 100644 --- a/testing/btest/bifs/order.bro +++ b/testing/btest/bifs/order.bro @@ -20,7 +20,7 @@ function myfunc2(a: double, b: double): int return 1; } -event bro_init() +event zeek_init() { # Tests without supplying a comparison function diff --git a/testing/btest/bifs/parse_ftp.bro b/testing/btest/bifs/parse_ftp.bro index a8993fa6e0..1e982def27 100644 --- a/testing/btest/bifs/parse_ftp.bro +++ b/testing/btest/bifs/parse_ftp.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { print parse_ftp_port("192,168,0,2,1,1"); diff --git a/testing/btest/bifs/rand.bro b/testing/btest/bifs/rand.bro index caf3f16031..591f0bf035 100644 --- a/testing/btest/bifs/rand.bro +++ b/testing/btest/bifs/rand.bro @@ -6,7 +6,7 @@ const do_seed = T &redef; -event bro_init() +event zeek_init() { local a = rand(1000); local b = rand(1000); diff --git a/testing/btest/bifs/raw_bytes_to_v4_addr.bro b/testing/btest/bifs/raw_bytes_to_v4_addr.bro index bd685216ef..9ac266a0bd 100644 --- a/testing/btest/bifs/raw_bytes_to_v4_addr.bro +++ b/testing/btest/bifs/raw_bytes_to_v4_addr.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { print raw_bytes_to_v4_addr("ABCD"); print raw_bytes_to_v4_addr("ABC"); diff --git a/testing/btest/bifs/reading_traces.bro b/testing/btest/bifs/reading_traces.bro index 46ad04c25f..e6fa21999e 100644 --- a/testing/btest/bifs/reading_traces.bro +++ b/testing/btest/bifs/reading_traces.bro @@ -4,7 +4,7 @@ # @TEST-EXEC: bro -r $TRACES/web.trace %INPUT >out2 # @TEST-EXEC: btest-diff out2 -event bro_init() +event zeek_init() { print reading_traces(); } diff --git a/testing/btest/bifs/record_type_to_vector.bro b/testing/btest/bifs/record_type_to_vector.bro index 9795ce886b..e5e79a4f49 100644 --- a/testing/btest/bifs/record_type_to_vector.bro +++ b/testing/btest/bifs/record_type_to_vector.bro @@ -7,7 +7,7 @@ type myrecord: record { str1: string; }; -event bro_init() +event zeek_init() { print record_type_to_vector("myrecord"); } diff --git a/testing/btest/bifs/records_fields.bro b/testing/btest/bifs/records_fields.bro index 88df239b57..a130a63267 100644 --- a/testing/btest/bifs/records_fields.bro +++ b/testing/btest/bifs/records_fields.bro @@ -24,7 +24,7 @@ type r: record { type mystring: string; -event bro_init() +event zeek_init() { local x: r = [$a=42, $d="Bar", $e=tt]; print x; diff --git a/testing/btest/bifs/resize.bro b/testing/btest/bifs/resize.bro index f4067f31c7..97c3b8c20b 100644 --- a/testing/btest/bifs/resize.bro +++ b/testing/btest/bifs/resize.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = vector( 5, 3, 8 ); diff --git a/testing/btest/bifs/reverse.bro b/testing/btest/bifs/reverse.bro index bbb386bb80..b6831ef3a7 100644 --- a/testing/btest/bifs/reverse.bro +++ b/testing/btest/bifs/reverse.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local s1 = "hello world!"; local s2 = "rise to vote sir"; diff --git a/testing/btest/bifs/rotate_file.bro b/testing/btest/bifs/rotate_file.bro index a6109ff677..a7c3bf3971 100644 --- a/testing/btest/bifs/rotate_file.bro +++ b/testing/btest/bifs/rotate_file.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = open("testfile"); write_file(a, "this is a test\n"); diff --git a/testing/btest/bifs/rotate_file_by_name.bro b/testing/btest/bifs/rotate_file_by_name.bro index f647edefe2..b02d4011be 100644 --- a/testing/btest/bifs/rotate_file_by_name.bro +++ b/testing/btest/bifs/rotate_file_by_name.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = open("testfile"); write_file(a, "this is a test\n"); diff --git a/testing/btest/bifs/same_object.bro b/testing/btest/bifs/same_object.bro index dddfd80d3d..8e38912f58 100644 --- a/testing/btest/bifs/same_object.bro +++ b/testing/btest/bifs/same_object.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = "This is a test"; local b: string; diff --git a/testing/btest/bifs/sort.bro b/testing/btest/bifs/sort.bro index 2ddb44b8be..2f3789c8a9 100644 --- a/testing/btest/bifs/sort.bro +++ b/testing/btest/bifs/sort.bro @@ -20,7 +20,7 @@ function myfunc2(a: double, b: double): int return 1; } -event bro_init() +event zeek_init() { # Tests without supplying a comparison function diff --git a/testing/btest/bifs/sort_string_array.bro b/testing/btest/bifs/sort_string_array.bro index 1916f93d0c..3d3949d89b 100644 --- a/testing/btest/bifs/sort_string_array.bro +++ b/testing/btest/bifs/sort_string_array.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a: string_array = { [1] = "this", [2] = "is", [3] = "a", [4] = "test" diff --git a/testing/btest/bifs/split.bro b/testing/btest/bifs/split.bro index b117844645..2485c3af1f 100644 --- a/testing/btest/bifs/split.bro +++ b/testing/btest/bifs/split.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = "this is a test"; local pat = /hi|es/; diff --git a/testing/btest/bifs/split_string.bro b/testing/btest/bifs/split_string.bro index e4d32b7f73..2f67921a04 100644 --- a/testing/btest/bifs/split_string.bro +++ b/testing/btest/bifs/split_string.bro @@ -8,7 +8,7 @@ function print_string_vector(v: string_vec) print v[i]; } -event bro_init() +event zeek_init() { local a = "this is a test"; local pat = /hi|es/; diff --git a/testing/btest/bifs/str_shell_escape.bro b/testing/btest/bifs/str_shell_escape.bro index e631458bc1..9079ef3953 100644 --- a/testing/btest/bifs/str_shell_escape.bro +++ b/testing/btest/bifs/str_shell_escape.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = "echo ${TEST} > \"my file\""; diff --git a/testing/btest/bifs/strcmp.bro b/testing/btest/bifs/strcmp.bro index 92d0430f1d..6893656e69 100644 --- a/testing/btest/bifs/strcmp.bro +++ b/testing/btest/bifs/strcmp.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = "this"; local b = "testing"; diff --git a/testing/btest/bifs/strftime.bro b/testing/btest/bifs/strftime.bro index 3d9e388c90..8a9f42d8b3 100644 --- a/testing/btest/bifs/strftime.bro +++ b/testing/btest/bifs/strftime.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local f1 = "%Y-%m-%d %H:%M:%S"; local f2 = "%H%M%S %Y%m%d"; diff --git a/testing/btest/bifs/string_fill.bro b/testing/btest/bifs/string_fill.bro index 0968215cc0..81a447ed47 100644 --- a/testing/btest/bifs/string_fill.bro +++ b/testing/btest/bifs/string_fill.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = "test "; diff --git a/testing/btest/bifs/string_to_pattern.bro b/testing/btest/bifs/string_to_pattern.bro index 4bd04bbcea..089cc3c557 100644 --- a/testing/btest/bifs/string_to_pattern.bro +++ b/testing/btest/bifs/string_to_pattern.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { print string_to_pattern("foo", F); print string_to_pattern("", F); diff --git a/testing/btest/bifs/strip.bro b/testing/btest/bifs/strip.bro index e508f20e3d..ae80811a30 100644 --- a/testing/btest/bifs/strip.bro +++ b/testing/btest/bifs/strip.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = " this is a test "; local b = ""; diff --git a/testing/btest/bifs/strptime.bro b/testing/btest/bifs/strptime.bro index 215299b300..c8f57b1dfc 100644 --- a/testing/btest/bifs/strptime.bro +++ b/testing/btest/bifs/strptime.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out 2>&1 # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { print strptime("%Y-%m-%d", "2012-10-19"); print strptime("%m", "1980-10-24"); diff --git a/testing/btest/bifs/strstr.bro b/testing/btest/bifs/strstr.bro index 40cd8aa5fd..75a362375a 100644 --- a/testing/btest/bifs/strstr.bro +++ b/testing/btest/bifs/strstr.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = "this is a test"; local b = "his"; diff --git a/testing/btest/bifs/sub.bro b/testing/btest/bifs/sub.bro index 773530ac74..f83113ad19 100644 --- a/testing/btest/bifs/sub.bro +++ b/testing/btest/bifs/sub.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = "this is a test"; local pat = /is|ss/; diff --git a/testing/btest/bifs/subst_string.bro b/testing/btest/bifs/subst_string.bro index 6ebed72321..186ca7f921 100644 --- a/testing/btest/bifs/subst_string.bro +++ b/testing/btest/bifs/subst_string.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = "this is another test"; local b = "is"; diff --git a/testing/btest/bifs/system.bro b/testing/btest/bifs/system.bro index bd27fc3db5..e488601ee5 100644 --- a/testing/btest/bifs/system.bro +++ b/testing/btest/bifs/system.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = system("echo thistest > out"); if ( a != 0 ) diff --git a/testing/btest/bifs/system_env.bro b/testing/btest/bifs/system_env.bro index cfe4e7dd2a..beece2e2c6 100644 --- a/testing/btest/bifs/system_env.bro +++ b/testing/btest/bifs/system_env.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT # @TEST-EXEC: btest-diff testfile -event bro_init() +event zeek_init() { local vars: table[string] of string = { ["TESTBRO"] = "helloworld" }; diff --git a/testing/btest/bifs/to_count.bro b/testing/btest/bifs/to_count.bro index 8de8c5c674..dc87fe94b9 100644 --- a/testing/btest/bifs/to_count.bro +++ b/testing/btest/bifs/to_count.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a: int = -2; print int_to_count(a); diff --git a/testing/btest/bifs/to_double.bro b/testing/btest/bifs/to_double.bro index b6fb9917a7..b2d2d65f4d 100644 --- a/testing/btest/bifs/to_double.bro +++ b/testing/btest/bifs/to_double.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = 1 usec; print interval_to_double(a); diff --git a/testing/btest/bifs/to_int.bro b/testing/btest/bifs/to_int.bro index e65a555cc4..fe7d530835 100644 --- a/testing/btest/bifs/to_int.bro +++ b/testing/btest/bifs/to_int.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { print to_int("1"); print to_int("-1"); diff --git a/testing/btest/bifs/to_interval.bro b/testing/btest/bifs/to_interval.bro index 71d73fed62..b877cedacc 100644 --- a/testing/btest/bifs/to_interval.bro +++ b/testing/btest/bifs/to_interval.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = 1234563.14; print double_to_interval(a); diff --git a/testing/btest/bifs/to_port.bro b/testing/btest/bifs/to_port.bro index b2289b8a21..9c53de7297 100644 --- a/testing/btest/bifs/to_port.bro +++ b/testing/btest/bifs/to_port.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { print to_port("123/tcp"); print to_port("123/udp"); diff --git a/testing/btest/bifs/to_time.bro b/testing/btest/bifs/to_time.bro index d5a81b0934..b286d92ea4 100644 --- a/testing/btest/bifs/to_time.bro +++ b/testing/btest/bifs/to_time.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = 1234563.14; print double_to_time(a); diff --git a/testing/btest/bifs/topk.bro b/testing/btest/bifs/topk.bro index 1e650335a7..06246da4ac 100644 --- a/testing/btest/bifs/topk.bro +++ b/testing/btest/bifs/topk.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff .stderr -event bro_init() +event zeek_init() { local k1 = topk_init(2); diff --git a/testing/btest/bifs/type_name.bro b/testing/btest/bifs/type_name.bro index f331fe6aa9..7377558db2 100644 --- a/testing/btest/bifs/type_name.bro +++ b/testing/btest/bifs/type_name.bro @@ -9,7 +9,7 @@ type myrecord: record { s: string; }; -event bro_init() +event zeek_init() { local a = "foo"; local b = 3; diff --git a/testing/btest/bifs/uuid_to_string.bro b/testing/btest/bifs/uuid_to_string.bro index dc84f349fa..2df9d2f0f0 100644 --- a/testing/btest/bifs/uuid_to_string.bro +++ b/testing/btest/bifs/uuid_to_string.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = "\xfe\x80abcdefg0123456"; print uuid_to_string(a); diff --git a/testing/btest/bifs/val_size.bro b/testing/btest/bifs/val_size.bro index 57b512b776..8757bde285 100644 --- a/testing/btest/bifs/val_size.bro +++ b/testing/btest/bifs/val_size.bro @@ -1,7 +1,7 @@ # # @TEST-EXEC: bro -b %INPUT -event bro_init() +event zeek_init() { local a = T; local b = 12; diff --git a/testing/btest/broker/connect-on-retry.bro b/testing/btest/broker/connect-on-retry.bro index 56e479b7ea..7a7db81da9 100644 --- a/testing/btest/broker/connect-on-retry.bro +++ b/testing/btest/broker/connect-on-retry.bro @@ -16,7 +16,7 @@ global event_count = 0; global ping: event(msg: string, c: count); -event bro_init() +event zeek_init() { Broker::subscribe("bro/event/my_topic"); Broker::auto_publish("bro/event/my_topic", ping); @@ -65,7 +65,7 @@ event delayed_listen() Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT"))); } -event bro_init() +event zeek_init() { Broker::subscribe("bro/event/my_topic"); Broker::auto_publish("bro/event/my_topic", pong); diff --git a/testing/btest/broker/disconnect.bro b/testing/btest/broker/disconnect.bro index 08d80f0441..34d98d20e8 100644 --- a/testing/btest/broker/disconnect.bro +++ b/testing/btest/broker/disconnect.bro @@ -24,7 +24,7 @@ event my_event(i: count) print "sender got event", i; } -event bro_init() +event zeek_init() { Broker::subscribe(test_topic); Broker::peer("127.0.0.1", to_port(getenv("BROKER_PORT"))); @@ -60,7 +60,7 @@ event my_event(i: count) terminate(); } -event bro_init() +event zeek_init() { Broker::subscribe(test_topic); Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT"))); diff --git a/testing/btest/broker/error.bro b/testing/btest/broker/error.bro index aa413ea2ac..2955997e1f 100644 --- a/testing/btest/broker/error.bro +++ b/testing/btest/broker/error.bro @@ -27,7 +27,7 @@ event Broker::error(code: Broker::ErrorCode, msg: string) print "error", code, msg; } -event bro_init() +event zeek_init() { Broker::subscribe("bro/event/my_topic"); diff --git a/testing/btest/broker/remote_event.bro b/testing/btest/broker/remote_event.bro index a9e22ec25f..548cdb6e5e 100644 --- a/testing/btest/broker/remote_event.bro +++ b/testing/btest/broker/remote_event.bro @@ -15,7 +15,7 @@ global event_count = 0; global ping: event(msg: string, c: count); -event bro_init() +event zeek_init() { Broker::subscribe("bro/event/my_topic"); Broker::peer("127.0.0.1", to_port(getenv("BROKER_PORT"))); @@ -64,7 +64,7 @@ global auto_handler: event(msg: string, c: count); global pong: event(msg: string, c: count); -event bro_init() +event zeek_init() { Broker::subscribe("bro/event/my_topic"); Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT"))); diff --git a/testing/btest/broker/remote_event_any.bro b/testing/btest/broker/remote_event_any.bro index b45e5017ef..6e111dbbdc 100644 --- a/testing/btest/broker/remote_event_any.bro +++ b/testing/btest/broker/remote_event_any.bro @@ -15,7 +15,7 @@ global event_count = 0; global ping: event(msg: string, c: any); -event bro_init() +event zeek_init() { Broker::subscribe("bro/event/my_topic"); Broker::peer("127.0.0.1", to_port(getenv("BROKER_PORT"))); @@ -67,7 +67,7 @@ global auto_handler: event(msg: string, c: count); global pong: event(msg: string, c: any); -event bro_init() +event zeek_init() { Broker::subscribe("bro/event/my_topic"); Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT"))); diff --git a/testing/btest/broker/remote_event_auto.bro b/testing/btest/broker/remote_event_auto.bro index 04570b9e6d..0bfcd2ab43 100644 --- a/testing/btest/broker/remote_event_auto.bro +++ b/testing/btest/broker/remote_event_auto.bro @@ -15,7 +15,7 @@ global event_count = 0; global ping: event(msg: string, c: count); -event bro_init() +event zeek_init() { Broker::subscribe("bro/event/my_topic"); Broker::auto_publish("bro/event/my_topic", ping); @@ -59,7 +59,7 @@ global auto_handler: event(msg: string, c: count); global pong: event(msg: string, c: count); -event bro_init() +event zeek_init() { Broker::subscribe("bro/event/my_topic"); Broker::auto_publish("bro/event/my_topic", pong); diff --git a/testing/btest/broker/remote_event_ssl_auth.bro b/testing/btest/broker/remote_event_ssl_auth.bro index 2422638416..f5e2cef26b 100644 --- a/testing/btest/broker/remote_event_ssl_auth.bro +++ b/testing/btest/broker/remote_event_ssl_auth.bro @@ -174,7 +174,7 @@ global event_count = 0; global ping: event(msg: string, c: count); -event bro_init() +event zeek_init() { Broker::subscribe("bro/event/my_topic"); Broker::peer("127.0.0.1", to_port(getenv("BROKER_PORT"))); @@ -225,7 +225,7 @@ global auto_handler: event(msg: string, c: count); global pong: event(msg: string, c: count); -event bro_init() +event zeek_init() { Broker::subscribe("bro/event/my_topic"); Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT"))); diff --git a/testing/btest/broker/remote_event_vector_any.bro b/testing/btest/broker/remote_event_vector_any.bro index 6f03d97c56..dfd6cfb754 100644 --- a/testing/btest/broker/remote_event_vector_any.bro +++ b/testing/btest/broker/remote_event_vector_any.bro @@ -20,7 +20,7 @@ type myrec: record { global bar: event(x: any); -event bro_init() +event zeek_init() { Broker::subscribe("test"); Broker::peer("127.0.0.1", to_port(getenv("BROKER_PORT"))); @@ -91,7 +91,7 @@ event bar(x: any) process(x); } -event bro_init() +event zeek_init() { Broker::subscribe("test"); Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT"))); diff --git a/testing/btest/broker/remote_id.bro b/testing/btest/broker/remote_id.bro index 62cddb9f25..dad98ee44a 100644 --- a/testing/btest/broker/remote_id.bro +++ b/testing/btest/broker/remote_id.bro @@ -10,7 +10,7 @@ const test_var = "init" &redef; -event bro_init() +event zeek_init() { Broker::peer("127.0.0.1", to_port(getenv("BROKER_PORT"))); } @@ -44,7 +44,7 @@ event check_var() } } -event bro_init() +event zeek_init() { print "intial val", test_var; Broker::subscribe("bro/ids"); diff --git a/testing/btest/broker/remote_log.bro b/testing/btest/broker/remote_log.bro index dae89d42b2..f5c320dc20 100644 --- a/testing/btest/broker/remote_log.bro +++ b/testing/btest/broker/remote_log.bro @@ -25,7 +25,7 @@ export { }; } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(Test::LOG, [$columns=Test::Info]); } @@ -42,7 +42,7 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string) @load ./common.bro -event bro_init() +event zeek_init() { Broker::subscribe("bro/"); Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT"))); @@ -61,7 +61,7 @@ event Broker::peer_removed(endpoint: Broker::EndpointInfo, msg: string) @load ./common.bro -event bro_init() +event zeek_init() { Broker::peer("127.0.0.1", to_port(getenv("BROKER_PORT"))); } diff --git a/testing/btest/broker/remote_log_late_join.bro b/testing/btest/broker/remote_log_late_join.bro index aea7846996..52bcab7d86 100644 --- a/testing/btest/broker/remote_log_late_join.bro +++ b/testing/btest/broker/remote_log_late_join.bro @@ -25,7 +25,7 @@ export { }; } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(Test::LOG, [$columns=Test::Info]); } @@ -42,7 +42,7 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string) @load ./common.bro -event bro_init() +event zeek_init() { Broker::subscribe("bro/"); Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT"))); @@ -68,7 +68,7 @@ event doconnect() global n = 0; -event bro_init() +event zeek_init() { schedule 2secs { doconnect() }; Log::write(Test::LOG, [$msg = "ping", $num = n]); diff --git a/testing/btest/broker/remote_log_types.bro b/testing/btest/broker/remote_log_types.bro index 8bbc66eaa2..1a2d04b130 100644 --- a/testing/btest/broker/remote_log_types.bro +++ b/testing/btest/broker/remote_log_types.bro @@ -47,7 +47,7 @@ export { } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(Test::LOG, [$columns=Test::Info]); } @@ -58,7 +58,7 @@ event bro_init() &priority=5 @load ./common.bro -event bro_init() +event zeek_init() { Broker::subscribe("bro/"); Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT"))); @@ -77,7 +77,7 @@ event quit_receiver() @load ./common.bro -event bro_init() +event zeek_init() { Broker::peer("127.0.0.1", to_port(getenv("BROKER_PORT"))); } diff --git a/testing/btest/broker/ssl_auth_failure.bro b/testing/btest/broker/ssl_auth_failure.bro index bc90d86298..45138dc15e 100644 --- a/testing/btest/broker/ssl_auth_failure.bro +++ b/testing/btest/broker/ssl_auth_failure.bro @@ -103,7 +103,7 @@ event do_terminate() terminate(); } -event bro_init() +event zeek_init() { Broker::subscribe("bro/event/my_topic"); Broker::peer("127.0.0.1", to_port(getenv("BROKER_PORT"))); @@ -145,7 +145,7 @@ event do_terminate() terminate(); } -event bro_init() +event zeek_init() { Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT"))); schedule 10secs { do_terminate() }; diff --git a/testing/btest/broker/store/clone.bro b/testing/btest/broker/store/clone.bro index 5620303410..a499d11ea6 100644 --- a/testing/btest/broker/store/clone.bro +++ b/testing/btest/broker/store/clone.bro @@ -48,7 +48,7 @@ event inserted() schedule 6secs { done() }; } -event bro_init() +event zeek_init() { Broker::auto_publish("bro/events", done); Broker::subscribe("bro/"); @@ -129,7 +129,7 @@ event lookup(stage: count) schedule 4sec { done() }; } -event bro_init() +event zeek_init() { Broker::auto_publish("bro/events", inserted); Broker::subscribe("bro/"); diff --git a/testing/btest/broker/store/local.bro b/testing/btest/broker/store/local.bro index b352df93f2..1846d8c2c3 100644 --- a/testing/btest/broker/store/local.bro +++ b/testing/btest/broker/store/local.bro @@ -13,7 +13,7 @@ event done() terminate(); } -event bro_init() +event zeek_init() { h = Broker::create_master("master"); Broker::put(h, "one", "110"); diff --git a/testing/btest/broker/store/ops.bro b/testing/btest/broker/store/ops.bro index 070a0f2ed3..4e89f365bf 100644 --- a/testing/btest/broker/store/ops.bro +++ b/testing/btest/broker/store/ops.bro @@ -83,7 +83,7 @@ event pk1() schedule 1sec { pk2() }; } -event bro_init() +event zeek_init() { h = Broker::create_master("master"); Broker::put(h, "one", "110"); diff --git a/testing/btest/broker/store/record.bro b/testing/btest/broker/store/record.bro index ab862012a6..62ee4735ba 100644 --- a/testing/btest/broker/store/record.bro +++ b/testing/btest/broker/store/record.bro @@ -8,7 +8,7 @@ type R: record { c: count; }; -event bro_init() +event zeek_init() { local cr = Broker::record_create(3); print Broker::record_size(cr); diff --git a/testing/btest/broker/store/set.bro b/testing/btest/broker/store/set.bro index 056b46e221..c2524cec6a 100644 --- a/testing/btest/broker/store/set.bro +++ b/testing/btest/broker/store/set.bro @@ -3,7 +3,7 @@ # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff master/out -event bro_init() +event zeek_init() { local cs = Broker::set_create(); diff --git a/testing/btest/broker/store/sqlite.bro b/testing/btest/broker/store/sqlite.bro index fbce1a693a..8adde597f5 100644 --- a/testing/btest/broker/store/sqlite.bro +++ b/testing/btest/broker/store/sqlite.bro @@ -27,7 +27,7 @@ event done() terminate(); } -event bro_init() +event zeek_init() { h = Broker::create_master("master", Broker::SQLITE); diff --git a/testing/btest/broker/store/table.bro b/testing/btest/broker/store/table.bro index 11bd00028b..6fdf7615a6 100644 --- a/testing/btest/broker/store/table.bro +++ b/testing/btest/broker/store/table.bro @@ -3,7 +3,7 @@ # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff master/out -event bro_init() +event zeek_init() { local ct = Broker::table_create(); diff --git a/testing/btest/broker/store/type-conversion.bro b/testing/btest/broker/store/type-conversion.bro index c92c1ea4c9..fa9e16d587 100644 --- a/testing/btest/broker/store/type-conversion.bro +++ b/testing/btest/broker/store/type-conversion.bro @@ -11,7 +11,7 @@ type R2: record { r1: R1; }; -event bro_init() +event zeek_init() { ### Print every broker data type print Broker::data_type(Broker::data(T)); diff --git a/testing/btest/broker/store/vector.bro b/testing/btest/broker/store/vector.bro index 7edc4ba050..7c44640334 100644 --- a/testing/btest/broker/store/vector.bro +++ b/testing/btest/broker/store/vector.bro @@ -3,7 +3,7 @@ # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff master/out -event bro_init() +event zeek_init() { local cv = Broker::vector_create(); print Broker::vector_size(cv); diff --git a/testing/btest/broker/unpeer.bro b/testing/btest/broker/unpeer.bro index b591815955..5251c9eb60 100644 --- a/testing/btest/broker/unpeer.bro +++ b/testing/btest/broker/unpeer.bro @@ -34,7 +34,7 @@ event unpeer(endpoint: Broker::EndpointInfo) schedule 4secs { do_terminate() }; } -event bro_init() +event zeek_init() { Broker::subscribe("bro/event/my_topic"); Broker::auto_publish("bro/event/my_topic", print_something); @@ -65,7 +65,7 @@ event print_something(i: int) print "Something receiver", i; } -event bro_init() +event zeek_init() { Broker::subscribe("bro/event/my_topic"); Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT"))); diff --git a/testing/btest/core/discarder.bro b/testing/btest/core/discarder.bro index 9e8f5e7a2f..9c48526bac 100644 --- a/testing/btest/core/discarder.bro +++ b/testing/btest/core/discarder.bro @@ -6,7 +6,7 @@ @TEST-START-FILE discarder-ip.bro -event bro_init() +event zeek_init() { print "################ IP Discarder ################"; } @@ -28,7 +28,7 @@ event new_packet(c: connection, p: pkt_hdr) @TEST-START-FILE discarder-tcp.bro -event bro_init() +event zeek_init() { print "################ TCP Discarder ################"; } @@ -50,7 +50,7 @@ event new_packet(c: connection, p: pkt_hdr) @TEST-START-FILE discarder-udp.bro -event bro_init() +event zeek_init() { print "################ UDP Discarder ################"; } @@ -72,7 +72,7 @@ event new_packet(c: connection, p: pkt_hdr) @TEST-START-FILE discarder-icmp.bro -event bro_init() +event zeek_init() { print "################ ICMP Discarder ################"; } diff --git a/testing/btest/core/div-by-zero.bro b/testing/btest/core/div-by-zero.bro index d1221638d6..da06569c2f 100644 --- a/testing/btest/core/div-by-zero.bro +++ b/testing/btest/core/div-by-zero.bro @@ -26,7 +26,7 @@ event mod_count(a: count, b: count) print a % b; } -event bro_init() +event zeek_init() { event div_int(10, 0); event div_count(10, 0); diff --git a/testing/btest/core/embedded-null.bro b/testing/btest/core/embedded-null.bro index 95a4c965a9..c85da21541 100644 --- a/testing/btest/core/embedded-null.bro +++ b/testing/btest/core/embedded-null.bro @@ -1,7 +1,7 @@ # @TEST-EXEC: bro -b %INPUT 2>&1 # @TEST-EXEC: btest-diff .stdout -event bro_init() +event zeek_init() { local a = "hi\x00there"; unique_id(a); diff --git a/testing/btest/core/event-arg-reuse.bro b/testing/btest/core/event-arg-reuse.bro index ba8e0f0677..3ad5f82cab 100644 --- a/testing/btest/core/event-arg-reuse.bro +++ b/testing/btest/core/event-arg-reuse.bro @@ -14,7 +14,7 @@ event f(a: int) &priority=-5 print "f2", a; } -event bro_init() +event zeek_init() { event f(1); } diff --git a/testing/btest/core/fake_dns.bro b/testing/btest/core/fake_dns.bro index f4d8c46777..f5cd4d2067 100644 --- a/testing/btest/core/fake_dns.bro +++ b/testing/btest/core/fake_dns.bro @@ -19,7 +19,7 @@ function check_terminate() terminate(); } -event bro_init() +event zeek_init() { print addrs; diff --git a/testing/btest/core/file-caching-serialization.test b/testing/btest/core/file-caching-serialization.test index 7ff1d8be8d..c6edeb55c2 100644 --- a/testing/btest/core/file-caching-serialization.test +++ b/testing/btest/core/file-caching-serialization.test @@ -42,7 +42,7 @@ event file_opened(f: file) print f, "opened"; } -event bro_init() +event zeek_init() { for ( i in iterations ) write_to_file(iterations[i]); diff --git a/testing/btest/core/global_opaque_val.bro b/testing/btest/core/global_opaque_val.bro index 84087d8295..0232271ced 100644 --- a/testing/btest/core/global_opaque_val.bro +++ b/testing/btest/core/global_opaque_val.bro @@ -3,7 +3,7 @@ global test = md5_hash_init(); -event bro_init() +event zeek_init() { md5_hash_update(test, "one"); md5_hash_update(test, "two"); diff --git a/testing/btest/core/leaks/basic-cluster.bro b/testing/btest/core/leaks/basic-cluster.bro index fa73fb9a96..d6c017090e 100644 --- a/testing/btest/core/leaks/basic-cluster.bro +++ b/testing/btest/core/leaks/basic-cluster.bro @@ -24,7 +24,7 @@ redef Log::default_rotation_interval = 0secs; global n = 0; -event bro_init() &priority=5 +event zeek_init() &priority=5 { local r1: SumStats::Reducer = [$stream="test", $apply=set(SumStats::SUM, SumStats::MIN, SumStats::MAX, SumStats::AVERAGE, SumStats::STD_DEV, SumStats::VARIANCE, SumStats::UNIQUE)]; SumStats::create([$name="test", @@ -48,7 +48,7 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string) global ready_for_data: event(); -event bro_init() +event zeek_init() { Broker::auto_publish(Cluster::worker_topic, ready_for_data); } diff --git a/testing/btest/core/leaks/broker/clone_store.bro b/testing/btest/core/leaks/broker/clone_store.bro index 68235c7bab..9ee9ee2cd9 100644 --- a/testing/btest/core/leaks/broker/clone_store.bro +++ b/testing/btest/core/leaks/broker/clone_store.bro @@ -49,7 +49,7 @@ event inserted() schedule 2secs { done() }; } -event bro_init() +event zeek_init() { Broker::auto_publish("bro/events", done); Broker::subscribe("bro/"); @@ -127,7 +127,7 @@ event done() terminate(); } -event bro_init() +event zeek_init() { Broker::auto_publish("bro/events", inserted); Broker::subscribe("bro/"); diff --git a/testing/btest/core/leaks/broker/master_store.bro b/testing/btest/core/leaks/broker/master_store.bro index 583f80413b..08919bb461 100644 --- a/testing/btest/core/leaks/broker/master_store.bro +++ b/testing/btest/core/leaks/broker/master_store.bro @@ -85,7 +85,7 @@ event pk1() schedule 1sec { pk2() }; } -event bro_init() +event zeek_init() { h = Broker::create_master("master"); Broker::put(h, "one", "110"); diff --git a/testing/btest/core/leaks/broker/remote_event.test b/testing/btest/core/leaks/broker/remote_event.test index 5000bd98d7..7eb84c94ef 100644 --- a/testing/btest/core/leaks/broker/remote_event.test +++ b/testing/btest/core/leaks/broker/remote_event.test @@ -16,7 +16,7 @@ redef exit_only_after_terminate = T; global event_handler: event(msg: string, c: count); global auto_event_handler: event(msg: string, c: count); -event bro_init() +event zeek_init() { Broker::subscribe("bro/event/"); Broker::auto_publish("bro/event/my_topic", auto_event_handler); @@ -50,7 +50,7 @@ redef exit_only_after_terminate = T; global event_handler: event(msg: string, c: count); global auto_event_handler: event(msg: string, c: count); -event bro_init() +event zeek_init() { Broker::subscribe("bro/event/my_topic"); Broker::peer("127.0.0.1", to_port(getenv("BROKER_PORT")), 1secs); diff --git a/testing/btest/core/leaks/broker/remote_log.test b/testing/btest/core/leaks/broker/remote_log.test index 12abc1a313..0c50856b9b 100644 --- a/testing/btest/core/leaks/broker/remote_log.test +++ b/testing/btest/core/leaks/broker/remote_log.test @@ -27,7 +27,7 @@ export { }; } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(Test::LOG, [$columns=Test::Info]); } @@ -43,7 +43,7 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string) @load ./common.bro -event bro_init() +event zeek_init() { Broker::subscribe("bro/"); Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT"))); @@ -60,7 +60,7 @@ event Broker::peer_removed(endpoint: Broker::EndpointInfo, msg: string) @load ./common.bro -event bro_init() +event zeek_init() { Broker::peer("127.0.0.1", to_port(getenv("BROKER_PORT"))); } diff --git a/testing/btest/core/leaks/exec.test b/testing/btest/core/leaks/exec.test index 4cc8240012..d9d96b5693 100644 --- a/testing/btest/core/leaks/exec.test +++ b/testing/btest/core/leaks/exec.test @@ -31,7 +31,7 @@ function test_cmd(label: string, cmd: Exec::Command) } } -event bro_init() +event zeek_init() { test_cmd("test1", [$cmd="bash ../somescript.sh", $read_files=set("out1", "out2")]); diff --git a/testing/btest/core/leaks/hll_cluster.bro b/testing/btest/core/leaks/hll_cluster.bro index e565778fbc..2fae13adad 100644 --- a/testing/btest/core/leaks/hll_cluster.bro +++ b/testing/btest/core/leaks/hll_cluster.bro @@ -31,7 +31,7 @@ global hll_data: event(data: opaque of cardinality); @if ( Cluster::local_node_type() == Cluster::WORKER ) -event bro_init() +event zeek_init() { Broker::auto_publish(Cluster::manager_topic, hll_data); } @@ -94,7 +94,7 @@ event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string) global result_count = 0; global hll: opaque of cardinality; -event bro_init() +event zeek_init() { hll = hll_cardinality_init(0.01, 0.95); } diff --git a/testing/btest/core/leaks/input-basic.bro b/testing/btest/core/leaks/input-basic.bro index 2f2ecf802d..177cbc5e26 100644 --- a/testing/btest/core/leaks/input-basic.bro +++ b/testing/btest/core/leaks/input-basic.bro @@ -50,7 +50,7 @@ type Val: record { global servers: table[int] of Val = table(); -event bro_init() +event zeek_init() { outfile = open("../out"); # first read in the old stuff into the table... diff --git a/testing/btest/core/leaks/input-errors.bro b/testing/btest/core/leaks/input-errors.bro index 589579779f..93a143c8d5 100644 --- a/testing/btest/core/leaks/input-errors.bro +++ b/testing/btest/core/leaks/input-errors.bro @@ -152,7 +152,7 @@ event kill_me() terminate(); } -event bro_init() +event zeek_init() { outfile = open("out"); Input::add_event([$source="input.log", $name="file", $fields=FileVal, $ev=line_file, $want_record=T]); diff --git a/testing/btest/core/leaks/input-missing-enum.bro b/testing/btest/core/leaks/input-missing-enum.bro index 9037e15ed0..5f931a35f3 100644 --- a/testing/btest/core/leaks/input-missing-enum.bro +++ b/testing/btest/core/leaks/input-missing-enum.bro @@ -26,7 +26,7 @@ type Val: record { global etable: table[int] of Log::ID = table(); -event bro_init() +event zeek_init() { # first read in the old stuff into the table... Input::add_table([$source="../input.log", $name="enum", $idx=Idx, $val=Val, $destination=etable, $want_record=F]); diff --git a/testing/btest/core/leaks/input-optional-event.bro b/testing/btest/core/leaks/input-optional-event.bro index ca141e1c4e..df8d591769 100644 --- a/testing/btest/core/leaks/input-optional-event.bro +++ b/testing/btest/core/leaks/input-optional-event.bro @@ -50,7 +50,7 @@ event servers(desc: Input::EventDescription, tpe: Input::Event, item: Val) print outfile, item; } -event bro_init() +event zeek_init() { outfile = open("../out"); # first read in the old stuff into the table... diff --git a/testing/btest/core/leaks/input-optional-table.bro b/testing/btest/core/leaks/input-optional-table.bro index 95871b1516..f3e4c05fb4 100644 --- a/testing/btest/core/leaks/input-optional-table.bro +++ b/testing/btest/core/leaks/input-optional-table.bro @@ -50,7 +50,7 @@ type Val: record { global servers: table[int] of Val = table(); -event bro_init() +event zeek_init() { outfile = open("../out"); # first read in the old stuff into the table... diff --git a/testing/btest/core/leaks/input-raw.bro b/testing/btest/core/leaks/input-raw.bro index 608ea25030..39ab13adfd 100644 --- a/testing/btest/core/leaks/input-raw.bro +++ b/testing/btest/core/leaks/input-raw.bro @@ -63,7 +63,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, s: string) } } -event bro_init() +event zeek_init() { outfile = open("../out"); try = 0; diff --git a/testing/btest/core/leaks/input-reread.bro b/testing/btest/core/leaks/input-reread.bro index 8b6295c15d..c15a91a6aa 100644 --- a/testing/btest/core/leaks/input-reread.bro +++ b/testing/btest/core/leaks/input-reread.bro @@ -118,7 +118,7 @@ event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, r print outfile, right; } -event bro_init() +event zeek_init() { outfile = open("../out"); try = 0; diff --git a/testing/btest/core/leaks/input-sqlite.bro b/testing/btest/core/leaks/input-sqlite.bro index ae1df163c8..d278a00533 100644 --- a/testing/btest/core/leaks/input-sqlite.bro +++ b/testing/btest/core/leaks/input-sqlite.bro @@ -87,7 +87,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, r: Conn::Inf print outfile, |r$tunnel_parents|; # to make sure I got empty right } -event bro_init() +event zeek_init() { local config_strings: table[string] of string = { ["query"] = "select * from conn;", diff --git a/testing/btest/core/leaks/input-with-remove.bro b/testing/btest/core/leaks/input-with-remove.bro index ba58d7b2f6..59e3f28c0a 100644 --- a/testing/btest/core/leaks/input-with-remove.bro +++ b/testing/btest/core/leaks/input-with-remove.bro @@ -52,7 +52,7 @@ event do_term() { terminate(); } -event bro_init() { +event zeek_init() { schedule 1sec { do() }; diff --git a/testing/btest/core/leaks/returnwhen.bro b/testing/btest/core/leaks/returnwhen.bro index f5160ef250..cf1115a738 100644 --- a/testing/btest/core/leaks/returnwhen.bro +++ b/testing/btest/core/leaks/returnwhen.bro @@ -63,7 +63,7 @@ event do_another() } } -event bro_init() +event zeek_init() { local local_dummy = dummyfunc; diff --git a/testing/btest/core/old_comm_usage.bro b/testing/btest/core/old_comm_usage.bro index 0e9ae2f1f6..8f4e3854aa 100644 --- a/testing/btest/core/old_comm_usage.bro +++ b/testing/btest/core/old_comm_usage.bro @@ -1,7 +1,7 @@ # @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out -event bro_init() +event zeek_init() { terminate_communication(); } diff --git a/testing/btest/core/option-priorities.bro b/testing/btest/core/option-priorities.bro index fd352a5459..088d82ea9f 100644 --- a/testing/btest/core/option-priorities.bro +++ b/testing/btest/core/option-priorities.bro @@ -16,7 +16,7 @@ function option_changed_two(ID: string, new_value: bool, location: string): bool return T; } -event bro_init() +event zeek_init() { print "Old value", testbool; Option::set_change_handler("testbool", option_changed); diff --git a/testing/btest/core/option-redef.bro b/testing/btest/core/option-redef.bro index 3d67a9a755..30d381306a 100644 --- a/testing/btest/core/option-redef.bro +++ b/testing/btest/core/option-redef.bro @@ -9,7 +9,7 @@ redef testopt = 6; option anotheropt = 6; redef anotheropt = 7; -event bro_init() { +event zeek_init() { print testopt; print anotheropt; } diff --git a/testing/btest/core/pcap/dynamic-filter.bro b/testing/btest/core/pcap/dynamic-filter.bro index c1b48155c1..caebaf0558 100644 --- a/testing/btest/core/pcap/dynamic-filter.bro +++ b/testing/btest/core/pcap/dynamic-filter.bro @@ -21,7 +21,7 @@ event new_packet(c: connection, p: pkt_hdr) print "error 4"; } -event bro_init() +event zeek_init() { if ( ! Pcap::precompile_pcap_filter(A, "port 80") ) print "error 1"; diff --git a/testing/btest/core/pcap/filter-error.bro b/testing/btest/core/pcap/filter-error.bro index 10270ed53f..b83b8879a0 100644 --- a/testing/btest/core/pcap/filter-error.bro +++ b/testing/btest/core/pcap/filter-error.bro @@ -7,7 +7,7 @@ redef enum PcapFilterID += { A }; -event bro_init() +event zeek_init() { if ( ! Pcap::precompile_pcap_filter(A, "kaputt, too") ) print "error", Pcap::error(); diff --git a/testing/btest/core/pcap/input-error.bro b/testing/btest/core/pcap/input-error.bro index 44788b3391..5e469e08e8 100644 --- a/testing/btest/core/pcap/input-error.bro +++ b/testing/btest/core/pcap/input-error.bro @@ -5,7 +5,7 @@ redef enum PcapFilterID += { A }; -event bro_init() +event zeek_init() { if ( ! Pcap::precompile_pcap_filter(A, "kaputt, too") ) print "error", Pcap::error(); diff --git a/testing/btest/core/pcap/pseudo-realtime.bro b/testing/btest/core/pcap/pseudo-realtime.bro index 625706f321..c51b5cc32b 100644 --- a/testing/btest/core/pcap/pseudo-realtime.bro +++ b/testing/btest/core/pcap/pseudo-realtime.bro @@ -31,7 +31,7 @@ event new_packet(c: connection, p: pkt_hdr) # print fmt("num=%d agg_delta_network=%.1f agg_delta_real=%.1f", cnt, an, ac); } -event bro_done() +event zeek_done() { local d = (an - ac); if ( d < 0 secs) diff --git a/testing/btest/core/reassembly.bro b/testing/btest/core/reassembly.bro index 30cfaa727e..53489008de 100644 --- a/testing/btest/core/reassembly.bro +++ b/testing/btest/core/reassembly.bro @@ -5,7 +5,7 @@ # @TEST-EXEC: bro -C -r $TRACES/tcp/reassembly.pcap %INPUT >>output # @TEST-EXEC: btest-diff output -event bro_init() +event zeek_init() { print "----------------------"; } diff --git a/testing/btest/core/recursive-event.bro b/testing/btest/core/recursive-event.bro index 245e994cd6..63cb05eb6f 100644 --- a/testing/btest/core/recursive-event.bro +++ b/testing/btest/core/recursive-event.bro @@ -26,7 +26,7 @@ event test() event test(); } -event bro_init() +event zeek_init() { event test(); } diff --git a/testing/btest/core/reporter-error-in-handler.bro b/testing/btest/core/reporter-error-in-handler.bro index c4a21d5902..fc0517ab2a 100644 --- a/testing/btest/core/reporter-error-in-handler.bro +++ b/testing/btest/core/reporter-error-in-handler.bro @@ -23,7 +23,7 @@ event reporter_error(t: time, msg: string, location: string) } } -event bro_init() +event zeek_init() { print a[1]; } diff --git a/testing/btest/core/reporter-fmt-strings.bro b/testing/btest/core/reporter-fmt-strings.bro index 0e0be77844..09c03cf721 100644 --- a/testing/btest/core/reporter-fmt-strings.bro +++ b/testing/btest/core/reporter-fmt-strings.bro @@ -4,7 +4,7 @@ # @TEST-EXEC-FAIL: bro %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output -event bro_init() +event zeek_init() { event dont_interpret_this("%s"); } diff --git a/testing/btest/core/reporter-parse-error.bro b/testing/btest/core/reporter-parse-error.bro index 25f33e2785..d57917ff26 100644 --- a/testing/btest/core/reporter-parse-error.bro +++ b/testing/btest/core/reporter-parse-error.bro @@ -2,7 +2,7 @@ # @TEST-EXEC-FAIL: bro %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output -event bro_init() +event zeek_init() { print TESTFAILURE; } diff --git a/testing/btest/core/reporter-runtime-error.bro b/testing/btest/core/reporter-runtime-error.bro index f8dd8c504c..9caeddb258 100644 --- a/testing/btest/core/reporter-runtime-error.bro +++ b/testing/btest/core/reporter-runtime-error.bro @@ -4,7 +4,7 @@ global a: table[count] of count; -event bro_init() +event zeek_init() { print a[2]; } diff --git a/testing/btest/core/reporter-type-mismatch.bro b/testing/btest/core/reporter-type-mismatch.bro index 0faa9b85e2..1a375ea84b 100644 --- a/testing/btest/core/reporter-type-mismatch.bro +++ b/testing/btest/core/reporter-type-mismatch.bro @@ -6,7 +6,7 @@ event foo(a: string) { } -event bro_init() +event zeek_init() { event foo(42); } diff --git a/testing/btest/core/reporter.bro b/testing/btest/core/reporter.bro index aa660ef495..bc79ca73d8 100644 --- a/testing/btest/core/reporter.bro +++ b/testing/btest/core/reporter.bro @@ -3,14 +3,14 @@ # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff logger-test.log -event bro_init() +event zeek_init() { Reporter::info("init test-info"); Reporter::warning("init test-warning"); Reporter::error("init test-error"); } -event bro_done() +event zeek_done() { Reporter::info("done test-info"); Reporter::warning("done test-warning"); diff --git a/testing/btest/core/vector-assignment.bro b/testing/btest/core/vector-assignment.bro index d1f02c124f..9c5cc4e0f6 100644 --- a/testing/btest/core/vector-assignment.bro +++ b/testing/btest/core/vector-assignment.bro @@ -13,7 +13,7 @@ function set_me(val: any) { print a; } -event bro_init() { +event zeek_init() { local b: vector of count = {1, 2, 3}; set_me(b); } diff --git a/testing/btest/core/when-interpreter-exceptions.bro b/testing/btest/core/when-interpreter-exceptions.bro index f259a46bda..f6a1d8a73b 100644 --- a/testing/btest/core/when-interpreter-exceptions.bro +++ b/testing/btest/core/when-interpreter-exceptions.bro @@ -79,7 +79,7 @@ function g(do_exception: bool): bool return F; } -event bro_init() +event zeek_init() { local cmd = Exec::Command($cmd="echo 'bro_init()'"); local stall = Exec::Command($cmd="sleep 30"); diff --git a/testing/btest/doc/broxygen/all_scripts.test b/testing/btest/doc/broxygen/all_scripts.test deleted file mode 100644 index 238ba3a4f3..0000000000 --- a/testing/btest/doc/broxygen/all_scripts.test +++ /dev/null @@ -1,14 +0,0 @@ -# This test is mostly just checking that there's no errors that result -# from loading all scripts and generated docs for each. - -# This must be serialized with communication tests because it does load -# listen.bro in order to document it. - -# @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -X broxygen.config broxygen DumpEvents::include=/NOTHING_MATCHES/ Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-diff .stdout -# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr - -@TEST-START-FILE broxygen.config -script * scripts/ -@TEST-END-FILE diff --git a/testing/btest/doc/broxygen/command_line.bro b/testing/btest/doc/broxygen/command_line.bro deleted file mode 100644 index d009667b7e..0000000000 --- a/testing/btest/doc/broxygen/command_line.bro +++ /dev/null @@ -1,7 +0,0 @@ -# Shouldn't emit any warnings about not being able to document something -# that's supplied via command line script. - -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro %INPUT -e 'redef myvar=10; print myvar' >output 2>&1 -# @TEST-EXEC: btest-diff output - -const myvar = 5 &redef; diff --git a/testing/btest/doc/broxygen/comment_retrieval_bifs.bro b/testing/btest/doc/broxygen/comment_retrieval_bifs.bro deleted file mode 100644 index f3c1be6b14..0000000000 --- a/testing/btest/doc/broxygen/comment_retrieval_bifs.bro +++ /dev/null @@ -1,111 +0,0 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b %INPUT >out -# @TEST-EXEC: btest-diff out - -##! This is a test script. -##! With some summary comments. - -## Hello world. This is an option. -## With some more description here. -## And here. -const myvar = 7 &redef; ##< Maybe just one more. - -## This function prints a string line by line. -## -## lines: A string to print line by line, w/ lines delimited by newline chars. -global print_lines: function(lines: string, prefix: string &default=""); - -## And some more comments on the function implementation. -function print_lines(lines: string, prefix: string) - { - local v: vector of string; - local line_table = split(lines, /\n/); - - for ( i in line_table ) - v[i] = line_table[i]; - - for ( i in v ) - print fmt("%s%s", prefix, v[i]); - } - -function print_comments(name: string, func: function(name: string): string) - { - print fmt("%s:", name); - print_lines(func(name), " "); - } - -## This is an alias for count. -type mytype: count; - -## My record type. -type myrecord: record { - ## The first field. - ## Does something... - aaa: count; ##< Done w/ aaa. - ## The second field. - bbb: string; ##< Done w/ bbb. - ##< No really, done w/ bbb. - ## Third field. - ccc: int; ##< Done w/ ccc. - ## Fourth field. - ddd: interval; ##< Done w/ ddd. -}; - - -## My enum type; -type myenum: enum { - ## First enum value. - ## I know, the name isn't clever. - FIRST, ##< Done w/ first. - ## Second enum value. - SECOND, ##< Done w/ second. - ## Third enum value. - THIRD, ##< Done w/ third. - ##< Done w/ third again. - ## SIC. - ## It's a programming language. - FORTH ##< Using Reverse Polish Notation. - ##< Done w/ forth. -}; - -redef record myrecord += { - ## First redef'd field. - ## With two lines of comments. - eee: count &optional; ##< And two post-notation comments. - ##< Done w/ eee. - ## Second redef'd field. - fff: count &optional; ##< Done w/ fff. - ## Third redef'd field. - ggg: count &optional; ##< Done w/ ggg. -}; - -redef enum myenum += { - ## First redef'd enum val. - FIFTH, ##< Done w/ fifth. - ## Second redef'd enum val. - SIXTH, ##< Done w/ sixth. - ## Third redef'd enum val. - ## Lucky number seven. - SEVENTH, ##< Still works with comma. - ##< Done w/ seventh. -}; - -print_lines(get_script_comments(@DIR + "/" + @FILENAME)); -print_comments("myvar", get_identifier_comments); -print_comments("print_lines", get_identifier_comments); -print_comments("mytype", get_identifier_comments); -print_comments("myrecord", get_identifier_comments); -print_comments("myrecord$aaa", get_record_field_comments); -print_comments("myrecord$bbb", get_record_field_comments); -print_comments("myrecord$ccc", get_record_field_comments); -print_comments("myrecord$ddd", get_record_field_comments); -print_comments("myrecord$eee", get_record_field_comments); -print_comments("myrecord$fff", get_record_field_comments); -print_comments("myrecord$ggg", get_record_field_comments); -print_comments("myenum", get_identifier_comments); -print_comments("FIRST", get_identifier_comments); -print_comments("SECOND", get_identifier_comments); -print_comments("THIRD", get_identifier_comments); -print_comments("FORTH", get_identifier_comments); -print_comments("FIFTH", get_identifier_comments); -print_comments("SIXTH", get_identifier_comments); -print_comments("SEVENTH", get_identifier_comments); diff --git a/testing/btest/doc/broxygen/enums.bro b/testing/btest/doc/broxygen/enums.bro deleted file mode 100644 index 8fbdb11ab6..0000000000 --- a/testing/btest/doc/broxygen/enums.bro +++ /dev/null @@ -1,43 +0,0 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X broxygen.config %INPUT -# @TEST-EXEC: btest-diff autogen-reST-enums.rst - -@TEST-START-FILE broxygen.config -identifier TestEnum* autogen-reST-enums.rst -@TEST-END-FILE - -## There's tons of ways an enum can look... -type TestEnum1: enum { - ## like this - ONE, - TWO, ##< or like this - ## multiple - ## comments - THREE, ##< and even - ##< more comments -}; - -## The final comma is optional -type TestEnum2: enum { - ## like this - A, - B, ##< or like this - ## multiple - ## comments - C ##< and even - ##< more comments -}; - -## redefs should also work -redef enum TestEnum1 += { - ## adding another - FOUR ##< value -}; - -## now with a comma -redef enum TestEnum1 += { - ## adding another - FIVE, ##< value -}; - -## this should reference the TestEnum1 type and not a generic "enum" type -const TestEnumVal = ONE &redef; diff --git a/testing/btest/doc/broxygen/example.bro b/testing/btest/doc/broxygen/example.bro deleted file mode 100644 index 22a6fc7418..0000000000 --- a/testing/btest/doc/broxygen/example.bro +++ /dev/null @@ -1,8 +0,0 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -X broxygen.config %INPUT -# @TEST-EXEC: btest-diff example.rst - -@TEST-START-FILE broxygen.config -script broxygen/example.bro example.rst -@TEST-END-FILE - -@load broxygen/example.bro diff --git a/testing/btest/doc/broxygen/func-params.bro b/testing/btest/doc/broxygen/func-params.bro deleted file mode 100644 index e53ca475f1..0000000000 --- a/testing/btest/doc/broxygen/func-params.bro +++ /dev/null @@ -1,24 +0,0 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X broxygen.config %INPUT -# @TEST-EXEC: btest-diff autogen-reST-func-params.rst - -@TEST-START-FILE broxygen.config -identifier test_func_params* autogen-reST-func-params.rst -@TEST-END-FILE - -## This is a global function declaration. -## -## i: First param. -## j: Second param. -## -## Returns: A string. -global test_func_params_func: function(i: int, j: int): string; - -type test_func_params_rec: record { - ## This is a record field function. - ## - ## i: First param. - ## j: Second param. - ## - ## Returns: A string. - field_func: function(i: int, j: int): string; -}; diff --git a/testing/btest/doc/broxygen/identifier.bro b/testing/btest/doc/broxygen/identifier.bro deleted file mode 100644 index ae49d812a0..0000000000 --- a/testing/btest/doc/broxygen/identifier.bro +++ /dev/null @@ -1,9 +0,0 @@ -# @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X broxygen.config %INPUT Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-diff test.rst - -@TEST-START-FILE broxygen.config -identifier BroxygenExample::* test.rst -@TEST-END-FILE - -@load broxygen diff --git a/testing/btest/doc/broxygen/package.bro b/testing/btest/doc/broxygen/package.bro deleted file mode 100644 index 6a9957804a..0000000000 --- a/testing/btest/doc/broxygen/package.bro +++ /dev/null @@ -1,9 +0,0 @@ -# @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X broxygen.config %INPUT Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-diff test.rst - -@TEST-START-FILE broxygen.config -package broxygen test.rst -@TEST-END-FILE - -@load broxygen diff --git a/testing/btest/doc/broxygen/package_index.bro b/testing/btest/doc/broxygen/package_index.bro deleted file mode 100644 index 49c367aa48..0000000000 --- a/testing/btest/doc/broxygen/package_index.bro +++ /dev/null @@ -1,9 +0,0 @@ -# @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X broxygen.config %INPUT Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-diff test.rst - -@TEST-START-FILE broxygen.config -package_index broxygen test.rst -@TEST-END-FILE - -@load broxygen diff --git a/testing/btest/doc/broxygen/records.bro b/testing/btest/doc/broxygen/records.bro deleted file mode 100644 index fbaa957a9f..0000000000 --- a/testing/btest/doc/broxygen/records.bro +++ /dev/null @@ -1,26 +0,0 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X broxygen.config %INPUT -# @TEST-EXEC: btest-diff autogen-reST-records.rst - -@TEST-START-FILE broxygen.config -identifier TestRecord* autogen-reST-records.rst -@TEST-END-FILE - -# undocumented record -type TestRecord1: record { - field1: bool; - field2: count; -}; - -## Here's the ways records and record fields can be documented. -type TestRecord2: record { - ## document ``A`` - A: count; - - B: bool; ##< document ``B`` - - ## and now ``C`` - C: TestRecord1; ##< is a declared type - - ## sets/tables should show the index types - D: set[count, bool]; -}; diff --git a/testing/btest/doc/broxygen/script_index.bro b/testing/btest/doc/broxygen/script_index.bro deleted file mode 100644 index ab257ad35d..0000000000 --- a/testing/btest/doc/broxygen/script_index.bro +++ /dev/null @@ -1,9 +0,0 @@ -# @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X broxygen.config %INPUT Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-diff test.rst - -@TEST-START-FILE broxygen.config -script_index broxygen/* test.rst -@TEST-END-FILE - -@load broxygen diff --git a/testing/btest/doc/broxygen/script_summary.bro b/testing/btest/doc/broxygen/script_summary.bro deleted file mode 100644 index a517a08072..0000000000 --- a/testing/btest/doc/broxygen/script_summary.bro +++ /dev/null @@ -1,9 +0,0 @@ -# @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X broxygen.config %INPUT Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-diff test.rst - -@TEST-START-FILE broxygen.config -script_summary broxygen/example.bro test.rst -@TEST-END-FILE - -@load broxygen diff --git a/testing/btest/doc/broxygen/type-aliases.bro b/testing/btest/doc/broxygen/type-aliases.bro deleted file mode 100644 index 0971327c2b..0000000000 --- a/testing/btest/doc/broxygen/type-aliases.bro +++ /dev/null @@ -1,34 +0,0 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X broxygen.config %INPUT -# @TEST-EXEC: btest-diff autogen-reST-type-aliases.rst - -@TEST-START-FILE broxygen.config -identifier BroxygenTest::* autogen-reST-type-aliases.rst -@TEST-END-FILE - -module BroxygenTest; - -export { - ## This is just an alias for a builtin type ``bool``. - type TypeAlias: bool; - - ## This type should get its own comments, not associated w/ TypeAlias. - type NotTypeAlias: bool; - - ## This cross references ``bool`` in the description of its type - ## instead of ``TypeAlias`` just because it seems more useful -- - ## one doesn't have to click through the full type alias chain to - ## find out what the actual type is... - type OtherTypeAlias: TypeAlias; - - ## But this should reference a type of ``TypeAlias``. - global a: TypeAlias; - - ## And this should reference a type of ``OtherTypeAlias``. - global b: OtherTypeAlias; - - type MyRecord: record { - f1: TypeAlias; - f2: OtherTypeAlias; - f3: bool; - }; -} diff --git a/testing/btest/doc/broxygen/vectors.bro b/testing/btest/doc/broxygen/vectors.bro deleted file mode 100644 index 7c18225357..0000000000 --- a/testing/btest/doc/broxygen/vectors.bro +++ /dev/null @@ -1,20 +0,0 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X broxygen.config %INPUT -# @TEST-EXEC: btest-diff autogen-reST-vectors.rst - -@TEST-START-FILE broxygen.config -identifier test_vector* autogen-reST-vectors.rst -@TEST-END-FILE - -type TestRecord: record { - field1: bool; - field2: count; -}; - -## Yield type is documented/cross-referenced for primitize types. -global test_vector0: vector of string; - -## Yield type is documented/cross-referenced for composite types. -global test_vector1: vector of TestRecord; - -## Just showing an even fancier yield type. -global test_vector2: vector of vector of TestRecord; diff --git a/testing/btest/doc/record-add.bro b/testing/btest/doc/record-add.bro deleted file mode 100644 index 284ea22959..0000000000 --- a/testing/btest/doc/record-add.bro +++ /dev/null @@ -1,36 +0,0 @@ -# @TEST-EXEC: bro -b %INPUT - -# To support documentation of type aliases, Bro clones declared types -# (see add_type() in Var.cc) in order to keep track of type names and aliases. -# This test makes sure that the cloning is done in a way that's compatible -# with adding fields to a record type -- we want to be sure that cloning -# a type that contains record types will correctly see field additions to -# those contained-records. - -type my_record: record { - field1: bool; - field2: string; -}; - -type super_record: record { - rec: my_record; -}; -type my_table: table[count] of my_record; -type my_vector: vector of my_record; - -redef record my_record += { - field3: count &optional; -}; - -global a: my_record; -global b: super_record; -global c: my_table; -global d: my_vector; - -function test_func() - { - a?$field3; - b$rec?$field3; - c[0]$field3; - d[0]$field3; - } diff --git a/testing/btest/doc/record-attr-check.bro b/testing/btest/doc/record-attr-check.bro deleted file mode 100644 index c7dc74631d..0000000000 --- a/testing/btest/doc/record-attr-check.bro +++ /dev/null @@ -1,9 +0,0 @@ -# @TEST-EXEC: bro -b %INPUT - -type Tag: enum { - SOMETHING -}; - -type R: record { - field1: set[Tag] &default=set(); -}; diff --git a/testing/btest/language/addr.bro b/testing/btest/language/addr.bro index dd7e5e1dff..dff376ec4a 100644 --- a/testing/btest/language/addr.bro +++ b/testing/btest/language/addr.bro @@ -7,7 +7,7 @@ function test_case(msg: string, expect: bool) } -event bro_init() +event zeek_init() { # IPv4 addresses local a1: addr = 0.0.0.0; diff --git a/testing/btest/language/any.bro b/testing/btest/language/any.bro index fca23f6db8..32daa36903 100644 --- a/testing/btest/language/any.bro +++ b/testing/btest/language/any.bro @@ -11,7 +11,7 @@ function anyarg(arg1: any, arg1type: string) test_case( arg1type, type_name(arg1) == arg1type ); } -event bro_init() +event zeek_init() { local any1: any = 5; local any2: any = "bar"; diff --git a/testing/btest/language/at-if-event.bro b/testing/btest/language/at-if-event.bro index 0dd9815908..2ac757810d 100644 --- a/testing/btest/language/at-if-event.bro +++ b/testing/btest/language/at-if-event.bro @@ -12,7 +12,7 @@ lalala } @if ( 1==1 ) -event bro_init() +event zeek_init() @else lalala @endif @@ -24,7 +24,7 @@ lalala @if ( 1==0 ) lalala @else -event bro_init() +event zeek_init() @endif { print "3"; @@ -32,7 +32,7 @@ event bro_init() @if ( 1==1 ) @if ( 1==1 ) -event bro_init() +event zeek_init() @endif @else lalala @@ -42,7 +42,7 @@ lalala } @if ( 1==1 ) -event bro_init() &priority=10 +event zeek_init() &priority=10 @else lalala @endif diff --git a/testing/btest/language/at-if-invalid.bro b/testing/btest/language/at-if-invalid.bro index 1be2b94304..e2e5e2c699 100644 --- a/testing/btest/language/at-if-invalid.bro +++ b/testing/btest/language/at-if-invalid.bro @@ -6,7 +6,7 @@ function foo(c: count): bool global TRUE_CONDITION = T; -event bro_init() +event zeek_init() { local xyz = 0; local local_true_condition = T; diff --git a/testing/btest/language/at-if.bro b/testing/btest/language/at-if.bro index dddf9a22a5..1aba7b9ded 100644 --- a/testing/btest/language/at-if.bro +++ b/testing/btest/language/at-if.bro @@ -11,7 +11,7 @@ function foo(c: count): bool global TRUE_CONDITION = T; -event bro_init() +event zeek_init() { local xyz = 0; diff --git a/testing/btest/language/at-ifdef.bro b/testing/btest/language/at-ifdef.bro index e7bb961833..ebc59f7056 100644 --- a/testing/btest/language/at-ifdef.bro +++ b/testing/btest/language/at-ifdef.bro @@ -8,7 +8,7 @@ function test_case(msg: string, expect: bool) global thisisdefined = 123; -event bro_init() +event zeek_init() { local xyz = 0; diff --git a/testing/btest/language/at-ifndef.bro b/testing/btest/language/at-ifndef.bro index 8bff0c456b..6e4df4dd86 100644 --- a/testing/btest/language/at-ifndef.bro +++ b/testing/btest/language/at-ifndef.bro @@ -8,7 +8,7 @@ function test_case(msg: string, expect: bool) global thisisdefined = 123; -event bro_init() +event zeek_init() { local xyz = 0; diff --git a/testing/btest/language/at-load.bro b/testing/btest/language/at-load.bro index 7427cd639a..ae14eba436 100644 --- a/testing/btest/language/at-load.bro +++ b/testing/btest/language/at-load.bro @@ -5,7 +5,7 @@ @load secondtestfile -event bro_init() +event zeek_init() { test_case( "function", T ); test_case( "global variable", num == 123 ); diff --git a/testing/btest/language/attr-default-coercion.bro b/testing/btest/language/attr-default-coercion.bro index 14590d0033..8304169cfb 100644 --- a/testing/btest/language/attr-default-coercion.bro +++ b/testing/btest/language/attr-default-coercion.bro @@ -16,7 +16,7 @@ function foo(i: int &default = 237, d: double &default = 101) print i, d; } -event bro_init() +event zeek_init() { print t["nope"]; print r; diff --git a/testing/btest/language/bool.bro b/testing/btest/language/bool.bro index 8a1404459c..be54a442d9 100644 --- a/testing/btest/language/bool.bro +++ b/testing/btest/language/bool.bro @@ -7,7 +7,7 @@ function test_case(msg: string, expect: bool) } -event bro_init() +event zeek_init() { local b1: bool = T; local b2: bool = F; diff --git a/testing/btest/language/conditional-expression.bro b/testing/btest/language/conditional-expression.bro index ea0acf009f..4938b87b4d 100644 --- a/testing/btest/language/conditional-expression.bro +++ b/testing/btest/language/conditional-expression.bro @@ -21,7 +21,7 @@ function f2(): bool } -event bro_init() +event zeek_init() { local a: count; local b: count; diff --git a/testing/btest/language/const.bro b/testing/btest/language/const.bro index ee938e8d45..c30a9cec18 100644 --- a/testing/btest/language/const.bro +++ b/testing/btest/language/const.bro @@ -21,7 +21,7 @@ redef foo = 10; const bar = 9; -event bro_init() +event zeek_init() { const baz = 7; local i = foo; @@ -48,7 +48,7 @@ redef foo = 10; const bar = 9; -event bro_init() +event zeek_init() { const baz = 7; local s = 0; diff --git a/testing/btest/language/copy.bro b/testing/btest/language/copy.bro index 3ddbc15e23..e3d6b80d5b 100644 --- a/testing/btest/language/copy.bro +++ b/testing/btest/language/copy.bro @@ -8,7 +8,7 @@ function test_case(msg: string, expect: bool) -event bro_init() +event zeek_init() { # "b" is not a copy of "a" local a: set[string] = set("this", "test"); diff --git a/testing/btest/language/count.bro b/testing/btest/language/count.bro index 39a3786dfb..6e5dca8bc2 100644 --- a/testing/btest/language/count.bro +++ b/testing/btest/language/count.bro @@ -7,7 +7,7 @@ function test_case(msg: string, expect: bool) } -event bro_init() +event zeek_init() { local c1: count = 0; local c2: count = 5; diff --git a/testing/btest/language/deprecated.bro b/testing/btest/language/deprecated.bro index ec9c3c9e1e..9ac6996145 100644 --- a/testing/btest/language/deprecated.bro +++ b/testing/btest/language/deprecated.bro @@ -24,7 +24,7 @@ type my_other_enum: enum { TWO = 2 &deprecated }; -event bro_init() +event zeek_init() { print ZERO; print ONE; diff --git a/testing/btest/language/double.bro b/testing/btest/language/double.bro index f85b216828..f1338ca16d 100644 --- a/testing/btest/language/double.bro +++ b/testing/btest/language/double.bro @@ -7,7 +7,7 @@ function test_case(msg: string, expect: bool) } -event bro_init() +event zeek_init() { local d1: double = 3; local d2: double = +3; diff --git a/testing/btest/language/enum.bro b/testing/btest/language/enum.bro index 6de7d345da..c4aa2d71a1 100644 --- a/testing/btest/language/enum.bro +++ b/testing/btest/language/enum.bro @@ -14,7 +14,7 @@ type color: enum { Red, White, Blue, }; type city: enum { Rome, Paris }; -event bro_init() +event zeek_init() { local e1: color = Blue; local e2: color = White; diff --git a/testing/btest/language/event-local-var.bro b/testing/btest/language/event-local-var.bro index d4dd9d19a5..337cd37bac 100644 --- a/testing/btest/language/event-local-var.bro +++ b/testing/btest/language/event-local-var.bro @@ -7,7 +7,7 @@ event e1(num: count) print fmt("event 1: %s", num); } -event bro_init() +event zeek_init() { # Test assigning a local event variable to an event local v: event(num: count); diff --git a/testing/btest/language/event.bro b/testing/btest/language/event.bro index d4eef24731..5f9f552e0d 100644 --- a/testing/btest/language/event.bro +++ b/testing/btest/language/event.bro @@ -32,7 +32,7 @@ event e3(test: string) global e5: event(num: count); -event bro_init() +event zeek_init() { # Test calling an event with "event" statement event e1(); diff --git a/testing/btest/language/expire-expr-error.bro b/testing/btest/language/expire-expr-error.bro index 7c9a3aa318..b2ac4d7c55 100644 --- a/testing/btest/language/expire-expr-error.bro +++ b/testing/btest/language/expire-expr-error.bro @@ -20,7 +20,7 @@ event do_it() } -event bro_init() &priority=-10 +event zeek_init() &priority=-10 { data[0] = "some data"; schedule 1sec { do_it() }; diff --git a/testing/btest/language/expire-func-undef.bro b/testing/btest/language/expire-func-undef.bro index eb864d2390..2da735a9be 100644 --- a/testing/btest/language/expire-func-undef.bro +++ b/testing/btest/language/expire-func-undef.bro @@ -29,7 +29,7 @@ event new_connection(c: connection) } -event bro_done() +event zeek_done() { for (o in distinct_peers) diff --git a/testing/btest/language/expire-redef.bro b/testing/btest/language/expire-redef.bro index 5cbb00f313..552e26cce0 100644 --- a/testing/btest/language/expire-redef.bro +++ b/testing/btest/language/expire-redef.bro @@ -30,7 +30,7 @@ function expired(tbl: table[int] of string, idx: int): interval return 0sec; } -event bro_init() &priority=-10 +event zeek_init() &priority=-10 { data[0] = "some data"; schedule 4sec { do_it() }; diff --git a/testing/btest/language/expire_func.test b/testing/btest/language/expire_func.test index 653a4d9a86..c66a901a4f 100644 --- a/testing/btest/language/expire_func.test +++ b/testing/btest/language/expire_func.test @@ -9,7 +9,7 @@ function inform_me(s: set[string], idx: string): interval global s: set[string] &create_expire=1secs &expire_func=inform_me; -event bro_init() +event zeek_init() { add s["i"]; add s["am"]; diff --git a/testing/btest/language/expire_func_mod.bro b/testing/btest/language/expire_func_mod.bro index 4790a9650e..8b14dad74c 100644 --- a/testing/btest/language/expire_func_mod.bro +++ b/testing/btest/language/expire_func_mod.bro @@ -33,7 +33,7 @@ function table_expire_func(t: table[string] of count, s: string): interval return 0 secs; } -event bro_init() +event zeek_init() { local s="ashish"; t[s] = 1 ; diff --git a/testing/btest/language/expire_subnet.test b/testing/btest/language/expire_subnet.test index 12d5e56b5a..f0bf388ad0 100644 --- a/testing/btest/language/expire_subnet.test +++ b/testing/btest/language/expire_subnet.test @@ -55,7 +55,7 @@ function execute_test() ### Events ### -event bro_init() +event zeek_init() { step = 0; diff --git a/testing/btest/language/file.bro b/testing/btest/language/file.bro index 47430b6813..80d10a4d1f 100644 --- a/testing/btest/language/file.bro +++ b/testing/btest/language/file.bro @@ -3,7 +3,7 @@ # @TEST-EXEC: btest-diff out2 -event bro_init() +event zeek_init() { local f1: file = open( "out1" ); print f1, 20; diff --git a/testing/btest/language/for.bro b/testing/btest/language/for.bro index 5f0c211597..acf9612927 100644 --- a/testing/btest/language/for.bro +++ b/testing/btest/language/for.bro @@ -8,7 +8,7 @@ function test_case(msg: string, expect: bool) -event bro_init() +event zeek_init() { local vv: vector of string = vector( "a", "b", "c" ); local ct: count = 0; diff --git a/testing/btest/language/func-assignment.bro b/testing/btest/language/func-assignment.bro index 576d7f3270..724eac38ae 100644 --- a/testing/btest/language/func-assignment.bro +++ b/testing/btest/language/func-assignment.bro @@ -16,7 +16,7 @@ type sample_function: record { f: function(str: string): string; }; -event bro_init() +event zeek_init() { local test_sf: sample_function; test_sf$s = "Brogrammers, like bowties, are cool."; diff --git a/testing/btest/language/function.bro b/testing/btest/language/function.bro index ab60c4fa62..db2ac675b0 100644 --- a/testing/btest/language/function.bro +++ b/testing/btest/language/function.bro @@ -45,7 +45,7 @@ function f7(test: string): bool return F; } -event bro_init() +event zeek_init() { f1(); f2(); diff --git a/testing/btest/language/hook.bro b/testing/btest/language/hook.bro index 3edfd9556c..c14e153577 100644 --- a/testing/btest/language/hook.bro +++ b/testing/btest/language/hook.bro @@ -91,7 +91,7 @@ function printMe(s: string): bool return T; } -event bro_init() +event zeek_init() { print hook myhook([$a=1156, $b="hello world"]); diff --git a/testing/btest/language/hook_calls.bro b/testing/btest/language/hook_calls.bro index 41ef6f52ae..0e9e873662 100644 --- a/testing/btest/language/hook_calls.bro +++ b/testing/btest/language/hook_calls.bro @@ -33,7 +33,7 @@ global t: table[count] of hook(i: count) = { [0] = myhook, }; -event bro_init() +event zeek_init() { hook myhook(3); print hook myhook(3); @@ -66,7 +66,7 @@ hook myhook(i: count) if ( i == 0 ) break; } -event bro_init() +event zeek_init() { myhook(3); print myhook(3); diff --git a/testing/btest/language/if.bro b/testing/btest/language/if.bro index 785030a012..9f3be4dd1b 100644 --- a/testing/btest/language/if.bro +++ b/testing/btest/language/if.bro @@ -8,7 +8,7 @@ function test_case(msg: string, expect: bool) -event bro_init() +event zeek_init() { # Test "if" without "else" diff --git a/testing/btest/language/index-assignment-invalid.bro b/testing/btest/language/index-assignment-invalid.bro index 68458eb149..662b73ff91 100644 --- a/testing/btest/language/index-assignment-invalid.bro +++ b/testing/btest/language/index-assignment-invalid.bro @@ -27,7 +27,7 @@ function foo(s: string, c: count) bar(c + 42); } -event bro_init() +event zeek_init() { Queue::put(q, "hello"); Queue::put(q, "goodbye"); diff --git a/testing/btest/language/init-in-anon-function.bro b/testing/btest/language/init-in-anon-function.bro index 45f5f09f09..4da70dd2f4 100644 --- a/testing/btest/language/init-in-anon-function.bro +++ b/testing/btest/language/init-in-anon-function.bro @@ -3,7 +3,7 @@ module Foo; -event bro_init() { +event zeek_init() { Log::remove_default_filter(HTTP::LOG); diff --git a/testing/btest/language/int.bro b/testing/btest/language/int.bro index f511d82bbb..d4314c8367 100644 --- a/testing/btest/language/int.bro +++ b/testing/btest/language/int.bro @@ -7,7 +7,7 @@ function test_case(msg: string, expect: bool) } -event bro_init() +event zeek_init() { local i1: int = 3; local i2: int = +3; diff --git a/testing/btest/language/interval.bro b/testing/btest/language/interval.bro index 0bb912c4d9..c8b975e637 100644 --- a/testing/btest/language/interval.bro +++ b/testing/btest/language/interval.bro @@ -12,7 +12,7 @@ function approx_equal(x: double, y: double): bool return |(x - y)/x| < 1e-6 ? T : F; } -event bro_init() +event zeek_init() { # Constants without space and no letter "s" diff --git a/testing/btest/language/module.bro b/testing/btest/language/module.bro index 3278697a8d..7f2512741f 100644 --- a/testing/btest/language/module.bro +++ b/testing/btest/language/module.bro @@ -30,7 +30,7 @@ event testevent(msg: string) # In this source file, we try to access each exported object from the module -event bro_init() +event zeek_init() { thisisatest::test_case( "function", T ); thisisatest::test_case( "global variable", thisisatest::num == 123 ); diff --git a/testing/btest/language/named-table-ctors.bro b/testing/btest/language/named-table-ctors.bro index 1fad56e30f..45d0974832 100644 --- a/testing/btest/language/named-table-ctors.bro +++ b/testing/btest/language/named-table-ctors.bro @@ -17,7 +17,7 @@ global mytablecomp: FooTableComp = FooTableComp(["test", 1] = "test1", ["cool", 2] = "cool2"); global mytabley: FooTableY = FooTableY(["one"] = 1, ["two"] = 2, ["three"] = 3) &default=0; -event bro_init() +event zeek_init() { print mytable; print mytablerec; diff --git a/testing/btest/language/next-test.bro b/testing/btest/language/next-test.bro index d46ad187c4..83523dd59b 100644 --- a/testing/btest/language/next-test.bro +++ b/testing/btest/language/next-test.bro @@ -4,7 +4,7 @@ # This script tests "next" being called during the last iteration of a # for loop -event bro_done() +event zeek_done() { local number_set: set[count]; diff --git a/testing/btest/language/no-module.bro b/testing/btest/language/no-module.bro index fff55d3854..4d1372f10c 100644 --- a/testing/btest/language/no-module.bro +++ b/testing/btest/language/no-module.bro @@ -23,7 +23,7 @@ event testevent(msg: string) # In this script, we try to access each object defined in the other script -event bro_init() +event zeek_init() { test_case( "function", T ); test_case( "global variable", num == 123 ); diff --git a/testing/btest/language/null-statement.bro b/testing/btest/language/null-statement.bro index 20c70f4876..69861ce96e 100644 --- a/testing/btest/language/null-statement.bro +++ b/testing/btest/language/null-statement.bro @@ -7,7 +7,7 @@ function f1(test: string) ; # null statement in function } -event bro_init() +event zeek_init() { local s1: set[string] = set( "this", "test" ); diff --git a/testing/btest/language/outer_param_binding.bro b/testing/btest/language/outer_param_binding.bro index fb37fd4712..a197cb87fb 100644 --- a/testing/btest/language/outer_param_binding.bro +++ b/testing/btest/language/outer_param_binding.bro @@ -21,7 +21,7 @@ function bar(b: string, c: string) print f$x("2"); } -event bro_init() +event zeek_init() { bar("1", "20"); } diff --git a/testing/btest/language/pattern.bro b/testing/btest/language/pattern.bro index e427b70e80..ae9cb15bf7 100644 --- a/testing/btest/language/pattern.bro +++ b/testing/btest/language/pattern.bro @@ -7,7 +7,7 @@ function test_case(msg: string, expect: bool) } -event bro_init() +event zeek_init() { local p1: pattern = /foo|bar/; local p2: pattern = /oob/; diff --git a/testing/btest/language/port.bro b/testing/btest/language/port.bro index a9c7fd33e7..81d7704c14 100644 --- a/testing/btest/language/port.bro +++ b/testing/btest/language/port.bro @@ -7,7 +7,7 @@ function test_case(msg: string, expect: bool) } -event bro_init() +event zeek_init() { local p1: port = 1/icmp; local p2: port = 2/udp; diff --git a/testing/btest/language/precedence.bro b/testing/btest/language/precedence.bro index 27fc1e024a..9d74c67262 100644 --- a/testing/btest/language/precedence.bro +++ b/testing/btest/language/precedence.bro @@ -9,7 +9,7 @@ function test_case(msg: string, expect: bool) # This is an incomplete set of tests to demonstrate the order of precedence # of bro script operators -event bro_init() +event zeek_init() { local n1: int; local n2: int; diff --git a/testing/btest/language/raw_output_attr.test b/testing/btest/language/raw_output_attr.test index 8bcd479fbf..3af94dc727 100644 --- a/testing/btest/language/raw_output_attr.test +++ b/testing/btest/language/raw_output_attr.test @@ -8,7 +8,7 @@ # first check local variable of file type w/ &raw_output -event bro_init() +event zeek_init() { local myfile: file; myfile = open("myfile"); diff --git a/testing/btest/language/record-ceorce-orphan.bro b/testing/btest/language/record-ceorce-orphan.bro index 126b99d5ff..d72f447a12 100644 --- a/testing/btest/language/record-ceorce-orphan.bro +++ b/testing/btest/language/record-ceorce-orphan.bro @@ -12,7 +12,7 @@ function myfunc(rec: myrec) print rec; } -event bro_init() +event zeek_init() { # Orhpaned fields in a record coercion reflect a programming error, like a typo, so should # be reported at parse-time to prevent unexpected run-time behavior. diff --git a/testing/btest/language/record-coerce-clash.bro b/testing/btest/language/record-coerce-clash.bro index a0bd6f21ad..5dab9ded8a 100644 --- a/testing/btest/language/record-coerce-clash.bro +++ b/testing/btest/language/record-coerce-clash.bro @@ -7,7 +7,7 @@ type myrec: record { cid: conn_id; }; -event bro_init() +event zeek_init() { local mr: myrec; mr = [$cid = [$orig_h=1.2.3.4,$orig_p=0/tcp,$resp_h=0.0.0.0,$resp_p=wrong]]; diff --git a/testing/btest/language/record-function-recursion.bro b/testing/btest/language/record-function-recursion.bro index 90832bfa69..d6a1587962 100644 --- a/testing/btest/language/record-function-recursion.bro +++ b/testing/btest/language/record-function-recursion.bro @@ -13,7 +13,7 @@ redef record Outer += { inner: Inner &optional; }; -event bro_init() { +event zeek_init() { local o = Outer(); print o; print type_name(o); diff --git a/testing/btest/language/record-recursive-coercion.bro b/testing/btest/language/record-recursive-coercion.bro index 0eb24a70d9..4d17c0dee3 100644 --- a/testing/btest/language/record-recursive-coercion.bro +++ b/testing/btest/language/record-recursive-coercion.bro @@ -32,7 +32,7 @@ function foo_func(fc: FooContainer) print fc; } -event bro_init() +event zeek_init() { for ( sw in matched_software ) print matched_software[sw]$version; diff --git a/testing/btest/language/record-type-checking.bro b/testing/btest/language/record-type-checking.bro index d58937d577..5e50a4d8bc 100644 --- a/testing/btest/language/record-type-checking.bro +++ b/testing/btest/language/record-type-checking.bro @@ -13,7 +13,7 @@ global gren: MyRec = MyRec($a = 1); # type clash in init # global, type deduction, anon ctor global grda = [$a = 2]; # fine -event bro_init() +event zeek_init() { grda = MyRec($a = 2); # type clash in assignment } @@ -22,26 +22,26 @@ event bro_init() global grea: MyRec = [$a = 3]; # type clash # local, type deduction, named ctor -event bro_init() +event zeek_init() { local lrdn = MyRec($a = 1000); # type clash } # local, type explicit, named ctor -event bro_init() +event zeek_init() { local lren: MyRec = MyRec($a = 1001); # type clash } # local, type deduction, anon ctor -event bro_init() +event zeek_init() { local lrda = [$a = 1002]; # fine lrda = MyRec($a = 1002); # type clash } # local, type explicit, anon ctor -event bro_init() +event zeek_init() { local lrea: MyRec = [$a = 1003]; # type clash } diff --git a/testing/btest/language/redef-same-prefixtable-idx.bro b/testing/btest/language/redef-same-prefixtable-idx.bro index 13cf27cc0f..e0e16060f4 100644 --- a/testing/btest/language/redef-same-prefixtable-idx.bro +++ b/testing/btest/language/redef-same-prefixtable-idx.bro @@ -10,7 +10,7 @@ redef my_table[3.0.0.0/8] = 2.0.0.0/8; # redef my_table += { [3.0.0.0/8] = 1.0.0.0/8 }; # redef my_table += { [3.0.0.0/8] = 2.0.0.0/8 }; -event bro_init() +event zeek_init() { print my_table; print my_table[3.0.0.0/8]; diff --git a/testing/btest/language/returnwhen.bro b/testing/btest/language/returnwhen.bro index 593841eb7e..79f55fbfc2 100644 --- a/testing/btest/language/returnwhen.bro +++ b/testing/btest/language/returnwhen.bro @@ -58,7 +58,7 @@ event do_another() } } -event bro_init() +event zeek_init() { local local_dummy = dummyfunc; diff --git a/testing/btest/language/set-opt-record-index.bro b/testing/btest/language/set-opt-record-index.bro index d42de8b041..f22c144595 100644 --- a/testing/btest/language/set-opt-record-index.bro +++ b/testing/btest/language/set-opt-record-index.bro @@ -8,7 +8,7 @@ type FOO: record { b: count &optional; }; -event bro_init() +event zeek_init() { local set_of_foo: set[FOO] = set(); diff --git a/testing/btest/language/set-type-checking.bro b/testing/btest/language/set-type-checking.bro index 3c82a29730..3518b8a02d 100644 --- a/testing/btest/language/set-type-checking.bro +++ b/testing/btest/language/set-type-checking.bro @@ -11,7 +11,7 @@ global gen: MySet = MySet(1); # type clash in init # global, type deduction, anon ctor global gda = set(2); # fine -event bro_init() +event zeek_init() { gda = MySet(2); # type clash in assignment } @@ -20,26 +20,26 @@ event bro_init() global gea: MySet = set(3); # type clash # local, type deduction, named ctor -event bro_init() +event zeek_init() { local ldn = MySet(1000); # type clash } # local, type explicit, named ctor -event bro_init() +event zeek_init() { local len: MySet = MySet(1001); # type clash } # local, type deduction, anon ctor -event bro_init() +event zeek_init() { local lda = set(1002); # fine lda = MySet(1002); # type clash } # local, type explicit, anon ctor -event bro_init() +event zeek_init() { local lea: MySet = set(1003); # type clash } @@ -53,7 +53,7 @@ type MyRecord: record { global set_of_records: set[MyRecord]; -event bro_init() +event zeek_init() { # Set ctor w/ anonymous record ctor should coerce. set_of_records = set([$user="testuser", $host="testhost", $path="testpath"]); diff --git a/testing/btest/language/set.bro b/testing/btest/language/set.bro index 56cd649b49..53cf400795 100644 --- a/testing/btest/language/set.bro +++ b/testing/btest/language/set.bro @@ -13,7 +13,7 @@ global sg2: set[port, string, bool] = { [10/udp, "curly", F], [11/udp, "braces", T] }; global sg3 = { "more", "curly", "braces" }; -event bro_init() +event zeek_init() { local s1: set[string] = set( "test", "example" ); local s2: set[string] = set(); diff --git a/testing/btest/language/short-circuit.bro b/testing/btest/language/short-circuit.bro index 598ac8da35..70928f6441 100644 --- a/testing/btest/language/short-circuit.bro +++ b/testing/btest/language/short-circuit.bro @@ -21,7 +21,7 @@ function f_func(): bool } -event bro_init() +event zeek_init() { local res: bool; diff --git a/testing/btest/language/string.bro b/testing/btest/language/string.bro index abaa556b26..936ac3e493 100644 --- a/testing/btest/language/string.bro +++ b/testing/btest/language/string.bro @@ -7,7 +7,7 @@ function test_case(msg: string, expect: bool) } -event bro_init() +event zeek_init() { local s1: string = "a\ty"; # tab local s2: string = "a\nb"; # newline diff --git a/testing/btest/language/strings.bro b/testing/btest/language/strings.bro index f601797978..992fb2c5b3 100644 --- a/testing/btest/language/strings.bro +++ b/testing/btest/language/strings.bro @@ -4,7 +4,7 @@ # Demo policy for string functions # -event bro_init() +event zeek_init() { local s1: string = "broisaveryneatids"; diff --git a/testing/btest/language/subnet.bro b/testing/btest/language/subnet.bro index b3b50e085f..32cf11701e 100644 --- a/testing/btest/language/subnet.bro +++ b/testing/btest/language/subnet.bro @@ -7,7 +7,7 @@ function test_case(msg: string, expect: bool) } -event bro_init() +event zeek_init() { # IPv4 addr local a1: addr = 192.1.2.3; diff --git a/testing/btest/language/switch-incomplete.bro b/testing/btest/language/switch-incomplete.bro index 7ee800b274..dedf529ccb 100644 --- a/testing/btest/language/switch-incomplete.bro +++ b/testing/btest/language/switch-incomplete.bro @@ -1,7 +1,7 @@ # @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out -event bro_init() +event zeek_init() { switch ( 1 ) { case 1: diff --git a/testing/btest/language/switch-statement.bro b/testing/btest/language/switch-statement.bro index 152b14f87d..1035cb4b2e 100644 --- a/testing/btest/language/switch-statement.bro +++ b/testing/btest/language/switch-statement.bro @@ -219,7 +219,7 @@ function test_switch(actual: string, expect: string) print fmt("%s != %s", actual, expect); } -event bro_init() +event zeek_init() { test_switch( switch_bool(T) , "true" ); test_switch( switch_bool(F) , "false" ); diff --git a/testing/btest/language/switch-types-vars.bro b/testing/btest/language/switch-types-vars.bro index 1b0ca5591b..3e33e1c17f 100644 --- a/testing/btest/language/switch-types-vars.bro +++ b/testing/btest/language/switch-types-vars.bro @@ -36,7 +36,7 @@ function switch_one(v: any) } } -event bro_init() +event zeek_init() { switch_one("My StrIng"); switch_one(42); diff --git a/testing/btest/language/switch-types.bro b/testing/btest/language/switch-types.bro index 468ba93922..2ebddea6f0 100644 --- a/testing/btest/language/switch-types.bro +++ b/testing/btest/language/switch-types.bro @@ -30,7 +30,7 @@ function switch_one_no_default(v: any): string } -event bro_init() +event zeek_init() { print switch_one("string"); print switch_one(42); diff --git a/testing/btest/language/table-init-attrs.bro b/testing/btest/language/table-init-attrs.bro index 76d98b9fed..9d3403642a 100644 --- a/testing/btest/language/table-init-attrs.bro +++ b/testing/btest/language/table-init-attrs.bro @@ -51,7 +51,7 @@ global inception_table2: table[count] of table[count] of string = { [0] = table([13] = "bar") &default="forty-two", } &default=table() &default="we need to go deeper"; -event bro_init() +event zeek_init() { print "my_set_ctor_init"; print my_set_ctor_init; diff --git a/testing/btest/language/table-init.bro b/testing/btest/language/table-init.bro index 7419a50879..cc94589974 100644 --- a/testing/btest/language/table-init.bro +++ b/testing/btest/language/table-init.bro @@ -6,7 +6,7 @@ global global_table: table[count] of string = { [2] = "two" } &default = "global table default"; -event bro_init() +event zeek_init() { local local_table: table[count] of string = { [3] = "three", diff --git a/testing/btest/language/table-type-checking.bro b/testing/btest/language/table-type-checking.bro index f579a83d37..639a2d021d 100644 --- a/testing/btest/language/table-type-checking.bro +++ b/testing/btest/language/table-type-checking.bro @@ -12,7 +12,7 @@ global gen: MyTable = MyTable(["one"] = 1); # type clash in init # global, type deduction, anon ctor global gda = table(["two"] = 2); # fine global gda2 = MyTable([2/tcp] = 2); # fine -event bro_init() +event zeek_init() { gda = gda2; # type clash } @@ -21,26 +21,26 @@ event bro_init() global gea: MyTable = table(["three"] = 3); # type clash # local, type deduction, named ctor -event bro_init() +event zeek_init() { local ldn = MyTable(["thousand"] = 1000); # type clash } # local, type explicit, named ctor -event bro_init() +event zeek_init() { local len: MyTable = MyTable(["thousand-one"] = 1001); # type clash } # local, type deduction, anon ctor -event bro_init() +event zeek_init() { local lda = table(["thousand-two"] = 1002); # fine lda = MyTable(["thousand-two"] = 1002); # type clash } # local, type explicit, anon ctor -event bro_init() +event zeek_init() { local lea: MyTable = table(["thousand-three"] = 1003); # type clash } diff --git a/testing/btest/language/table.bro b/testing/btest/language/table.bro index 3c8e8db280..98f7daa8e3 100644 --- a/testing/btest/language/table.bro +++ b/testing/btest/language/table.bro @@ -10,7 +10,7 @@ function test_case(msg: string, expect: bool) # type is not explicitly specified global tg1 = { [1] = "type", [2] = "inference", [3] = "test" }; -event bro_init() +event zeek_init() { local t1: table[count] of string = table( [5] = "test", [0] = "example" ); local t2: table[count] of string = table(); diff --git a/testing/btest/language/time.bro b/testing/btest/language/time.bro index dd4b6336fe..e8b71219ca 100644 --- a/testing/btest/language/time.bro +++ b/testing/btest/language/time.bro @@ -7,7 +7,7 @@ function test_case(msg: string, expect: bool) } -event bro_init() +event zeek_init() { local t1: time = current_time(); local t2: time = t1 + 3 sec; diff --git a/testing/btest/language/timeout.bro b/testing/btest/language/timeout.bro index 632ab18b5f..47906b35fb 100644 --- a/testing/btest/language/timeout.bro +++ b/testing/btest/language/timeout.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local h1: addr = 1.2.3.4; diff --git a/testing/btest/language/type-cast-any.bro b/testing/btest/language/type-cast-any.bro index ddd4ea2dbe..ad18a28646 100644 --- a/testing/btest/language/type-cast-any.bro +++ b/testing/btest/language/type-cast-any.bro @@ -27,7 +27,7 @@ function cast_to_X(a: any, b: X) print a, P, P is X, fmt("%s==%s => %s", b, P, Cmp); } -event bro_init() +event zeek_init() { local x: X; x = [$a = 1.2.3.4, $b=1947/tcp]; diff --git a/testing/btest/language/type-cast-error-dynamic.bro b/testing/btest/language/type-cast-error-dynamic.bro index c18548b0c4..fb0605b196 100644 --- a/testing/btest/language/type-cast-error-dynamic.bro +++ b/testing/btest/language/type-cast-error-dynamic.bro @@ -11,7 +11,7 @@ function cast_to_string(a: any) print a as string; } -event bro_init() +event zeek_init() { cast_to_string(42); } diff --git a/testing/btest/language/type-cast-error-static.bro b/testing/btest/language/type-cast-error-static.bro index 3533fef3cb..3d1afbe095 100644 --- a/testing/btest/language/type-cast-error-static.bro +++ b/testing/btest/language/type-cast-error-static.bro @@ -6,7 +6,7 @@ type X: record { b: port; }; -event bro_init() +event zeek_init() { local x: X; x = [$a = 1.2.3.4, $b=1947/tcp]; diff --git a/testing/btest/language/type-cast-same.bro b/testing/btest/language/type-cast-same.bro index 93c3b633fa..58e98bb0c0 100644 --- a/testing/btest/language/type-cast-same.bro +++ b/testing/btest/language/type-cast-same.bro @@ -6,7 +6,7 @@ type X: record { b: port; }; -event bro_init() +event zeek_init() { local x: X; x = [$a = 1.2.3.4, $b=1947/tcp]; diff --git a/testing/btest/language/type-check-any.bro b/testing/btest/language/type-check-any.bro index 5d882c8997..1b681a3420 100644 --- a/testing/btest/language/type-check-any.bro +++ b/testing/btest/language/type-check-any.bro @@ -11,7 +11,7 @@ function check(a: any) print a, a is string, a is count, a is X; } -event bro_init() +event zeek_init() { local x: X; x = [$a = 1.2.3.4, $b=1947/tcp]; diff --git a/testing/btest/language/type-check-vector.bro b/testing/btest/language/type-check-vector.bro index 461fb312fb..b92c654fb6 100644 --- a/testing/btest/language/type-check-vector.bro +++ b/testing/btest/language/type-check-vector.bro @@ -9,7 +9,7 @@ function check(a: any) print a as myvec; } -event bro_init() +event zeek_init() { local v = myvec("one", "two", 3); check(v); diff --git a/testing/btest/language/type-type-error.bro b/testing/btest/language/type-type-error.bro index 047e4b34ef..2f3e3913ef 100644 --- a/testing/btest/language/type-type-error.bro +++ b/testing/btest/language/type-type-error.bro @@ -5,7 +5,7 @@ type r: record { a: string; }; -event bro_init() +event zeek_init() { # This should generate a parse error indicating that the type identifier # is incorrectly used in an expression expecting a real value and not diff --git a/testing/btest/language/undefined-delete-field.bro b/testing/btest/language/undefined-delete-field.bro index 8271f016fe..a45e093527 100644 --- a/testing/btest/language/undefined-delete-field.bro +++ b/testing/btest/language/undefined-delete-field.bro @@ -7,7 +7,7 @@ type MyRecordType: record b: count; }; -event bro_init() +event zeek_init() { local x = MyRecordType($a=1, $b=2); diff --git a/testing/btest/language/uninitialized-local.bro b/testing/btest/language/uninitialized-local.bro index ae486ebf1f..ec4a6e61de 100644 --- a/testing/btest/language/uninitialized-local.bro +++ b/testing/btest/language/uninitialized-local.bro @@ -16,7 +16,7 @@ event testit() my_vector[0] = my_string; } -event bro_init() +event zeek_init() { event testit(); } diff --git a/testing/btest/language/uninitialized-local2.bro b/testing/btest/language/uninitialized-local2.bro index f11a5fda10..ed4045a1a3 100644 --- a/testing/btest/language/uninitialized-local2.bro +++ b/testing/btest/language/uninitialized-local2.bro @@ -19,7 +19,7 @@ event test() print "var_b is", var_b; } -event bro_init() +event zeek_init() { event test(); } diff --git a/testing/btest/language/vector-any-append.bro b/testing/btest/language/vector-any-append.bro index 816627fbf1..d501af6b15 100644 --- a/testing/btest/language/vector-any-append.bro +++ b/testing/btest/language/vector-any-append.bro @@ -11,7 +11,7 @@ function append(v: vector of any) v += |v|; } -event bro_init() +event zeek_init() { local v: vector of count; assign(v); diff --git a/testing/btest/language/vector-type-checking.bro b/testing/btest/language/vector-type-checking.bro index b4c75118d1..c0003503a4 100644 --- a/testing/btest/language/vector-type-checking.bro +++ b/testing/btest/language/vector-type-checking.bro @@ -12,7 +12,7 @@ global gen: MyVec = MyVec("one"); # type clash in init # global, type deduction, anon ctor global gda = vector("two"); # fine global gda2 = MyVec(2); # fine -event bro_init() +event zeek_init() { gda = gda2; # type clash } @@ -21,26 +21,26 @@ event bro_init() global gea: MyVec = vector("three"); # type clash # local, type deduction, named ctor -event bro_init() +event zeek_init() { local ldn = MyVec("thousand"); # type clash } # local, type explicit, named ctor -event bro_init() +event zeek_init() { local len: MyVec = MyVec("thousand-one"); # type clash } # local, type deduction, anon ctor -event bro_init() +event zeek_init() { local lda = vector("thousand-two"); # fine lda = MyVec("thousand-two"); # type clash } # local, type explicit, anon ctor -event bro_init() +event zeek_init() { local lea: MyVec = vector("thousand-three"); # type clash } diff --git a/testing/btest/language/vector.bro b/testing/btest/language/vector.bro index 0eafd6c60c..36ff7c0267 100644 --- a/testing/btest/language/vector.bro +++ b/testing/btest/language/vector.bro @@ -10,7 +10,7 @@ function test_case(msg: string, expect: bool) # Note: only global vectors can be initialized with curly braces global vg1: vector of string = { "curly", "braces" }; -event bro_init() +event zeek_init() { local v1: vector of string = vector( "test", "example" ); local v2: vector of string = vector(); diff --git a/testing/btest/language/when-unitialized-rhs.bro b/testing/btest/language/when-unitialized-rhs.bro index 21b94c6e02..196834c2ae 100644 --- a/testing/btest/language/when-unitialized-rhs.bro +++ b/testing/btest/language/when-unitialized-rhs.bro @@ -4,7 +4,7 @@ global crashMe: function(): string; global x: int; -event bro_init() +event zeek_init() { when( local result = crashMe() ) { diff --git a/testing/btest/language/when.bro b/testing/btest/language/when.bro index a2bad6a620..36914ce993 100644 --- a/testing/btest/language/when.bro +++ b/testing/btest/language/when.bro @@ -5,7 +5,7 @@ redef exit_only_after_terminate = T; -event bro_init() +event zeek_init() { local h: addr = 127.0.0.1; diff --git a/testing/btest/language/while.bro b/testing/btest/language/while.bro index 6828b00b41..d6588589f7 100644 --- a/testing/btest/language/while.bro +++ b/testing/btest/language/while.bro @@ -67,7 +67,7 @@ function test_return(): vector of string return rval; } -event bro_init() +event zeek_init() { test_noop(); test_it(); diff --git a/testing/btest/plugins/bifs-and-scripts-install.sh b/testing/btest/plugins/bifs-and-scripts-install.sh index 60c754f8ff..09013a0876 100644 --- a/testing/btest/plugins/bifs-and-scripts-install.sh +++ b/testing/btest/plugins/bifs-and-scripts-install.sh @@ -18,7 +18,7 @@ cat >scripts/demo/foo/__load__.bro <scripts/demo/foo/manually.bro <scripts/demo/foo/base/at-startup.bro <scripts/demo/foo/__load__.bro <scripts/demo/foo/manually.bro <scripts/demo/foo/base/at-startup.bro <&1 # @TEST-EXEC: btest-diff .stdout -event bro_init() +event zeek_init() { print "This should fail but not crash"; print Files::lookup_file("asdf"); diff --git a/testing/btest/scripts/base/frameworks/file-analysis/bifs/register_mime_type.bro b/testing/btest/scripts/base/frameworks/file-analysis/bifs/register_mime_type.bro index 9b6d11ce0d..df4573e418 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/bifs/register_mime_type.bro +++ b/testing/btest/scripts/base/frameworks/file-analysis/bifs/register_mime_type.bro @@ -1,7 +1,7 @@ # @TEST-EXEC: bro -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-diff files.log -event bro_init() +event zeek_init() { Files::register_for_mime_type(Files::ANALYZER_MD5, "text/plain"); }; diff --git a/testing/btest/scripts/base/frameworks/file-analysis/input/basic.bro b/testing/btest/scripts/base/frameworks/file-analysis/input/basic.bro index 053341c840..8598d3c1f4 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/input/basic.bro +++ b/testing/btest/scripts/base/frameworks/file-analysis/input/basic.bro @@ -18,7 +18,7 @@ redef test_get_file_name = function(f: fa_file): string T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY 4242 @TEST-END-FILE -event bro_init() +event zeek_init() { local source: string = "../input.log"; Input::add_analysis([$source=source, $reader=Input::READER_BINARY, diff --git a/testing/btest/scripts/base/frameworks/input/basic.bro b/testing/btest/scripts/base/frameworks/input/basic.bro index 356b87d70b..02c3b4ff79 100644 --- a/testing/btest/scripts/base/frameworks/input/basic.bro +++ b/testing/btest/scripts/base/frameworks/input/basic.bro @@ -47,7 +47,7 @@ type Val: record { global servers: table[int] of Val = table(); -event bro_init() +event zeek_init() { outfile = open("../out"); # first read in the old stuff into the table... diff --git a/testing/btest/scripts/base/frameworks/input/bignumber.bro b/testing/btest/scripts/base/frameworks/input/bignumber.bro index 15d711b1c4..b5b9d3fcae 100644 --- a/testing/btest/scripts/base/frameworks/input/bignumber.bro +++ b/testing/btest/scripts/base/frameworks/input/bignumber.bro @@ -26,7 +26,7 @@ type Val: record { global servers: table[int] of Val = table(); -event bro_init() +event zeek_init() { outfile = open("../out"); # first read in the old stuff into the table... diff --git a/testing/btest/scripts/base/frameworks/input/binary.bro b/testing/btest/scripts/base/frameworks/input/binary.bro index 11701fbd8a..072db53e11 100644 --- a/testing/btest/scripts/base/frameworks/input/binary.bro +++ b/testing/btest/scripts/base/frameworks/input/binary.bro @@ -45,7 +45,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, a: string, b } } -event bro_init() +event zeek_init() { try = 0; outfile = open("../out"); diff --git a/testing/btest/scripts/base/frameworks/input/config/basic.bro b/testing/btest/scripts/base/frameworks/input/config/basic.bro index c8d68fc822..a0a7df017f 100644 --- a/testing/btest/scripts/base/frameworks/input/config/basic.bro +++ b/testing/btest/scripts/base/frameworks/input/config/basic.bro @@ -67,7 +67,7 @@ event Input::end_of_data(name: string, source:string) terminate(); } -event bro_init() +event zeek_init() { outfile = open("../out"); Input::add_table([$reader=Input::READER_CONFIG, $source="../configfile", $name="configuration", $idx=Idx, $val=Val, $destination=currconfig, $want_record=F]); diff --git a/testing/btest/scripts/base/frameworks/input/config/errors.bro b/testing/btest/scripts/base/frameworks/input/config/errors.bro index 4f398956dc..262b4ff36d 100644 --- a/testing/btest/scripts/base/frameworks/input/config/errors.bro +++ b/testing/btest/scripts/base/frameworks/input/config/errors.bro @@ -58,7 +58,7 @@ event Input::end_of_data(name: string, source:string) terminate(); } -event bro_init() +event zeek_init() { outfile = open("../out"); Input::add_table([$reader=Input::READER_CONFIG, $source="../configfile", $name="configuration", $idx=Idx, $val=Val, $destination=currconfig, $want_record=F]); diff --git a/testing/btest/scripts/base/frameworks/input/default.bro b/testing/btest/scripts/base/frameworks/input/default.bro index c5b0e2f967..3c9880696d 100644 --- a/testing/btest/scripts/base/frameworks/input/default.bro +++ b/testing/btest/scripts/base/frameworks/input/default.bro @@ -33,7 +33,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, val: Val) print outfile, val; } -event bro_init() +event zeek_init() { outfile = open("../out"); Input::add_event([$source="../input.log", $name="input", $fields=Val, $ev=line, $want_record=T]); diff --git a/testing/btest/scripts/base/frameworks/input/empty-values-hashing.bro b/testing/btest/scripts/base/frameworks/input/empty-values-hashing.bro index b46c299c2c..b43044b963 100644 --- a/testing/btest/scripts/base/frameworks/input/empty-values-hashing.bro +++ b/testing/btest/scripts/base/frameworks/input/empty-values-hashing.bro @@ -52,7 +52,7 @@ event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, r print outfile, right; } -event bro_init() +event zeek_init() { outfile = open("../out"); try = 0; diff --git a/testing/btest/scripts/base/frameworks/input/emptyvals.bro b/testing/btest/scripts/base/frameworks/input/emptyvals.bro index 57e79dd977..6e45f56e8d 100644 --- a/testing/btest/scripts/base/frameworks/input/emptyvals.bro +++ b/testing/btest/scripts/base/frameworks/input/emptyvals.bro @@ -29,7 +29,7 @@ type Val: record { global servers: table[int] of Val = table(); -event bro_init() +event zeek_init() { outfile = open("../out"); # first read in the old stuff into the table... diff --git a/testing/btest/scripts/base/frameworks/input/errors.bro b/testing/btest/scripts/base/frameworks/input/errors.bro index 0d0376694a..296c43f450 100644 --- a/testing/btest/scripts/base/frameworks/input/errors.bro +++ b/testing/btest/scripts/base/frameworks/input/errors.bro @@ -148,7 +148,7 @@ event kill_me() terminate(); } -event bro_init() +event zeek_init() { outfile = open("out"); Input::add_event([$source="input.log", $name="file", $fields=FileVal, $ev=line_file, $want_record=T]); diff --git a/testing/btest/scripts/base/frameworks/input/event.bro b/testing/btest/scripts/base/frameworks/input/event.bro index 6b6a391939..1ac4e38af5 100644 --- a/testing/btest/scripts/base/frameworks/input/event.bro +++ b/testing/btest/scripts/base/frameworks/input/event.bro @@ -35,7 +35,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, i: int, b: b print outfile, b; } -event bro_init() +event zeek_init() { outfile = open("../out"); Input::add_event([$source="../input.log", $name="input", $fields=Val, $ev=line, $want_record=F]); diff --git a/testing/btest/scripts/base/frameworks/input/invalid-lines.bro b/testing/btest/scripts/base/frameworks/input/invalid-lines.bro index 83be1efd09..2a2e2b1e63 100644 --- a/testing/btest/scripts/base/frameworks/input/invalid-lines.bro +++ b/testing/btest/scripts/base/frameworks/input/invalid-lines.bro @@ -50,7 +50,7 @@ type Val: record { global servers: table[int] of Val = table(); global servers2: table[int] of Val = table(); -event bro_init() +event zeek_init() { outfile = open("../out"); # first read in the old stuff into the table... diff --git a/testing/btest/scripts/base/frameworks/input/invalidnumbers.bro b/testing/btest/scripts/base/frameworks/input/invalidnumbers.bro index f2fefaa5d0..4acaa63ee6 100644 --- a/testing/btest/scripts/base/frameworks/input/invalidnumbers.bro +++ b/testing/btest/scripts/base/frameworks/input/invalidnumbers.bro @@ -30,7 +30,7 @@ type Val: record { global servers: table[int] of Val = table(); -event bro_init() +event zeek_init() { outfile = open("../out"); # first read in the old stuff into the table... diff --git a/testing/btest/scripts/base/frameworks/input/invalidset.bro b/testing/btest/scripts/base/frameworks/input/invalidset.bro index 932060424e..d1ca5e3262 100644 --- a/testing/btest/scripts/base/frameworks/input/invalidset.bro +++ b/testing/btest/scripts/base/frameworks/input/invalidset.bro @@ -45,7 +45,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, v: Val) print outfile, "Event", v; } -event bro_init() +event zeek_init() { outfile = open("../out"); # first read in the old stuff into the table... diff --git a/testing/btest/scripts/base/frameworks/input/invalidtext.bro b/testing/btest/scripts/base/frameworks/input/invalidtext.bro index 3f5b590dec..3a30da30c8 100644 --- a/testing/btest/scripts/base/frameworks/input/invalidtext.bro +++ b/testing/btest/scripts/base/frameworks/input/invalidtext.bro @@ -46,7 +46,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, v: Val) print outfile, "Event", v; } -event bro_init() +event zeek_init() { outfile = open("../out"); # first read in the old stuff into the table... diff --git a/testing/btest/scripts/base/frameworks/input/missing-enum.bro b/testing/btest/scripts/base/frameworks/input/missing-enum.bro index 0d37aae453..abdc608447 100644 --- a/testing/btest/scripts/base/frameworks/input/missing-enum.bro +++ b/testing/btest/scripts/base/frameworks/input/missing-enum.bro @@ -22,7 +22,7 @@ type Val: record { global etable: table[int] of Log::ID = table(); -event bro_init() +event zeek_init() { # first read in the old stuff into the table... Input::add_table([$source="../input.log", $name="enum", $idx=Idx, $val=Val, $destination=etable, $want_record=F]); diff --git a/testing/btest/scripts/base/frameworks/input/missing-file-initially.bro b/testing/btest/scripts/base/frameworks/input/missing-file-initially.bro index 7c9f51994c..0fed78d120 100644 --- a/testing/btest/scripts/base/frameworks/input/missing-file-initially.bro +++ b/testing/btest/scripts/base/frameworks/input/missing-file-initially.bro @@ -50,7 +50,7 @@ event line2(description: Input::EventDescription, tpe: Input::Event, v: Val) } -event bro_init() +event zeek_init() { Input::add_event([$source="../does-not-exist.dat", $name="input", $reader=Input::READER_ASCII, $mode=Input::REREAD, $fields=Val, $ev=line, $want_record=T]); Input::add_event([$source="../does-not-exist.dat", $name="inputstream", $reader=Input::READER_ASCII, $mode=Input::STREAM, $fields=Val, $ev=line, $want_record=T]); diff --git a/testing/btest/scripts/base/frameworks/input/missing-file.bro b/testing/btest/scripts/base/frameworks/input/missing-file.bro index 2ec3bb937f..90fbeb175e 100644 --- a/testing/btest/scripts/base/frameworks/input/missing-file.bro +++ b/testing/btest/scripts/base/frameworks/input/missing-file.bro @@ -19,7 +19,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, i: int, b: b { } -event bro_init() +event zeek_init() { try = 0; outfile = open("../out"); diff --git a/testing/btest/scripts/base/frameworks/input/onecolumn-norecord.bro b/testing/btest/scripts/base/frameworks/input/onecolumn-norecord.bro index c38c4efd85..723227a1c3 100644 --- a/testing/btest/scripts/base/frameworks/input/onecolumn-norecord.bro +++ b/testing/btest/scripts/base/frameworks/input/onecolumn-norecord.bro @@ -28,7 +28,7 @@ type Val: record { global servers: table[int] of bool = table(); -event bro_init() +event zeek_init() { outfile = open("../out"); Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F]); diff --git a/testing/btest/scripts/base/frameworks/input/onecolumn-record.bro b/testing/btest/scripts/base/frameworks/input/onecolumn-record.bro index 3ee82983ff..33da194d84 100644 --- a/testing/btest/scripts/base/frameworks/input/onecolumn-record.bro +++ b/testing/btest/scripts/base/frameworks/input/onecolumn-record.bro @@ -28,7 +28,7 @@ type Val: record { global servers: table[int] of Val = table(); -event bro_init() +event zeek_init() { outfile = open("../out"); Input::add_table([$name="input", $source="../input.log", $idx=Idx, $val=Val, $destination=servers]); diff --git a/testing/btest/scripts/base/frameworks/input/optional.bro b/testing/btest/scripts/base/frameworks/input/optional.bro index 56c261999d..9b9d569ffe 100644 --- a/testing/btest/scripts/base/frameworks/input/optional.bro +++ b/testing/btest/scripts/base/frameworks/input/optional.bro @@ -35,7 +35,7 @@ type Val: record { global servers: table[int] of Val = table(); -event bro_init() +event zeek_init() { outfile = open("../out"); # first read in the old stuff into the table... diff --git a/testing/btest/scripts/base/frameworks/input/port-embedded.bro b/testing/btest/scripts/base/frameworks/input/port-embedded.bro index 8aab733069..32feb47c34 100644 --- a/testing/btest/scripts/base/frameworks/input/port-embedded.bro +++ b/testing/btest/scripts/base/frameworks/input/port-embedded.bro @@ -32,7 +32,7 @@ event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, r print left, right; } -event bro_init() +event zeek_init() { Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $ev=line, $destination=servers]); } diff --git a/testing/btest/scripts/base/frameworks/input/port.bro b/testing/btest/scripts/base/frameworks/input/port.bro index 48571c5ecd..d0bb823b74 100644 --- a/testing/btest/scripts/base/frameworks/input/port.bro +++ b/testing/btest/scripts/base/frameworks/input/port.bro @@ -27,7 +27,7 @@ type Val: record { global servers: table[addr] of Val = table(); -event bro_init() +event zeek_init() { outfile = open("../out"); Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers]); diff --git a/testing/btest/scripts/base/frameworks/input/predicate-stream.bro b/testing/btest/scripts/base/frameworks/input/predicate-stream.bro index aac44fb8ee..f8e7f8fdf3 100644 --- a/testing/btest/scripts/base/frameworks/input/predicate-stream.bro +++ b/testing/btest/scripts/base/frameworks/input/predicate-stream.bro @@ -64,7 +64,7 @@ event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, r terminate(); } -event bro_init() +event zeek_init() { outfile = open("../out"); ct = 0; diff --git a/testing/btest/scripts/base/frameworks/input/predicate.bro b/testing/btest/scripts/base/frameworks/input/predicate.bro index 9946e72211..171e1d42de 100644 --- a/testing/btest/scripts/base/frameworks/input/predicate.bro +++ b/testing/btest/scripts/base/frameworks/input/predicate.bro @@ -34,7 +34,7 @@ type Val: record { global servers: table[int] of bool = table(); -event bro_init() +event zeek_init() { outfile = open("../out"); # first read in the old stuff into the table... diff --git a/testing/btest/scripts/base/frameworks/input/predicatemodify.bro b/testing/btest/scripts/base/frameworks/input/predicatemodify.bro index 13ed38d6ba..80e8c6aac8 100644 --- a/testing/btest/scripts/base/frameworks/input/predicatemodify.bro +++ b/testing/btest/scripts/base/frameworks/input/predicatemodify.bro @@ -31,7 +31,7 @@ type Val: record { global servers: table[int, string] of Val = table(); -event bro_init() +event zeek_init() { outfile = open("../out"); diff --git a/testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.bro b/testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.bro index 2c6b58ff2d..53708b4fdd 100644 --- a/testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.bro +++ b/testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.bro @@ -75,7 +75,7 @@ global servers: table[int, string] of Val = table(); global outfile: file; global try: count; -event bro_init() +event zeek_init() { try = 0; outfile = open("../out"); diff --git a/testing/btest/scripts/base/frameworks/input/predicaterefusesecondsamerecord.bro b/testing/btest/scripts/base/frameworks/input/predicaterefusesecondsamerecord.bro index ae756431cd..6d4147ad06 100644 --- a/testing/btest/scripts/base/frameworks/input/predicaterefusesecondsamerecord.bro +++ b/testing/btest/scripts/base/frameworks/input/predicaterefusesecondsamerecord.bro @@ -35,7 +35,7 @@ type Val: record { global servers: table[addr] of Val = table(); -event bro_init() +event zeek_init() { outfile = open("../out"); # first read in the old stuff into the table... diff --git a/testing/btest/scripts/base/frameworks/input/raw/basic.bro b/testing/btest/scripts/base/frameworks/input/raw/basic.bro index 377e34aca7..cb9e0269ea 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/basic.bro +++ b/testing/btest/scripts/base/frameworks/input/raw/basic.bro @@ -38,7 +38,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, s: string) } } -event bro_init() +event zeek_init() { try = 0; outfile = open("../out"); diff --git a/testing/btest/scripts/base/frameworks/input/raw/execute.bro b/testing/btest/scripts/base/frameworks/input/raw/execute.bro index 783b974c0f..018b62d75b 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/execute.bro +++ b/testing/btest/scripts/base/frameworks/input/raw/execute.bro @@ -32,7 +32,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, s: string) terminate(); } -event bro_init() +event zeek_init() { outfile = open("../out.tmp"); Input::add_event([$source="wc -l ../input.log |", $reader=Input::READER_RAW, $name="input", $fields=Val, $ev=line, $want_record=F]); diff --git a/testing/btest/scripts/base/frameworks/input/raw/executestdin.bro b/testing/btest/scripts/base/frameworks/input/raw/executestdin.bro index b78dd4e0e3..1c24c3ab8a 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/executestdin.bro +++ b/testing/btest/scripts/base/frameworks/input/raw/executestdin.bro @@ -72,7 +72,7 @@ function more_input(name_prefix: string) $config=config_strings]); } -event bro_init() +event zeek_init() { outfile = open("../out"); ++total_processes; diff --git a/testing/btest/scripts/base/frameworks/input/raw/executestream.bro b/testing/btest/scripts/base/frameworks/input/raw/executestream.bro index 240761ee03..ded6588269 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/executestream.bro +++ b/testing/btest/scripts/base/frameworks/input/raw/executestream.bro @@ -56,7 +56,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, s: string) } } -event bro_init() +event zeek_init() { outfile = open("../out"); try = 0; diff --git a/testing/btest/scripts/base/frameworks/input/raw/long.bro b/testing/btest/scripts/base/frameworks/input/raw/long.bro index 266021ae28..40f84c8597 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/long.bro +++ b/testing/btest/scripts/base/frameworks/input/raw/long.bro @@ -29,7 +29,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, s: string) } } -event bro_init() +event zeek_init() { try = 0; outfile = open("../out"); diff --git a/testing/btest/scripts/base/frameworks/input/raw/offset.bro b/testing/btest/scripts/base/frameworks/input/raw/offset.bro index f37fb9c28a..0fdb6d65e9 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/offset.bro +++ b/testing/btest/scripts/base/frameworks/input/raw/offset.bro @@ -33,7 +33,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, s: string) } } -event bro_init() +event zeek_init() { try = 0; outfile = open("../out"); diff --git a/testing/btest/scripts/base/frameworks/input/raw/rereadraw.bro b/testing/btest/scripts/base/frameworks/input/raw/rereadraw.bro index f3dfb11ea5..ae977b4b2d 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/rereadraw.bro +++ b/testing/btest/scripts/base/frameworks/input/raw/rereadraw.bro @@ -38,7 +38,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, s: string) } } -event bro_init() +event zeek_init() { try = 0; outfile = open("../out"); diff --git a/testing/btest/scripts/base/frameworks/input/raw/stderr.bro b/testing/btest/scripts/base/frameworks/input/raw/stderr.bro index 8ff4cc7f1b..b62b135e43 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/stderr.bro +++ b/testing/btest/scripts/base/frameworks/input/raw/stderr.bro @@ -54,7 +54,7 @@ event InputRaw::process_finished(name: string, source:string, exit_code:count, s terminate(); } -event bro_init() +event zeek_init() { local config_strings: table[string] of string = { ["read_stderr"] = "1" diff --git a/testing/btest/scripts/base/frameworks/input/raw/streamraw.bro b/testing/btest/scripts/base/frameworks/input/raw/streamraw.bro index 331db7eeb8..923428717f 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/streamraw.bro +++ b/testing/btest/scripts/base/frameworks/input/raw/streamraw.bro @@ -56,7 +56,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, s: string) } } -event bro_init() +event zeek_init() { outfile = open("../out"); try = 0; diff --git a/testing/btest/scripts/base/frameworks/input/repeat.bro b/testing/btest/scripts/base/frameworks/input/repeat.bro index 5093e30351..86245ef9f0 100644 --- a/testing/btest/scripts/base/frameworks/input/repeat.bro +++ b/testing/btest/scripts/base/frameworks/input/repeat.bro @@ -31,7 +31,7 @@ global destination: table[int] of bool = table(); const one_to_32: vector of count = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32}; -event bro_init() +event zeek_init() { try = 0; outfile = open("../out"); diff --git a/testing/btest/scripts/base/frameworks/input/reread.bro b/testing/btest/scripts/base/frameworks/input/reread.bro index 53cb2a91a8..e34ae0a5ae 100644 --- a/testing/btest/scripts/base/frameworks/input/reread.bro +++ b/testing/btest/scripts/base/frameworks/input/reread.bro @@ -103,7 +103,7 @@ event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, r print outfile, right; } -event bro_init() +event zeek_init() { outfile = open("../out"); try = 0; diff --git a/testing/btest/scripts/base/frameworks/input/set.bro b/testing/btest/scripts/base/frameworks/input/set.bro index d79e9ae17a..52c0b8feef 100644 --- a/testing/btest/scripts/base/frameworks/input/set.bro +++ b/testing/btest/scripts/base/frameworks/input/set.bro @@ -27,7 +27,7 @@ type Idx: record { global servers: set[addr] = set(); -event bro_init() +event zeek_init() { outfile = open("../out"); # first read in the old stuff into the table... diff --git a/testing/btest/scripts/base/frameworks/input/setseparator.bro b/testing/btest/scripts/base/frameworks/input/setseparator.bro index 39a785236a..3e052c4b44 100644 --- a/testing/btest/scripts/base/frameworks/input/setseparator.bro +++ b/testing/btest/scripts/base/frameworks/input/setseparator.bro @@ -27,7 +27,7 @@ type Val: record { global servers: table[int] of Val = table(); -event bro_init() +event zeek_init() { outfile = open("../out"); # first read in the old stuff into the table... diff --git a/testing/btest/scripts/base/frameworks/input/setspecialcases.bro b/testing/btest/scripts/base/frameworks/input/setspecialcases.bro index 40a708f772..801a3229c5 100644 --- a/testing/btest/scripts/base/frameworks/input/setspecialcases.bro +++ b/testing/btest/scripts/base/frameworks/input/setspecialcases.bro @@ -31,7 +31,7 @@ type Val: record { global servers: table[int] of Val = table(); -event bro_init() +event zeek_init() { outfile = open("../out"); # first read in the old stuff into the table... diff --git a/testing/btest/scripts/base/frameworks/input/sqlite/basic.bro b/testing/btest/scripts/base/frameworks/input/sqlite/basic.bro index eb1411970b..fdb946e02c 100644 --- a/testing/btest/scripts/base/frameworks/input/sqlite/basic.bro +++ b/testing/btest/scripts/base/frameworks/input/sqlite/basic.bro @@ -86,7 +86,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, r: Conn::Inf print outfile, |r$tunnel_parents|; # to make sure I got empty right } -event bro_init() +event zeek_init() { local config_strings: table[string] of string = { ["query"] = "select * from conn;", diff --git a/testing/btest/scripts/base/frameworks/input/sqlite/error.bro b/testing/btest/scripts/base/frameworks/input/sqlite/error.bro index 08938e6df5..7a46160dc0 100644 --- a/testing/btest/scripts/base/frameworks/input/sqlite/error.bro +++ b/testing/btest/scripts/base/frameworks/input/sqlite/error.bro @@ -79,7 +79,7 @@ event term_me() terminate(); } -event bro_init() +event zeek_init() { local config_strings: table[string] of string = { ["query"] = "select * from ssh;", diff --git a/testing/btest/scripts/base/frameworks/input/sqlite/port.bro b/testing/btest/scripts/base/frameworks/input/sqlite/port.bro index 6fc18139fe..ddf4a844bb 100644 --- a/testing/btest/scripts/base/frameworks/input/sqlite/port.bro +++ b/testing/btest/scripts/base/frameworks/input/sqlite/port.bro @@ -35,7 +35,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, p: port) print outfile, p; } -event bro_init() +event zeek_init() { local config_strings: table[string] of string = { ["query"] = "select port as p, proto from port;", diff --git a/testing/btest/scripts/base/frameworks/input/sqlite/types.bro b/testing/btest/scripts/base/frameworks/input/sqlite/types.bro index 42f8717c12..894db886b5 100644 --- a/testing/btest/scripts/base/frameworks/input/sqlite/types.bro +++ b/testing/btest/scripts/base/frameworks/input/sqlite/types.bro @@ -73,7 +73,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, p: SSH::Log) print outfile, |p$vs|; } -event bro_init() +event zeek_init() { local config_strings: table[string] of string = { ["query"] = "select * from ssh;", diff --git a/testing/btest/scripts/base/frameworks/input/stream.bro b/testing/btest/scripts/base/frameworks/input/stream.bro index 8ed498f074..20f1b682fa 100644 --- a/testing/btest/scripts/base/frameworks/input/stream.bro +++ b/testing/btest/scripts/base/frameworks/input/stream.bro @@ -80,7 +80,7 @@ event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, r } } -event bro_init() +event zeek_init() { outfile = open("../out"); try = 0; diff --git a/testing/btest/scripts/base/frameworks/input/subrecord-event.bro b/testing/btest/scripts/base/frameworks/input/subrecord-event.bro index ec1cc37efc..fdcef27d68 100644 --- a/testing/btest/scripts/base/frameworks/input/subrecord-event.bro +++ b/testing/btest/scripts/base/frameworks/input/subrecord-event.bro @@ -64,7 +64,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, value: Val) } } -event bro_init() +event zeek_init() { try = 0; outfile = open("../out"); diff --git a/testing/btest/scripts/base/frameworks/input/subrecord.bro b/testing/btest/scripts/base/frameworks/input/subrecord.bro index 0f960c6d3c..797768a7a7 100644 --- a/testing/btest/scripts/base/frameworks/input/subrecord.bro +++ b/testing/btest/scripts/base/frameworks/input/subrecord.bro @@ -51,7 +51,7 @@ type Val: record { global servers: table[int] of Val = table(); -event bro_init() +event zeek_init() { outfile = open("../out"); # first read in the old stuff into the table... diff --git a/testing/btest/scripts/base/frameworks/input/tableevent.bro b/testing/btest/scripts/base/frameworks/input/tableevent.bro index 760b19d24f..370265508d 100644 --- a/testing/btest/scripts/base/frameworks/input/tableevent.bro +++ b/testing/btest/scripts/base/frameworks/input/tableevent.bro @@ -47,7 +47,7 @@ event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, r } } -event bro_init() +event zeek_init() { try = 0; outfile = open("../out"); diff --git a/testing/btest/scripts/base/frameworks/input/twotables.bro b/testing/btest/scripts/base/frameworks/input/twotables.bro index 5b6d833da3..12d5394a54 100644 --- a/testing/btest/scripts/base/frameworks/input/twotables.bro +++ b/testing/btest/scripts/base/frameworks/input/twotables.bro @@ -81,7 +81,7 @@ event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, r # print event_out, right; } -event bro_init() +event zeek_init() { event_out = open ("../event.out"); pred1_out = open ("../pred1.out"); diff --git a/testing/btest/scripts/base/frameworks/input/unsupported_types.bro b/testing/btest/scripts/base/frameworks/input/unsupported_types.bro index beedc0a633..3090cf10c9 100644 --- a/testing/btest/scripts/base/frameworks/input/unsupported_types.bro +++ b/testing/btest/scripts/base/frameworks/input/unsupported_types.bro @@ -45,7 +45,7 @@ type Val: record { global servers: table[int] of Val = table(); -event bro_init() +event zeek_init() { outfile = open("../out"); # first read in the old stuff into the table... diff --git a/testing/btest/scripts/base/frameworks/input/windows.bro b/testing/btest/scripts/base/frameworks/input/windows.bro index 275f5e0713..8addf0c6ad 100644 --- a/testing/btest/scripts/base/frameworks/input/windows.bro +++ b/testing/btest/scripts/base/frameworks/input/windows.bro @@ -7,11 +7,11 @@ redef exit_only_after_terminate = T; @TEST-START-FILE input.log -#separator \x09 -#path ssh -#fields b i e c p sn a d t iv s sc ss se vc ve ns -#types bool int enum count port subnet addr double time interval string table table table vector vector string -T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY 4242 +#separator \x09 +#path ssh +#fields b i e c p sn a d t iv s sc ss se vc ve ns +#types bool int enum count port subnet addr double time interval string table table table vector vector string +T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY 4242 @TEST-END-FILE @load base/protocols/ssh @@ -47,7 +47,7 @@ type Val: record { global servers: table[int] of Val = table(); -event bro_init() +event zeek_init() { outfile = open("../out"); # first read in the old stuff into the table... diff --git a/testing/btest/scripts/base/frameworks/intel/expire-item.bro b/testing/btest/scripts/base/frameworks/intel/expire-item.bro index 08d80714bc..a3a45cd1c0 100644 --- a/testing/btest/scripts/base/frameworks/intel/expire-item.bro +++ b/testing/btest/scripts/base/frameworks/intel/expire-item.bro @@ -61,7 +61,7 @@ hook Intel::item_expired(indicator: string, indicator_type: Intel::Type, print fmt("Expired: %s", indicator); } -event bro_init() &priority=-10 +event zeek_init() &priority=-10 { schedule 1.5sec { do_it() }; } diff --git a/testing/btest/scripts/base/frameworks/intel/input-and-match.bro b/testing/btest/scripts/base/frameworks/intel/input-and-match.bro index 8f74117201..bea8abfd88 100644 --- a/testing/btest/scripts/base/frameworks/intel/input-and-match.bro +++ b/testing/btest/scripts/base/frameworks/intel/input-and-match.bro @@ -32,7 +32,7 @@ event Intel::log_intel(rec: Intel::Info) terminate(); } -event bro_init() &priority=-10 +event zeek_init() &priority=-10 { schedule 1sec { do_it() }; } diff --git a/testing/btest/scripts/base/frameworks/intel/match-subnet.bro b/testing/btest/scripts/base/frameworks/intel/match-subnet.bro index 8e3fe74116..9c46dd7c93 100644 --- a/testing/btest/scripts/base/frameworks/intel/match-subnet.bro +++ b/testing/btest/scripts/base/frameworks/intel/match-subnet.bro @@ -29,7 +29,7 @@ event do_it() $where=SOMEWHERE]); } -event bro_init() &priority=-10 +event zeek_init() &priority=-10 { schedule 1sec { do_it() }; } diff --git a/testing/btest/scripts/base/frameworks/intel/read-file-dist-cluster.bro b/testing/btest/scripts/base/frameworks/intel/read-file-dist-cluster.bro index a4becfb2b3..22ff478aa3 100644 --- a/testing/btest/scripts/base/frameworks/intel/read-file-dist-cluster.bro +++ b/testing/btest/scripts/base/frameworks/intel/read-file-dist-cluster.bro @@ -45,7 +45,7 @@ event do_it() Intel::seen([$indicator="e@mail.com", $indicator_type=Intel::EMAIL, $where=Intel::IN_A_TEST]); } -event bro_init() +event zeek_init() { # Delay the workers searching for hits briefly to allow for the data distribution # mechanism to distribute the data to the workers. diff --git a/testing/btest/scripts/base/frameworks/intel/remove-non-existing.bro b/testing/btest/scripts/base/frameworks/intel/remove-non-existing.bro index 1885f5bcf8..7bc071c17a 100644 --- a/testing/btest/scripts/base/frameworks/intel/remove-non-existing.bro +++ b/testing/btest/scripts/base/frameworks/intel/remove-non-existing.bro @@ -25,7 +25,7 @@ event do_it() terminate(); } -event bro_init() &priority=-10 +event zeek_init() &priority=-10 { schedule 1sec { do_it() }; } diff --git a/testing/btest/scripts/base/frameworks/logging/adapt-filter.bro b/testing/btest/scripts/base/frameworks/logging/adapt-filter.bro index 2db881deea..d342186ca3 100644 --- a/testing/btest/scripts/base/frameworks/logging/adapt-filter.bro +++ b/testing/btest/scripts/base/frameworks/logging/adapt-filter.bro @@ -19,7 +19,7 @@ export { } &log; } -event bro_init() +event zeek_init() { Log::create_stream(SSH::LOG, [$columns=Info]); diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-binary.bro b/testing/btest/scripts/base/frameworks/logging/ascii-binary.bro index fcbac3be58..1df620e19b 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-binary.bro +++ b/testing/btest/scripts/base/frameworks/logging/ascii-binary.bro @@ -15,7 +15,7 @@ export { redef LogAscii::separator = "|"; -event bro_init() +event zeek_init() { Log::create_stream(SSH::LOG, [$columns=Info]); Log::write(SSH::LOG, [$data="abc\n\xffdef", $data2="DATA2"]); diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-double.bro b/testing/btest/scripts/base/frameworks/logging/ascii-double.bro index b824d93676..1b310fd8ff 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-double.bro +++ b/testing/btest/scripts/base/frameworks/logging/ascii-double.bro @@ -23,7 +23,7 @@ function logwrite(val: double) Log::write(Test::LOG, [$d=val]); } -event bro_init() +event zeek_init() { local d: double; local dmax: double = 1.79e308; diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-empty.bro b/testing/btest/scripts/base/frameworks/logging/ascii-empty.bro index 0bb5900e30..bb38f988ae 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-empty.bro +++ b/testing/btest/scripts/base/frameworks/logging/ascii-empty.bro @@ -23,7 +23,7 @@ export { } &log; } -event bro_init() +event zeek_init() { Log::create_stream(SSH::LOG, [$columns=Log]); diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape-binary.bro b/testing/btest/scripts/base/frameworks/logging/ascii-escape-binary.bro index 3df3ea1d25..d7e7739547 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-escape-binary.bro +++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape-binary.bro @@ -12,7 +12,7 @@ export { } &log; } -event bro_init() +event zeek_init() { local a = "abc\0def"; local b = escape_string(a); diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape-empty-str.bro b/testing/btest/scripts/base/frameworks/logging/ascii-escape-empty-str.bro index e18926a194..0145c52243 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-escape-empty-str.bro +++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape-empty-str.bro @@ -14,7 +14,7 @@ export { } &log; } -event bro_init() +event zeek_init() { Log::create_stream(test::LOG, [$columns=Log]); diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape-notset-str.bro b/testing/btest/scripts/base/frameworks/logging/ascii-escape-notset-str.bro index 8c1401b179..c42a92fdac 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-escape-notset-str.bro +++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape-notset-str.bro @@ -14,7 +14,7 @@ export { } &log; } -event bro_init() +event zeek_init() { Log::create_stream(Test::LOG, [$columns=Log]); Log::write(Test::LOG, [$x=LogAscii::unset_field, $z=""]); diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape-set-separator.bro b/testing/btest/scripts/base/frameworks/logging/ascii-escape-set-separator.bro index f5fb7a6259..03139bf2b8 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-escape-set-separator.bro +++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape-set-separator.bro @@ -11,7 +11,7 @@ export { } &log; } -event bro_init() +event zeek_init() { Log::create_stream(Test::LOG, [$columns=Log]); diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape.bro b/testing/btest/scripts/base/frameworks/logging/ascii-escape.bro index d73464777a..9fa6555391 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-escape.bro +++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape.bro @@ -18,7 +18,7 @@ export { } &log; } -event bro_init() +event zeek_init() { Log::create_stream(SSH::LOG, [$columns=Log]); diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-gz-rotate.bro b/testing/btest/scripts/base/frameworks/logging/ascii-gz-rotate.bro index 2a1c388322..3e73b56500 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-gz-rotate.bro +++ b/testing/btest/scripts/base/frameworks/logging/ascii-gz-rotate.bro @@ -17,7 +17,7 @@ export { redef Log::default_rotation_interval = 1hr; redef LogAscii::gzip_level = 1; -event bro_init() +event zeek_init() { Log::create_stream(Test::LOG, [$columns=Log]); diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-gz.bro b/testing/btest/scripts/base/frameworks/logging/ascii-gz.bro index 9563f42c40..74573fe3d4 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-gz.bro +++ b/testing/btest/scripts/base/frameworks/logging/ascii-gz.bro @@ -42,7 +42,7 @@ function foo(i : count) : string return "Bar"; } -event bro_init() +event zeek_init() { Log::create_stream(SSH::LOG, [$columns=Log]); local filter = Log::Filter($name="ssh-uncompressed", $path="ssh-uncompressed", diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-json-iso-timestamps.bro b/testing/btest/scripts/base/frameworks/logging/ascii-json-iso-timestamps.bro index 8cb1210a68..bfe998a78e 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-json-iso-timestamps.bro +++ b/testing/btest/scripts/base/frameworks/logging/ascii-json-iso-timestamps.bro @@ -17,7 +17,7 @@ export { } &log; } -event bro_init() +event zeek_init() { Log::create_stream(SSH::LOG, [$columns=Log]); Log::write(SSH::LOG, [ diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-json-optional.bro b/testing/btest/scripts/base/frameworks/logging/ascii-json-optional.bro index c26683a338..01662e1442 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-json-optional.bro +++ b/testing/btest/scripts/base/frameworks/logging/ascii-json-optional.bro @@ -17,7 +17,7 @@ export { global log_test: event(rec: Info); } -event bro_init() &priority=5 +event zeek_init() &priority=5 { Log::create_stream(testing::LOG, [$columns=testing::Info, $ev=log_test]); local info: Info; diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-json.bro b/testing/btest/scripts/base/frameworks/logging/ascii-json.bro index 2b6055930f..8985715d1d 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-json.bro +++ b/testing/btest/scripts/base/frameworks/logging/ascii-json.bro @@ -40,7 +40,7 @@ function foo(i : count) : string return "Bar"; } -event bro_init() +event zeek_init() { Log::create_stream(SSH::LOG, [$columns=Log]); diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-line-like-comment.bro b/testing/btest/scripts/base/frameworks/logging/ascii-line-like-comment.bro index 4670811b2a..33de6e720a 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-line-like-comment.bro +++ b/testing/btest/scripts/base/frameworks/logging/ascii-line-like-comment.bro @@ -13,7 +13,7 @@ export { }; } -event bro_init() +event zeek_init() { Log::create_stream(Test::LOG, [$columns=Info]); Log::write(Test::LOG, [$data="Test1"]); diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-options.bro b/testing/btest/scripts/base/frameworks/logging/ascii-options.bro index 474b179536..b72f077c81 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-options.bro +++ b/testing/btest/scripts/base/frameworks/logging/ascii-options.bro @@ -19,7 +19,7 @@ export { } &log; } -event bro_init() +event zeek_init() { Log::create_stream(SSH::LOG, [$columns=Log]); diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-timestamps.bro b/testing/btest/scripts/base/frameworks/logging/ascii-timestamps.bro index e63e30f6c6..2e786f4927 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-timestamps.bro +++ b/testing/btest/scripts/base/frameworks/logging/ascii-timestamps.bro @@ -12,7 +12,7 @@ export { }; } -event bro_init() +event zeek_init() { Log::create_stream(Test::LOG, [$columns=Info]); Log::write(Test::LOG, [$data=double_to_time(1234567890)]); diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-tsv.bro b/testing/btest/scripts/base/frameworks/logging/ascii-tsv.bro index 09276a08fd..c29b291003 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-tsv.bro +++ b/testing/btest/scripts/base/frameworks/logging/ascii-tsv.bro @@ -17,7 +17,7 @@ export { } &log; } -event bro_init() +event zeek_init() { Log::create_stream(SSH::LOG, [$columns=Log]); diff --git a/testing/btest/scripts/base/frameworks/logging/attr-extend.bro b/testing/btest/scripts/base/frameworks/logging/attr-extend.bro index 7f58f3f8c1..7aece07642 100644 --- a/testing/btest/scripts/base/frameworks/logging/attr-extend.bro +++ b/testing/btest/scripts/base/frameworks/logging/attr-extend.bro @@ -26,7 +26,7 @@ redef record Log += { } &log; -event bro_init() +event zeek_init() { Log::create_stream(SSH::LOG, [$columns=Log]); diff --git a/testing/btest/scripts/base/frameworks/logging/attr.bro b/testing/btest/scripts/base/frameworks/logging/attr.bro index 8ec3d1c385..84287cc280 100644 --- a/testing/btest/scripts/base/frameworks/logging/attr.bro +++ b/testing/btest/scripts/base/frameworks/logging/attr.bro @@ -15,7 +15,7 @@ export { }; } -event bro_init() +event zeek_init() { Log::create_stream(SSH::LOG, [$columns=Log]); diff --git a/testing/btest/scripts/base/frameworks/logging/disable-stream.bro b/testing/btest/scripts/base/frameworks/logging/disable-stream.bro index c2f64da8e6..e3b2aa2b93 100644 --- a/testing/btest/scripts/base/frameworks/logging/disable-stream.bro +++ b/testing/btest/scripts/base/frameworks/logging/disable-stream.bro @@ -15,7 +15,7 @@ export { } &log; } -event bro_init() +event zeek_init() { Log::create_stream(SSH::LOG, [$columns=Log]); diff --git a/testing/btest/scripts/base/frameworks/logging/empty-event.bro b/testing/btest/scripts/base/frameworks/logging/empty-event.bro index 6aa867220f..e7928de5c7 100644 --- a/testing/btest/scripts/base/frameworks/logging/empty-event.bro +++ b/testing/btest/scripts/base/frameworks/logging/empty-event.bro @@ -17,7 +17,7 @@ export { global log_ssh: event(rec: Log); -event bro_init() +event zeek_init() { Log::create_stream(SSH::LOG, [$columns=Log, $ev=log_ssh]); diff --git a/testing/btest/scripts/base/frameworks/logging/enable-stream.bro b/testing/btest/scripts/base/frameworks/logging/enable-stream.bro index 0f525eced1..95d02068d8 100644 --- a/testing/btest/scripts/base/frameworks/logging/enable-stream.bro +++ b/testing/btest/scripts/base/frameworks/logging/enable-stream.bro @@ -15,7 +15,7 @@ export { } &log; } -event bro_init() +event zeek_init() { Log::create_stream(SSH::LOG, [$columns=Log]); diff --git a/testing/btest/scripts/base/frameworks/logging/events.bro b/testing/btest/scripts/base/frameworks/logging/events.bro index bf156e6d60..d1cf0fba7e 100644 --- a/testing/btest/scripts/base/frameworks/logging/events.bro +++ b/testing/btest/scripts/base/frameworks/logging/events.bro @@ -20,7 +20,7 @@ export { global ssh_log: event(rec: Log); -event bro_init() +event zeek_init() { Log::create_stream(SSH::LOG, [$columns=Log, $ev=ssh_log]); diff --git a/testing/btest/scripts/base/frameworks/logging/exclude.bro b/testing/btest/scripts/base/frameworks/logging/exclude.bro index 7b245541ab..b776cf91a4 100644 --- a/testing/btest/scripts/base/frameworks/logging/exclude.bro +++ b/testing/btest/scripts/base/frameworks/logging/exclude.bro @@ -15,7 +15,7 @@ export { } &log; } -event bro_init() +event zeek_init() { Log::create_stream(SSH::LOG, [$columns=Log]); diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension-cluster-error.bro b/testing/btest/scripts/base/frameworks/logging/field-extension-cluster-error.bro index dd30ad4c6f..4c3d1016d3 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-extension-cluster-error.bro +++ b/testing/btest/scripts/base/frameworks/logging/field-extension-cluster-error.bro @@ -62,7 +62,7 @@ event kill_worker() Broker::publish("death", slow_death); } -event bro_init() +event zeek_init() { if ( Cluster::node == "worker-1" ) { diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension-cluster.bro b/testing/btest/scripts/base/frameworks/logging/field-extension-cluster.bro index d38b5b744b..61e322c026 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-extension-cluster.bro +++ b/testing/btest/scripts/base/frameworks/logging/field-extension-cluster.bro @@ -55,7 +55,7 @@ event kill_worker() Broker::publish("death", slow_death); } -event bro_init() +event zeek_init() { if ( Cluster::node == "worker-1" ) { diff --git a/testing/btest/scripts/base/frameworks/logging/file.bro b/testing/btest/scripts/base/frameworks/logging/file.bro index 94bdad6b1b..011c9bbe82 100644 --- a/testing/btest/scripts/base/frameworks/logging/file.bro +++ b/testing/btest/scripts/base/frameworks/logging/file.bro @@ -15,7 +15,7 @@ export { const foo_log = open_log_file("Foo") &redef; -event bro_init() +event zeek_init() { Log::create_stream(SSH::LOG, [$columns=Log]); Log::write(SSH::LOG, [$t=network_time(), $f=foo_log]); diff --git a/testing/btest/scripts/base/frameworks/logging/include.bro b/testing/btest/scripts/base/frameworks/logging/include.bro index d0fea93c99..7179c54338 100644 --- a/testing/btest/scripts/base/frameworks/logging/include.bro +++ b/testing/btest/scripts/base/frameworks/logging/include.bro @@ -15,7 +15,7 @@ export { } &log; } -event bro_init() +event zeek_init() { Log::create_stream(SSH::LOG, [$columns=Log]); diff --git a/testing/btest/scripts/base/frameworks/logging/no-local.bro b/testing/btest/scripts/base/frameworks/logging/no-local.bro index 9ae7d32d61..9418afea14 100644 --- a/testing/btest/scripts/base/frameworks/logging/no-local.bro +++ b/testing/btest/scripts/base/frameworks/logging/no-local.bro @@ -17,7 +17,7 @@ export { redef Log::enable_local_logging = F; -event bro_init() +event zeek_init() { Log::create_stream(SSH::LOG, [$columns=Log]); diff --git a/testing/btest/scripts/base/frameworks/logging/none-debug.bro b/testing/btest/scripts/base/frameworks/logging/none-debug.bro index 5d2e98323a..9a9f73d8f9 100644 --- a/testing/btest/scripts/base/frameworks/logging/none-debug.bro +++ b/testing/btest/scripts/base/frameworks/logging/none-debug.bro @@ -20,7 +20,7 @@ export { } &log; } -event bro_init() +event zeek_init() { local config: table[string] of string; config["foo"]="bar"; diff --git a/testing/btest/scripts/base/frameworks/logging/path-func-column-demote.bro b/testing/btest/scripts/base/frameworks/logging/path-func-column-demote.bro index aff886c2f4..ebb514042e 100644 --- a/testing/btest/scripts/base/frameworks/logging/path-func-column-demote.bro +++ b/testing/btest/scripts/base/frameworks/logging/path-func-column-demote.bro @@ -16,7 +16,7 @@ function split_log(id: Log::ID, path: string, rec: record {id:conn_id;}): string return Site::is_local_addr(rec$id$orig_h) ? "local" : "remote"; } -event bro_init() +event zeek_init() { # Add a new filter to the Conn::LOG stream that logs only # timestamp and originator address. diff --git a/testing/btest/scripts/base/frameworks/logging/path-func.bro b/testing/btest/scripts/base/frameworks/logging/path-func.bro index 684aa03ed6..fa52cccc48 100644 --- a/testing/btest/scripts/base/frameworks/logging/path-func.bro +++ b/testing/btest/scripts/base/frameworks/logging/path-func.bro @@ -28,7 +28,7 @@ function path_func(id: Log::ID, path: string, rec: Log) : string return fmt("%s-%d-%s", path, c, rec$country); } -event bro_init() +event zeek_init() { Log::create_stream(SSH::LOG, [$columns=Log]); Log::remove_default_filter(SSH::LOG); diff --git a/testing/btest/scripts/base/frameworks/logging/pred.bro b/testing/btest/scripts/base/frameworks/logging/pred.bro index e13c726656..c6f85183b4 100644 --- a/testing/btest/scripts/base/frameworks/logging/pred.bro +++ b/testing/btest/scripts/base/frameworks/logging/pred.bro @@ -24,7 +24,7 @@ function fail(rec: Log): bool return rec$status != "success"; } -event bro_init() +event zeek_init() { Log::create_stream(Test::LOG, [$columns=Log]); Log::remove_default_filter(Test::LOG); diff --git a/testing/btest/scripts/base/frameworks/logging/remove.bro b/testing/btest/scripts/base/frameworks/logging/remove.bro index 3b80d24e9f..2247648e7c 100644 --- a/testing/btest/scripts/base/frameworks/logging/remove.bro +++ b/testing/btest/scripts/base/frameworks/logging/remove.bro @@ -20,7 +20,7 @@ export { } &log; } -event bro_init() +event zeek_init() { Log::create_stream(SSH::LOG, [$columns=Log]); Log::add_filter(SSH::LOG, [$name="f1", $path="ssh.failure", $pred=function(rec: Log): bool { return rec$status == "failure"; }]); diff --git a/testing/btest/scripts/base/frameworks/logging/rotate-custom.bro b/testing/btest/scripts/base/frameworks/logging/rotate-custom.bro index c0f0ef8643..89264fa6e5 100644 --- a/testing/btest/scripts/base/frameworks/logging/rotate-custom.bro +++ b/testing/btest/scripts/base/frameworks/logging/rotate-custom.bro @@ -28,7 +28,7 @@ function custom_rotate(info: Log::RotationInfo) : bool return T; } -event bro_init() +event zeek_init() { Log::create_stream(Test::LOG, [$columns=Log]); Log::add_filter(Test::LOG, [$name="2nd", $path="test2", $interv=30mins, $postprocessor=custom_rotate]); diff --git a/testing/btest/scripts/base/frameworks/logging/rotate.bro b/testing/btest/scripts/base/frameworks/logging/rotate.bro index 501c0db8ea..2a988a88f0 100644 --- a/testing/btest/scripts/base/frameworks/logging/rotate.bro +++ b/testing/btest/scripts/base/frameworks/logging/rotate.bro @@ -21,7 +21,7 @@ export { redef Log::default_rotation_interval = 1hr; redef Log::default_rotation_postprocessor_cmd = "echo"; -event bro_init() +event zeek_init() { Log::create_stream(Test::LOG, [$columns=Log]); } diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/error.bro b/testing/btest/scripts/base/frameworks/logging/sqlite/error.bro index e48e066c6c..d453804858 100644 --- a/testing/btest/scripts/base/frameworks/logging/sqlite/error.bro +++ b/testing/btest/scripts/base/frameworks/logging/sqlite/error.bro @@ -73,7 +73,7 @@ function foo(i : count) : string return "Bar"; } -event bro_init() +event zeek_init() { Log::create_stream(SSH::LOG, [$columns=Log]); Log::remove_filter(SSH::LOG, "default"); diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/set.bro b/testing/btest/scripts/base/frameworks/logging/sqlite/set.bro index 0cceb7af08..8612cd5765 100644 --- a/testing/btest/scripts/base/frameworks/logging/sqlite/set.bro +++ b/testing/btest/scripts/base/frameworks/logging/sqlite/set.bro @@ -32,7 +32,7 @@ function foo(i : count) : string return "Bar"; } -event bro_init() +event zeek_init() { Log::create_stream(SSH::LOG, [$columns=Log]); Log::remove_filter(SSH::LOG, "default"); diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/simultaneous-writes.bro b/testing/btest/scripts/base/frameworks/logging/sqlite/simultaneous-writes.bro index 2e864aa791..7f9ea2d870 100644 --- a/testing/btest/scripts/base/frameworks/logging/sqlite/simultaneous-writes.bro +++ b/testing/btest/scripts/base/frameworks/logging/sqlite/simultaneous-writes.bro @@ -47,7 +47,7 @@ function foo(i : count) : string return "Bar"; } -event bro_init() +event zeek_init() { Log::create_stream(SSH::LOG, [$columns=Log]); Log::create_stream(SSH::LOG2, [$columns=Log]); diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/types.bro b/testing/btest/scripts/base/frameworks/logging/sqlite/types.bro index 6c088e9f2f..e878ec32d3 100644 --- a/testing/btest/scripts/base/frameworks/logging/sqlite/types.bro +++ b/testing/btest/scripts/base/frameworks/logging/sqlite/types.bro @@ -45,7 +45,7 @@ function foo(i : count) : string return "Bar"; } -event bro_init() +event zeek_init() { Log::create_stream(SSH::LOG, [$columns=Log]); Log::remove_filter(SSH::LOG, "default"); diff --git a/testing/btest/scripts/base/frameworks/logging/stdout.bro b/testing/btest/scripts/base/frameworks/logging/stdout.bro index f431a5b6c9..bce55fd0ca 100644 --- a/testing/btest/scripts/base/frameworks/logging/stdout.bro +++ b/testing/btest/scripts/base/frameworks/logging/stdout.bro @@ -16,7 +16,7 @@ export { } &log; } -event bro_init() +event zeek_init() { Log::create_stream(SSH::LOG, [$columns=Log]); diff --git a/testing/btest/scripts/base/frameworks/logging/test-logging.bro b/testing/btest/scripts/base/frameworks/logging/test-logging.bro index 9f90d515fb..f7d07e843a 100644 --- a/testing/btest/scripts/base/frameworks/logging/test-logging.bro +++ b/testing/btest/scripts/base/frameworks/logging/test-logging.bro @@ -15,7 +15,7 @@ export { } &log; } -event bro_init() +event zeek_init() { Log::create_stream(SSH::LOG, [$columns=Log]); diff --git a/testing/btest/scripts/base/frameworks/logging/types.bro b/testing/btest/scripts/base/frameworks/logging/types.bro index d79c667e50..9d208335ad 100644 --- a/testing/btest/scripts/base/frameworks/logging/types.bro +++ b/testing/btest/scripts/base/frameworks/logging/types.bro @@ -40,7 +40,7 @@ function foo(i : count) : string return "Bar"; } -event bro_init() +event zeek_init() { Log::create_stream(SSH::LOG, [$columns=Log]); diff --git a/testing/btest/scripts/base/frameworks/logging/unset-record.bro b/testing/btest/scripts/base/frameworks/logging/unset-record.bro index bb922dc9c8..00f97ffc1a 100644 --- a/testing/btest/scripts/base/frameworks/logging/unset-record.bro +++ b/testing/btest/scripts/base/frameworks/logging/unset-record.bro @@ -14,7 +14,7 @@ type Bar: record { b: count &log; }; -event bro_init() +event zeek_init() { Log::create_stream(TESTING, [$columns=Bar]); diff --git a/testing/btest/scripts/base/frameworks/logging/vec.bro b/testing/btest/scripts/base/frameworks/logging/vec.bro index 00c5ff5117..6809e132bc 100644 --- a/testing/btest/scripts/base/frameworks/logging/vec.bro +++ b/testing/btest/scripts/base/frameworks/logging/vec.bro @@ -12,7 +12,7 @@ export { }; } -event bro_init() +event zeek_init() { Log::create_stream(SSH::LOG, [$columns=Log]); diff --git a/testing/btest/scripts/base/frameworks/logging/writer-path-conflict.bro b/testing/btest/scripts/base/frameworks/logging/writer-path-conflict.bro index 908fb43c72..916e5a6775 100644 --- a/testing/btest/scripts/base/frameworks/logging/writer-path-conflict.bro +++ b/testing/btest/scripts/base/frameworks/logging/writer-path-conflict.bro @@ -7,7 +7,7 @@ @load base/protocols/http -event bro_init() +event zeek_init() { # Both the default filter for the http stream and this new one will # attempt to have the same writer write to path "http", which will diff --git a/testing/btest/scripts/base/frameworks/netcontrol/acld-hook.bro b/testing/btest/scripts/base/frameworks/netcontrol/acld-hook.bro index 9e0db8531a..c391d9ecc1 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/acld-hook.bro +++ b/testing/btest/scripts/base/frameworks/netcontrol/acld-hook.bro @@ -14,7 +14,7 @@ redef exit_only_after_terminate = T; global have_peer = F; global did_init = F; -event bro_init() +event zeek_init() { suspend_processing(); } @@ -101,7 +101,7 @@ event die() terminate(); } -event bro_init() +event zeek_init() { Broker::subscribe("bro/event/netcontroltest"); Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT"))); diff --git a/testing/btest/scripts/base/frameworks/netcontrol/acld.bro b/testing/btest/scripts/base/frameworks/netcontrol/acld.bro index 243e5e9b7c..8647ca92e2 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/acld.bro +++ b/testing/btest/scripts/base/frameworks/netcontrol/acld.bro @@ -15,7 +15,7 @@ redef exit_only_after_terminate = T; global have_peer = F; global did_init = F; -event bro_init() +event zeek_init() { suspend_processing(); } @@ -106,7 +106,7 @@ event die() terminate(); } -event bro_init() +event zeek_init() { Broker::subscribe("bro/event/netcontroltest"); Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT"))); diff --git a/testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.bro b/testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.bro index 50c04433ad..91dfd05217 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.bro +++ b/testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.bro @@ -26,7 +26,7 @@ redef Log::default_rotation_interval = 0secs; @load base/frameworks/netcontrol @if ( Cluster::local_node_type() == Cluster::WORKER ) -event bro_init() +event zeek_init() { suspend_processing(); } diff --git a/testing/btest/scripts/base/frameworks/netcontrol/broker.bro b/testing/btest/scripts/base/frameworks/netcontrol/broker.bro index 4d232c3325..08cc38ed78 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/broker.bro +++ b/testing/btest/scripts/base/frameworks/netcontrol/broker.bro @@ -15,7 +15,7 @@ redef exit_only_after_terminate = T; global have_peer = F; global did_init = F; -event bro_init() +event zeek_init() { suspend_processing(); } @@ -90,7 +90,7 @@ event die() terminate(); } -event bro_init() +event zeek_init() { Broker::subscribe("bro/event/netcontroltest"); Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT"))); diff --git a/testing/btest/scripts/base/frameworks/notice/suppression-disable.bro b/testing/btest/scripts/base/frameworks/notice/suppression-disable.bro index 96b932caf8..5eeab5bff2 100644 --- a/testing/btest/scripts/base/frameworks/notice/suppression-disable.bro +++ b/testing/btest/scripts/base/frameworks/notice/suppression-disable.bro @@ -18,7 +18,7 @@ event second_notice() NOTICE([$note=Test_Notice, $msg="another test", $identifier="static"]); } -event bro_init() +event zeek_init() { NOTICE([$note=Test_Notice, $msg="test", $identifier="static"]); schedule 1msec { second_notice() }; diff --git a/testing/btest/scripts/base/frameworks/notice/suppression.bro b/testing/btest/scripts/base/frameworks/notice/suppression.bro index 87ce3672b6..d91aa17a2e 100644 --- a/testing/btest/scripts/base/frameworks/notice/suppression.bro +++ b/testing/btest/scripts/base/frameworks/notice/suppression.bro @@ -15,7 +15,7 @@ event second_notice() NOTICE([$note=Test_Notice, $msg="another test", $identifier="static"]); } -event bro_init() +event zeek_init() { NOTICE([$note=Test_Notice, $msg="test", $identifier="static"]); schedule 1msec { second_notice() }; diff --git a/testing/btest/scripts/base/frameworks/openflow/broker-basic.bro b/testing/btest/scripts/base/frameworks/openflow/broker-basic.bro index 9d43089b93..db73f22e51 100644 --- a/testing/btest/scripts/base/frameworks/openflow/broker-basic.bro +++ b/testing/btest/scripts/base/frameworks/openflow/broker-basic.bro @@ -15,7 +15,7 @@ redef exit_only_after_terminate = T; global of_controller: OpenFlow::Controller; -event bro_init() +event zeek_init() { suspend_processing(); of_controller = OpenFlow::broker_new("broker1", 127.0.0.1, to_port(getenv("BROKER_PORT")), "bro/openflow", 42); @@ -80,7 +80,7 @@ event die() terminate(); } -event bro_init() +event zeek_init() { Broker::subscribe("bro/openflow"); Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT"))); diff --git a/testing/btest/scripts/base/frameworks/openflow/log-basic.bro b/testing/btest/scripts/base/frameworks/openflow/log-basic.bro index d4f08e7822..5aa615f691 100644 --- a/testing/btest/scripts/base/frameworks/openflow/log-basic.bro +++ b/testing/btest/scripts/base/frameworks/openflow/log-basic.bro @@ -8,7 +8,7 @@ global of_controller: OpenFlow::Controller; global cookie_id: count = 42; -event bro_init() +event zeek_init() { of_controller = OpenFlow::log_new(42); diff --git a/testing/btest/scripts/base/frameworks/openflow/log-cluster.bro b/testing/btest/scripts/base/frameworks/openflow/log-cluster.bro index 33f20f8ce5..50b6c976b5 100644 --- a/testing/btest/scripts/base/frameworks/openflow/log-cluster.bro +++ b/testing/btest/scripts/base/frameworks/openflow/log-cluster.bro @@ -22,7 +22,7 @@ redef Log::default_rotation_interval = 0secs; global of_controller: OpenFlow::Controller; @if ( Cluster::local_node_type() == Cluster::WORKER ) -event bro_init() +event zeek_init() { suspend_processing(); } @@ -33,7 +33,7 @@ event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string) } @endif -event bro_init() +event zeek_init() { of_controller = OpenFlow::log_new(42); } diff --git a/testing/btest/scripts/base/frameworks/openflow/ryu-basic.bro b/testing/btest/scripts/base/frameworks/openflow/ryu-basic.bro index 3bfaa4c076..9df9822450 100644 --- a/testing/btest/scripts/base/frameworks/openflow/ryu-basic.bro +++ b/testing/btest/scripts/base/frameworks/openflow/ryu-basic.bro @@ -6,7 +6,7 @@ global of_controller: OpenFlow::Controller; -event bro_init() +event zeek_init() { of_controller = OpenFlow::ryu_new(127.0.0.1, 8080, 42); of_controller$state$ryu_debug=T; diff --git a/testing/btest/scripts/base/frameworks/reporter/disable-stderr.bro b/testing/btest/scripts/base/frameworks/reporter/disable-stderr.bro index b1afb99b5c..bf449e886d 100644 --- a/testing/btest/scripts/base/frameworks/reporter/disable-stderr.bro +++ b/testing/btest/scripts/base/frameworks/reporter/disable-stderr.bro @@ -7,7 +7,7 @@ redef Reporter::errors_to_stderr = F; global test: table[count] of string = {}; -event bro_init() +event zeek_init() { print test[3]; } diff --git a/testing/btest/scripts/base/frameworks/reporter/stderr.bro b/testing/btest/scripts/base/frameworks/reporter/stderr.bro index ef01c9fdf9..6b878ceef5 100644 --- a/testing/btest/scripts/base/frameworks/reporter/stderr.bro +++ b/testing/btest/scripts/base/frameworks/reporter/stderr.bro @@ -4,7 +4,7 @@ global test: table[count] of string = {}; -event bro_init() +event zeek_init() { print test[3]; } diff --git a/testing/btest/scripts/base/frameworks/software/version-parsing.bro b/testing/btest/scripts/base/frameworks/software/version-parsing.bro index 806a058a03..fd43145826 100644 --- a/testing/btest/scripts/base/frameworks/software/version-parsing.bro +++ b/testing/btest/scripts/base/frameworks/software/version-parsing.bro @@ -133,7 +133,7 @@ global matched_software: table[string] of Software::Description = { [$name="Android (Google Pixel)", $version=[$major=9], $unparsed_version=""], }; -event bro_init() +event zeek_init() { for ( sw in matched_software ) { diff --git a/testing/btest/scripts/base/frameworks/sumstats/basic-cluster.bro b/testing/btest/scripts/base/frameworks/sumstats/basic-cluster.bro index 8f4bd26ef1..31e2a68fd3 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/basic-cluster.bro +++ b/testing/btest/scripts/base/frameworks/sumstats/basic-cluster.bro @@ -21,7 +21,7 @@ redef Log::default_rotation_interval = 0secs; global n = 0; -event bro_init() &priority=5 +event zeek_init() &priority=5 { local r1: SumStats::Reducer = [$stream="test", $apply=set(SumStats::SUM, SumStats::MIN, SumStats::MAX, SumStats::AVERAGE, SumStats::STD_DEV, SumStats::VARIANCE, SumStats::UNIQUE, SumStats::HLL_UNIQUE)]; SumStats::create([$name="test", @@ -71,7 +71,7 @@ event ready_for_data() @if ( Cluster::local_node_type() == Cluster::MANAGER ) -event bro_init() &priority=100 +event zeek_init() &priority=100 { Broker::auto_publish(Cluster::worker_topic, ready_for_data); } diff --git a/testing/btest/scripts/base/frameworks/sumstats/basic.bro b/testing/btest/scripts/base/frameworks/sumstats/basic.bro index 40f269ab1a..1362c739cf 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/basic.bro +++ b/testing/btest/scripts/base/frameworks/sumstats/basic.bro @@ -4,7 +4,7 @@ redef exit_only_after_terminate=T; -event bro_init() &priority=5 +event zeek_init() &priority=5 { local r1: SumStats::Reducer = [$stream="test.metric", $apply=set(SumStats::SUM, diff --git a/testing/btest/scripts/base/frameworks/sumstats/cluster-intermediate-update.bro b/testing/btest/scripts/base/frameworks/sumstats/cluster-intermediate-update.bro index 949fcb3644..81a3a1c0e2 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/cluster-intermediate-update.bro +++ b/testing/btest/scripts/base/frameworks/sumstats/cluster-intermediate-update.bro @@ -18,7 +18,7 @@ redef Cluster::nodes = { redef Log::default_rotation_interval = 0secs; -event bro_init() &priority=5 +event zeek_init() &priority=5 { local r1: SumStats::Reducer = [$stream="test.metric", $apply=set(SumStats::SUM)]; SumStats::create([$name="test", diff --git a/testing/btest/scripts/base/frameworks/sumstats/last-cluster.bro b/testing/btest/scripts/base/frameworks/sumstats/last-cluster.bro index da8f8fb80f..55b0e30069 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/last-cluster.bro +++ b/testing/btest/scripts/base/frameworks/sumstats/last-cluster.bro @@ -27,7 +27,7 @@ event do_observe() schedule 0.1secs { do_observe() }; } -event bro_init() +event zeek_init() { local r1 = SumStats::Reducer($stream="test", $apply=set(SumStats::LAST), diff --git a/testing/btest/scripts/base/frameworks/sumstats/on-demand-cluster.bro b/testing/btest/scripts/base/frameworks/sumstats/on-demand-cluster.bro index bb429a52cb..225b3951f2 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/on-demand-cluster.bro +++ b/testing/btest/scripts/base/frameworks/sumstats/on-demand-cluster.bro @@ -22,7 +22,7 @@ redef Log::default_rotation_interval = 0secs; global n = 0; -event bro_init() &priority=5 +event zeek_init() &priority=5 { local r1 = SumStats::Reducer($stream="test", $apply=set(SumStats::SUM, SumStats::MIN, SumStats::MAX, SumStats::AVERAGE, SumStats::STD_DEV, SumStats::VARIANCE, SumStats::UNIQUE)); SumStats::create([$name="test sumstat", @@ -37,7 +37,7 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string) global ready_for_data: event(); -event bro_init() +event zeek_init() { Broker::auto_publish(Cluster::worker_topic, ready_for_data); } diff --git a/testing/btest/scripts/base/frameworks/sumstats/on-demand.bro b/testing/btest/scripts/base/frameworks/sumstats/on-demand.bro index 78aba726ca..99658ad7d0 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/on-demand.bro +++ b/testing/btest/scripts/base/frameworks/sumstats/on-demand.bro @@ -28,7 +28,7 @@ event on_demand_key() } } -event bro_init() &priority=5 +event zeek_init() &priority=5 { local r1: SumStats::Reducer = [$stream="test.reducer", $apply=set(SumStats::SUM)]; diff --git a/testing/btest/scripts/base/frameworks/sumstats/sample-cluster.bro b/testing/btest/scripts/base/frameworks/sumstats/sample-cluster.bro index 227313635a..36a1859f99 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/sample-cluster.bro +++ b/testing/btest/scripts/base/frameworks/sumstats/sample-cluster.bro @@ -18,7 +18,7 @@ redef Cluster::nodes = { redef Log::default_rotation_interval = 0secs; -event bro_init() &priority=5 +event zeek_init() &priority=5 { local r1: SumStats::Reducer = [$stream="test", $apply=set(SumStats::SAMPLE), $num_samples=5]; SumStats::create([$name="test", @@ -47,7 +47,7 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string) global ready_for_data: event(); -event bro_init() +event zeek_init() { Broker::auto_publish(Cluster::worker_topic, ready_for_data); diff --git a/testing/btest/scripts/base/frameworks/sumstats/sample.bro b/testing/btest/scripts/base/frameworks/sumstats/sample.bro index 4ba395b463..30e80b1b49 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/sample.bro +++ b/testing/btest/scripts/base/frameworks/sumstats/sample.bro @@ -1,7 +1,7 @@ # @TEST-EXEC: bro %INPUT # @TEST-EXEC: btest-diff .stdout -event bro_init() &priority=5 +event zeek_init() &priority=5 { local r1: SumStats::Reducer = [$stream="test.metric", $apply=set(SumStats::SAMPLE), $num_samples=2]; diff --git a/testing/btest/scripts/base/frameworks/sumstats/thresholding.bro b/testing/btest/scripts/base/frameworks/sumstats/thresholding.bro index b7bb826446..f751a85e98 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/thresholding.bro +++ b/testing/btest/scripts/base/frameworks/sumstats/thresholding.bro @@ -5,7 +5,7 @@ redef enum Notice::Type += { Test_Notice, }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { local r1: SumStats::Reducer = [$stream="test.metric", $apply=set(SumStats::SUM)]; SumStats::create([$name="test1", diff --git a/testing/btest/scripts/base/frameworks/sumstats/topk-cluster.bro b/testing/btest/scripts/base/frameworks/sumstats/topk-cluster.bro index 8a3a9bcf1b..d3ced7f692 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/topk-cluster.bro +++ b/testing/btest/scripts/base/frameworks/sumstats/topk-cluster.bro @@ -20,7 +20,7 @@ redef Cluster::nodes = { redef Log::default_rotation_interval = 0secs; -event bro_init() &priority=5 +event zeek_init() &priority=5 { local r1: SumStats::Reducer = [$stream="test.metric", $apply=set(SumStats::TOPK)]; @@ -53,7 +53,7 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string) global ready_for_data: event(); -event bro_init() +event zeek_init() { Broker::auto_publish(Cluster::worker_topic, ready_for_data); } diff --git a/testing/btest/scripts/base/frameworks/sumstats/topk.bro b/testing/btest/scripts/base/frameworks/sumstats/topk.bro index 99c301c669..1a1ef7870a 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/topk.bro +++ b/testing/btest/scripts/base/frameworks/sumstats/topk.bro @@ -1,7 +1,7 @@ # @TEST-EXEC: bro %INPUT # @TEST-EXEC: btest-diff .stdout -event bro_init() &priority=5 +event zeek_init() &priority=5 { local r1: SumStats::Reducer = [$stream="test.metric", $apply=set(SumStats::TOPK)]; diff --git a/testing/btest/scripts/base/protocols/http/content-range-gap-skip.bro b/testing/btest/scripts/base/protocols/http/content-range-gap-skip.bro index b96b8f02a6..74ce213505 100644 --- a/testing/btest/scripts/base/protocols/http/content-range-gap-skip.bro +++ b/testing/btest/scripts/base/protocols/http/content-range-gap-skip.bro @@ -19,7 +19,7 @@ event content_gap(c: connection, is_orig: bool, seq: count, length: count) got_gap = T; } -event bro_done() +event zeek_done() { if ( ! got_data_after_gap ) exit(1); diff --git a/testing/btest/scripts/base/protocols/http/http-pipelining.bro b/testing/btest/scripts/base/protocols/http/http-pipelining.bro index bb392b1c4b..afb1a7f33e 100644 --- a/testing/btest/scripts/base/protocols/http/http-pipelining.bro +++ b/testing/btest/scripts/base/protocols/http/http-pipelining.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: btest-diff http.log # mime type is irrelevant to this test, so filter it out -event bro_init() +event zeek_init() { Log::remove_default_filter(HTTP::LOG); Log::add_filter(HTTP::LOG, [$name="less-mime-types", $exclude=set("mime_type")]); diff --git a/testing/btest/scripts/base/protocols/irc/basic.test b/testing/btest/scripts/base/protocols/irc/basic.test index 618f4d9079..d4fb893e2c 100644 --- a/testing/btest/scripts/base/protocols/irc/basic.test +++ b/testing/btest/scripts/base/protocols/irc/basic.test @@ -6,7 +6,7 @@ # @TEST-EXEC: btest-diff conn.log # dcc mime types are irrelevant to this test, so filter it out -event bro_init() +event zeek_init() { Log::remove_default_filter(IRC::LOG); Log::add_filter(IRC::LOG, [$name="remove-mime", $exclude=set("dcc_mime_type")]); diff --git a/testing/btest/scripts/base/protocols/krb/smb2_krb.test b/testing/btest/scripts/base/protocols/krb/smb2_krb.test index 08c05d83f1..32c2a6e58d 100644 --- a/testing/btest/scripts/base/protocols/krb/smb2_krb.test +++ b/testing/btest/scripts/base/protocols/krb/smb2_krb.test @@ -11,7 +11,7 @@ redef KRB::keytab = "smb2_krb.keytab"; global monitor_ports: set[port] = { 445/tcp, 139/tcp } &redef; -event bro_init() &priority=5{ +event zeek_init() &priority=5{ Analyzer::register_for_ports(Analyzer::ANALYZER_SMB, monitor_ports); } diff --git a/testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test b/testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test index 0d2c68d142..d08543a0fb 100644 --- a/testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test +++ b/testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test @@ -10,7 +10,7 @@ global monitor_ports: set[port] = { 445/tcp, 139/tcp } &redef; -event bro_init() &priority=5{ +event zeek_init() &priority=5{ Analyzer::register_for_ports(Analyzer::ANALYZER_SMB, monitor_ports); } diff --git a/testing/btest/scripts/base/protocols/mount/basic.test b/testing/btest/scripts/base/protocols/mount/basic.test index 8576874ce3..bd6fd5d5db 100644 --- a/testing/btest/scripts/base/protocols/mount/basic.test +++ b/testing/btest/scripts/base/protocols/mount/basic.test @@ -4,7 +4,7 @@ global mount_ports: set[port] = { 635/tcp, 635/udp, 20048/tcp, 20048/udp } &redef; redef ignore_checksums = T; -event bro_init() +event zeek_init() { Analyzer::register_for_ports(Analyzer::ANALYZER_MOUNT, mount_ports); Analyzer::enable_analyzer(Analyzer::ANALYZER_MOUNT); diff --git a/testing/btest/scripts/base/protocols/ncp/event.bro b/testing/btest/scripts/base/protocols/ncp/event.bro index acb4bf0a0c..2333544b05 100644 --- a/testing/btest/scripts/base/protocols/ncp/event.bro +++ b/testing/btest/scripts/base/protocols/ncp/event.bro @@ -3,7 +3,7 @@ redef likely_server_ports += { 524/tcp }; -event bro_init() +event zeek_init() { const ports = { 524/tcp }; Analyzer::register_for_ports(Analyzer::ANALYZER_NCP, ports); diff --git a/testing/btest/scripts/base/protocols/ncp/frame_size_tuning.bro b/testing/btest/scripts/base/protocols/ncp/frame_size_tuning.bro index 46ad87e752..cc4a5799f2 100644 --- a/testing/btest/scripts/base/protocols/ncp/frame_size_tuning.bro +++ b/testing/btest/scripts/base/protocols/ncp/frame_size_tuning.bro @@ -3,7 +3,7 @@ redef likely_server_ports += { 524/tcp }; -event bro_init() +event zeek_init() { const ports = { 524/tcp }; Analyzer::register_for_ports(Analyzer::ANALYZER_NCP, ports); diff --git a/testing/btest/scripts/base/protocols/nfs/basic.test b/testing/btest/scripts/base/protocols/nfs/basic.test index f2d2b1862a..9b7ae91910 100755 --- a/testing/btest/scripts/base/protocols/nfs/basic.test +++ b/testing/btest/scripts/base/protocols/nfs/basic.test @@ -4,7 +4,7 @@ global nfs_ports: set[port] = { 2049/tcp, 2049/udp } &redef; redef ignore_checksums = T; -event bro_init() +event zeek_init() { Analyzer::register_for_ports(Analyzer::ANALYZER_NFS, nfs_ports); Analyzer::enable_analyzer(Analyzer::ANALYZER_NFS); diff --git a/testing/btest/scripts/base/protocols/pop3/starttls.bro b/testing/btest/scripts/base/protocols/pop3/starttls.bro index 8e0d1ab5ef..d2bfee6449 100644 --- a/testing/btest/scripts/base/protocols/pop3/starttls.bro +++ b/testing/btest/scripts/base/protocols/pop3/starttls.bro @@ -14,7 +14,7 @@ const ports = { }; redef likely_server_ports += { ports }; -event bro_init() &priority=5 +event zeek_init() &priority=5 { Analyzer::register_for_ports(Analyzer::ANALYZER_POP3, ports); } diff --git a/testing/btest/scripts/base/protocols/smb/disabled-dce-rpc.test b/testing/btest/scripts/base/protocols/smb/disabled-dce-rpc.test index 627e396517..d65ee81c41 100644 --- a/testing/btest/scripts/base/protocols/smb/disabled-dce-rpc.test +++ b/testing/btest/scripts/base/protocols/smb/disabled-dce-rpc.test @@ -6,7 +6,7 @@ # The DCE_RPC analyzer is a little weird since it's instantiated # by the SMB analyzer directly in some cases. Care needs to be # taken to handle a disabled analyzer correctly. -event bro_init() +event zeek_init() { Analyzer::disable_analyzer(Analyzer::ANALYZER_DCE_RPC); } diff --git a/testing/btest/scripts/base/protocols/ssl/dpd.test b/testing/btest/scripts/base/protocols/ssl/dpd.test index 1a16a10db4..20b6ab6b74 100644 --- a/testing/btest/scripts/base/protocols/ssl/dpd.test +++ b/testing/btest/scripts/base/protocols/ssl/dpd.test @@ -9,7 +9,7 @@ @load base/frameworks/signatures @load-sigs base/protocols/ssl/dpd.sig -event bro_init() +event zeek_init() { print "Start test run"; } diff --git a/testing/btest/scripts/base/protocols/ssl/ocsp-http-get.test b/testing/btest/scripts/base/protocols/ssl/ocsp-http-get.test index c8c8acc589..181ee34909 100644 --- a/testing/btest/scripts/base/protocols/ssl/ocsp-http-get.test +++ b/testing/btest/scripts/base/protocols/ssl/ocsp-http-get.test @@ -6,7 +6,7 @@ @load files/x509/log-ocsp -event bro_init() +event zeek_init() { Files::register_for_mime_type(Files::ANALYZER_OCSP_REQUEST, "application/ocsp-request"); Files::register_for_mime_type(Files::ANALYZER_OCSP_REPLY, "application/ocsp-response"); diff --git a/testing/btest/scripts/base/protocols/ssl/ocsp-request-only.test b/testing/btest/scripts/base/protocols/ssl/ocsp-request-only.test index 05483717b0..ff493a62a8 100644 --- a/testing/btest/scripts/base/protocols/ssl/ocsp-request-only.test +++ b/testing/btest/scripts/base/protocols/ssl/ocsp-request-only.test @@ -5,7 +5,7 @@ @load files/x509/log-ocsp -event bro_init() +event zeek_init() { Files::register_for_mime_type(Files::ANALYZER_OCSP_REQUEST, "application/ocsp-request"); Files::register_for_mime_type(Files::ANALYZER_OCSP_REPLY, "application/ocsp-response"); diff --git a/testing/btest/scripts/base/protocols/ssl/ocsp-request-response.test b/testing/btest/scripts/base/protocols/ssl/ocsp-request-response.test index b95203dfd8..cfa5b99375 100644 --- a/testing/btest/scripts/base/protocols/ssl/ocsp-request-response.test +++ b/testing/btest/scripts/base/protocols/ssl/ocsp-request-response.test @@ -6,7 +6,7 @@ @load files/x509/log-ocsp -event bro_init() +event zeek_init() { Files::register_for_mime_type(Files::ANALYZER_OCSP_REQUEST, "application/ocsp-request"); Files::register_for_mime_type(Files::ANALYZER_OCSP_REPLY, "application/ocsp-response"); diff --git a/testing/btest/scripts/base/protocols/ssl/ocsp-response-only.test b/testing/btest/scripts/base/protocols/ssl/ocsp-response-only.test index 43dbf82583..3b8c4a2d57 100644 --- a/testing/btest/scripts/base/protocols/ssl/ocsp-response-only.test +++ b/testing/btest/scripts/base/protocols/ssl/ocsp-response-only.test @@ -6,7 +6,7 @@ @load files/x509/log-ocsp -event bro_init() +event zeek_init() { Files::register_for_mime_type(Files::ANALYZER_OCSP_REQUEST, "application/ocsp-request"); Files::register_for_mime_type(Files::ANALYZER_OCSP_REPLY, "application/ocsp-response"); diff --git a/testing/btest/scripts/base/protocols/ssl/ocsp-revoked.test b/testing/btest/scripts/base/protocols/ssl/ocsp-revoked.test index e4378135ad..3ee0e96776 100644 --- a/testing/btest/scripts/base/protocols/ssl/ocsp-revoked.test +++ b/testing/btest/scripts/base/protocols/ssl/ocsp-revoked.test @@ -6,7 +6,7 @@ @load files/x509/log-ocsp -event bro_init() +event zeek_init() { Files::register_for_mime_type(Files::ANALYZER_OCSP_REQUEST, "application/ocsp-request"); Files::register_for_mime_type(Files::ANALYZER_OCSP_REPLY, "application/ocsp-response"); diff --git a/testing/btest/scripts/base/utils/active-http.test b/testing/btest/scripts/base/utils/active-http.test index 97d06448ca..9f94a14c7f 100644 --- a/testing/btest/scripts/base/utils/active-http.test +++ b/testing/btest/scripts/base/utils/active-http.test @@ -35,7 +35,7 @@ function test_request(label: string, req: ActiveHTTP::Request) } } -event bro_init() +event zeek_init() { test_request("test1", [$url="127.0.0.1:32123"]); test_request("test2", [$url="127.0.0.1:32123/empty", $method="POST"]); diff --git a/testing/btest/scripts/base/utils/addrs.test b/testing/btest/scripts/base/utils/addrs.test index 224fd9dc62..8e5580d3e5 100644 --- a/testing/btest/scripts/base/utils/addrs.test +++ b/testing/btest/scripts/base/utils/addrs.test @@ -3,7 +3,7 @@ @load base/utils/addrs -event bro_init() +event zeek_init() { local ip = "0.0.0.0"; diff --git a/testing/btest/scripts/base/utils/decompose_uri.bro b/testing/btest/scripts/base/utils/decompose_uri.bro index 6ed30e7889..074e782474 100644 --- a/testing/btest/scripts/base/utils/decompose_uri.bro +++ b/testing/btest/scripts/base/utils/decompose_uri.bro @@ -10,7 +10,7 @@ function dc(s: string) print ""; } -event bro_init() +event zeek_init() { dc("https://www.bro.org:42/documentation/faq.html?k1=v1&k2=v2"); dc(""); diff --git a/testing/btest/scripts/base/utils/dir.test b/testing/btest/scripts/base/utils/dir.test index 4cbb4a3c89..ccb56b4276 100644 --- a/testing/btest/scripts/base/utils/dir.test +++ b/testing/btest/scripts/base/utils/dir.test @@ -47,7 +47,7 @@ function new_file(fname: string) terminate(); } -event bro_init() +event zeek_init() { Dir::monitor("../testdir", new_file, .25sec); } diff --git a/testing/btest/scripts/base/utils/directions-and-hosts.test b/testing/btest/scripts/base/utils/directions-and-hosts.test index 92d1b48d3a..a955053d4a 100644 --- a/testing/btest/scripts/base/utils/directions-and-hosts.test +++ b/testing/btest/scripts/base/utils/directions-and-hosts.test @@ -40,7 +40,7 @@ function test_dir(id: conn_id, d: Direction, expect: bool) result == expect ? "SUCCESS" : "FAIL"); } -event bro_init() +event zeek_init() { test_host(local_ip, LOCAL_HOSTS, T); test_host(local_ip, REMOTE_HOSTS, F); diff --git a/testing/btest/scripts/base/utils/exec.test b/testing/btest/scripts/base/utils/exec.test index 0b926df402..b8fbe474aa 100644 --- a/testing/btest/scripts/base/utils/exec.test +++ b/testing/btest/scripts/base/utils/exec.test @@ -26,7 +26,7 @@ function test_cmd(label: string, cmd: Exec::Command) } } -event bro_init() +event zeek_init() { test_cmd("test1", [$cmd="bash ../somescript.sh", $read_files=set("out1", "out2")]); diff --git a/testing/btest/scripts/base/utils/files.test b/testing/btest/scripts/base/utils/files.test index 3324522030..402da96bed 100644 --- a/testing/btest/scripts/base/utils/files.test +++ b/testing/btest/scripts/base/utils/files.test @@ -12,9 +12,9 @@ event connection_established(c: connection) print generate_extraction_filename("", c, ""); } -event bro_init() +event zeek_init() { print extract_filename_from_content_disposition("attachment; filename=Economy"); print extract_filename_from_content_disposition("attachment; name=\"US-$ rates\""); print extract_filename_from_content_disposition("attachment; filename*=iso-8859-1'en'%A3%20rates"); - } \ No newline at end of file + } diff --git a/testing/btest/scripts/base/utils/json.test b/testing/btest/scripts/base/utils/json.test index 264151136a..968db1cefe 100644 --- a/testing/btest/scripts/base/utils/json.test +++ b/testing/btest/scripts/base/utils/json.test @@ -16,7 +16,7 @@ type myrec2: record { m: myrec1 &log; }; -event bro_init() +event zeek_init() { # ##################################### # Test the basic (non-container) types: diff --git a/testing/btest/scripts/base/utils/queue.test b/testing/btest/scripts/base/utils/queue.test index 344ea73f45..b11cac233f 100644 --- a/testing/btest/scripts/base/utils/queue.test +++ b/testing/btest/scripts/base/utils/queue.test @@ -4,7 +4,7 @@ # This is loaded by default @load base/utils/queue -event bro_init() +event zeek_init() { local q = Queue::init([$max_len=2]); Queue::put(q, 1); @@ -30,4 +30,4 @@ event bro_init() Queue::get_vector(q2, test3); for ( i in test3 ) print fmt("String queue value: %s", test3[i]); - } \ No newline at end of file + } diff --git a/testing/btest/scripts/base/utils/site.test b/testing/btest/scripts/base/utils/site.test index cfd7dd2ceb..50438a0b9c 100644 --- a/testing/btest/scripts/base/utils/site.test +++ b/testing/btest/scripts/base/utils/site.test @@ -12,7 +12,7 @@ redef Site::local_admins += { [141.142.100.0/24] = b, }; -event bro_init() +event zeek_init() { print Site::get_emails(141.142.1.1); print Site::get_emails(141.142.100.100); diff --git a/testing/btest/scripts/policy/frameworks/intel/seen/certs.bro b/testing/btest/scripts/policy/frameworks/intel/seen/certs.bro index 8571784d9a..c90c5e41f4 100644 --- a/testing/btest/scripts/policy/frameworks/intel/seen/certs.bro +++ b/testing/btest/scripts/policy/frameworks/intel/seen/certs.bro @@ -17,7 +17,7 @@ www.dresdner-privat.de Intel::DOMAIN source1 test entry http://some-data-distrib redef Intel::read_files += { "intel.dat" }; -event bro_init() +event zeek_init() { suspend_processing(); } diff --git a/testing/btest/scripts/policy/frameworks/intel/seen/smtp.bro b/testing/btest/scripts/policy/frameworks/intel/seen/smtp.bro index fd21e0f73a..6ad04e95bd 100644 --- a/testing/btest/scripts/policy/frameworks/intel/seen/smtp.bro +++ b/testing/btest/scripts/policy/frameworks/intel/seen/smtp.bro @@ -16,7 +16,7 @@ name-addr@example.com Intel::EMAIL source1 test entry http://some-data-distribut redef Intel::read_files += { "intel.dat" }; -event bro_init() +event zeek_init() { suspend_processing(); } diff --git a/testing/btest/scripts/policy/frameworks/intel/whitelisting.bro b/testing/btest/scripts/policy/frameworks/intel/whitelisting.bro index 53acd49aa9..560ba35c0a 100644 --- a/testing/btest/scripts/policy/frameworks/intel/whitelisting.bro +++ b/testing/btest/scripts/policy/frameworks/intel/whitelisting.bro @@ -23,7 +23,7 @@ redef Intel::read_files += { global total_files_read = 0; -event bro_init() +event zeek_init() { suspend_processing(); } diff --git a/testing/btest/scripts/policy/frameworks/software/version-changes.bro b/testing/btest/scripts/policy/frameworks/software/version-changes.bro index c6d2433236..493bc1d354 100644 --- a/testing/btest/scripts/policy/frameworks/software/version-changes.bro +++ b/testing/btest/scripts/policy/frameworks/software/version-changes.bro @@ -34,7 +34,7 @@ event new_software() event new_software(); } -event bro_init() +event zeek_init() { event new_software(); } diff --git a/testing/btest/scripts/policy/frameworks/software/vulnerable.bro b/testing/btest/scripts/policy/frameworks/software/vulnerable.bro index 2ea7009a21..dd233a6ffc 100644 --- a/testing/btest/scripts/policy/frameworks/software/vulnerable.bro +++ b/testing/btest/scripts/policy/frameworks/software/vulnerable.bro @@ -11,7 +11,7 @@ redef Software::vulnerable_versions += { ["Java"] = set(java_1_6_vuln, java_1_7_vuln) }; -event bro_init() +event zeek_init() { Software::found([$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=4.3.2.1, $resp_p=80/tcp], [$name="Java", $host=1.2.3.4, $version=[$major=1, $minor=7, $minor2=0, $minor3=15]]); diff --git a/testing/btest/scripts/policy/misc/weird-stats.bro b/testing/btest/scripts/policy/misc/weird-stats.bro index b26fce8e47..b5f7c0901b 100644 --- a/testing/btest/scripts/policy/misc/weird-stats.bro +++ b/testing/btest/scripts/policy/misc/weird-stats.bro @@ -24,7 +24,7 @@ event gen_weirds(n: count, done: bool &default = F) schedule 5sec { die() }; } -event bro_init() +event zeek_init() { event gen_weirds(1000); schedule 7.5sec { gen_weirds(2000) } ; diff --git a/testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.bro b/testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.bro index 2e82eb9dfb..3041abab75 100644 --- a/testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.bro +++ b/testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.bro @@ -3,8 +3,8 @@ @load protocols/http/detect-sqli -event bro_init () -{ +event zeek_init() + { local positive_matches: set[string]; local negative_matches: set[string]; diff --git a/testing/btest/signatures/dpd.bro b/testing/btest/signatures/dpd.bro index 39f1b01294..b6d58fb3a3 100644 --- a/testing/btest/signatures/dpd.bro +++ b/testing/btest/signatures/dpd.bro @@ -30,7 +30,7 @@ signature my_ftp_server { @load base/utils/addrs -event bro_init() +event zeek_init() { # no analyzer attached to any port by default, depends entirely on sigs print "|Analyzer::all_registered_ports()|", |Analyzer::all_registered_ports()|; diff --git a/testing/scripts/file-analysis-test.bro b/testing/scripts/file-analysis-test.bro index aa7d158b55..337bf3c1c0 100644 --- a/testing/scripts/file-analysis-test.bro +++ b/testing/scripts/file-analysis-test.bro @@ -108,7 +108,7 @@ event file_state_remove(f: fa_file) print fmt("SHA256: %s", f$info$sha256); } -event bro_init() +event zeek_init() { add test_file_analyzers[Files::ANALYZER_MD5]; add test_file_analyzers[Files::ANALYZER_SHA1]; From 9d676d368ba3cdb69215fd8d6741ac1adbc39b6f Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Sun, 14 Apr 2019 09:58:30 -0400 Subject: [PATCH 022/247] Some more testing fixes. --- testing/btest/Baseline/bifs.global_sizes/out | 2 +- .../btest/Baseline/core.plugins.hooks/output | 24 ++++++------ .../bro.output | 2 +- .../Baseline/language.common-mistakes/1.out | 2 +- testing/btest/Baseline/language.event/out | 4 +- .../language.index-assignment-invalid/out | 2 +- .../Baseline/language.returnwhen/bro..stdout | 6 +-- testing/btest/Baseline/plugins.hooks/output | 38 +++++++++---------- testing/btest/bifs/global_ids.bro | 2 +- testing/btest/bifs/global_sizes.bro | 4 +- testing/btest/bifs/lookup_ID.bro | 2 +- testing/btest/bifs/lstrip.bro | 2 +- testing/btest/bifs/rstrip.bro | 2 +- testing/btest/bifs/safe_shell_quote.bro | 2 +- testing/btest/bifs/type_name.bro | 2 +- testing/btest/core/init-error.bro | 6 +-- testing/btest/core/leaks/returnwhen.bro | 6 +-- .../core/when-interpreter-exceptions.bro | 2 +- testing/btest/coverage/broxygen.sh | 2 +- testing/btest/language/common-mistakes.bro | 16 ++++---- testing/btest/language/eof-parse-errors.bro | 4 +- testing/btest/language/event.bro | 4 +- testing/btest/language/invalid_index.bro | 6 +-- testing/btest/language/key-value-for.bro | 2 +- testing/btest/language/returnwhen.bro | 6 +-- testing/btest/language/subnet-errors.bro | 6 +-- .../language/ternary-record-mismatch.bro | 2 +- .../language/type-cast-error-dynamic.bro | 4 +- .../base/frameworks/input/config/spaces.bro | 2 +- .../input/path-prefix/absolute-prefix.bro | 6 +-- .../input/path-prefix/absolute-source.bro | 6 +-- .../frameworks/input/path-prefix/no-paths.bro | 6 +-- .../input/path-prefix/relative-prefix.bro | 6 +-- .../base/frameworks/intel/filter-item.bro | 2 +- .../base/protocols/ssl/dtls-no-dtls.test | 2 +- .../policy/frameworks/intel/removal.bro | 4 +- .../policy/frameworks/intel/seen/smb.bro | 2 +- 37 files changed, 99 insertions(+), 99 deletions(-) diff --git a/testing/btest/Baseline/bifs.global_sizes/out b/testing/btest/Baseline/bifs.global_sizes/out index 76c40b297a..fe0e737de0 100644 --- a/testing/btest/Baseline/bifs.global_sizes/out +++ b/testing/btest/Baseline/bifs.global_sizes/out @@ -1 +1 @@ -found bro_init +found zeek_init diff --git a/testing/btest/Baseline/core.plugins.hooks/output b/testing/btest/Baseline/core.plugins.hooks/output index 87f20f8512..f030cb0af2 100644 --- a/testing/btest/Baseline/core.plugins.hooks/output +++ b/testing/btest/Baseline/core.plugins.hooks/output @@ -188,7 +188,7 @@ 0.000000 MetaHookPost CallFunction(SumStats::register_observe_plugin, (SumStats::UNIQUE, anonymous-function{ if (!SumStats::rv?$unique_vals) SumStats::rv$unique_vals = (coerce set() to set[SumStats::Observation])if (SumStats::r?$unique_max) SumStats::rv$unique_max = SumStats::r$unique_maxif (!SumStats::r?$unique_max || flattenSumStats::rv$unique_vals <= SumStats::r$unique_max) add SumStats::rv$unique_vals[SumStats::obs]SumStats::rv$unique = flattenSumStats::rv$unique_vals})) -> 0.000000 MetaHookPost CallFunction(SumStats::register_observe_plugin, (SumStats::VARIANCE, anonymous-function{ if (1 < SumStats::rv$num) SumStats::rv$var_s += ((SumStats::val - SumStats::rv$prev_avg) * (SumStats::val - SumStats::rv$average))SumStats::calc_variance(SumStats::rv)SumStats::rv$prev_avg = SumStats::rv$average})) -> 0.000000 MetaHookPost CallFunction(SumStats::register_observe_plugins, ()) -> -0.000000 MetaHookPost CallFunction(bro_init, ()) -> +0.000000 MetaHookPost CallFunction(zeek_init, ()) -> 0.000000 MetaHookPost CallFunction(filter_change_tracking, ()) -> 0.000000 MetaHookPost CallFunction(set_to_regex, ({}, (^\.?|\.)(~~)$)) -> 0.000000 MetaHookPost CallFunction(set_to_regex, ({}, (^\.?|\.)(~~)$)) -> @@ -576,7 +576,7 @@ 0.000000 MetaHookPost LoadFile(base/utils/thresholds) -> -1 0.000000 MetaHookPost LoadFile(base/utils/time) -> -1 0.000000 MetaHookPost LoadFile(base/utils/urls) -> -1 -0.000000 MetaHookPost QueueEvent(bro_init()) -> false +0.000000 MetaHookPost QueueEvent(zeek_init()) -> false 0.000000 MetaHookPost QueueEvent(filter_change_tracking()) -> false 0.000000 MetaHookPre CallFunction(Analyzer::disable_analyzer, (Analyzer::ANALYZER_BACKDOOR)) 0.000000 MetaHookPre CallFunction(Analyzer::disable_analyzer, (Analyzer::ANALYZER_INTERCONN)) @@ -768,7 +768,7 @@ 0.000000 MetaHookPre CallFunction(SumStats::register_observe_plugin, (SumStats::UNIQUE, anonymous-function{ if (!SumStats::rv?$unique_vals) SumStats::rv$unique_vals = (coerce set() to set[SumStats::Observation])if (SumStats::r?$unique_max) SumStats::rv$unique_max = SumStats::r$unique_maxif (!SumStats::r?$unique_max || flattenSumStats::rv$unique_vals <= SumStats::r$unique_max) add SumStats::rv$unique_vals[SumStats::obs]SumStats::rv$unique = flattenSumStats::rv$unique_vals})) 0.000000 MetaHookPre CallFunction(SumStats::register_observe_plugin, (SumStats::VARIANCE, anonymous-function{ if (1 < SumStats::rv$num) SumStats::rv$var_s += ((SumStats::val - SumStats::rv$prev_avg) * (SumStats::val - SumStats::rv$average))SumStats::calc_variance(SumStats::rv)SumStats::rv$prev_avg = SumStats::rv$average})) 0.000000 MetaHookPre CallFunction(SumStats::register_observe_plugins, ()) -0.000000 MetaHookPre CallFunction(bro_init, ()) +0.000000 MetaHookPre CallFunction(zeek_init, ()) 0.000000 MetaHookPre CallFunction(filter_change_tracking, ()) 0.000000 MetaHookPre CallFunction(set_to_regex, ({}, (^\.?|\.)(~~)$)) 0.000000 MetaHookPre CallFunction(set_to_regex, ({}, (^\.?|\.)(~~)$)) @@ -1156,7 +1156,7 @@ 0.000000 MetaHookPre LoadFile(base/utils/thresholds) 0.000000 MetaHookPre LoadFile(base/utils/time) 0.000000 MetaHookPre LoadFile(base/utils/urls) -0.000000 MetaHookPre QueueEvent(bro_init()) +0.000000 MetaHookPre QueueEvent(zeek_init()) 0.000000 MetaHookPre QueueEvent(filter_change_tracking()) 0.000000 | HookCallFunction Analyzer::disable_analyzer(Analyzer::ANALYZER_BACKDOOR) 0.000000 | HookCallFunction Analyzer::disable_analyzer(Analyzer::ANALYZER_INTERCONN) @@ -1348,7 +1348,7 @@ 0.000000 | HookCallFunction SumStats::register_observe_plugin(SumStats::UNIQUE, anonymous-function{ if (!SumStats::rv?$unique_vals) SumStats::rv$unique_vals = (coerce set() to set[SumStats::Observation])if (SumStats::r?$unique_max) SumStats::rv$unique_max = SumStats::r$unique_maxif (!SumStats::r?$unique_max || flattenSumStats::rv$unique_vals <= SumStats::r$unique_max) add SumStats::rv$unique_vals[SumStats::obs]SumStats::rv$unique = flattenSumStats::rv$unique_vals}) 0.000000 | HookCallFunction SumStats::register_observe_plugin(SumStats::VARIANCE, anonymous-function{ if (1 < SumStats::rv$num) SumStats::rv$var_s += ((SumStats::val - SumStats::rv$prev_avg) * (SumStats::val - SumStats::rv$average))SumStats::calc_variance(SumStats::rv)SumStats::rv$prev_avg = SumStats::rv$average}) 0.000000 | HookCallFunction SumStats::register_observe_plugins() -0.000000 | HookCallFunction bro_init() +0.000000 | HookCallFunction zeek_init() 0.000000 | HookCallFunction filter_change_tracking() 0.000000 | HookCallFunction set_to_regex({}, (^\.?|\.)(~~)$) 0.000000 | HookCallFunction set_to_regex({}, (^\.?|\.)(~~)$) @@ -1736,7 +1736,7 @@ 0.000000 | HookLoadFile base/utils/thresholds.bro/bro 0.000000 | HookLoadFile base/utils/time.bro/bro 0.000000 | HookLoadFile base/utils/urls.bro/bro -0.000000 | HookQueueEvent bro_init() +0.000000 | HookQueueEvent zeek_init() 0.000000 | HookQueueEvent filter_change_tracking() 1362692526.869344 MetaHookPost CallFunction(ChecksumOffloading::check, ()) -> 1362692526.869344 MetaHookPost CallFunction(filter_change_tracking, ()) -> @@ -2193,7 +2193,7 @@ 1362692527.080972 MetaHookPost CallFunction(HTTP::get_file_handle, ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={HTTP}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> 1362692527.080972 MetaHookPost CallFunction(Log::default_path_func, (Conn::LOG, , [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) -> 1362692527.080972 MetaHookPost CallFunction(Log::write, (Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) -> -1362692527.080972 MetaHookPost CallFunction(bro_done, ()) -> +1362692527.080972 MetaHookPost CallFunction(zeek_done, ()) -> 1362692527.080972 MetaHookPost CallFunction(connection_state_remove, ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={HTTP}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> 1362692527.080972 MetaHookPost CallFunction(filter_change_tracking, ()) -> 1362692527.080972 MetaHookPost CallFunction(get_file_handle, (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={HTTP}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> @@ -2214,7 +2214,7 @@ 1362692527.080972 MetaHookPost DrainEvents() -> 1362692527.080972 MetaHookPost QueueEvent(ChecksumOffloading::check()) -> false 1362692527.080972 MetaHookPost QueueEvent(ChecksumOffloading::check()) -> false -1362692527.080972 MetaHookPost QueueEvent(bro_done()) -> false +1362692527.080972 MetaHookPost QueueEvent(zeek_done()) -> false 1362692527.080972 MetaHookPost QueueEvent(connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={HTTP}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> false 1362692527.080972 MetaHookPost QueueEvent(filter_change_tracking()) -> false 1362692527.080972 MetaHookPost QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={HTTP}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> false @@ -2227,7 +2227,7 @@ 1362692527.080972 MetaHookPre CallFunction(HTTP::get_file_handle, ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={HTTP}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) 1362692527.080972 MetaHookPre CallFunction(Log::default_path_func, (Conn::LOG, , [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) 1362692527.080972 MetaHookPre CallFunction(Log::write, (Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) -1362692527.080972 MetaHookPre CallFunction(bro_done, ()) +1362692527.080972 MetaHookPre CallFunction(zeek_done, ()) 1362692527.080972 MetaHookPre CallFunction(connection_state_remove, ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={HTTP}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) 1362692527.080972 MetaHookPre CallFunction(filter_change_tracking, ()) 1362692527.080972 MetaHookPre CallFunction(get_file_handle, (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={HTTP}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) @@ -2248,7 +2248,7 @@ 1362692527.080972 MetaHookPre DrainEvents() 1362692527.080972 MetaHookPre QueueEvent(ChecksumOffloading::check()) 1362692527.080972 MetaHookPre QueueEvent(ChecksumOffloading::check()) -1362692527.080972 MetaHookPre QueueEvent(bro_done()) +1362692527.080972 MetaHookPre QueueEvent(zeek_done()) 1362692527.080972 MetaHookPre QueueEvent(connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={HTTP}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) 1362692527.080972 MetaHookPre QueueEvent(filter_change_tracking()) 1362692527.080972 MetaHookPre QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={HTTP}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) @@ -2262,7 +2262,7 @@ 1362692527.080972 | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={HTTP}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) 1362692527.080972 | HookCallFunction Log::default_path_func(Conn::LOG, , [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}]) 1362692527.080972 | HookCallFunction Log::write(Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}]) -1362692527.080972 | HookCallFunction bro_done() +1362692527.080972 | HookCallFunction zeek_done() 1362692527.080972 | HookCallFunction connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={HTTP}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]) 1362692527.080972 | HookCallFunction filter_change_tracking() 1362692527.080972 | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={HTTP}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) @@ -2283,7 +2283,7 @@ 1362692527.080972 | HookDrainEvents 1362692527.080972 | HookQueueEvent ChecksumOffloading::check() 1362692527.080972 | HookQueueEvent ChecksumOffloading::check() -1362692527.080972 | HookQueueEvent bro_done() +1362692527.080972 | HookQueueEvent zeek_done() 1362692527.080972 | HookQueueEvent connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={HTTP}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]) 1362692527.080972 | HookQueueEvent filter_change_tracking() 1362692527.080972 | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={HTTP}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) diff --git a/testing/btest/Baseline/core.when-interpreter-exceptions/bro.output b/testing/btest/Baseline/core.when-interpreter-exceptions/bro.output index 27a90d137c..555983a868 100644 --- a/testing/btest/Baseline/core.when-interpreter-exceptions/bro.output +++ b/testing/btest/Baseline/core.when-interpreter-exceptions/bro.output @@ -6,7 +6,7 @@ received termination signal [f(F)] f() done, no exception, T [f(T)] -[bro_init()] +[zeek_init()] timeout g(), T timeout timeout g(), F diff --git a/testing/btest/Baseline/language.common-mistakes/1.out b/testing/btest/Baseline/language.common-mistakes/1.out index 8070f84644..bae5aeef7b 100644 --- a/testing/btest/Baseline/language.common-mistakes/1.out +++ b/testing/btest/Baseline/language.common-mistakes/1.out @@ -1,4 +1,4 @@ expression error in ./1.bro, line 9: field value missing (mr$f) bar start foo start -other bro_init +other zeek_init diff --git a/testing/btest/Baseline/language.event/out b/testing/btest/Baseline/language.event/out index 14fa9c1e8a..66f0ada96f 100644 --- a/testing/btest/Baseline/language.event/out +++ b/testing/btest/Baseline/language.event/out @@ -2,6 +2,6 @@ event statement event part1 event part2 assign event variable (6) -schedule statement in bro_init +schedule statement in zeek_init schedule statement in global -schedule statement another in bro_init +schedule statement another in zeek_init diff --git a/testing/btest/Baseline/language.index-assignment-invalid/out b/testing/btest/Baseline/language.index-assignment-invalid/out index 3972a9f10e..e36f611e43 100644 --- a/testing/btest/Baseline/language.index-assignment-invalid/out +++ b/testing/btest/Baseline/language.index-assignment-invalid/out @@ -2,4 +2,4 @@ runtime error in /home/jon/pro/zeek/zeek/scripts/base/utils/queue.bro, line 152: #0 Queue::get_vector([initialized=T, vals={[2] = test,[6] = jkl;,[4] = asdf,[1] = goodbye,[5] = 3,[0] = hello,[3] = [a=T, b=hi, c=]}, settings=[max_len=], top=7, bottom=0, size=0], [hello, goodbye, test]) at /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.bro:19 #1 bar(55) at /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.bro:27 #2 foo(hi, 13) at /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.bro:39 - #3 bro_init() + #3 zeek_init() diff --git a/testing/btest/Baseline/language.returnwhen/bro..stdout b/testing/btest/Baseline/language.returnwhen/bro..stdout index d213d7bd02..969b6715af 100644 --- a/testing/btest/Baseline/language.returnwhen/bro..stdout +++ b/testing/btest/Baseline/language.returnwhen/bro..stdout @@ -1,6 +1,6 @@ -dummy from async_func() from bro_init() -async_func() return result in bro_init(), flag in my_set -dummy from bro_init() when block +dummy from async_func() from zeek_init() +async_func() return result in zeek_init(), flag in my_set +dummy from zeek_init() when block hi! dummy from async_func() from do_another() async_func() return result in do_another(), flag in my_set diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output index 1fb96d9d3c..329868ba9f 100644 --- a/testing/btest/Baseline/plugins.hooks/output +++ b/testing/btest/Baseline/plugins.hooks/output @@ -277,7 +277,7 @@ 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> -0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1554405757.770254, node=bro, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1555250203.059926, node=bro, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Broker::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Cluster::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Config::LOG)) -> @@ -462,7 +462,7 @@ 0.000000 MetaHookPost CallFunction(Log::create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> -0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1554405757.770254, node=bro, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1555250203.059926, node=bro, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(NetControl::check_plugins, , ()) -> 0.000000 MetaHookPost CallFunction(NetControl::init, , ()) -> 0.000000 MetaHookPost CallFunction(Notice::want_pp, , ()) -> @@ -562,7 +562,6 @@ 0.000000 MetaHookPost CallFunction(SumStats::register_observe_plugins, , ()) -> 0.000000 MetaHookPost CallFunction(Unified2::mappings_initialized, , ()) -> 0.000000 MetaHookPost CallFunction(Unified2::start_watching, , ()) -> -0.000000 MetaHookPost CallFunction(zeek_init, , ()) -> 0.000000 MetaHookPost CallFunction(current_time, , ()) -> 0.000000 MetaHookPost CallFunction(filter_change_tracking, , ()) -> 0.000000 MetaHookPost CallFunction(getenv, , (BRO_DEFAULT_LISTEN_ADDRESS)) -> @@ -574,6 +573,7 @@ 0.000000 MetaHookPost CallFunction(set_to_regex, , ({}, (^\.?|\.)(~~)$)) -> 0.000000 MetaHookPost CallFunction(string_to_pattern, , ((^\.?|\.)()$, F)) -> 0.000000 MetaHookPost CallFunction(sub, , ((^\.?|\.)(~~)$, <...>/, )) -> +0.000000 MetaHookPost CallFunction(zeek_init, , ()) -> 0.000000 MetaHookPost DrainEvents() -> 0.000000 MetaHookPost LoadFile(0, ..<...>/main.bro) -> -1 0.000000 MetaHookPost LoadFile(0, ..<...>/plugin.bro) -> -1 @@ -899,8 +899,8 @@ 0.000000 MetaHookPost LogInit(Log::WRITER_ASCII, default, true, true, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}) -> 0.000000 MetaHookPost LogWrite(Log::WRITER_ASCII, default, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}, ) -> true 0.000000 MetaHookPost QueueEvent(NetControl::init()) -> false -0.000000 MetaHookPost QueueEvent(zeek_init()) -> false 0.000000 MetaHookPost QueueEvent(filter_change_tracking()) -> false +0.000000 MetaHookPost QueueEvent(zeek_init()) -> false 0.000000 MetaHookPre CallFunction(Analyzer::__disable_analyzer, , (Analyzer::ANALYZER_BACKDOOR)) 0.000000 MetaHookPre CallFunction(Analyzer::__disable_analyzer, , (Analyzer::ANALYZER_INTERCONN)) 0.000000 MetaHookPre CallFunction(Analyzer::__disable_analyzer, , (Analyzer::ANALYZER_STEPPINGSTONE)) @@ -1180,7 +1180,7 @@ 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1554405757.770254, node=bro, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1555250203.059926, node=bro, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Broker::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Cluster::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Config::LOG)) @@ -1365,7 +1365,7 @@ 0.000000 MetaHookPre CallFunction(Log::create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1554405757.770254, node=bro, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1555250203.059926, node=bro, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(NetControl::check_plugins, , ()) 0.000000 MetaHookPre CallFunction(NetControl::init, , ()) 0.000000 MetaHookPre CallFunction(Notice::want_pp, , ()) @@ -1465,7 +1465,6 @@ 0.000000 MetaHookPre CallFunction(SumStats::register_observe_plugins, , ()) 0.000000 MetaHookPre CallFunction(Unified2::mappings_initialized, , ()) 0.000000 MetaHookPre CallFunction(Unified2::start_watching, , ()) -0.000000 MetaHookPre CallFunction(zeek_init, , ()) 0.000000 MetaHookPre CallFunction(current_time, , ()) 0.000000 MetaHookPre CallFunction(filter_change_tracking, , ()) 0.000000 MetaHookPre CallFunction(getenv, , (BRO_DEFAULT_LISTEN_ADDRESS)) @@ -1477,6 +1476,7 @@ 0.000000 MetaHookPre CallFunction(set_to_regex, , ({}, (^\.?|\.)(~~)$)) 0.000000 MetaHookPre CallFunction(string_to_pattern, , ((^\.?|\.)()$, F)) 0.000000 MetaHookPre CallFunction(sub, , ((^\.?|\.)(~~)$, <...>/, )) +0.000000 MetaHookPre CallFunction(zeek_init, , ()) 0.000000 MetaHookPre DrainEvents() 0.000000 MetaHookPre LoadFile(0, ..<...>/main.bro) 0.000000 MetaHookPre LoadFile(0, ..<...>/plugin.bro) @@ -1802,8 +1802,8 @@ 0.000000 MetaHookPre LogInit(Log::WRITER_ASCII, default, true, true, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}) 0.000000 MetaHookPre LogWrite(Log::WRITER_ASCII, default, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}, ) 0.000000 MetaHookPre QueueEvent(NetControl::init()) -0.000000 MetaHookPre QueueEvent(zeek_init()) 0.000000 MetaHookPre QueueEvent(filter_change_tracking()) +0.000000 MetaHookPre QueueEvent(zeek_init()) 0.000000 | HookCallFunction Analyzer::__disable_analyzer(Analyzer::ANALYZER_BACKDOOR) 0.000000 | HookCallFunction Analyzer::__disable_analyzer(Analyzer::ANALYZER_INTERCONN) 0.000000 | HookCallFunction Analyzer::__disable_analyzer(Analyzer::ANALYZER_STEPPINGSTONE) @@ -2082,7 +2082,7 @@ 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]) 0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]) 0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]) -0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1554405757.770254, node=bro, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1555250203.059926, node=bro, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Config::LOG) @@ -2267,7 +2267,7 @@ 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]) 0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]) 0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]) -0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1554405757.770254, node=bro, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1555250203.059926, node=bro, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction NetControl::check_plugins() 0.000000 | HookCallFunction NetControl::init() 0.000000 | HookCallFunction Notice::want_pp() @@ -2367,7 +2367,6 @@ 0.000000 | HookCallFunction SumStats::register_observe_plugins() 0.000000 | HookCallFunction Unified2::mappings_initialized() 0.000000 | HookCallFunction Unified2::start_watching() -0.000000 | HookCallFunction zeek_init() 0.000000 | HookCallFunction current_time() 0.000000 | HookCallFunction filter_change_tracking() 0.000000 | HookCallFunction getenv(BRO_DEFAULT_LISTEN_ADDRESS) @@ -2379,6 +2378,7 @@ 0.000000 | HookCallFunction set_to_regex({}, (^\.?|\.)(~~)$) 0.000000 | HookCallFunction string_to_pattern((^\.?|\.)()$, F) 0.000000 | HookCallFunction sub((^\.?|\.)(~~)$, <...>/, ) +0.000000 | HookCallFunction zeek_init() 0.000000 | HookDrainEvents 0.000000 | HookLoadFile ..<...>/main.bro 0.000000 | HookLoadFile ..<...>/plugin.bro @@ -2702,10 +2702,10 @@ 0.000000 | HookLoadFile base<...>/x509 0.000000 | HookLoadFile base<...>/xmpp 0.000000 | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)} -0.000000 | HookLogWrite packet_filter [ts=1554405757.770254, node=bro, filter=ip or not ip, init=T, success=T] +0.000000 | HookLogWrite packet_filter [ts=1555250203.059926, node=bro, filter=ip or not ip, init=T, success=T] 0.000000 | HookQueueEvent NetControl::init() -0.000000 | HookQueueEvent zeek_init() 0.000000 | HookQueueEvent filter_change_tracking() +0.000000 | HookQueueEvent zeek_init() 1362692526.869344 MetaHookPost BroObjDtor() -> 1362692526.869344 MetaHookPost CallFunction(ChecksumOffloading::check, , ()) -> 1362692526.869344 MetaHookPost CallFunction(NetControl::catch_release_seen, , (141.142.228.5)) -> @@ -3154,7 +3154,6 @@ 1362692527.080972 MetaHookPost CallFunction(KRB::fill_in_subjects, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> 1362692527.080972 MetaHookPost CallFunction(Log::__write, , (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=])) -> 1362692527.080972 MetaHookPost CallFunction(Log::write, , (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=])) -> -1362692527.080972 MetaHookPost CallFunction(bro_done, , ()) -> 1362692527.080972 MetaHookPost CallFunction(cat, , (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> 1362692527.080972 MetaHookPost CallFunction(connection_state_remove, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> 1362692527.080972 MetaHookPost CallFunction(filter_change_tracking, , ()) -> @@ -3169,14 +3168,15 @@ 1362692527.080972 MetaHookPost CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80)) -> 1362692527.080972 MetaHookPost CallFunction(sub_bytes, , (HTTP, 0, 1)) -> 1362692527.080972 MetaHookPost CallFunction(to_lower, , (HTTP)) -> +1362692527.080972 MetaHookPost CallFunction(zeek_done, , ()) -> 1362692527.080972 MetaHookPost DrainEvents() -> 1362692527.080972 MetaHookPost LogInit(Log::WRITER_ASCII, default, true, true, conn(1362692527.080972,0.0,0.0), 21, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string])}) -> 1362692527.080972 MetaHookPost LogWrite(Log::WRITER_ASCII, default, conn(1362692527.080972,0.0,0.0), 21, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string])}, ) -> true 1362692527.080972 MetaHookPost QueueEvent(ChecksumOffloading::check()) -> false -1362692527.080972 MetaHookPost QueueEvent(bro_done()) -> false 1362692527.080972 MetaHookPost QueueEvent(connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> false 1362692527.080972 MetaHookPost QueueEvent(filter_change_tracking()) -> false 1362692527.080972 MetaHookPost QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> false +1362692527.080972 MetaHookPost QueueEvent(zeek_done()) -> false 1362692527.080972 MetaHookPost UpdateNetworkTime(1362692527.080972) -> 1362692527.080972 MetaHookPre CallFunction(ChecksumOffloading::check, , ()) 1362692527.080972 MetaHookPre CallFunction(Conn::conn_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], tcp)) @@ -3187,7 +3187,6 @@ 1362692527.080972 MetaHookPre CallFunction(KRB::fill_in_subjects, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) 1362692527.080972 MetaHookPre CallFunction(Log::__write, , (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=])) 1362692527.080972 MetaHookPre CallFunction(Log::write, , (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=])) -1362692527.080972 MetaHookPre CallFunction(bro_done, , ()) 1362692527.080972 MetaHookPre CallFunction(cat, , (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) 1362692527.080972 MetaHookPre CallFunction(connection_state_remove, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) 1362692527.080972 MetaHookPre CallFunction(filter_change_tracking, , ()) @@ -3202,14 +3201,15 @@ 1362692527.080972 MetaHookPre CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80)) 1362692527.080972 MetaHookPre CallFunction(sub_bytes, , (HTTP, 0, 1)) 1362692527.080972 MetaHookPre CallFunction(to_lower, , (HTTP)) +1362692527.080972 MetaHookPre CallFunction(zeek_done, , ()) 1362692527.080972 MetaHookPre DrainEvents() 1362692527.080972 MetaHookPre LogInit(Log::WRITER_ASCII, default, true, true, conn(1362692527.080972,0.0,0.0), 21, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string])}) 1362692527.080972 MetaHookPre LogWrite(Log::WRITER_ASCII, default, conn(1362692527.080972,0.0,0.0), 21, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string])}, ) 1362692527.080972 MetaHookPre QueueEvent(ChecksumOffloading::check()) -1362692527.080972 MetaHookPre QueueEvent(bro_done()) 1362692527.080972 MetaHookPre QueueEvent(connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) 1362692527.080972 MetaHookPre QueueEvent(filter_change_tracking()) 1362692527.080972 MetaHookPre QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +1362692527.080972 MetaHookPre QueueEvent(zeek_done()) 1362692527.080972 MetaHookPre UpdateNetworkTime(1362692527.080972) 1362692527.080972 | HookUpdateNetworkTime 1362692527.080972 1362692527.080972 | HookCallFunction ChecksumOffloading::check() @@ -3221,7 +3221,6 @@ 1362692527.080972 | HookCallFunction KRB::fill_in_subjects([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]) 1362692527.080972 | HookCallFunction Log::__write(Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=]) 1362692527.080972 | HookCallFunction Log::write(Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=]) -1362692527.080972 | HookCallFunction bro_done() 1362692527.080972 | HookCallFunction cat(Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80) 1362692527.080972 | HookCallFunction connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]) 1362692527.080972 | HookCallFunction filter_change_tracking() @@ -3236,11 +3235,12 @@ 1362692527.080972 | HookCallFunction set_file_handle(Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80) 1362692527.080972 | HookCallFunction sub_bytes(HTTP, 0, 1) 1362692527.080972 | HookCallFunction to_lower(HTTP) +1362692527.080972 | HookCallFunction zeek_done() 1362692527.080972 | HookDrainEvents 1362692527.080972 | HookLogInit conn 1/1 {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string])} 1362692527.080972 | HookLogWrite conn [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id.orig_h=141.142.228.5, id.orig_p=59856, id.resp_h=192.150.187.43, id.resp_p=80, proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=] 1362692527.080972 | HookQueueEvent ChecksumOffloading::check() -1362692527.080972 | HookQueueEvent zeek_done() 1362692527.080972 | HookQueueEvent connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]) 1362692527.080972 | HookQueueEvent filter_change_tracking() 1362692527.080972 | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +1362692527.080972 | HookQueueEvent zeek_done() diff --git a/testing/btest/bifs/global_ids.bro b/testing/btest/bifs/global_ids.bro index a6d7b306cb..8875065b3b 100644 --- a/testing/btest/bifs/global_ids.bro +++ b/testing/btest/bifs/global_ids.bro @@ -8,7 +8,7 @@ event zeek_init() for ( i in a ) { # the table is quite large, so just print one item we expect - if ( i == "bro_init" ) + if ( i == "zeek_init" ) print a[i]$type_name; } diff --git a/testing/btest/bifs/global_sizes.bro b/testing/btest/bifs/global_sizes.bro index 1eb2abbd87..5705ae5e95 100644 --- a/testing/btest/bifs/global_sizes.bro +++ b/testing/btest/bifs/global_sizes.bro @@ -8,8 +8,8 @@ event zeek_init() for ( i in a ) { # the table is quite large, so just look for one item we expect - if ( i == "bro_init" ) - print "found bro_init"; + if ( i == "zeek_init" ) + print "found zeek_init"; } diff --git a/testing/btest/bifs/lookup_ID.bro b/testing/btest/bifs/lookup_ID.bro index 94e7bf0180..1d11d1a8cb 100644 --- a/testing/btest/bifs/lookup_ID.bro +++ b/testing/btest/bifs/lookup_ID.bro @@ -12,5 +12,5 @@ event zeek_init() print lookup_ID(""); print lookup_ID("xyz"); print lookup_ID("b"); - print type_name( lookup_ID("bro_init") ); + print type_name( lookup_ID("zeek_init") ); } diff --git a/testing/btest/bifs/lstrip.bro b/testing/btest/bifs/lstrip.bro index f382b06e23..850ec90d3f 100644 --- a/testing/btest/bifs/lstrip.bro +++ b/testing/btest/bifs/lstrip.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local link_test = "https://www.zeek.org"; local one_side = "abcdcab"; diff --git a/testing/btest/bifs/rstrip.bro b/testing/btest/bifs/rstrip.bro index a0695b8107..f99ebd5f8d 100644 --- a/testing/btest/bifs/rstrip.bro +++ b/testing/btest/bifs/rstrip.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local link_test = "https://www.zeek.org"; local one_side = "abcdcab"; diff --git a/testing/btest/bifs/safe_shell_quote.bro b/testing/btest/bifs/safe_shell_quote.bro index 490952c79b..9f43fe4089 100644 --- a/testing/btest/bifs/safe_shell_quote.bro +++ b/testing/btest/bifs/safe_shell_quote.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { local a = "echo `pwd` ${TEST} > \"my file\"; echo -e \"\\n\""; print a; diff --git a/testing/btest/bifs/type_name.bro b/testing/btest/bifs/type_name.bro index 7377558db2..6f9f9c6f32 100644 --- a/testing/btest/bifs/type_name.bro +++ b/testing/btest/bifs/type_name.bro @@ -69,5 +69,5 @@ event zeek_init() print type_name(y); # result is "file of string" which is a bit odd; # we should remove the (apparently unused) type argument # from files. - print type_name(bro_init); + print type_name(zeek_init); } diff --git a/testing/btest/core/init-error.bro b/testing/btest/core/init-error.bro index c415ca16b1..858fad4eb1 100644 --- a/testing/btest/core/init-error.bro +++ b/testing/btest/core/init-error.bro @@ -3,19 +3,19 @@ # @TEST-EXEC-FAIL: unset ZEEK_ALLOW_INIT_ERRORS && bro -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out -event bro_init() &priority=10 +event zeek_init() &priority=10 { print "1st event"; } -event bro_init() &priority=10 +event zeek_init() &priority=10 { print "2nd event"; local v = vector(1, 2, 3); print v[10]; } -event bro_init() &priority=-10 +event zeek_init() &priority=-10 { print "3rd event"; } diff --git a/testing/btest/core/leaks/returnwhen.bro b/testing/btest/core/leaks/returnwhen.bro index cf1115a738..1220a3c371 100644 --- a/testing/btest/core/leaks/returnwhen.bro +++ b/testing/btest/core/leaks/returnwhen.bro @@ -71,10 +71,10 @@ event zeek_init() schedule 1sec { set_flag() }; - when ( local result = async_func("from bro_init()") ) + when ( local result = async_func("from zeek_init()") ) { - print "async_func() return result in bro_init()", result; - print local_dummy("from bro_init() when block"); + print "async_func() return result in zeek_init()", result; + print local_dummy("from zeek_init() when block"); print anon("hi"); if ( result == "timeout" ) terminate(); schedule 10msec { do_another() }; diff --git a/testing/btest/core/when-interpreter-exceptions.bro b/testing/btest/core/when-interpreter-exceptions.bro index f6a1d8a73b..41f2374c2f 100644 --- a/testing/btest/core/when-interpreter-exceptions.bro +++ b/testing/btest/core/when-interpreter-exceptions.bro @@ -81,7 +81,7 @@ function g(do_exception: bool): bool event zeek_init() { - local cmd = Exec::Command($cmd="echo 'bro_init()'"); + local cmd = Exec::Command($cmd="echo 'zeek_init()'"); local stall = Exec::Command($cmd="sleep 30"); when ( local result = Exec::run(cmd) ) diff --git a/testing/btest/coverage/broxygen.sh b/testing/btest/coverage/broxygen.sh index 13bf24bce3..eee4575738 100644 --- a/testing/btest/coverage/broxygen.sh +++ b/testing/btest/coverage/broxygen.sh @@ -2,7 +2,7 @@ # loadable script is referenced there. The only additional check here is # that the broxygen package should even load scripts that are commented # out in test-all-policy.bro because the broxygen package is only loaded -# when generated documentation and will terminate has soon as bro_init +# when generated documentation and will terminate has soon as zeek_init # is handled, even if a script will e.g. put Bro into listen mode or otherwise # cause it to not terminate after scripts are parsed. diff --git a/testing/btest/language/common-mistakes.bro b/testing/btest/language/common-mistakes.bro index 361aae0ff4..bff40f1617 100644 --- a/testing/btest/language/common-mistakes.bro +++ b/testing/btest/language/common-mistakes.bro @@ -33,17 +33,17 @@ function bar() print "bar done"; } -event bro_init() +event zeek_init() { bar(); # Unreachable - print "bro_init done"; + print "zeek_init done"; } -event bro_init() &priority=-10 +event zeek_init() &priority=-10 { # Reachable - print "other bro_init"; + print "other zeek_init"; } @TEST-END-FILE @@ -65,11 +65,11 @@ function foo() print "foo done"; } -event bro_init() +event zeek_init() { foo(); # Unreachable - print "bro_init done"; + print "zeek_init done"; } @TEST-END-FILE @@ -84,12 +84,12 @@ function foo(v: vector of any) print "foo done"; } -event bro_init() +event zeek_init() { local v: vector of count; v += 1; foo(v); # Unreachable - print "bro_init done", v; + print "zeek_init done", v; } @TEST-END-FILE diff --git a/testing/btest/language/eof-parse-errors.bro b/testing/btest/language/eof-parse-errors.bro index a2c6edc66d..fbe857fc17 100644 --- a/testing/btest/language/eof-parse-errors.bro +++ b/testing/btest/language/eof-parse-errors.bro @@ -6,7 +6,7 @@ @TEST-START-FILE a.bro module A; -event bro_init() +event zeek_init() { print "a"; @TEST-END-FILE @@ -14,7 +14,7 @@ event bro_init() @TEST-START-FILE b.bro module B; -event bro_init() +event zeek_init() { print "b"; } diff --git a/testing/btest/language/event.bro b/testing/btest/language/event.bro index 5f9f552e0d..664bff49ef 100644 --- a/testing/btest/language/event.bro +++ b/testing/btest/language/event.bro @@ -38,8 +38,8 @@ event zeek_init() event e1(); # Test calling an event with "schedule" statement - schedule 1 sec { e2("in bro_init") }; - schedule 3 sec { e2("another in bro_init") }; + schedule 1 sec { e2("in zeek_init") }; + schedule 3 sec { e2("another in zeek_init") }; # Test calling an event that has two separate definitions event e3("foo"); diff --git a/testing/btest/language/invalid_index.bro b/testing/btest/language/invalid_index.bro index 23fdb50d06..399865ba23 100644 --- a/testing/btest/language/invalid_index.bro +++ b/testing/btest/language/invalid_index.bro @@ -4,19 +4,19 @@ global foo: vector of count = { 42 }; global foo2: table[count] of count = { [0] = 13 }; -event bro_init() +event zeek_init() { print "foo[0]", foo[0]; print "foo[1]", foo[1]; } -event bro_init() +event zeek_init() { print "foo2[0]", foo2[0]; print "foo2[1]", foo2[1]; } -event bro_done() +event zeek_done() { print "done"; } diff --git a/testing/btest/language/key-value-for.bro b/testing/btest/language/key-value-for.bro index 97591dcacf..396c1d0bab 100644 --- a/testing/btest/language/key-value-for.bro +++ b/testing/btest/language/key-value-for.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: btest-diff out -event bro_init() +event zeek_init() { # Test single keys diff --git a/testing/btest/language/returnwhen.bro b/testing/btest/language/returnwhen.bro index 79f55fbfc2..c3d5f17661 100644 --- a/testing/btest/language/returnwhen.bro +++ b/testing/btest/language/returnwhen.bro @@ -66,10 +66,10 @@ event zeek_init() schedule 1sec { set_flag() }; - when ( local result = async_func("from bro_init()") ) + when ( local result = async_func("from zeek_init()") ) { - print "async_func() return result in bro_init()", result; - print local_dummy("from bro_init() when block"); + print "async_func() return result in zeek_init()", result; + print local_dummy("from zeek_init() when block"); print anon("hi"); if ( result == "timeout" ) terminate(); schedule 10msec { do_another() }; diff --git a/testing/btest/language/subnet-errors.bro b/testing/btest/language/subnet-errors.bro index fa98dcec48..499a6fb552 100644 --- a/testing/btest/language/subnet-errors.bro +++ b/testing/btest/language/subnet-errors.bro @@ -1,7 +1,7 @@ # @TEST-EXEC: bro -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out -event bro_init() +event zeek_init() { local i = 32; print 1.2.3.4/i; @@ -10,7 +10,7 @@ event bro_init() print "init 1"; } -event bro_init() +event zeek_init() { local i = 128; print [::]/i; @@ -19,7 +19,7 @@ event bro_init() print "init 1"; } -event bro_init() &priority=-10 +event zeek_init() &priority=-10 { print "init last"; } diff --git a/testing/btest/language/ternary-record-mismatch.bro b/testing/btest/language/ternary-record-mismatch.bro index 068952a69f..3c0c4ab95e 100644 --- a/testing/btest/language/ternary-record-mismatch.bro +++ b/testing/btest/language/ternary-record-mismatch.bro @@ -7,7 +7,7 @@ type MyRecord: record { c: bool &default = T; }; -event bro_init() +event zeek_init() { local rec: MyRecord = record($a = "a string", $b = 6); local rec2: MyRecord = (F) ? MyRecord($a = "a string", $b = 6) : diff --git a/testing/btest/language/type-cast-error-dynamic.bro b/testing/btest/language/type-cast-error-dynamic.bro index fb0605b196..21f51bc8d8 100644 --- a/testing/btest/language/type-cast-error-dynamic.bro +++ b/testing/btest/language/type-cast-error-dynamic.bro @@ -16,14 +16,14 @@ event zeek_init() cast_to_string(42); } -event bro_init() +event zeek_init() { local x: X; x = [$a = 1.2.3.4, $b=1947/tcp]; cast_to_string(x); } -event bro_init() +event zeek_init() { print "data is string", Broker::Data() is string; cast_to_string(Broker::Data()); diff --git a/testing/btest/scripts/base/frameworks/input/config/spaces.bro b/testing/btest/scripts/base/frameworks/input/config/spaces.bro index 90afa20b13..00bc64888e 100644 --- a/testing/btest/scripts/base/frameworks/input/config/spaces.bro +++ b/testing/btest/scripts/base/frameworks/input/config/spaces.bro @@ -51,7 +51,7 @@ event Input::end_of_data(name: string, source:string) terminate(); } -event bro_init() +event zeek_init() { outfile = open("../out"); Input::add_table([$reader=Input::READER_CONFIG, $source="../configfile", $name="configuration", $idx=Idx, $val=Val, $destination=currconfig, $want_record=F]); diff --git a/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-prefix.bro b/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-prefix.bro index df8a68613d..d0433649f3 100644 --- a/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-prefix.bro +++ b/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-prefix.bro @@ -22,7 +22,7 @@ @load path-prefix-common-table.bro redef InputAscii::path_prefix = "@path_prefix@"; -event bro_init() +event zeek_init() { Input::add_table([$source="input.data", $name="input", $idx=Idx, $val=Val, $destination=destination, $want_record=F]); @@ -35,7 +35,7 @@ event bro_init() @load path-prefix-common-event.bro redef InputAscii::path_prefix = "@path_prefix@"; -event bro_init() +event zeek_init() { Input::add_event([$source="input.data", $name="input", $fields=Val, $ev=inputev]); @@ -48,7 +48,7 @@ event bro_init() @load path-prefix-common-analysis.bro redef InputBinary::path_prefix = "@path_prefix@"; -event bro_init() +event zeek_init() { Input::add_analysis([$source="input.data", $name="input"]); } diff --git a/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-source.bro b/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-source.bro index 06d711a5e8..b21b8ec9a4 100644 --- a/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-source.bro +++ b/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-source.bro @@ -16,7 +16,7 @@ @load path-prefix-common-table.bro redef InputAscii::path_prefix = "/this/does/not/exist"; -event bro_init() +event zeek_init() { Input::add_table([$source="@path_prefix@/input.data", $name="input", $idx=Idx, $val=Val, $destination=destination, $want_record=F]); @@ -29,7 +29,7 @@ event bro_init() @load path-prefix-common-event.bro redef InputAscii::path_prefix = "/this/does/not/exist"; -event bro_init() +event zeek_init() { Input::add_event([$source="@path_prefix@/input.data", $name="input", $fields=Val, $ev=inputev]); @@ -42,7 +42,7 @@ event bro_init() @load path-prefix-common-analysis.bro redef InputBinary::path_prefix = "/this/does/not/exist"; -event bro_init() +event zeek_init() { Input::add_analysis([$source="@path_prefix@/input.data", $name="input"]); } diff --git a/testing/btest/scripts/base/frameworks/input/path-prefix/no-paths.bro b/testing/btest/scripts/base/frameworks/input/path-prefix/no-paths.bro index dd38fd7796..394ba2c8d1 100644 --- a/testing/btest/scripts/base/frameworks/input/path-prefix/no-paths.bro +++ b/testing/btest/scripts/base/frameworks/input/path-prefix/no-paths.bro @@ -13,7 +13,7 @@ @load path-prefix-common-table.bro -event bro_init() +event zeek_init() { Input::add_table([$source="input.data", $name="input", $idx=Idx, $val=Val, $destination=destination, $want_record=F]); @@ -25,7 +25,7 @@ event bro_init() @load path-prefix-common-event.bro -event bro_init() +event zeek_init() { Input::add_event([$source="input.data", $name="input", $fields=Val, $ev=inputev]); @@ -37,7 +37,7 @@ event bro_init() @load path-prefix-common-analysis.bro -event bro_init() +event zeek_init() { Input::add_analysis([$source="input.data", $name="input"]); } diff --git a/testing/btest/scripts/base/frameworks/input/path-prefix/relative-prefix.bro b/testing/btest/scripts/base/frameworks/input/path-prefix/relative-prefix.bro index 52ae233289..7676b50e43 100644 --- a/testing/btest/scripts/base/frameworks/input/path-prefix/relative-prefix.bro +++ b/testing/btest/scripts/base/frameworks/input/path-prefix/relative-prefix.bro @@ -16,7 +16,7 @@ @load path-prefix-common-table.bro redef InputAscii::path_prefix = "alternative"; -event bro_init() +event zeek_init() { Input::add_table([$source="input.data", $name="input", $idx=Idx, $val=Val, $destination=destination, $want_record=F]); @@ -29,7 +29,7 @@ event bro_init() @load path-prefix-common-event.bro redef InputAscii::path_prefix = "alternative"; -event bro_init() +event zeek_init() { Input::add_event([$source="input.data", $name="input", $fields=Val, $ev=inputev]); @@ -42,7 +42,7 @@ event bro_init() @load path-prefix-common-analysis.bro redef InputBinary::path_prefix = "alternative"; -event bro_init() +event zeek_init() { Input::add_analysis([$source="input.data", $name="input"]); } diff --git a/testing/btest/scripts/base/frameworks/intel/filter-item.bro b/testing/btest/scripts/base/frameworks/intel/filter-item.bro index c598664996..81353ce7fc 100644 --- a/testing/btest/scripts/base/frameworks/intel/filter-item.bro +++ b/testing/btest/scripts/base/frameworks/intel/filter-item.bro @@ -37,7 +37,7 @@ event Intel::log_intel(rec: Intel::Info) terminate(); } -event bro_init() &priority=-10 +event zeek_init() &priority=-10 { schedule 1sec { do_it() }; } diff --git a/testing/btest/scripts/base/protocols/ssl/dtls-no-dtls.test b/testing/btest/scripts/base/protocols/ssl/dtls-no-dtls.test index c8721529c9..e8731bb1be 100644 --- a/testing/btest/scripts/base/protocols/ssl/dtls-no-dtls.test +++ b/testing/btest/scripts/base/protocols/ssl/dtls-no-dtls.test @@ -3,7 +3,7 @@ # @TEST-EXEC: bro -C -r $TRACES/dns-txt-multiple.trace %INPUT # @TEST-EXEC: btest-diff .stdout -event bro_init() +event zeek_init() { const add_ports = { 53/udp }; Analyzer::register_for_ports(Analyzer::ANALYZER_DTLS, add_ports); diff --git a/testing/btest/scripts/policy/frameworks/intel/removal.bro b/testing/btest/scripts/policy/frameworks/intel/removal.bro index 4d7e450da4..41c87bc6fb 100644 --- a/testing/btest/scripts/policy/frameworks/intel/removal.bro +++ b/testing/btest/scripts/policy/frameworks/intel/removal.bro @@ -38,9 +38,9 @@ event Intel::log_intel(rec: Intel::Info) terminate(); } -event bro_init() &priority=-10 +event zeek_init() &priority=-10 { Intel::insert([$indicator="10.0.0.1", $indicator_type=Intel::ADDR, $meta=[$source="source1"]]); Intel::insert([$indicator="10.0.0.2", $indicator_type=Intel::ADDR, $meta=[$source="source1"]]); schedule 1sec { do_it() }; - } \ No newline at end of file + } diff --git a/testing/btest/scripts/policy/frameworks/intel/seen/smb.bro b/testing/btest/scripts/policy/frameworks/intel/seen/smb.bro index 5dd594953b..5e0024ec7c 100644 --- a/testing/btest/scripts/policy/frameworks/intel/seen/smb.bro +++ b/testing/btest/scripts/policy/frameworks/intel/seen/smb.bro @@ -11,7 +11,7 @@ pythonfile Intel::FILE_NAME source1 test entry http://some-data-distributor.com/ redef Intel::read_files += { "intel.dat" }; -event bro_init() +event zeek_init() { suspend_processing(); } From 93d384adeb483dd831982eca7b080c23ee5ec0c5 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 16 Apr 2019 12:43:44 -0700 Subject: [PATCH 023/247] Updating submodule(s). [nomail] --- aux/broker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/broker b/aux/broker index d1d0a8bb5c..12a22c295c 160000 --- a/aux/broker +++ b/aux/broker @@ -1 +1 @@ -Subproject commit d1d0a8bb5c7999d81ad0de8b4474fc36ba6431dc +Subproject commit 12a22c295c31ec58009680b2babb111daf8b8e3c From 1e57e3f02644ae4de64567a6fc4b0a66ec967eb6 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 16 Apr 2019 16:07:49 -0700 Subject: [PATCH 024/247] Use .zeek file suffix in unit tests --- CHANGES | 4 ++ VERSION | 2 +- .../Baseline/bifs.to_double_from_string/error | 4 +- testing/btest/Baseline/core.div-by-zero/out | 10 ++-- .../Baseline/core.expr-exception/reporter.log | 18 ++++---- testing/btest/Baseline/core.init-error/out | 2 +- .../btest/Baseline/core.old_comm_usage/out | 2 +- .../Baseline/core.option-errors-2/.stderr | 2 +- .../Baseline/core.option-errors-3/.stderr | 2 +- .../btest/Baseline/core.option-errors/.stderr | 2 +- .../core.option-runtime-errors-10/.stderr | 2 +- .../core.option-runtime-errors-11/.stderr | 2 +- .../core.option-runtime-errors-12/.stderr | 2 +- .../core.option-runtime-errors-13/.stderr | 2 +- .../core.option-runtime-errors-2/.stderr | 2 +- .../core.option-runtime-errors-3/.stderr | 2 +- .../core.option-runtime-errors-4/.stderr | 2 +- .../core.option-runtime-errors-5/.stderr | 2 +- .../core.option-runtime-errors-6/.stderr | 2 +- .../core.option-runtime-errors-7/.stderr | 2 +- .../core.option-runtime-errors-8/.stderr | 2 +- .../core.option-runtime-errors-9/.stderr | 2 +- .../core.option-runtime-errors/.stderr | 2 +- .../core.reporter-error-in-handler/output | 4 +- .../Baseline/core.reporter-fmt-strings/output | 2 +- .../Baseline/core.reporter-parse-error/output | 2 +- .../core.reporter-runtime-error/output | 2 +- .../core.reporter-type-mismatch/output | 6 +-- .../Baseline/core.reporter/logger-test.log | 12 ++--- testing/btest/Baseline/core.reporter/output | 18 ++++---- .../bro.output | 8 ++-- .../coverage.coverage-blacklist/output | 10 ++-- .../Baseline/language.at-deprecated/.stderr | 6 +-- .../btest/Baseline/language.at-filename/out | 2 +- .../btest/Baseline/language.at-if-invalid/out | 8 ++-- .../out | 4 +- .../Baseline/language.common-mistakes/1.out | 2 +- .../Baseline/language.common-mistakes/2.out | 2 +- .../Baseline/language.common-mistakes/3.out | 2 +- .../Baseline/language.const/invalid.stderr | 26 +++++------ .../btest/Baseline/language.deprecated/out | 38 +++++++-------- .../language.eof-parse-errors/output1 | 2 +- .../language.eof-parse-errors/output2 | 2 +- .../Baseline/language.event-local-var/out | 2 +- .../language.expire-expr-error/output | 2 +- .../language.expire-func-undef/output | 38 +++++++-------- .../Baseline/language.expire-type-error/out | 2 +- .../Baseline/language.hook_calls/invalid.out | 20 ++++---- .../language.index-assignment-invalid/out | 6 +-- .../btest/Baseline/language.invalid_index/out | 4 +- .../Baseline/language.outer_param_binding/out | 6 +-- .../Baseline/language.record-bad-ctor/out | 4 +- .../Baseline/language.record-bad-ctor2/out | 2 +- .../language.record-ceorce-orphan/out | 4 +- .../Baseline/language.record-coerce-clash/out | 2 +- .../language.record-default-set-mismatch/out | 2 +- .../language.record-type-checking/out | 22 ++++----- .../Baseline/language.set-type-checking/out | 46 +++++++++---------- .../btest/Baseline/language.subnet-errors/out | 4 +- .../Baseline/language.switch-error-mixed/out | 2 +- .../Baseline/language.switch-incomplete/out | 2 +- .../language.switch-types-error-duplicate/out | 2 +- .../out | 6 +-- .../Baseline/language.table-type-checking/out | 28 +++++------ .../language.ternary-record-mismatch/out | 2 +- .../language.type-cast-error-dynamic/output | 6 +-- .../language.type-cast-error-static/output | 4 +- .../Baseline/language.type-type-error/.stderr | 2 +- .../language.undefined-delete-field/output | 2 +- .../Baseline/language.uninitialized-local/out | 2 +- .../language.uninitialized-local2/out | 2 +- .../language.vector-type-checking/out | 38 +++++++-------- .../language.when-unitialized-rhs/out | 4 +- .../language.wrong-delete-field/output | 2 +- testing/btest/Baseline/plugins.hooks/output | 6 +-- .../Baseline/plugins.reporter-hook/output | 20 ++++---- .../plugins.reporter-hook/reporter.log | 8 ++-- .../manager-reporter.log | 4 +- .../.stderr | 4 +- .../reporter.log | 2 +- .../.stderr | 2 +- .../reporter.log | 2 +- ...version.bro => addr_count_conversion.zeek} | 0 ..._to_ptr_name.bro => addr_to_ptr_name.zeek} | 0 .../{addr_version.bro => addr_version.zeek} | 0 .../btest/bifs/{all_set.bro => all_set.zeek} | 0 .../{analyzer_name.bro => analyzer_name.zeek} | 0 .../btest/bifs/{any_set.bro => any_set.zeek} | 0 ...mfilter-seed.bro => bloomfilter-seed.zeek} | 0 .../{bloomfilter.bro => bloomfilter.zeek} | 0 .../{bro_version.bro => bro_version.zeek} | 0 ..._to_count.bro => bytestring_to_count.zeek} | 0 ...o_double.bro => bytestring_to_double.zeek} | 0 ...o_hexstr.bro => bytestring_to_hexstr.zeek} | 0 ...updates.bro => capture_state_updates.zeek} | 0 testing/btest/bifs/{cat.bro => cat.zeek} | 0 ...string_array.bro => cat_string_array.zeek} | 0 .../{check_subnet.bro => check_subnet.zeek} | 0 ...kpoint_state.bro => checkpoint_state.zeek} | 0 .../{clear_table.bro => clear_table.zeek} | 0 ...r_pattern.bro => convert_for_pattern.zeek} | 0 .../{count_to_addr.bro => count_to_addr.zeek} | 0 .../{create_file.bro => create_file.zeek} | 0 ...ent_analyzer.bro => current_analyzer.zeek} | 0 .../{current_time.bro => current_time.zeek} | 0 .../{decode_base64.bro => decode_base64.zeek} | 0 ...ase64_conn.bro => decode_base64_conn.zeek} | 0 ...erations.bro => directory_operations.zeek} | 0 ...nt_packet.bro => dump_current_packet.zeek} | 0 testing/btest/bifs/{edit.bro => edit.zeek} | 0 .../{encode_base64.bro => encode_base64.zeek} | 0 .../{entropy_test.bro => entropy_test.zeek} | 0 .../{enum_to_int.bro => enum_to_int.zeek} | 0 .../{escape_string.bro => escape_string.zeek} | 0 testing/btest/bifs/{exit.bro => exit.zeek} | 0 .../bifs/{file_mode.bro => file_mode.zeek} | 0 ...net_table.bro => filter_subnet_table.zeek} | 0 .../bifs/{find_all.bro => find_all.zeek} | 0 .../{find_entropy.bro => find_entropy.zeek} | 0 .../bifs/{find_last.bro => find_last.zeek} | 0 testing/btest/bifs/{fmt.bro => fmt.zeek} | 0 .../{fmt_ftp_port.bro => fmt_ftp_port.zeek} | 0 ...der.bro => get_current_packet_header.zeek} | 0 ...tcher_stats.bro => get_matcher_stats.zeek} | 0 ...roto.bro => get_port_transport_proto.zeek} | 0 .../{gethostname.bro => gethostname.zeek} | 0 .../btest/bifs/{getpid.bro => getpid.zeek} | 0 .../bifs/{getsetenv.bro => getsetenv.zeek} | 0 .../bifs/{global_ids.bro => global_ids.zeek} | 0 .../{global_sizes.bro => global_sizes.zeek} | 0 ...e_distance.bro => haversine_distance.zeek} | 0 .../btest/bifs/{hexdump.bro => hexdump.zeek} | 0 ...testring.bro => hexstr_to_bytestring.zeek} | 0 ...l_cardinality.bro => hll_cardinality.zeek} | 0 ...e_estimate.bro => hll_large_estimate.zeek} | 0 .../{identify_data.bro => identify_data.zeek} | 0 .../bifs/{is_ascii.bro => is_ascii.zeek} | 0 ..._interface.bro => is_local_interface.zeek} | 0 .../btest/bifs/{is_port.bro => is_port.zeek} | 0 .../{join_string.bro => join_string.zeek} | 0 ...distance.bro => levenshtein_distance.zeek} | 0 .../bifs/{lookup_ID.bro => lookup_ID.zeek} | 0 .../bifs/{lowerupper.bro => lowerupper.zeek} | 0 .../btest/bifs/{lstrip.bro => lstrip.zeek} | 0 .../bifs/{mask_addr.bro => mask_addr.zeek} | 0 ...hing_subnets.bro => matching_subnets.zeek} | 0 testing/btest/bifs/{math.bro => math.zeek} | 0 .../{merge_pattern.bro => merge_pattern.zeek} | 0 ...s-functions.bro => netbios-functions.zeek} | 0 testing/btest/bifs/{order.bro => order.zeek} | 0 .../bifs/{parse_ftp.bro => parse_ftp.zeek} | 0 .../bifs/{piped_exec.bro => piped_exec.zeek} | 0 ...name_to_addr.bro => ptr_name_to_addr.zeek} | 0 testing/btest/bifs/{rand.bro => rand.zeek} | 0 ..._v4_addr.bro => raw_bytes_to_v4_addr.zeek} | 0 ...reading_traces.bro => reading_traces.zeek} | 0 ..._vector.bro => record_type_to_vector.zeek} | 0 ...records_fields.bro => records_fields.zeek} | 0 .../{remask_addr.bro => remask_addr.zeek} | 0 .../btest/bifs/{resize.bro => resize.zeek} | 0 .../btest/bifs/{reverse.bro => reverse.zeek} | 0 .../{rotate_file.bro => rotate_file.zeek} | 0 ...e_by_name.bro => rotate_file_by_name.zeek} | 0 .../btest/bifs/{rstrip.bro => rstrip.zeek} | 0 ..._shell_quote.bro => safe_shell_quote.zeek} | 0 .../{same_object.bro => same_object.zeek} | 0 testing/btest/bifs/{sort.bro => sort.zeek} | 0 ...tring_array.bro => sort_string_array.zeek} | 0 testing/btest/bifs/{split.bro => split.zeek} | 0 .../{split_string.bro => split_string.zeek} | 0 ...shell_escape.bro => str_shell_escape.zeek} | 0 .../btest/bifs/{strcmp.bro => strcmp.zeek} | 0 .../bifs/{strftime.bro => strftime.zeek} | 0 .../{string_fill.bro => string_fill.zeek} | 0 ..._to_pattern.bro => string_to_pattern.zeek} | 0 testing/btest/bifs/{strip.bro => strip.zeek} | 0 .../bifs/{strptime.bro => strptime.zeek} | 0 .../btest/bifs/{strstr.bro => strstr.zeek} | 0 testing/btest/bifs/{sub.bro => sub.zeek} | 0 ...subnet_to_addr.bro => subnet_to_addr.zeek} | 0 ...subnet_version.bro => subnet_version.zeek} | 0 .../{subst_string.bro => subst_string.zeek} | 0 .../btest/bifs/{system.bro => system.zeek} | 0 .../bifs/{system_env.bro => system_env.zeek} | 0 .../btest/bifs/{to_addr.bro => to_addr.zeek} | 0 .../bifs/{to_count.bro => to_count.zeek} | 0 .../bifs/{to_double.bro => to_double.zeek} | 0 ..._string.bro => to_double_from_string.zeek} | 0 .../btest/bifs/{to_int.bro => to_int.zeek} | 0 .../{to_interval.bro => to_interval.zeek} | 0 .../btest/bifs/{to_port.bro => to_port.zeek} | 0 .../bifs/{to_subnet.bro => to_subnet.zeek} | 0 .../btest/bifs/{to_time.bro => to_time.zeek} | 0 testing/btest/bifs/{topk.bro => topk.zeek} | 0 .../bifs/{type_name.bro => type_name.zeek} | 0 ...ique_id-pools.bro => unique_id-pools.zeek} | 4 +- .../{unique_id-rnd.bro => unique_id-rnd.zeek} | 0 .../bifs/{unique_id.bro => unique_id.zeek} | 0 ...uuid_to_string.bro => uuid_to_string.zeek} | 0 .../bifs/{val_size.bro => val_size.zeek} | 0 .../{x509_verify.bro => x509_verify.zeek} | 0 ...ect-on-retry.bro => connect-on-retry.zeek} | 8 ++-- .../{disconnect.bro => disconnect.zeek} | 10 ++-- .../btest/broker/{error.bro => error.zeek} | 4 +- .../{remote_event.bro => remote_event.zeek} | 8 ++-- ...te_event_any.bro => remote_event_any.zeek} | 8 ++-- ..._event_auto.bro => remote_event_auto.zeek} | 8 ++-- ...sl_auth.bro => remote_event_ssl_auth.zeek} | 8 ++-- ...r_any.bro => remote_event_vector_any.zeek} | 8 ++-- .../broker/{remote_id.bro => remote_id.zeek} | 8 ++-- .../{remote_log.bro => remote_log.zeek} | 14 +++--- ...ate_join.bro => remote_log_late_join.zeek} | 14 +++--- ...te_log_types.bro => remote_log_types.zeek} | 14 +++--- ...auth_failure.bro => ssl_auth_failure.zeek} | 8 ++-- .../broker/store/{clone.bro => clone.zeek} | 8 ++-- .../broker/store/{local.bro => local.zeek} | 0 .../btest/broker/store/{ops.bro => ops.zeek} | 0 .../broker/store/{record.bro => record.zeek} | 0 .../btest/broker/store/{set.bro => set.zeek} | 0 .../broker/store/{sqlite.bro => sqlite.zeek} | 0 .../broker/store/{table.bro => table.zeek} | 0 ...pe-conversion.bro => type-conversion.zeek} | 0 .../broker/store/{vector.bro => vector.zeek} | 0 .../btest/broker/{unpeer.bro => unpeer.zeek} | 8 ++-- .../{bits_per_uid.bro => bits_per_uid.zeek} | 0 ...fabric-path.bro => cisco-fabric-path.zeek} | 0 ...threshold.bro => conn-size-threshold.zeek} | 0 .../core/{conn-uid.bro => conn-uid.zeek} | 0 ...p_roles.bro => connection_flip_roles.zeek} | 0 .../core/{discarder.bro => discarder.zeek} | 16 +++---- .../{div-by-zero.bro => div-by-zero.zeek} | 0 .../core/{dns-init.bro => dns-init.zeek} | 0 .../{embedded-null.bro => embedded-null.zeek} | 0 ...edef-exists.bro => enum-redef-exists.zeek} | 0 .../btest/core/{erspan.bro => erspan.zeek} | 0 .../core/{erspanII.bro => erspanII.zeek} | 0 .../core/{erspanIII.bro => erspanIII.zeek} | 0 .../{ether-addrs.bro => ether-addrs.zeek} | 0 ...ent-arg-reuse.bro => event-arg-reuse.zeek} | 0 ...expr-exception.bro => expr-exception.zeek} | 0 .../core/{fake_dns.bro => fake_dns.zeek} | 0 ..._opaque_val.bro => global_opaque_val.zeek} | 0 .../{history-flip.bro => history-flip.zeek} | 0 .../icmp/{icmp_sent.bro => icmp_sent.zeek} | 0 .../core/{init-error.bro => init-error.zeek} | 0 ...roken-header.bro => ip-broken-header.zeek} | 0 .../{basic-cluster.bro => basic-cluster.zeek} | 2 +- .../{bloomfilter.bro => bloomfilter.zeek} | 0 .../{clone_store.bro => clone_store.zeek} | 8 ++-- .../core/leaks/broker/{data.bro => data.zeek} | 0 .../{master_store.bro => master_store.zeek} | 0 .../btest/core/leaks/broker/remote_event.test | 8 ++-- .../btest/core/leaks/broker/remote_log.test | 14 +++--- .../leaks/{dns-nsec3.bro => dns-nsec3.zeek} | 0 .../core/leaks/{dns-txt.bro => dns-txt.zeek} | 0 .../btest/core/leaks/{dns.bro => dns.zeek} | 0 .../btest/core/leaks/{dtls.bro => dtls.zeek} | 0 testing/btest/core/leaks/exec.test | 4 +- ...tp-get.bro => file-analysis-http-get.zeek} | 2 +- .../{hll_cluster.bro => hll_cluster.zeek} | 2 +- .../btest/core/leaks/{hook.bro => hook.zeek} | 0 .../{http-connect.bro => http-connect.zeek} | 0 .../{input-basic.bro => input-basic.zeek} | 0 .../{input-errors.bro => input-errors.zeek} | 0 ...ssing-enum.bro => input-missing-enum.zeek} | 0 ...al-event.bro => input-optional-event.zeek} | 0 ...al-table.bro => input-optional-table.zeek} | 0 .../leaks/{input-raw.bro => input-raw.zeek} | 0 .../{input-reread.bro => input-reread.zeek} | 0 .../{input-sqlite.bro => input-sqlite.zeek} | 0 ...with-remove.bro => input-with-remove.zeek} | 0 .../{kv-iteration.bro => kv-iteration.zeek} | 0 .../core/leaks/{pattern.bro => pattern.zeek} | 0 .../leaks/{returnwhen.bro => returnwhen.zeek} | 0 .../btest/core/leaks/{set.bro => set.zeek} | 0 testing/btest/core/leaks/snmp.test | 2 +- .../core/leaks/{stats.bro => stats.zeek} | 2 +- ...ring-indexing.bro => string-indexing.zeek} | 0 ...ch-statement.bro => switch-statement.zeek} | 0 .../core/leaks/{teredo.bro => teredo.zeek} | 0 .../leaks/{test-all.bro => test-all.zeek} | 0 .../core/leaks/{while.bro => while.zeek} | 0 ..._ocsp_verify.bro => x509_ocsp_verify.zeek} | 0 .../{x509_verify.bro => x509_verify.zeek} | 0 ...ad-duplicates.bro => load-duplicates.zeek} | 0 ...extension.bro => load-file-extension.zeek} | 0 .../core/{load-pkg.bro => load-pkg.zeek} | 0 .../{load-prefixes.bro => load-prefixes.zeek} | 2 +- .../{load-relative.bro => load-relative.zeek} | 6 +-- .../{load-unload.bro => load-unload.zeek} | 0 .../{mpls-in-vlan.bro => mpls-in-vlan.zeek} | 0 testing/btest/core/{nflog.bro => nflog.zeek} | 0 testing/btest/core/{nop.bro => nop.zeek} | 0 ...old_comm_usage.bro => old_comm_usage.zeek} | 0 .../{option-errors.bro => option-errors.zeek} | 0 ...-priorities.bro => option-priorities.zeek} | 0 .../{option-redef.bro => option-redef.zeek} | 0 ...-errors.bro => option-runtime-errors.zeek} | 0 .../core/pcap/{dumper.bro => dumper.zeek} | 0 ...dynamic-filter.bro => dynamic-filter.zeek} | 0 .../{filter-error.bro => filter-error.zeek} | 0 .../{input-error.bro => input-error.zeek} | 0 ...eudo-realtime.bro => pseudo-realtime.zeek} | 0 ...filter.bro => read-trace-with-filter.zeek} | 0 ...poe-over-qinq.bro => pppoe-over-qinq.zeek} | 0 ...bpf-filters.bro => print-bpf-filters.zeek} | 0 .../btest/core/{q-in-q.bro => q-in-q.zeek} | 0 .../core/{radiotap.bro => radiotap.zeek} | 0 .../core/{raw_packet.bro => raw_packet.zeek} | 0 .../core/{reassembly.bro => reassembly.zeek} | 0 ...cursive-event.bro => recursive-event.zeek} | 0 ...ler.bro => reporter-error-in-handler.zeek} | 0 ...-strings.bro => reporter-fmt-strings.zeek} | 0 ...se-error.bro => reporter-parse-error.zeek} | 0 ...-error.bro => reporter-runtime-error.zeek} | 0 ...ro => reporter-shutdown-order-errors.zeek} | 0 ...smatch.bro => reporter-type-mismatch.zeek} | 0 ...o => reporter-weird-sampling-disable.zeek} | 0 ...pling.bro => reporter-weird-sampling.zeek} | 0 .../core/{reporter.bro => reporter.zeek} | 0 ...fin-retransmit.bro => fin-retransmit.zeek} | 0 ...ssembly.bro => large-file-reassembly.zeek} | 0 .../{miss-end-data.bro => miss-end-data.zeek} | 0 .../tcp/{missing-syn.bro => missing-syn.zeek} | 0 ...quantum-insert.bro => quantum-insert.zeek} | 0 .../{rst-after-syn.bro => rst-after-syn.zeek} | 0 .../{rxmit-history.bro => rxmit-history.zeek} | 0 ...cated-header.bro => truncated-header.zeek} | 0 .../{false-teredo.bro => false-teredo.zeek} | 0 ...n-ip-version.bro => ip-in-ip-version.zeek} | 0 .../core/tunnels/{teredo.bro => teredo.zeek} | 0 .../core/tunnels/{vxlan.bro => vxlan.zeek} | 0 ...-assignment.bro => vector-assignment.zeek} | 0 .../core/{vlan-mpls.bro => vlan-mpls.zeek} | 0 ...s.bro => when-interpreter-exceptions.zeek} | 0 .../btest/core/{wlanmon.bro => wlanmon.zeek} | 0 ...izedtime.bro => x509-generalizedtime.zeek} | 0 ...-blacklist.bro => coverage-blacklist.zeek} | 0 .../{command_line.bro => command_line.zeek} | 0 ...l_bifs.bro => comment_retrieval_bifs.zeek} | 0 .../doc/broxygen/{enums.bro => enums.zeek} | 0 .../broxygen/{example.bro => example.zeek} | 0 .../{func-params.bro => func-params.zeek} | 0 .../{identifier.bro => identifier.zeek} | 0 .../broxygen/{package.bro => package.zeek} | 0 .../{package_index.bro => package_index.zeek} | 0 .../broxygen/{records.bro => records.zeek} | 0 .../{script_index.bro => script_index.zeek} | 0 ...script_summary.bro => script_summary.zeek} | 0 .../{type-aliases.bro => type-aliases.zeek} | 0 .../broxygen/{vectors.bro => vectors.zeek} | 0 .../doc/{record-add.bro => record-add.zeek} | 0 ...-attr-check.bro => record-attr-check.zeek} | 0 .../btest/language/{addr.bro => addr.zeek} | 0 testing/btest/language/{any.bro => any.zeek} | 0 .../{at-deprecated.bro => at-deprecated.zeek} | 8 ++-- .../language/{at-dir.bro => at-dir.zeek} | 4 +- .../{at-filename.bro => at-filename.zeek} | 0 .../{at-if-event.bro => at-if-event.zeek} | 0 .../{at-if-invalid.bro => at-if-invalid.zeek} | 0 .../btest/language/{at-if.bro => at-if.zeek} | 0 .../language/{at-ifdef.bro => at-ifdef.zeek} | 0 .../{at-ifndef.bro => at-ifndef.zeek} | 0 .../language/{at-load.bro => at-load.zeek} | 0 ...oercion.bro => attr-default-coercion.zeek} | 0 ...bro => attr-default-global-set-error.zeek} | 0 .../btest/language/{bool.bro => bool.zeek} | 0 ...mmon-mistakes.bro => common-mistakes.zeek} | 12 ++--- ...ession.bro => conditional-expression.zeek} | 0 .../btest/language/{const.bro => const.zeek} | 8 ++-- ...or-scope.bro => container-ctor-scope.zeek} | 0 .../btest/language/{copy.bro => copy.zeek} | 0 .../btest/language/{count.bro => count.zeek} | 0 ...oduct-init.bro => cross-product-init.zeek} | 0 ...default-params.bro => default-params.zeek} | 0 ...te-field-set.bro => delete-field-set.zeek} | 0 .../{delete-field.bro => delete-field.zeek} | 0 .../{deprecated.bro => deprecated.zeek} | 0 .../language/{double.bro => double.zeek} | 0 .../{enum-desc.bro => enum-desc.zeek} | 0 .../{enum-scope.bro => enum-scope.zeek} | 0 .../btest/language/{enum.bro => enum.zeek} | 0 ...parse-errors.bro => eof-parse-errors.zeek} | 8 ++-- ...ent-local-var.bro => event-local-var.zeek} | 0 .../btest/language/{event.bro => event.zeek} | 0 ...-expr-error.bro => expire-expr-error.zeek} | 0 ...-func-undef.bro => expire-func-undef.zeek} | 0 .../{expire-redef.bro => expire-redef.zeek} | 0 ...-type-error.bro => expire-type-error.zeek} | 0 ...pire_func_mod.bro => expire_func_mod.zeek} | 0 .../btest/language/{file.bro => file.zeek} | 0 testing/btest/language/{for.bro => for.zeek} | 0 ...nc-assignment.bro => func-assignment.zeek} | 0 .../language/{function.bro => function.zeek} | 0 .../btest/language/{hook.bro => hook.zeek} | 0 .../{hook_calls.bro => hook_calls.zeek} | 8 ++-- testing/btest/language/{if.bro => if.zeek} | 0 ...alid.bro => index-assignment-invalid.zeek} | 0 ...unction.bro => init-in-anon-function.zeek} | 0 testing/btest/language/{int.bro => int.zeek} | 0 .../language/{interval.bro => interval.zeek} | 0 .../{invalid_index.bro => invalid_index.zeek} | 0 .../{ipv6-literals.bro => ipv6-literals.zeek} | 0 .../{key-value-for.bro => key-value-for.zeek} | 0 .../language/{module.bro => module.zeek} | 0 ...cord-ctors.bro => named-record-ctors.zeek} | 0 ...med-set-ctors.bro => named-set-ctors.zeek} | 0 ...table-ctors.bro => named-table-ctors.zeek} | 0 ...ctor-ctors.bro => named-vector-ctors.zeek} | 0 .../{nested-sets.bro => nested-sets.zeek} | 0 .../{next-test.bro => next-test.zeek} | 0 .../{no-module.bro => no-module.zeek} | 0 ...null-statement.bro => null-statement.zeek} | 0 ...m_binding.bro => outer_param_binding.zeek} | 0 .../language/{pattern.bro => pattern.zeek} | 0 .../btest/language/{port.bro => port.zeek} | 0 .../{precedence.bro => precedence.zeek} | 0 .../{rec-comp-init.bro => rec-comp-init.zeek} | 0 ...rec-nested-opt.bro => rec-nested-opt.zeek} | 0 .../{rec-of-tbl.bro => rec-of-tbl.zeek} | 0 ...ble-default.bro => rec-table-default.zeek} | 0 ...cord-bad-ctor.bro => record-bad-ctor.zeek} | 0 ...rd-bad-ctor2.bro => record-bad-ctor2.zeek} | 0 ...e-orphan.bro => record-ceorce-orphan.zeek} | 0 ...rce-clash.bro => record-coerce-clash.zeek} | 0 ...rcion.bro => record-default-coercion.zeek} | 0 ...h.bro => record-default-set-mismatch.zeek} | 0 ...rd-extension.bro => record-extension.zeek} | 0 ...ion.bro => record-function-recursion.zeek} | 0 ...s.bro => record-index-complex-fields.zeek} | 0 ...ion.bro => record-recursive-coercion.zeek} | 0 ...-init.bro => record-redef-after-init.zeek} | 0 ...-ref-assign.bro => record-ref-assign.zeek} | 0 ...checking.bro => record-type-checking.zeek} | 0 ...dx.bro => redef-same-prefixtable-idx.zeek} | 0 .../{redef-vector.bro => redef-vector.zeek} | 0 .../{returnwhen.bro => returnwhen.zeek} | 0 ...rd-index.bro => set-opt-record-index.zeek} | 0 ...pe-checking.bro => set-type-checking.zeek} | 0 testing/btest/language/{set.bro => set.zeek} | 0 .../{short-circuit.bro => short-circuit.zeek} | 0 .../language/{sizeof.bro => sizeof.zeek} | 0 ...rman-test.bro => smith-waterman-test.zeek} | 0 ...ring-indexing.bro => string-indexing.zeek} | 0 .../language/{string.bro => string.zeek} | 0 .../language/{strings.bro => strings.zeek} | 0 .../{subnet-errors.bro => subnet-errors.zeek} | 0 .../language/{subnet.bro => subnet.zeek} | 0 ...rror-mixed.bro => switch-error-mixed.zeek} | 0 ...-incomplete.bro => switch-incomplete.zeek} | 0 ...ch-statement.bro => switch-statement.zeek} | 0 ....bro => switch-types-error-duplicate.zeek} | 0 ...ro => switch-types-error-unsupported.zeek} | 0 ...-types-vars.bro => switch-types-vars.zeek} | 0 .../{switch-types.bro => switch-types.zeek} | 0 ...t-record.bro => table-default-record.zeek} | 0 ...e-init-attrs.bro => table-init-attrs.zeek} | 0 ...rs.bro => table-init-container-ctors.zeek} | 0 ...ord-idx.bro => table-init-record-idx.zeek} | 0 .../{table-init.bro => table-init.zeek} | 0 .../{table-redef.bro => table-redef.zeek} | 0 ...-checking.bro => table-type-checking.zeek} | 0 .../btest/language/{table.bro => table.zeek} | 0 ...match.bro => ternary-record-mismatch.zeek} | 0 .../btest/language/{time.bro => time.zeek} | 0 .../language/{timeout.bro => timeout.zeek} | 0 .../{type-cast-any.bro => type-cast-any.zeek} | 0 ...namic.bro => type-cast-error-dynamic.zeek} | 0 ...static.bro => type-cast-error-static.zeek} | 0 ...type-cast-same.bro => type-cast-same.zeek} | 0 ...type-check-any.bro => type-check-any.zeek} | 0 ...heck-vector.bro => type-check-vector.zeek} | 0 ...pe-type-error.bro => type-type-error.zeek} | 0 ...-field.bro => undefined-delete-field.zeek} | 0 ...zed-local.bro => uninitialized-local.zeek} | 0 ...d-local2.bro => uninitialized-local2.zeek} | 0 ...-any-append.bro => vector-any-append.zeek} | 0 ...oerce-expr.bro => vector-coerce-expr.zeek} | 0 ...n-operator.bro => vector-in-operator.zeek} | 0 ...ords.bro => vector-list-init-records.zeek} | 0 ...checking.bro => vector-type-checking.zeek} | 0 ...nspecified.bro => vector-unspecified.zeek} | 0 .../language/{vector.bro => vector.zeek} | 0 ...ized-rhs.bro => when-unitialized-rhs.zeek} | 0 .../btest/language/{when.bro => when.zeek} | 0 .../btest/language/{while.bro => while.zeek} | 0 ...lete-field.bro => wrong-delete-field.zeek} | 0 ...ension.bro => wrong-record-extension.zeek} | 0 testing/btest/plugins/{file.bro => file.zeek} | 0 .../btest/plugins/{hooks.bro => hooks.zeek} | 0 .../{init-plugin.bro => init-plugin.zeek} | 0 .../{logging-hooks.bro => logging-hooks.zeek} | 0 .../plugins/{pktdumper.bro => pktdumper.zeek} | 0 .../btest/plugins/{pktsrc.bro => pktsrc.zeek} | 0 ...version.bro => plugin-nopatchversion.zeek} | 0 ...rsion.bro => plugin-withpatchversion.zeek} | 0 .../Demo/Foo/base/{main.bro => main.zeek} | 0 .../plugins/{protocol.bro => protocol.zeek} | 0 .../btest/plugins/{reader.bro => reader.zeek} | 0 .../{reporter-hook.bro => reporter-hook.zeek} | 0 .../btest/plugins/{writer.bro => writer.zeek} | 0 .../data_event/{basic.bro => basic.zeek} | 0 .../files/extract/{limit.bro => limit.zeek} | 0 .../files/unified2/{alert.bro => alert.zeek} | 0 ...ble-analyzer.bro => disable-analyzer.zeek} | 0 ...able-analyzer.bro => enable-analyzer.zeek} | 0 ...er-for-port.bro => register-for-port.zeek} | 0 ...le-analyzer.bro => schedule-analyzer.zeek} | 0 ...ivity.bro => custom_pool_exclusivity.zeek} | 2 +- ...ool_limits.bro => custom_pool_limits.zeek} | 2 +- .../{forwarding.bro => forwarding.zeek} | 2 +- ...distribution.bro => log_distribution.zeek} | 2 +- ...-up-logger.bro => start-it-up-logger.zeek} | 2 +- .../{start-it-up.bro => start-it-up.zeek} | 2 +- ...stribution.bro => topic_distribution.zeek} | 2 +- ..._bifs.bro => topic_distribution_bifs.zeek} | 2 +- .../config/{basic.bro => basic.zeek} | 0 .../{basic_cluster.bro => basic_cluster.zeek} | 2 +- ...cluster_resend.bro => cluster_resend.zeek} | 2 +- .../{read_config.bro => read_config.zeek} | 0 ...g_cluster.bro => read_config_cluster.zeek} | 2 +- .../{several-files.bro => several-files.zeek} | 0 .../config/{updates.bro => updates.zeek} | 0 .../config/{weird.bro => weird.zeek} | 0 ...n_update.bro => configuration_update.zeek} | 2 +- .../control/{id_value.bro => id_value.zeek} | 2 +- .../control/{shutdown.bro => shutdown.zeek} | 0 .../{data_event.bro => data_event.zeek} | 2 +- ..._file.bro => file_exists_lookup_file.zeek} | 0 ..._mime_type.bro => register_mime_type.zeek} | 0 .../{remove_action.bro => remove_action.zeek} | 2 +- ...interval.bro => set_timeout_interval.zeek} | 2 +- .../bifs/{stop.bro => stop.zeek} | 2 +- ...big-bof-buffer.bro => big-bof-buffer.zeek} | 0 .../{byteranges.bro => byteranges.zeek} | 0 .../file-analysis/{ftp.bro => ftp.zeek} | 2 +- .../file-analysis/http/{get.bro => get.zeek} | 4 +- .../http/{multipart.bro => multipart.zeek} | 2 +- ...rtial-content.bro => partial-content.zeek} | 6 +-- .../http/{pipeline.bro => pipeline.zeek} | 2 +- .../http/{post.bro => post.zeek} | 2 +- .../input/{basic.bro => basic.zeek} | 2 +- .../file-analysis/{irc.bro => irc.zeek} | 2 +- .../{logging.bro => logging.zeek} | 2 +- .../file-analysis/{smtp.bro => smtp.zeek} | 2 +- .../input/{basic.bro => basic.zeek} | 0 .../input/{bignumber.bro => bignumber.zeek} | 0 .../input/{binary.bro => binary.zeek} | 0 .../input/config/{basic.bro => basic.zeek} | 0 .../input/config/{errors.bro => errors.zeek} | 0 .../input/config/{spaces.bro => spaces.zeek} | 0 .../input/{default.bro => default.zeek} | 0 ...-hashing.bro => empty-values-hashing.zeek} | 0 .../input/{emptyvals.bro => emptyvals.zeek} | 0 .../input/{errors.bro => errors.zeek} | 0 .../input/{event.bro => event.zeek} | 0 .../{invalid-lines.bro => invalid-lines.zeek} | 0 ...invalidnumbers.bro => invalidnumbers.zeek} | 0 .../input/{invalidset.bro => invalidset.zeek} | 0 .../{invalidtext.bro => invalidtext.zeek} | 0 .../{missing-enum.bro => missing-enum.zeek} | 0 ...tially.bro => missing-file-initially.zeek} | 0 .../{missing-file.bro => missing-file.zeek} | 0 ...n-norecord.bro => onecolumn-norecord.zeek} | 0 ...olumn-record.bro => onecolumn-record.zeek} | 0 .../input/{optional.bro => optional.zeek} | 0 ...solute-prefix.bro => absolute-prefix.zeek} | 6 +-- ...solute-source.bro => absolute-source.zeek} | 6 +-- .../{no-paths.bro => no-paths.zeek} | 6 +-- ...s.bro => path-prefix-common-analysis.zeek} | 0 ...vent.bro => path-prefix-common-event.zeek} | 0 ...able.bro => path-prefix-common-table.zeek} | 0 ...lative-prefix.bro => relative-prefix.zeek} | 6 +-- .../{port-embedded.bro => port-embedded.zeek} | 0 .../frameworks/input/{port.bro => port.zeek} | 0 ...icate-stream.bro => predicate-stream.zeek} | 0 .../input/{predicate.bro => predicate.zeek} | 0 ...edicatemodify.bro => predicatemodify.zeek} | 0 ...read.bro => predicatemodifyandreread.zeek} | 0 ...o => predicaterefusesecondsamerecord.zeek} | 0 .../input/raw/{basic.bro => basic.zeek} | 0 .../input/raw/{execute.bro => execute.zeek} | 0 .../{executestdin.bro => executestdin.zeek} | 0 .../{executestream.bro => executestream.zeek} | 0 .../input/raw/{long.bro => long.zeek} | 0 .../input/raw/{offset.bro => offset.zeek} | 0 .../raw/{rereadraw.bro => rereadraw.zeek} | 0 .../input/raw/{stderr.bro => stderr.zeek} | 0 .../raw/{streamraw.bro => streamraw.zeek} | 0 .../input/{repeat.bro => repeat.zeek} | 0 .../input/{reread.bro => reread.zeek} | 0 .../frameworks/input/{set.bro => set.zeek} | 0 .../{setseparator.bro => setseparator.zeek} | 0 ...tspecialcases.bro => setspecialcases.zeek} | 0 .../input/sqlite/{basic.bro => basic.zeek} | 0 .../input/sqlite/{error.bro => error.zeek} | 0 .../input/sqlite/{port.bro => port.zeek} | 0 .../input/sqlite/{types.bro => types.zeek} | 0 .../input/{stream.bro => stream.zeek} | 0 ...brecord-event.bro => subrecord-event.zeek} | 0 .../input/{subrecord.bro => subrecord.zeek} | 0 .../input/{tableevent.bro => tableevent.zeek} | 0 .../input/{twotables.bro => twotables.zeek} | 0 ...orted_types.bro => unsupported_types.zeek} | 0 .../input/{windows.bro => windows.zeek} | 0 ...o => cluster-transparency-with-proxy.zeek} | 2 +- ...sparency.bro => cluster-transparency.zeek} | 2 +- .../{expire-item.bro => expire-item.zeek} | 0 .../{filter-item.bro => filter-item.zeek} | 0 ...put-and-match.bro => input-and-match.zeek} | 0 .../{match-subnet.bro => match-subnet.zeek} | 0 ...bro => input-intel-absolute-prefixes.zeek} | 2 +- ...bro => input-intel-relative-prefixes.zeek} | 2 +- .../{input-prefix.bro => input-prefix.zeek} | 2 +- .../{no-paths.bro => no-paths.zeek} | 2 +- ...fix-common.bro => path-prefix-common.zeek} | 0 ...luster.bro => read-file-dist-cluster.zeek} | 2 +- ...m-cluster.bro => remove-item-cluster.zeek} | 2 +- ...-existing.bro => remove-non-existing.zeek} | 0 .../{updated-match.bro => updated-match.zeek} | 0 .../{adapt-filter.bro => adapt-filter.zeek} | 0 .../{ascii-binary.bro => ascii-binary.zeek} | 0 .../{ascii-double.bro => ascii-double.zeek} | 4 +- .../{ascii-empty.bro => ascii-empty.zeek} | 0 ...pe-binary.bro => ascii-escape-binary.zeek} | 0 ...ty-str.bro => ascii-escape-empty-str.zeek} | 0 ...t-str.bro => ascii-escape-notset-str.zeek} | 0 ...-odd-url.bro => ascii-escape-odd-url.zeek} | 0 ...or.bro => ascii-escape-set-separator.zeek} | 0 .../{ascii-escape.bro => ascii-escape.zeek} | 0 ...cii-gz-rotate.bro => ascii-gz-rotate.zeek} | 0 .../logging/{ascii-gz.bro => ascii-gz.zeek} | 0 ...mps.bro => ascii-json-iso-timestamps.zeek} | 0 ...-optional.bro => ascii-json-optional.zeek} | 0 .../{ascii-json.bro => ascii-json.zeek} | 0 ...mment.bro => ascii-line-like-comment.zeek} | 0 .../{ascii-options.bro => ascii-options.zeek} | 0 ...i-timestamps.bro => ascii-timestamps.zeek} | 0 .../logging/{ascii-tsv.bro => ascii-tsv.zeek} | 0 .../{attr-extend.bro => attr-extend.zeek} | 0 .../logging/{attr.bro => attr.zeek} | 0 ...disable-stream.bro => disable-stream.zeek} | 0 .../{empty-event.bro => empty-event.zeek} | 0 .../{enable-stream.bro => enable-stream.zeek} | 0 .../logging/{events.bro => events.zeek} | 0 .../logging/{exclude.bro => exclude.zeek} | 0 ...bro => field-extension-cluster-error.zeek} | 6 +-- ...uster.bro => field-extension-cluster.zeek} | 6 +-- ...mplex.bro => field-extension-complex.zeek} | 0 ...valid.bro => field-extension-invalid.zeek} | 0 ...onal.bro => field-extension-optional.zeek} | 0 ...n-table.bro => field-extension-table.zeek} | 0 ...eld-extension.bro => field-extension.zeek} | 0 ...field-name-map.bro => field-name-map.zeek} | 0 ...eld-name-map2.bro => field-name-map2.zeek} | 0 .../logging/{file.bro => file.zeek} | 0 .../logging/{include.bro => include.zeek} | 0 .../logging/{no-local.bro => no-local.zeek} | 0 .../{none-debug.bro => none-debug.zeek} | 0 ...emote.bro => path-func-column-demote.zeek} | 0 .../logging/{path-func.bro => path-func.zeek} | 0 .../logging/{pred.bro => pred.zeek} | 0 .../logging/{remove.bro => remove.zeek} | 0 .../{rotate-custom.bro => rotate-custom.zeek} | 0 .../logging/{rotate.bro => rotate.zeek} | 0 .../logging/{scope_sep.bro => scope_sep.zeek} | 0 ....bro => scope_sep_and_field_name_map.zeek} | 0 .../logging/sqlite/{error.bro => error.zeek} | 0 .../logging/sqlite/{set.bro => set.zeek} | 0 ...us-writes.bro => simultaneous-writes.zeek} | 0 .../logging/sqlite/{types.bro => types.zeek} | 0 .../sqlite/{wikipedia.bro => wikipedia.zeek} | 0 .../logging/{stdout.bro => stdout.zeek} | 0 .../{test-logging.bro => test-logging.zeek} | 0 .../logging/{types.bro => types.zeek} | 0 .../{unset-record.bro => unset-record.zeek} | 0 .../frameworks/logging/{vec.bro => vec.zeek} | 0 ...conflict.bro => writer-path-conflict.zeek} | 0 .../{acld-hook.bro => acld-hook.zeek} | 8 ++-- .../netcontrol/{acld.bro => acld.zeek} | 8 ++-- .../{basic-cluster.bro => basic-cluster.zeek} | 8 ++-- .../netcontrol/{basic.bro => basic.zeek} | 0 .../netcontrol/{broker.bro => broker.zeek} | 8 ++-- ...n.bro => catch-and-release-forgotten.zeek} | 0 ...and-release.bro => catch-and-release.zeek} | 0 ...l-state.bro => delete-internal-state.zeek} | 0 .../{duplicate.bro => duplicate.zeek} | 0 .../{find-rules.bro => find-rules.zeek} | 0 .../netcontrol/{hook.bro => hook.zeek} | 0 .../{multiple.bro => multiple.zeek} | 0 .../{openflow.bro => openflow.zeek} | 0 .../{packetfilter.bro => packetfilter.zeek} | 0 ...-openflow.bro => quarantine-openflow.zeek} | 0 .../netcontrol/{timeout.bro => timeout.zeek} | 0 .../notice/{cluster.bro => cluster.zeek} | 2 +- .../{mail-alarms.bro => mail-alarms.zeek} | 0 ...n-cluster.bro => suppression-cluster.zeek} | 2 +- ...n-disable.bro => suppression-disable.zeek} | 0 .../{suppression.bro => suppression.zeek} | 0 .../{broker-basic.bro => broker-basic.zeek} | 8 ++-- .../{log-basic.bro => log-basic.zeek} | 0 .../{log-cluster.bro => log-cluster.zeek} | 6 +-- .../{ryu-basic.bro => ryu-basic.zeek} | 0 ...disable-stderr.bro => disable-stderr.zeek} | 0 .../reporter/{stderr.bro => stderr.zeek} | 0 ...rsion-parsing.bro => version-parsing.zeek} | 0 .../{basic-cluster.bro => basic-cluster.zeek} | 2 +- .../sumstats/{basic.bro => basic.zeek} | 0 ...e.bro => cluster-intermediate-update.zeek} | 2 +- .../{last-cluster.bro => last-cluster.zeek} | 2 +- ...and-cluster.bro => on-demand-cluster.zeek} | 2 +- .../{on-demand.bro => on-demand.zeek} | 0 ...sample-cluster.bro => sample-cluster.zeek} | 2 +- .../sumstats/{sample.bro => sample.zeek} | 0 .../{thresholding.bro => thresholding.zeek} | 0 .../{topk-cluster.bro => topk-cluster.zeek} | 2 +- .../sumstats/{topk.bro => topk.zeek} | 0 .../base/misc/{version.bro => version.zeek} | 0 ...tents.bro => new_connection_contents.zeek} | 0 .../conn/{threshold.bro => threshold.zeek} | 0 .../dce-rpc/{context.bro => context.zeek} | 0 ..._del_measure.bro => dnp3_del_measure.zeek} | 2 +- .../{dnp3_en_spon.bro => dnp3_en_spon.zeek} | 2 +- .../{dnp3_file_del.bro => dnp3_file_del.zeek} | 2 +- ...dnp3_file_read.bro => dnp3_file_read.zeek} | 2 +- ...p3_file_write.bro => dnp3_file_write.zeek} | 2 +- ...dnp3_link_only.bro => dnp3_link_only.zeek} | 2 +- .../dnp3/{dnp3_write.bro => dnp3_read.zeek} | 2 +- .../{dnp3_rec_time.bro => dnp3_rec_time.zeek} | 2 +- ...t_operate.bro => dnp3_select_operate.zeek} | 2 +- ..._udp_en_spon.bro => dnp3_udp_en_spon.zeek} | 2 +- .../{dnp3_udp_read.bro => dnp3_udp_read.zeek} | 2 +- ...erate.bro => dnp3_udp_select_operate.zeek} | 2 +- ...dnp3_udp_write.bro => dnp3_udp_write.zeek} | 2 +- .../dnp3/{dnp3_read.bro => dnp3_write.zeek} | 2 +- .../dnp3/{events.bro => events.zeek} | 0 .../base/protocols/dns/{caa.bro => caa.zeek} | 0 .../dns/{dns-key.bro => dns-key.zeek} | 0 .../protocols/dns/{dnskey.bro => dnskey.zeek} | 0 .../base/protocols/dns/{ds.bro => ds.zeek} | 0 ...e-reponses.bro => duplicate-reponses.zeek} | 0 .../protocols/dns/{flip.bro => flip.zeek} | 0 .../dns/{huge-ttl.bro => huge-ttl.zeek} | 0 ...-strings.bro => multiple-txt-strings.zeek} | 0 .../protocols/dns/{nsec.bro => nsec.zeek} | 0 .../protocols/dns/{nsec3.bro => nsec3.zeek} | 0 .../protocols/dns/{rrsig.bro => rrsig.zeek} | 0 .../protocols/dns/{tsig.bro => tsig.zeek} | 0 ...zero-responses.bro => zero-responses.zeek} | 0 ...cwd-navigation.bro => cwd-navigation.zeek} | 0 ...t-file-size.bro => ftp-get-file-size.zeek} | 0 .../ftp/{ftp-ipv4.bro => ftp-ipv4.zeek} | 0 .../ftp/{ftp-ipv6.bro => ftp-ipv6.zeek} | 0 .../{100-continue.bro => 100-continue.zeek} | 0 ...ocols.bro => 101-switching-protocols.zeek} | 0 ...p-skip.bro => content-range-gap-skip.zeek} | 0 ...t-range-gap.bro => content-range-gap.zeek} | 0 ...n.bro => content-range-less-than-len.zeek} | 0 .../http/{entity-gap.bro => entity-gap.zeek} | 0 .../{entity-gap2.bro => entity-gap2.zeek} | 0 ...nt-length.bro => fake-content-length.zeek} | 0 ...bro => http-bad-request-with-version.zeek} | 0 ...ader.bro => http-connect-with-header.zeek} | 0 .../{http-connect.bro => http-connect.zeek} | 0 .../{http-filename.bro => http-filename.zeek} | 0 ...-header-crlf.bro => http-header-crlf.zeek} | 0 .../{http-methods.bro => http-methods.zeek} | 0 ...tp-pipelining.bro => http-pipelining.zeek} | 0 ...ib-header.bro => missing-zlib-header.zeek} | 0 ...art-extract.bro => multipart-extract.zeek} | 0 ...le-limit.bro => multipart-file-limit.zeek} | 0 .../http/{no-uri.bro => no-uri.zeek} | 0 .../http/{no-version.bro => no-version.zeek} | 0 ...d-of-line.bro => percent-end-of-line.zeek} | 0 .../http/{x-gzip.bro => x-gzip.zeek} | 0 ...bro => zero-length-bodies-with-drops.zeek} | 0 .../irc/{names-weird.bro => names-weird.zeek} | 0 ..._parsing_big.bro => coil_parsing_big.zeek} | 0 ...sing_small.bro => coil_parsing_small.zeek} | 0 .../modbus/{events.bro => events.zeek} | 0 ...ngth_mismatch.bro => length_mismatch.zeek} | 0 .../modbus/{policy.bro => policy.zeek} | 0 ...ster_parsing.bro => register_parsing.zeek} | 0 .../protocols/ncp/{event.bro => event.zeek} | 0 ...size_tuning.bro => frame_size_tuning.zeek} | 0 .../pop3/{starttls.bro => starttls.zeek} | 0 ...on.bro => rdp-proprietary-encryption.zeek} | 0 .../rdp/{rdp-to-ssl.bro => rdp-to-ssl.zeek} | 0 .../rdp/{rdp-x509.bro => rdp-x509.zeek} | 0 ...b2-read-write.bro => smb2-read-write.zeek} | 0 .../snmp/{snmp-addr.bro => snmp-addr.zeek} | 0 .../base/protocols/snmp/{v1.bro => v1.zeek} | 8 ++-- .../base/protocols/snmp/{v2.bro => v2.zeek} | 6 +-- .../base/protocols/snmp/{v3.bro => v3.zeek} | 2 +- .../socks/{socks-auth.bro => socks-auth.zeek} | 0 .../{missing-pri.bro => missing-pri.zeek} | 0 .../tcp/{pending.bro => pending.zeek} | 0 .../{decompose_uri.bro => decompose_uri.zeek} | 0 testing/btest/scripts/base/utils/dir.test | 4 +- testing/btest/scripts/base/utils/exec.test | 4 +- .../utils/{hash_hrw.bro => hash_hrw.zeek} | 0 ...-policy.bro => check-test-all-policy.zeek} | 0 .../{extract-all.bro => extract-all.zeek} | 0 .../intel/{removal.bro => removal.zeek} | 0 .../intel/seen/{certs.bro => certs.zeek} | 0 .../intel/seen/{smb.bro => smb.zeek} | 0 .../intel/seen/{smtp.bro => smtp.zeek} | 0 .../{whitelisting.bro => whitelisting.zeek} | 0 ...rsion-changes.bro => version-changes.zeek} | 0 .../{vulnerable.bro => vulnerable.zeek} | 0 .../{dump-events.bro => dump-events.zeek} | 0 ...s-cluster.bro => weird-stats-cluster.zeek} | 2 +- .../{weird-stats.bro => weird-stats.zeek} | 0 .../{known-hosts.bro => known-hosts.zeek} | 0 ...known-services.bro => known-services.zeek} | 0 .../{mac-logging.bro => mac-logging.zeek} | 0 .../{vlan-logging.bro => vlan-logging.zeek} | 0 ...verse-request.bro => inverse-request.zeek} | 0 .../{flash-version.bro => flash-version.zeek} | 0 .../{header-names.bro => header-names.zeek} | 0 ...egex.bro => test-sql-injection-regex.zeek} | 0 ...ticket-logging.bro => ticket-logging.zeek} | 0 ...teforcing.bro => detect-bruteforcing.zeek} | 0 ...expiring-certs.bro => expiring-certs.zeek} | 0 ...t-certs-pem.bro => extract-certs-pem.zeek} | 0 .../ssl/{heartbleed.bro => heartbleed.zeek} | 0 .../ssl/{known-certs.bro => known-certs.zeek} | 0 ...certs-only.bro => log-hostcerts-only.zeek} | 0 ...cache.bro => validate-certs-no-cache.zeek} | 2 +- ...validate-certs.bro => validate-certs.zeek} | 4 +- .../{validate-ocsp.bro => validate-ocsp.zeek} | 6 +-- .../{validate-sct.bro => validate-sct.zeek} | 4 +- .../ssl/{weak-keys.bro => weak-keys.zeek} | 0 ...-condition.bro => bad-eval-condition.zeek} | 0 .../btest/signatures/{dpd.bro => dpd.zeek} | 0 ...dst-ip-cidr-v4.bro => dst-ip-cidr-v4.zeek} | 0 ... => dst-ip-header-condition-v4-masks.zeek} | 0 ...v4.bro => dst-ip-header-condition-v4.zeek} | 0 ... => dst-ip-header-condition-v6-masks.zeek} | 0 ...v6.bro => dst-ip-header-condition-v6.zeek} | 0 ...ion.bro => dst-port-header-condition.zeek} | 0 ...ro => eval-condition-no-return-value.zeek} | 0 ...eval-condition.bro => eval-condition.zeek} | 0 ...ition.bro => header-header-condition.zeek} | 0 .../{id-lookup.bro => id-lookup.zeek} | 0 ...ion.bro => ip-proto-header-condition.zeek} | 0 .../{load-sigs.bro => load-sigs.zeek} | 0 ... => src-ip-header-condition-v4-masks.zeek} | 0 ...v4.bro => src-ip-header-condition-v4.zeek} | 0 ... => src-ip-header-condition-v6-masks.zeek} | 0 ...v6.bro => src-ip-header-condition-v6.zeek} | 0 ...ion.bro => src-port-header-condition.zeek} | 0 ...se-match.bro => udp-packetwise-match.zeek} | 0 ...payload-size.bro => udp-payload-size.zeek} | 0 testing/external/commit-hash.zeek-testing | 2 +- .../external/commit-hash.zeek-testing-private | 2 +- testing/external/scripts/external-ca-list.bro | 1 - .../external/scripts/external-ca-list.zeek | 1 + .../{testing-setup.bro => testing-setup.zeek} | 2 +- ...rnal-ca-list.bro => external-ca-list.zeek} | 0 ...lysis-test.bro => file-analysis-test.zeek} | 0 .../scripts/{snmp-test.bro => snmp-test.zeek} | 0 862 files changed, 533 insertions(+), 529 deletions(-) rename testing/btest/bifs/{addr_count_conversion.bro => addr_count_conversion.zeek} (100%) rename testing/btest/bifs/{addr_to_ptr_name.bro => addr_to_ptr_name.zeek} (100%) rename testing/btest/bifs/{addr_version.bro => addr_version.zeek} (100%) rename testing/btest/bifs/{all_set.bro => all_set.zeek} (100%) rename testing/btest/bifs/{analyzer_name.bro => analyzer_name.zeek} (100%) rename testing/btest/bifs/{any_set.bro => any_set.zeek} (100%) rename testing/btest/bifs/{bloomfilter-seed.bro => bloomfilter-seed.zeek} (100%) rename testing/btest/bifs/{bloomfilter.bro => bloomfilter.zeek} (100%) rename testing/btest/bifs/{bro_version.bro => bro_version.zeek} (100%) rename testing/btest/bifs/{bytestring_to_count.bro => bytestring_to_count.zeek} (100%) rename testing/btest/bifs/{bytestring_to_double.bro => bytestring_to_double.zeek} (100%) rename testing/btest/bifs/{bytestring_to_hexstr.bro => bytestring_to_hexstr.zeek} (100%) rename testing/btest/bifs/{capture_state_updates.bro => capture_state_updates.zeek} (100%) rename testing/btest/bifs/{cat.bro => cat.zeek} (100%) rename testing/btest/bifs/{cat_string_array.bro => cat_string_array.zeek} (100%) rename testing/btest/bifs/{check_subnet.bro => check_subnet.zeek} (100%) rename testing/btest/bifs/{checkpoint_state.bro => checkpoint_state.zeek} (100%) rename testing/btest/bifs/{clear_table.bro => clear_table.zeek} (100%) rename testing/btest/bifs/{convert_for_pattern.bro => convert_for_pattern.zeek} (100%) rename testing/btest/bifs/{count_to_addr.bro => count_to_addr.zeek} (100%) rename testing/btest/bifs/{create_file.bro => create_file.zeek} (100%) rename testing/btest/bifs/{current_analyzer.bro => current_analyzer.zeek} (100%) rename testing/btest/bifs/{current_time.bro => current_time.zeek} (100%) rename testing/btest/bifs/{decode_base64.bro => decode_base64.zeek} (100%) rename testing/btest/bifs/{decode_base64_conn.bro => decode_base64_conn.zeek} (100%) rename testing/btest/bifs/{directory_operations.bro => directory_operations.zeek} (100%) rename testing/btest/bifs/{dump_current_packet.bro => dump_current_packet.zeek} (100%) rename testing/btest/bifs/{edit.bro => edit.zeek} (100%) rename testing/btest/bifs/{encode_base64.bro => encode_base64.zeek} (100%) rename testing/btest/bifs/{entropy_test.bro => entropy_test.zeek} (100%) rename testing/btest/bifs/{enum_to_int.bro => enum_to_int.zeek} (100%) rename testing/btest/bifs/{escape_string.bro => escape_string.zeek} (100%) rename testing/btest/bifs/{exit.bro => exit.zeek} (100%) rename testing/btest/bifs/{file_mode.bro => file_mode.zeek} (100%) rename testing/btest/bifs/{filter_subnet_table.bro => filter_subnet_table.zeek} (100%) rename testing/btest/bifs/{find_all.bro => find_all.zeek} (100%) rename testing/btest/bifs/{find_entropy.bro => find_entropy.zeek} (100%) rename testing/btest/bifs/{find_last.bro => find_last.zeek} (100%) rename testing/btest/bifs/{fmt.bro => fmt.zeek} (100%) rename testing/btest/bifs/{fmt_ftp_port.bro => fmt_ftp_port.zeek} (100%) rename testing/btest/bifs/{get_current_packet_header.bro => get_current_packet_header.zeek} (100%) rename testing/btest/bifs/{get_matcher_stats.bro => get_matcher_stats.zeek} (100%) rename testing/btest/bifs/{get_port_transport_proto.bro => get_port_transport_proto.zeek} (100%) rename testing/btest/bifs/{gethostname.bro => gethostname.zeek} (100%) rename testing/btest/bifs/{getpid.bro => getpid.zeek} (100%) rename testing/btest/bifs/{getsetenv.bro => getsetenv.zeek} (100%) rename testing/btest/bifs/{global_ids.bro => global_ids.zeek} (100%) rename testing/btest/bifs/{global_sizes.bro => global_sizes.zeek} (100%) rename testing/btest/bifs/{haversine_distance.bro => haversine_distance.zeek} (100%) rename testing/btest/bifs/{hexdump.bro => hexdump.zeek} (100%) rename testing/btest/bifs/{hexstr_to_bytestring.bro => hexstr_to_bytestring.zeek} (100%) rename testing/btest/bifs/{hll_cardinality.bro => hll_cardinality.zeek} (100%) rename testing/btest/bifs/{hll_large_estimate.bro => hll_large_estimate.zeek} (100%) rename testing/btest/bifs/{identify_data.bro => identify_data.zeek} (100%) rename testing/btest/bifs/{is_ascii.bro => is_ascii.zeek} (100%) rename testing/btest/bifs/{is_local_interface.bro => is_local_interface.zeek} (100%) rename testing/btest/bifs/{is_port.bro => is_port.zeek} (100%) rename testing/btest/bifs/{join_string.bro => join_string.zeek} (100%) rename testing/btest/bifs/{levenshtein_distance.bro => levenshtein_distance.zeek} (100%) rename testing/btest/bifs/{lookup_ID.bro => lookup_ID.zeek} (100%) rename testing/btest/bifs/{lowerupper.bro => lowerupper.zeek} (100%) rename testing/btest/bifs/{lstrip.bro => lstrip.zeek} (100%) rename testing/btest/bifs/{mask_addr.bro => mask_addr.zeek} (100%) rename testing/btest/bifs/{matching_subnets.bro => matching_subnets.zeek} (100%) rename testing/btest/bifs/{math.bro => math.zeek} (100%) rename testing/btest/bifs/{merge_pattern.bro => merge_pattern.zeek} (100%) rename testing/btest/bifs/{netbios-functions.bro => netbios-functions.zeek} (100%) rename testing/btest/bifs/{order.bro => order.zeek} (100%) rename testing/btest/bifs/{parse_ftp.bro => parse_ftp.zeek} (100%) rename testing/btest/bifs/{piped_exec.bro => piped_exec.zeek} (100%) rename testing/btest/bifs/{ptr_name_to_addr.bro => ptr_name_to_addr.zeek} (100%) rename testing/btest/bifs/{rand.bro => rand.zeek} (100%) rename testing/btest/bifs/{raw_bytes_to_v4_addr.bro => raw_bytes_to_v4_addr.zeek} (100%) rename testing/btest/bifs/{reading_traces.bro => reading_traces.zeek} (100%) rename testing/btest/bifs/{record_type_to_vector.bro => record_type_to_vector.zeek} (100%) rename testing/btest/bifs/{records_fields.bro => records_fields.zeek} (100%) rename testing/btest/bifs/{remask_addr.bro => remask_addr.zeek} (100%) rename testing/btest/bifs/{resize.bro => resize.zeek} (100%) rename testing/btest/bifs/{reverse.bro => reverse.zeek} (100%) rename testing/btest/bifs/{rotate_file.bro => rotate_file.zeek} (100%) rename testing/btest/bifs/{rotate_file_by_name.bro => rotate_file_by_name.zeek} (100%) rename testing/btest/bifs/{rstrip.bro => rstrip.zeek} (100%) rename testing/btest/bifs/{safe_shell_quote.bro => safe_shell_quote.zeek} (100%) rename testing/btest/bifs/{same_object.bro => same_object.zeek} (100%) rename testing/btest/bifs/{sort.bro => sort.zeek} (100%) rename testing/btest/bifs/{sort_string_array.bro => sort_string_array.zeek} (100%) rename testing/btest/bifs/{split.bro => split.zeek} (100%) rename testing/btest/bifs/{split_string.bro => split_string.zeek} (100%) rename testing/btest/bifs/{str_shell_escape.bro => str_shell_escape.zeek} (100%) rename testing/btest/bifs/{strcmp.bro => strcmp.zeek} (100%) rename testing/btest/bifs/{strftime.bro => strftime.zeek} (100%) rename testing/btest/bifs/{string_fill.bro => string_fill.zeek} (100%) rename testing/btest/bifs/{string_to_pattern.bro => string_to_pattern.zeek} (100%) rename testing/btest/bifs/{strip.bro => strip.zeek} (100%) rename testing/btest/bifs/{strptime.bro => strptime.zeek} (100%) rename testing/btest/bifs/{strstr.bro => strstr.zeek} (100%) rename testing/btest/bifs/{sub.bro => sub.zeek} (100%) rename testing/btest/bifs/{subnet_to_addr.bro => subnet_to_addr.zeek} (100%) rename testing/btest/bifs/{subnet_version.bro => subnet_version.zeek} (100%) rename testing/btest/bifs/{subst_string.bro => subst_string.zeek} (100%) rename testing/btest/bifs/{system.bro => system.zeek} (100%) rename testing/btest/bifs/{system_env.bro => system_env.zeek} (100%) rename testing/btest/bifs/{to_addr.bro => to_addr.zeek} (100%) rename testing/btest/bifs/{to_count.bro => to_count.zeek} (100%) rename testing/btest/bifs/{to_double.bro => to_double.zeek} (100%) rename testing/btest/bifs/{to_double_from_string.bro => to_double_from_string.zeek} (100%) rename testing/btest/bifs/{to_int.bro => to_int.zeek} (100%) rename testing/btest/bifs/{to_interval.bro => to_interval.zeek} (100%) rename testing/btest/bifs/{to_port.bro => to_port.zeek} (100%) rename testing/btest/bifs/{to_subnet.bro => to_subnet.zeek} (100%) rename testing/btest/bifs/{to_time.bro => to_time.zeek} (100%) rename testing/btest/bifs/{topk.bro => topk.zeek} (100%) rename testing/btest/bifs/{type_name.bro => type_name.zeek} (100%) rename testing/btest/bifs/{unique_id-pools.bro => unique_id-pools.zeek} (87%) rename testing/btest/bifs/{unique_id-rnd.bro => unique_id-rnd.zeek} (100%) rename testing/btest/bifs/{unique_id.bro => unique_id.zeek} (100%) rename testing/btest/bifs/{uuid_to_string.bro => uuid_to_string.zeek} (100%) rename testing/btest/bifs/{val_size.bro => val_size.zeek} (100%) rename testing/btest/bifs/{x509_verify.bro => x509_verify.zeek} (100%) rename testing/btest/broker/{connect-on-retry.bro => connect-on-retry.zeek} (91%) rename testing/btest/broker/{disconnect.bro => disconnect.zeek} (82%) rename testing/btest/broker/{error.bro => error.zeek} (88%) rename testing/btest/broker/{remote_event.bro => remote_event.zeek} (92%) rename testing/btest/broker/{remote_event_any.bro => remote_event_any.zeek} (92%) rename testing/btest/broker/{remote_event_auto.bro => remote_event_auto.zeek} (92%) rename testing/btest/broker/{remote_event_ssl_auth.bro => remote_event_ssl_auth.zeek} (98%) rename testing/btest/broker/{remote_event_vector_any.bro => remote_event_vector_any.zeek} (88%) rename testing/btest/broker/{remote_id.bro => remote_id.zeek} (83%) rename testing/btest/broker/{remote_log.bro => remote_log.zeek} (83%) rename testing/btest/broker/{remote_log_late_join.bro => remote_log_late_join.zeek} (85%) rename testing/btest/broker/{remote_log_types.bro => remote_log_types.zeek} (90%) rename testing/btest/broker/{ssl_auth_failure.bro => ssl_auth_failure.zeek} (96%) rename testing/btest/broker/store/{clone.bro => clone.zeek} (96%) rename testing/btest/broker/store/{local.bro => local.zeek} (100%) rename testing/btest/broker/store/{ops.bro => ops.zeek} (100%) rename testing/btest/broker/store/{record.bro => record.zeek} (100%) rename testing/btest/broker/store/{set.bro => set.zeek} (100%) rename testing/btest/broker/store/{sqlite.bro => sqlite.zeek} (100%) rename testing/btest/broker/store/{table.bro => table.zeek} (100%) rename testing/btest/broker/store/{type-conversion.bro => type-conversion.zeek} (100%) rename testing/btest/broker/store/{vector.bro => vector.zeek} (100%) rename testing/btest/broker/{unpeer.bro => unpeer.zeek} (89%) rename testing/btest/core/{bits_per_uid.bro => bits_per_uid.zeek} (100%) rename testing/btest/core/{cisco-fabric-path.bro => cisco-fabric-path.zeek} (100%) rename testing/btest/core/{conn-size-threshold.bro => conn-size-threshold.zeek} (100%) rename testing/btest/core/{conn-uid.bro => conn-uid.zeek} (100%) rename testing/btest/core/{connection_flip_roles.bro => connection_flip_roles.zeek} (100%) rename testing/btest/core/{discarder.bro => discarder.zeek} (88%) rename testing/btest/core/{div-by-zero.bro => div-by-zero.zeek} (100%) rename testing/btest/core/{dns-init.bro => dns-init.zeek} (100%) rename testing/btest/core/{embedded-null.bro => embedded-null.zeek} (100%) rename testing/btest/core/{enum-redef-exists.bro => enum-redef-exists.zeek} (100%) rename testing/btest/core/{erspan.bro => erspan.zeek} (100%) rename testing/btest/core/{erspanII.bro => erspanII.zeek} (100%) rename testing/btest/core/{erspanIII.bro => erspanIII.zeek} (100%) rename testing/btest/core/{ether-addrs.bro => ether-addrs.zeek} (100%) rename testing/btest/core/{event-arg-reuse.bro => event-arg-reuse.zeek} (100%) rename testing/btest/core/{expr-exception.bro => expr-exception.zeek} (100%) rename testing/btest/core/{fake_dns.bro => fake_dns.zeek} (100%) rename testing/btest/core/{global_opaque_val.bro => global_opaque_val.zeek} (100%) rename testing/btest/core/{history-flip.bro => history-flip.zeek} (100%) rename testing/btest/core/icmp/{icmp_sent.bro => icmp_sent.zeek} (100%) rename testing/btest/core/{init-error.bro => init-error.zeek} (100%) rename testing/btest/core/{ip-broken-header.bro => ip-broken-header.zeek} (100%) rename testing/btest/core/leaks/{basic-cluster.bro => basic-cluster.zeek} (98%) rename testing/btest/core/leaks/{bloomfilter.bro => bloomfilter.zeek} (100%) rename testing/btest/core/leaks/broker/{clone_store.bro => clone_store.zeek} (93%) rename testing/btest/core/leaks/broker/{data.bro => data.zeek} (100%) rename testing/btest/core/leaks/broker/{master_store.bro => master_store.zeek} (100%) rename testing/btest/core/leaks/{dns-nsec3.bro => dns-nsec3.zeek} (100%) rename testing/btest/core/leaks/{dns-txt.bro => dns-txt.zeek} (100%) rename testing/btest/core/leaks/{dns.bro => dns.zeek} (100%) rename testing/btest/core/leaks/{dtls.bro => dtls.zeek} (100%) rename testing/btest/core/leaks/{file-analysis-http-get.bro => file-analysis-http-get.zeek} (95%) rename testing/btest/core/leaks/{hll_cluster.bro => hll_cluster.zeek} (98%) rename testing/btest/core/leaks/{hook.bro => hook.zeek} (100%) rename testing/btest/core/leaks/{http-connect.bro => http-connect.zeek} (100%) rename testing/btest/core/leaks/{input-basic.bro => input-basic.zeek} (100%) rename testing/btest/core/leaks/{input-errors.bro => input-errors.zeek} (100%) rename testing/btest/core/leaks/{input-missing-enum.bro => input-missing-enum.zeek} (100%) rename testing/btest/core/leaks/{input-optional-event.bro => input-optional-event.zeek} (100%) rename testing/btest/core/leaks/{input-optional-table.bro => input-optional-table.zeek} (100%) rename testing/btest/core/leaks/{input-raw.bro => input-raw.zeek} (100%) rename testing/btest/core/leaks/{input-reread.bro => input-reread.zeek} (100%) rename testing/btest/core/leaks/{input-sqlite.bro => input-sqlite.zeek} (100%) rename testing/btest/core/leaks/{input-with-remove.bro => input-with-remove.zeek} (100%) rename testing/btest/core/leaks/{kv-iteration.bro => kv-iteration.zeek} (100%) rename testing/btest/core/leaks/{pattern.bro => pattern.zeek} (100%) rename testing/btest/core/leaks/{returnwhen.bro => returnwhen.zeek} (100%) rename testing/btest/core/leaks/{set.bro => set.zeek} (100%) rename testing/btest/core/leaks/{stats.bro => stats.zeek} (92%) rename testing/btest/core/leaks/{string-indexing.bro => string-indexing.zeek} (100%) rename testing/btest/core/leaks/{switch-statement.bro => switch-statement.zeek} (100%) rename testing/btest/core/leaks/{teredo.bro => teredo.zeek} (100%) rename testing/btest/core/leaks/{test-all.bro => test-all.zeek} (100%) rename testing/btest/core/leaks/{while.bro => while.zeek} (100%) rename testing/btest/core/leaks/{x509_ocsp_verify.bro => x509_ocsp_verify.zeek} (100%) rename testing/btest/core/leaks/{x509_verify.bro => x509_verify.zeek} (100%) rename testing/btest/core/{load-duplicates.bro => load-duplicates.zeek} (100%) rename testing/btest/core/{load-file-extension.bro => load-file-extension.zeek} (100%) rename testing/btest/core/{load-pkg.bro => load-pkg.zeek} (100%) rename testing/btest/core/{load-prefixes.bro => load-prefixes.zeek} (95%) rename testing/btest/core/{load-relative.bro => load-relative.zeek} (74%) rename testing/btest/core/{load-unload.bro => load-unload.zeek} (100%) rename testing/btest/core/{mpls-in-vlan.bro => mpls-in-vlan.zeek} (100%) rename testing/btest/core/{nflog.bro => nflog.zeek} (100%) rename testing/btest/core/{nop.bro => nop.zeek} (100%) rename testing/btest/core/{old_comm_usage.bro => old_comm_usage.zeek} (100%) rename testing/btest/core/{option-errors.bro => option-errors.zeek} (100%) rename testing/btest/core/{option-priorities.bro => option-priorities.zeek} (100%) rename testing/btest/core/{option-redef.bro => option-redef.zeek} (100%) rename testing/btest/core/{option-runtime-errors.bro => option-runtime-errors.zeek} (100%) rename testing/btest/core/pcap/{dumper.bro => dumper.zeek} (100%) rename testing/btest/core/pcap/{dynamic-filter.bro => dynamic-filter.zeek} (100%) rename testing/btest/core/pcap/{filter-error.bro => filter-error.zeek} (100%) rename testing/btest/core/pcap/{input-error.bro => input-error.zeek} (100%) rename testing/btest/core/pcap/{pseudo-realtime.bro => pseudo-realtime.zeek} (100%) rename testing/btest/core/pcap/{read-trace-with-filter.bro => read-trace-with-filter.zeek} (100%) rename testing/btest/core/{pppoe-over-qinq.bro => pppoe-over-qinq.zeek} (100%) rename testing/btest/core/{print-bpf-filters.bro => print-bpf-filters.zeek} (100%) rename testing/btest/core/{q-in-q.bro => q-in-q.zeek} (100%) rename testing/btest/core/{radiotap.bro => radiotap.zeek} (100%) rename testing/btest/core/{raw_packet.bro => raw_packet.zeek} (100%) rename testing/btest/core/{reassembly.bro => reassembly.zeek} (100%) rename testing/btest/core/{recursive-event.bro => recursive-event.zeek} (100%) rename testing/btest/core/{reporter-error-in-handler.bro => reporter-error-in-handler.zeek} (100%) rename testing/btest/core/{reporter-fmt-strings.bro => reporter-fmt-strings.zeek} (100%) rename testing/btest/core/{reporter-parse-error.bro => reporter-parse-error.zeek} (100%) rename testing/btest/core/{reporter-runtime-error.bro => reporter-runtime-error.zeek} (100%) rename testing/btest/core/{reporter-shutdown-order-errors.bro => reporter-shutdown-order-errors.zeek} (100%) rename testing/btest/core/{reporter-type-mismatch.bro => reporter-type-mismatch.zeek} (100%) rename testing/btest/core/{reporter-weird-sampling-disable.bro => reporter-weird-sampling-disable.zeek} (100%) rename testing/btest/core/{reporter-weird-sampling.bro => reporter-weird-sampling.zeek} (100%) rename testing/btest/core/{reporter.bro => reporter.zeek} (100%) rename testing/btest/core/tcp/{fin-retransmit.bro => fin-retransmit.zeek} (100%) rename testing/btest/core/tcp/{large-file-reassembly.bro => large-file-reassembly.zeek} (100%) rename testing/btest/core/tcp/{miss-end-data.bro => miss-end-data.zeek} (100%) rename testing/btest/core/tcp/{missing-syn.bro => missing-syn.zeek} (100%) rename testing/btest/core/tcp/{quantum-insert.bro => quantum-insert.zeek} (100%) rename testing/btest/core/tcp/{rst-after-syn.bro => rst-after-syn.zeek} (100%) rename testing/btest/core/tcp/{rxmit-history.bro => rxmit-history.zeek} (100%) rename testing/btest/core/tcp/{truncated-header.bro => truncated-header.zeek} (100%) rename testing/btest/core/tunnels/{false-teredo.bro => false-teredo.zeek} (100%) rename testing/btest/core/tunnels/{ip-in-ip-version.bro => ip-in-ip-version.zeek} (100%) rename testing/btest/core/tunnels/{teredo.bro => teredo.zeek} (100%) rename testing/btest/core/tunnels/{vxlan.bro => vxlan.zeek} (100%) rename testing/btest/core/{vector-assignment.bro => vector-assignment.zeek} (100%) rename testing/btest/core/{vlan-mpls.bro => vlan-mpls.zeek} (100%) rename testing/btest/core/{when-interpreter-exceptions.bro => when-interpreter-exceptions.zeek} (100%) rename testing/btest/core/{wlanmon.bro => wlanmon.zeek} (100%) rename testing/btest/core/{x509-generalizedtime.bro => x509-generalizedtime.zeek} (100%) rename testing/btest/coverage/{coverage-blacklist.bro => coverage-blacklist.zeek} (100%) rename testing/btest/doc/broxygen/{command_line.bro => command_line.zeek} (100%) rename testing/btest/doc/broxygen/{comment_retrieval_bifs.bro => comment_retrieval_bifs.zeek} (100%) rename testing/btest/doc/broxygen/{enums.bro => enums.zeek} (100%) rename testing/btest/doc/broxygen/{example.bro => example.zeek} (100%) rename testing/btest/doc/broxygen/{func-params.bro => func-params.zeek} (100%) rename testing/btest/doc/broxygen/{identifier.bro => identifier.zeek} (100%) rename testing/btest/doc/broxygen/{package.bro => package.zeek} (100%) rename testing/btest/doc/broxygen/{package_index.bro => package_index.zeek} (100%) rename testing/btest/doc/broxygen/{records.bro => records.zeek} (100%) rename testing/btest/doc/broxygen/{script_index.bro => script_index.zeek} (100%) rename testing/btest/doc/broxygen/{script_summary.bro => script_summary.zeek} (100%) rename testing/btest/doc/broxygen/{type-aliases.bro => type-aliases.zeek} (100%) rename testing/btest/doc/broxygen/{vectors.bro => vectors.zeek} (100%) rename testing/btest/doc/{record-add.bro => record-add.zeek} (100%) rename testing/btest/doc/{record-attr-check.bro => record-attr-check.zeek} (100%) rename testing/btest/language/{addr.bro => addr.zeek} (100%) rename testing/btest/language/{any.bro => any.zeek} (100%) rename testing/btest/language/{at-deprecated.bro => at-deprecated.zeek} (63%) rename testing/btest/language/{at-dir.bro => at-dir.zeek} (75%) rename testing/btest/language/{at-filename.bro => at-filename.zeek} (100%) rename testing/btest/language/{at-if-event.bro => at-if-event.zeek} (100%) rename testing/btest/language/{at-if-invalid.bro => at-if-invalid.zeek} (100%) rename testing/btest/language/{at-if.bro => at-if.zeek} (100%) rename testing/btest/language/{at-ifdef.bro => at-ifdef.zeek} (100%) rename testing/btest/language/{at-ifndef.bro => at-ifndef.zeek} (100%) rename testing/btest/language/{at-load.bro => at-load.zeek} (100%) rename testing/btest/language/{attr-default-coercion.bro => attr-default-coercion.zeek} (100%) rename testing/btest/language/{attr-default-global-set-error.bro => attr-default-global-set-error.zeek} (100%) rename testing/btest/language/{bool.bro => bool.zeek} (100%) rename testing/btest/language/{common-mistakes.bro => common-mistakes.zeek} (87%) rename testing/btest/language/{conditional-expression.bro => conditional-expression.zeek} (100%) rename testing/btest/language/{const.bro => const.zeek} (84%) rename testing/btest/language/{container-ctor-scope.bro => container-ctor-scope.zeek} (100%) rename testing/btest/language/{copy.bro => copy.zeek} (100%) rename testing/btest/language/{count.bro => count.zeek} (100%) rename testing/btest/language/{cross-product-init.bro => cross-product-init.zeek} (100%) rename testing/btest/language/{default-params.bro => default-params.zeek} (100%) rename testing/btest/language/{delete-field-set.bro => delete-field-set.zeek} (100%) rename testing/btest/language/{delete-field.bro => delete-field.zeek} (100%) rename testing/btest/language/{deprecated.bro => deprecated.zeek} (100%) rename testing/btest/language/{double.bro => double.zeek} (100%) rename testing/btest/language/{enum-desc.bro => enum-desc.zeek} (100%) rename testing/btest/language/{enum-scope.bro => enum-scope.zeek} (100%) rename testing/btest/language/{enum.bro => enum.zeek} (100%) rename testing/btest/language/{eof-parse-errors.bro => eof-parse-errors.zeek} (55%) rename testing/btest/language/{event-local-var.bro => event-local-var.zeek} (100%) rename testing/btest/language/{event.bro => event.zeek} (100%) rename testing/btest/language/{expire-expr-error.bro => expire-expr-error.zeek} (100%) rename testing/btest/language/{expire-func-undef.bro => expire-func-undef.zeek} (100%) rename testing/btest/language/{expire-redef.bro => expire-redef.zeek} (100%) rename testing/btest/language/{expire-type-error.bro => expire-type-error.zeek} (100%) rename testing/btest/language/{expire_func_mod.bro => expire_func_mod.zeek} (100%) rename testing/btest/language/{file.bro => file.zeek} (100%) rename testing/btest/language/{for.bro => for.zeek} (100%) rename testing/btest/language/{func-assignment.bro => func-assignment.zeek} (100%) rename testing/btest/language/{function.bro => function.zeek} (100%) rename testing/btest/language/{hook.bro => hook.zeek} (100%) rename testing/btest/language/{hook_calls.bro => hook_calls.zeek} (89%) rename testing/btest/language/{if.bro => if.zeek} (100%) rename testing/btest/language/{index-assignment-invalid.bro => index-assignment-invalid.zeek} (100%) rename testing/btest/language/{init-in-anon-function.bro => init-in-anon-function.zeek} (100%) rename testing/btest/language/{int.bro => int.zeek} (100%) rename testing/btest/language/{interval.bro => interval.zeek} (100%) rename testing/btest/language/{invalid_index.bro => invalid_index.zeek} (100%) rename testing/btest/language/{ipv6-literals.bro => ipv6-literals.zeek} (100%) rename testing/btest/language/{key-value-for.bro => key-value-for.zeek} (100%) rename testing/btest/language/{module.bro => module.zeek} (100%) rename testing/btest/language/{named-record-ctors.bro => named-record-ctors.zeek} (100%) rename testing/btest/language/{named-set-ctors.bro => named-set-ctors.zeek} (100%) rename testing/btest/language/{named-table-ctors.bro => named-table-ctors.zeek} (100%) rename testing/btest/language/{named-vector-ctors.bro => named-vector-ctors.zeek} (100%) rename testing/btest/language/{nested-sets.bro => nested-sets.zeek} (100%) rename testing/btest/language/{next-test.bro => next-test.zeek} (100%) rename testing/btest/language/{no-module.bro => no-module.zeek} (100%) rename testing/btest/language/{null-statement.bro => null-statement.zeek} (100%) rename testing/btest/language/{outer_param_binding.bro => outer_param_binding.zeek} (100%) rename testing/btest/language/{pattern.bro => pattern.zeek} (100%) rename testing/btest/language/{port.bro => port.zeek} (100%) rename testing/btest/language/{precedence.bro => precedence.zeek} (100%) rename testing/btest/language/{rec-comp-init.bro => rec-comp-init.zeek} (100%) rename testing/btest/language/{rec-nested-opt.bro => rec-nested-opt.zeek} (100%) rename testing/btest/language/{rec-of-tbl.bro => rec-of-tbl.zeek} (100%) rename testing/btest/language/{rec-table-default.bro => rec-table-default.zeek} (100%) rename testing/btest/language/{record-bad-ctor.bro => record-bad-ctor.zeek} (100%) rename testing/btest/language/{record-bad-ctor2.bro => record-bad-ctor2.zeek} (100%) rename testing/btest/language/{record-ceorce-orphan.bro => record-ceorce-orphan.zeek} (100%) rename testing/btest/language/{record-coerce-clash.bro => record-coerce-clash.zeek} (100%) rename testing/btest/language/{record-default-coercion.bro => record-default-coercion.zeek} (100%) rename testing/btest/language/{record-default-set-mismatch.bro => record-default-set-mismatch.zeek} (100%) rename testing/btest/language/{record-extension.bro => record-extension.zeek} (100%) rename testing/btest/language/{record-function-recursion.bro => record-function-recursion.zeek} (100%) rename testing/btest/language/{record-index-complex-fields.bro => record-index-complex-fields.zeek} (100%) rename testing/btest/language/{record-recursive-coercion.bro => record-recursive-coercion.zeek} (100%) rename testing/btest/language/{record-redef-after-init.bro => record-redef-after-init.zeek} (100%) rename testing/btest/language/{record-ref-assign.bro => record-ref-assign.zeek} (100%) rename testing/btest/language/{record-type-checking.bro => record-type-checking.zeek} (100%) rename testing/btest/language/{redef-same-prefixtable-idx.bro => redef-same-prefixtable-idx.zeek} (100%) rename testing/btest/language/{redef-vector.bro => redef-vector.zeek} (100%) rename testing/btest/language/{returnwhen.bro => returnwhen.zeek} (100%) rename testing/btest/language/{set-opt-record-index.bro => set-opt-record-index.zeek} (100%) rename testing/btest/language/{set-type-checking.bro => set-type-checking.zeek} (100%) rename testing/btest/language/{set.bro => set.zeek} (100%) rename testing/btest/language/{short-circuit.bro => short-circuit.zeek} (100%) rename testing/btest/language/{sizeof.bro => sizeof.zeek} (100%) rename testing/btest/language/{smith-waterman-test.bro => smith-waterman-test.zeek} (100%) rename testing/btest/language/{string-indexing.bro => string-indexing.zeek} (100%) rename testing/btest/language/{string.bro => string.zeek} (100%) rename testing/btest/language/{strings.bro => strings.zeek} (100%) rename testing/btest/language/{subnet-errors.bro => subnet-errors.zeek} (100%) rename testing/btest/language/{subnet.bro => subnet.zeek} (100%) rename testing/btest/language/{switch-error-mixed.bro => switch-error-mixed.zeek} (100%) rename testing/btest/language/{switch-incomplete.bro => switch-incomplete.zeek} (100%) rename testing/btest/language/{switch-statement.bro => switch-statement.zeek} (100%) rename testing/btest/language/{switch-types-error-duplicate.bro => switch-types-error-duplicate.zeek} (100%) rename testing/btest/language/{switch-types-error-unsupported.bro => switch-types-error-unsupported.zeek} (100%) rename testing/btest/language/{switch-types-vars.bro => switch-types-vars.zeek} (100%) rename testing/btest/language/{switch-types.bro => switch-types.zeek} (100%) rename testing/btest/language/{table-default-record.bro => table-default-record.zeek} (100%) rename testing/btest/language/{table-init-attrs.bro => table-init-attrs.zeek} (100%) rename testing/btest/language/{table-init-container-ctors.bro => table-init-container-ctors.zeek} (100%) rename testing/btest/language/{table-init-record-idx.bro => table-init-record-idx.zeek} (100%) rename testing/btest/language/{table-init.bro => table-init.zeek} (100%) rename testing/btest/language/{table-redef.bro => table-redef.zeek} (100%) rename testing/btest/language/{table-type-checking.bro => table-type-checking.zeek} (100%) rename testing/btest/language/{table.bro => table.zeek} (100%) rename testing/btest/language/{ternary-record-mismatch.bro => ternary-record-mismatch.zeek} (100%) rename testing/btest/language/{time.bro => time.zeek} (100%) rename testing/btest/language/{timeout.bro => timeout.zeek} (100%) rename testing/btest/language/{type-cast-any.bro => type-cast-any.zeek} (100%) rename testing/btest/language/{type-cast-error-dynamic.bro => type-cast-error-dynamic.zeek} (100%) rename testing/btest/language/{type-cast-error-static.bro => type-cast-error-static.zeek} (100%) rename testing/btest/language/{type-cast-same.bro => type-cast-same.zeek} (100%) rename testing/btest/language/{type-check-any.bro => type-check-any.zeek} (100%) rename testing/btest/language/{type-check-vector.bro => type-check-vector.zeek} (100%) rename testing/btest/language/{type-type-error.bro => type-type-error.zeek} (100%) rename testing/btest/language/{undefined-delete-field.bro => undefined-delete-field.zeek} (100%) rename testing/btest/language/{uninitialized-local.bro => uninitialized-local.zeek} (100%) rename testing/btest/language/{uninitialized-local2.bro => uninitialized-local2.zeek} (100%) rename testing/btest/language/{vector-any-append.bro => vector-any-append.zeek} (100%) rename testing/btest/language/{vector-coerce-expr.bro => vector-coerce-expr.zeek} (100%) rename testing/btest/language/{vector-in-operator.bro => vector-in-operator.zeek} (100%) rename testing/btest/language/{vector-list-init-records.bro => vector-list-init-records.zeek} (100%) rename testing/btest/language/{vector-type-checking.bro => vector-type-checking.zeek} (100%) rename testing/btest/language/{vector-unspecified.bro => vector-unspecified.zeek} (100%) rename testing/btest/language/{vector.bro => vector.zeek} (100%) rename testing/btest/language/{when-unitialized-rhs.bro => when-unitialized-rhs.zeek} (100%) rename testing/btest/language/{when.bro => when.zeek} (100%) rename testing/btest/language/{while.bro => while.zeek} (100%) rename testing/btest/language/{wrong-delete-field.bro => wrong-delete-field.zeek} (100%) rename testing/btest/language/{wrong-record-extension.bro => wrong-record-extension.zeek} (100%) rename testing/btest/plugins/{file.bro => file.zeek} (100%) rename testing/btest/plugins/{hooks.bro => hooks.zeek} (100%) rename testing/btest/plugins/{init-plugin.bro => init-plugin.zeek} (100%) rename testing/btest/plugins/{logging-hooks.bro => logging-hooks.zeek} (100%) rename testing/btest/plugins/{pktdumper.bro => pktdumper.zeek} (100%) rename testing/btest/plugins/{pktsrc.bro => pktsrc.zeek} (100%) rename testing/btest/plugins/{plugin-nopatchversion.bro => plugin-nopatchversion.zeek} (100%) rename testing/btest/plugins/{plugin-withpatchversion.bro => plugin-withpatchversion.zeek} (100%) rename testing/btest/plugins/protocol-plugin/scripts/Demo/Foo/base/{main.bro => main.zeek} (100%) rename testing/btest/plugins/{protocol.bro => protocol.zeek} (100%) rename testing/btest/plugins/{reader.bro => reader.zeek} (100%) rename testing/btest/plugins/{reporter-hook.bro => reporter-hook.zeek} (100%) rename testing/btest/plugins/{writer.bro => writer.zeek} (100%) rename testing/btest/scripts/base/files/data_event/{basic.bro => basic.zeek} (100%) rename testing/btest/scripts/base/files/extract/{limit.bro => limit.zeek} (100%) rename testing/btest/scripts/base/files/unified2/{alert.bro => alert.zeek} (100%) rename testing/btest/scripts/base/frameworks/analyzer/{disable-analyzer.bro => disable-analyzer.zeek} (100%) rename testing/btest/scripts/base/frameworks/analyzer/{enable-analyzer.bro => enable-analyzer.zeek} (100%) rename testing/btest/scripts/base/frameworks/analyzer/{register-for-port.bro => register-for-port.zeek} (100%) rename testing/btest/scripts/base/frameworks/analyzer/{schedule-analyzer.bro => schedule-analyzer.zeek} (100%) rename testing/btest/scripts/base/frameworks/cluster/{custom_pool_exclusivity.bro => custom_pool_exclusivity.zeek} (98%) rename testing/btest/scripts/base/frameworks/cluster/{custom_pool_limits.bro => custom_pool_limits.zeek} (98%) rename testing/btest/scripts/base/frameworks/cluster/{forwarding.bro => forwarding.zeek} (98%) rename testing/btest/scripts/base/frameworks/cluster/{log_distribution.bro => log_distribution.zeek} (98%) rename testing/btest/scripts/base/frameworks/cluster/{start-it-up-logger.bro => start-it-up-logger.zeek} (98%) rename testing/btest/scripts/base/frameworks/cluster/{start-it-up.bro => start-it-up.zeek} (98%) rename testing/btest/scripts/base/frameworks/cluster/{topic_distribution.bro => topic_distribution.zeek} (98%) rename testing/btest/scripts/base/frameworks/cluster/{topic_distribution_bifs.bro => topic_distribution_bifs.zeek} (98%) rename testing/btest/scripts/base/frameworks/config/{basic.bro => basic.zeek} (100%) rename testing/btest/scripts/base/frameworks/config/{basic_cluster.bro => basic_cluster.zeek} (98%) rename testing/btest/scripts/base/frameworks/config/{cluster_resend.bro => cluster_resend.zeek} (98%) rename testing/btest/scripts/base/frameworks/config/{read_config.bro => read_config.zeek} (100%) rename testing/btest/scripts/base/frameworks/config/{read_config_cluster.bro => read_config_cluster.zeek} (98%) rename testing/btest/scripts/base/frameworks/config/{several-files.bro => several-files.zeek} (100%) rename testing/btest/scripts/base/frameworks/config/{updates.bro => updates.zeek} (100%) rename testing/btest/scripts/base/frameworks/config/{weird.bro => weird.zeek} (100%) rename testing/btest/scripts/base/frameworks/control/{configuration_update.bro => configuration_update.zeek} (97%) rename testing/btest/scripts/base/frameworks/control/{id_value.bro => id_value.zeek} (95%) rename testing/btest/scripts/base/frameworks/control/{shutdown.bro => shutdown.zeek} (100%) rename testing/btest/scripts/base/frameworks/file-analysis/actions/{data_event.bro => data_event.zeek} (84%) rename testing/btest/scripts/base/frameworks/file-analysis/bifs/{file_exists_lookup_file.bro => file_exists_lookup_file.zeek} (100%) rename testing/btest/scripts/base/frameworks/file-analysis/bifs/{register_mime_type.bro => register_mime_type.zeek} (100%) rename testing/btest/scripts/base/frameworks/file-analysis/bifs/{remove_action.bro => remove_action.zeek} (94%) rename testing/btest/scripts/base/frameworks/file-analysis/bifs/{set_timeout_interval.bro => set_timeout_interval.zeek} (92%) rename testing/btest/scripts/base/frameworks/file-analysis/bifs/{stop.bro => stop.zeek} (86%) rename testing/btest/scripts/base/frameworks/file-analysis/{big-bof-buffer.bro => big-bof-buffer.zeek} (100%) rename testing/btest/scripts/base/frameworks/file-analysis/{byteranges.bro => byteranges.zeek} (100%) rename testing/btest/scripts/base/frameworks/file-analysis/{ftp.bro => ftp.zeek} (91%) rename testing/btest/scripts/base/frameworks/file-analysis/http/{get.bro => get.zeek} (84%) rename testing/btest/scripts/base/frameworks/file-analysis/http/{multipart.bro => multipart.zeek} (92%) rename testing/btest/scripts/base/frameworks/file-analysis/http/{partial-content.bro => partial-content.zeek} (87%) rename testing/btest/scripts/base/frameworks/file-analysis/http/{pipeline.bro => pipeline.zeek} (90%) rename testing/btest/scripts/base/frameworks/file-analysis/http/{post.bro => post.zeek} (92%) rename testing/btest/scripts/base/frameworks/file-analysis/input/{basic.bro => basic.zeek} (98%) rename testing/btest/scripts/base/frameworks/file-analysis/{irc.bro => irc.zeek} (92%) rename testing/btest/scripts/base/frameworks/file-analysis/{logging.bro => logging.zeek} (92%) rename testing/btest/scripts/base/frameworks/file-analysis/{smtp.bro => smtp.zeek} (95%) rename testing/btest/scripts/base/frameworks/input/{basic.bro => basic.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{bignumber.bro => bignumber.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{binary.bro => binary.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/config/{basic.bro => basic.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/config/{errors.bro => errors.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/config/{spaces.bro => spaces.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{default.bro => default.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{empty-values-hashing.bro => empty-values-hashing.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{emptyvals.bro => emptyvals.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{errors.bro => errors.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{event.bro => event.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{invalid-lines.bro => invalid-lines.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{invalidnumbers.bro => invalidnumbers.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{invalidset.bro => invalidset.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{invalidtext.bro => invalidtext.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{missing-enum.bro => missing-enum.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{missing-file-initially.bro => missing-file-initially.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{missing-file.bro => missing-file.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{onecolumn-norecord.bro => onecolumn-norecord.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{onecolumn-record.bro => onecolumn-record.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{optional.bro => optional.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/path-prefix/{absolute-prefix.bro => absolute-prefix.zeek} (92%) rename testing/btest/scripts/base/frameworks/input/path-prefix/{absolute-source.bro => absolute-source.zeek} (91%) rename testing/btest/scripts/base/frameworks/input/path-prefix/{no-paths.bro => no-paths.zeek} (89%) rename testing/btest/scripts/base/frameworks/input/path-prefix/{path-prefix-common-analysis.bro => path-prefix-common-analysis.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/path-prefix/{path-prefix-common-event.bro => path-prefix-common-event.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/path-prefix/{path-prefix-common-table.bro => path-prefix-common-table.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/path-prefix/{relative-prefix.bro => relative-prefix.zeek} (91%) rename testing/btest/scripts/base/frameworks/input/{port-embedded.bro => port-embedded.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{port.bro => port.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{predicate-stream.bro => predicate-stream.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{predicate.bro => predicate.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{predicatemodify.bro => predicatemodify.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{predicatemodifyandreread.bro => predicatemodifyandreread.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{predicaterefusesecondsamerecord.bro => predicaterefusesecondsamerecord.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/raw/{basic.bro => basic.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/raw/{execute.bro => execute.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/raw/{executestdin.bro => executestdin.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/raw/{executestream.bro => executestream.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/raw/{long.bro => long.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/raw/{offset.bro => offset.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/raw/{rereadraw.bro => rereadraw.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/raw/{stderr.bro => stderr.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/raw/{streamraw.bro => streamraw.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{repeat.bro => repeat.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{reread.bro => reread.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{set.bro => set.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{setseparator.bro => setseparator.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{setspecialcases.bro => setspecialcases.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/sqlite/{basic.bro => basic.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/sqlite/{error.bro => error.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/sqlite/{port.bro => port.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/sqlite/{types.bro => types.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{stream.bro => stream.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{subrecord-event.bro => subrecord-event.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{subrecord.bro => subrecord.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{tableevent.bro => tableevent.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{twotables.bro => twotables.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{unsupported_types.bro => unsupported_types.zeek} (100%) rename testing/btest/scripts/base/frameworks/input/{windows.bro => windows.zeek} (100%) rename testing/btest/scripts/base/frameworks/intel/{cluster-transparency-with-proxy.bro => cluster-transparency-with-proxy.zeek} (98%) rename testing/btest/scripts/base/frameworks/intel/{cluster-transparency.bro => cluster-transparency.zeek} (98%) rename testing/btest/scripts/base/frameworks/intel/{expire-item.bro => expire-item.zeek} (100%) rename testing/btest/scripts/base/frameworks/intel/{filter-item.bro => filter-item.zeek} (100%) rename testing/btest/scripts/base/frameworks/intel/{input-and-match.bro => input-and-match.zeek} (100%) rename testing/btest/scripts/base/frameworks/intel/{match-subnet.bro => match-subnet.zeek} (100%) rename testing/btest/scripts/base/frameworks/intel/path-prefix/{input-intel-absolute-prefixes.bro => input-intel-absolute-prefixes.zeek} (96%) rename testing/btest/scripts/base/frameworks/intel/path-prefix/{input-intel-relative-prefixes.bro => input-intel-relative-prefixes.zeek} (95%) rename testing/btest/scripts/base/frameworks/intel/path-prefix/{input-prefix.bro => input-prefix.zeek} (95%) rename testing/btest/scripts/base/frameworks/intel/path-prefix/{no-paths.bro => no-paths.zeek} (94%) rename testing/btest/scripts/base/frameworks/intel/path-prefix/{path-prefix-common.bro => path-prefix-common.zeek} (100%) rename testing/btest/scripts/base/frameworks/intel/{read-file-dist-cluster.bro => read-file-dist-cluster.zeek} (98%) rename testing/btest/scripts/base/frameworks/intel/{remove-item-cluster.bro => remove-item-cluster.zeek} (98%) rename testing/btest/scripts/base/frameworks/intel/{remove-non-existing.bro => remove-non-existing.zeek} (100%) rename testing/btest/scripts/base/frameworks/intel/{updated-match.bro => updated-match.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{adapt-filter.bro => adapt-filter.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{ascii-binary.bro => ascii-binary.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{ascii-double.bro => ascii-double.zeek} (95%) rename testing/btest/scripts/base/frameworks/logging/{ascii-empty.bro => ascii-empty.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{ascii-escape-binary.bro => ascii-escape-binary.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{ascii-escape-empty-str.bro => ascii-escape-empty-str.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{ascii-escape-notset-str.bro => ascii-escape-notset-str.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{ascii-escape-odd-url.bro => ascii-escape-odd-url.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{ascii-escape-set-separator.bro => ascii-escape-set-separator.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{ascii-escape.bro => ascii-escape.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{ascii-gz-rotate.bro => ascii-gz-rotate.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{ascii-gz.bro => ascii-gz.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{ascii-json-iso-timestamps.bro => ascii-json-iso-timestamps.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{ascii-json-optional.bro => ascii-json-optional.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{ascii-json.bro => ascii-json.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{ascii-line-like-comment.bro => ascii-line-like-comment.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{ascii-options.bro => ascii-options.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{ascii-timestamps.bro => ascii-timestamps.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{ascii-tsv.bro => ascii-tsv.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{attr-extend.bro => attr-extend.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{attr.bro => attr.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{disable-stream.bro => disable-stream.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{empty-event.bro => empty-event.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{enable-stream.bro => enable-stream.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{events.bro => events.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{exclude.bro => exclude.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{field-extension-cluster-error.bro => field-extension-cluster-error.zeek} (87%) rename testing/btest/scripts/base/frameworks/logging/{field-extension-cluster.bro => field-extension-cluster.zeek} (84%) rename testing/btest/scripts/base/frameworks/logging/{field-extension-complex.bro => field-extension-complex.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{field-extension-invalid.bro => field-extension-invalid.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{field-extension-optional.bro => field-extension-optional.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{field-extension-table.bro => field-extension-table.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{field-extension.bro => field-extension.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{field-name-map.bro => field-name-map.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{field-name-map2.bro => field-name-map2.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{file.bro => file.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{include.bro => include.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{no-local.bro => no-local.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{none-debug.bro => none-debug.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{path-func-column-demote.bro => path-func-column-demote.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{path-func.bro => path-func.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{pred.bro => pred.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{remove.bro => remove.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{rotate-custom.bro => rotate-custom.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{rotate.bro => rotate.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{scope_sep.bro => scope_sep.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{scope_sep_and_field_name_map.bro => scope_sep_and_field_name_map.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/sqlite/{error.bro => error.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/sqlite/{set.bro => set.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/sqlite/{simultaneous-writes.bro => simultaneous-writes.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/sqlite/{types.bro => types.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/sqlite/{wikipedia.bro => wikipedia.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{stdout.bro => stdout.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{test-logging.bro => test-logging.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{types.bro => types.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{unset-record.bro => unset-record.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{vec.bro => vec.zeek} (100%) rename testing/btest/scripts/base/frameworks/logging/{writer-path-conflict.bro => writer-path-conflict.zeek} (100%) rename testing/btest/scripts/base/frameworks/netcontrol/{acld-hook.bro => acld-hook.zeek} (95%) rename testing/btest/scripts/base/frameworks/netcontrol/{acld.bro => acld.zeek} (95%) rename testing/btest/scripts/base/frameworks/netcontrol/{basic-cluster.bro => basic-cluster.zeek} (81%) rename testing/btest/scripts/base/frameworks/netcontrol/{basic.bro => basic.zeek} (100%) rename testing/btest/scripts/base/frameworks/netcontrol/{broker.bro => broker.zeek} (95%) rename testing/btest/scripts/base/frameworks/netcontrol/{catch-and-release-forgotten.bro => catch-and-release-forgotten.zeek} (100%) rename testing/btest/scripts/base/frameworks/netcontrol/{catch-and-release.bro => catch-and-release.zeek} (100%) rename testing/btest/scripts/base/frameworks/netcontrol/{delete-internal-state.bro => delete-internal-state.zeek} (100%) rename testing/btest/scripts/base/frameworks/netcontrol/{duplicate.bro => duplicate.zeek} (100%) rename testing/btest/scripts/base/frameworks/netcontrol/{find-rules.bro => find-rules.zeek} (100%) rename testing/btest/scripts/base/frameworks/netcontrol/{hook.bro => hook.zeek} (100%) rename testing/btest/scripts/base/frameworks/netcontrol/{multiple.bro => multiple.zeek} (100%) rename testing/btest/scripts/base/frameworks/netcontrol/{openflow.bro => openflow.zeek} (100%) rename testing/btest/scripts/base/frameworks/netcontrol/{packetfilter.bro => packetfilter.zeek} (100%) rename testing/btest/scripts/base/frameworks/netcontrol/{quarantine-openflow.bro => quarantine-openflow.zeek} (100%) rename testing/btest/scripts/base/frameworks/netcontrol/{timeout.bro => timeout.zeek} (100%) rename testing/btest/scripts/base/frameworks/notice/{cluster.bro => cluster.zeek} (97%) rename testing/btest/scripts/base/frameworks/notice/{mail-alarms.bro => mail-alarms.zeek} (100%) rename testing/btest/scripts/base/frameworks/notice/{suppression-cluster.bro => suppression-cluster.zeek} (98%) rename testing/btest/scripts/base/frameworks/notice/{suppression-disable.bro => suppression-disable.zeek} (100%) rename testing/btest/scripts/base/frameworks/notice/{suppression.bro => suppression.zeek} (100%) rename testing/btest/scripts/base/frameworks/openflow/{broker-basic.bro => broker-basic.zeek} (94%) rename testing/btest/scripts/base/frameworks/openflow/{log-basic.bro => log-basic.zeek} (100%) rename testing/btest/scripts/base/frameworks/openflow/{log-cluster.bro => log-cluster.zeek} (84%) rename testing/btest/scripts/base/frameworks/openflow/{ryu-basic.bro => ryu-basic.zeek} (100%) rename testing/btest/scripts/base/frameworks/reporter/{disable-stderr.bro => disable-stderr.zeek} (100%) rename testing/btest/scripts/base/frameworks/reporter/{stderr.bro => stderr.zeek} (100%) rename testing/btest/scripts/base/frameworks/software/{version-parsing.bro => version-parsing.zeek} (100%) rename testing/btest/scripts/base/frameworks/sumstats/{basic-cluster.bro => basic-cluster.zeek} (98%) rename testing/btest/scripts/base/frameworks/sumstats/{basic.bro => basic.zeek} (100%) rename testing/btest/scripts/base/frameworks/sumstats/{cluster-intermediate-update.bro => cluster-intermediate-update.zeek} (98%) rename testing/btest/scripts/base/frameworks/sumstats/{last-cluster.bro => last-cluster.zeek} (98%) rename testing/btest/scripts/base/frameworks/sumstats/{on-demand-cluster.bro => on-demand-cluster.zeek} (98%) rename testing/btest/scripts/base/frameworks/sumstats/{on-demand.bro => on-demand.zeek} (100%) rename testing/btest/scripts/base/frameworks/sumstats/{sample-cluster.bro => sample-cluster.zeek} (99%) rename testing/btest/scripts/base/frameworks/sumstats/{sample.bro => sample.zeek} (100%) rename testing/btest/scripts/base/frameworks/sumstats/{thresholding.bro => thresholding.zeek} (100%) rename testing/btest/scripts/base/frameworks/sumstats/{topk-cluster.bro => topk-cluster.zeek} (98%) rename testing/btest/scripts/base/frameworks/sumstats/{topk.bro => topk.zeek} (100%) rename testing/btest/scripts/base/misc/{version.bro => version.zeek} (100%) rename testing/btest/scripts/base/protocols/conn/{new_connection_contents.bro => new_connection_contents.zeek} (100%) rename testing/btest/scripts/base/protocols/conn/{threshold.bro => threshold.zeek} (100%) rename testing/btest/scripts/base/protocols/dce-rpc/{context.bro => context.zeek} (100%) rename testing/btest/scripts/base/protocols/dnp3/{dnp3_del_measure.bro => dnp3_del_measure.zeek} (96%) rename testing/btest/scripts/base/protocols/dnp3/{dnp3_en_spon.bro => dnp3_en_spon.zeek} (97%) rename testing/btest/scripts/base/protocols/dnp3/{dnp3_file_del.bro => dnp3_file_del.zeek} (96%) rename testing/btest/scripts/base/protocols/dnp3/{dnp3_file_read.bro => dnp3_file_read.zeek} (96%) rename testing/btest/scripts/base/protocols/dnp3/{dnp3_file_write.bro => dnp3_file_write.zeek} (96%) rename testing/btest/scripts/base/protocols/dnp3/{dnp3_link_only.bro => dnp3_link_only.zeek} (95%) rename testing/btest/scripts/base/protocols/dnp3/{dnp3_write.bro => dnp3_read.zeek} (83%) rename testing/btest/scripts/base/protocols/dnp3/{dnp3_rec_time.bro => dnp3_rec_time.zeek} (96%) rename testing/btest/scripts/base/protocols/dnp3/{dnp3_select_operate.bro => dnp3_select_operate.zeek} (95%) rename testing/btest/scripts/base/protocols/dnp3/{dnp3_udp_en_spon.bro => dnp3_udp_en_spon.zeek} (96%) rename testing/btest/scripts/base/protocols/dnp3/{dnp3_udp_read.bro => dnp3_udp_read.zeek} (96%) rename testing/btest/scripts/base/protocols/dnp3/{dnp3_udp_select_operate.bro => dnp3_udp_select_operate.zeek} (94%) rename testing/btest/scripts/base/protocols/dnp3/{dnp3_udp_write.bro => dnp3_udp_write.zeek} (96%) rename testing/btest/scripts/base/protocols/dnp3/{dnp3_read.bro => dnp3_write.zeek} (82%) rename testing/btest/scripts/base/protocols/dnp3/{events.bro => events.zeek} (100%) rename testing/btest/scripts/base/protocols/dns/{caa.bro => caa.zeek} (100%) rename testing/btest/scripts/base/protocols/dns/{dns-key.bro => dns-key.zeek} (100%) rename testing/btest/scripts/base/protocols/dns/{dnskey.bro => dnskey.zeek} (100%) rename testing/btest/scripts/base/protocols/dns/{ds.bro => ds.zeek} (100%) rename testing/btest/scripts/base/protocols/dns/{duplicate-reponses.bro => duplicate-reponses.zeek} (100%) rename testing/btest/scripts/base/protocols/dns/{flip.bro => flip.zeek} (100%) rename testing/btest/scripts/base/protocols/dns/{huge-ttl.bro => huge-ttl.zeek} (100%) rename testing/btest/scripts/base/protocols/dns/{multiple-txt-strings.bro => multiple-txt-strings.zeek} (100%) rename testing/btest/scripts/base/protocols/dns/{nsec.bro => nsec.zeek} (100%) rename testing/btest/scripts/base/protocols/dns/{nsec3.bro => nsec3.zeek} (100%) rename testing/btest/scripts/base/protocols/dns/{rrsig.bro => rrsig.zeek} (100%) rename testing/btest/scripts/base/protocols/dns/{tsig.bro => tsig.zeek} (100%) rename testing/btest/scripts/base/protocols/dns/{zero-responses.bro => zero-responses.zeek} (100%) rename testing/btest/scripts/base/protocols/ftp/{cwd-navigation.bro => cwd-navigation.zeek} (100%) rename testing/btest/scripts/base/protocols/ftp/{ftp-get-file-size.bro => ftp-get-file-size.zeek} (100%) rename testing/btest/scripts/base/protocols/ftp/{ftp-ipv4.bro => ftp-ipv4.zeek} (100%) rename testing/btest/scripts/base/protocols/ftp/{ftp-ipv6.bro => ftp-ipv6.zeek} (100%) rename testing/btest/scripts/base/protocols/http/{100-continue.bro => 100-continue.zeek} (100%) rename testing/btest/scripts/base/protocols/http/{101-switching-protocols.bro => 101-switching-protocols.zeek} (100%) rename testing/btest/scripts/base/protocols/http/{content-range-gap-skip.bro => content-range-gap-skip.zeek} (100%) rename testing/btest/scripts/base/protocols/http/{content-range-gap.bro => content-range-gap.zeek} (100%) rename testing/btest/scripts/base/protocols/http/{content-range-less-than-len.bro => content-range-less-than-len.zeek} (100%) rename testing/btest/scripts/base/protocols/http/{entity-gap.bro => entity-gap.zeek} (100%) rename testing/btest/scripts/base/protocols/http/{entity-gap2.bro => entity-gap2.zeek} (100%) rename testing/btest/scripts/base/protocols/http/{fake-content-length.bro => fake-content-length.zeek} (100%) rename testing/btest/scripts/base/protocols/http/{http-bad-request-with-version.bro => http-bad-request-with-version.zeek} (100%) rename testing/btest/scripts/base/protocols/http/{http-connect-with-header.bro => http-connect-with-header.zeek} (100%) rename testing/btest/scripts/base/protocols/http/{http-connect.bro => http-connect.zeek} (100%) rename testing/btest/scripts/base/protocols/http/{http-filename.bro => http-filename.zeek} (100%) rename testing/btest/scripts/base/protocols/http/{http-header-crlf.bro => http-header-crlf.zeek} (100%) rename testing/btest/scripts/base/protocols/http/{http-methods.bro => http-methods.zeek} (100%) rename testing/btest/scripts/base/protocols/http/{http-pipelining.bro => http-pipelining.zeek} (100%) rename testing/btest/scripts/base/protocols/http/{missing-zlib-header.bro => missing-zlib-header.zeek} (100%) rename testing/btest/scripts/base/protocols/http/{multipart-extract.bro => multipart-extract.zeek} (100%) rename testing/btest/scripts/base/protocols/http/{multipart-file-limit.bro => multipart-file-limit.zeek} (100%) rename testing/btest/scripts/base/protocols/http/{no-uri.bro => no-uri.zeek} (100%) rename testing/btest/scripts/base/protocols/http/{no-version.bro => no-version.zeek} (100%) rename testing/btest/scripts/base/protocols/http/{percent-end-of-line.bro => percent-end-of-line.zeek} (100%) rename testing/btest/scripts/base/protocols/http/{x-gzip.bro => x-gzip.zeek} (100%) rename testing/btest/scripts/base/protocols/http/{zero-length-bodies-with-drops.bro => zero-length-bodies-with-drops.zeek} (100%) rename testing/btest/scripts/base/protocols/irc/{names-weird.bro => names-weird.zeek} (100%) rename testing/btest/scripts/base/protocols/modbus/{coil_parsing_big.bro => coil_parsing_big.zeek} (100%) rename testing/btest/scripts/base/protocols/modbus/{coil_parsing_small.bro => coil_parsing_small.zeek} (100%) rename testing/btest/scripts/base/protocols/modbus/{events.bro => events.zeek} (100%) rename testing/btest/scripts/base/protocols/modbus/{length_mismatch.bro => length_mismatch.zeek} (100%) rename testing/btest/scripts/base/protocols/modbus/{policy.bro => policy.zeek} (100%) rename testing/btest/scripts/base/protocols/modbus/{register_parsing.bro => register_parsing.zeek} (100%) rename testing/btest/scripts/base/protocols/ncp/{event.bro => event.zeek} (100%) rename testing/btest/scripts/base/protocols/ncp/{frame_size_tuning.bro => frame_size_tuning.zeek} (100%) rename testing/btest/scripts/base/protocols/pop3/{starttls.bro => starttls.zeek} (100%) rename testing/btest/scripts/base/protocols/rdp/{rdp-proprietary-encryption.bro => rdp-proprietary-encryption.zeek} (100%) rename testing/btest/scripts/base/protocols/rdp/{rdp-to-ssl.bro => rdp-to-ssl.zeek} (100%) rename testing/btest/scripts/base/protocols/rdp/{rdp-x509.bro => rdp-x509.zeek} (100%) rename testing/btest/scripts/base/protocols/smb/{smb2-read-write.bro => smb2-read-write.zeek} (100%) rename testing/btest/scripts/base/protocols/snmp/{snmp-addr.bro => snmp-addr.zeek} (100%) rename testing/btest/scripts/base/protocols/snmp/{v1.bro => v1.zeek} (78%) rename testing/btest/scripts/base/protocols/snmp/{v2.bro => v2.zeek} (77%) rename testing/btest/scripts/base/protocols/snmp/{v3.bro => v3.zeek} (79%) rename testing/btest/scripts/base/protocols/socks/{socks-auth.bro => socks-auth.zeek} (100%) rename testing/btest/scripts/base/protocols/syslog/{missing-pri.bro => missing-pri.zeek} (100%) rename testing/btest/scripts/base/protocols/tcp/{pending.bro => pending.zeek} (100%) rename testing/btest/scripts/base/utils/{decompose_uri.bro => decompose_uri.zeek} (100%) rename testing/btest/scripts/base/utils/{hash_hrw.bro => hash_hrw.zeek} (100%) rename testing/btest/scripts/{check-test-all-policy.bro => check-test-all-policy.zeek} (100%) rename testing/btest/scripts/policy/frameworks/files/{extract-all.bro => extract-all.zeek} (100%) rename testing/btest/scripts/policy/frameworks/intel/{removal.bro => removal.zeek} (100%) rename testing/btest/scripts/policy/frameworks/intel/seen/{certs.bro => certs.zeek} (100%) rename testing/btest/scripts/policy/frameworks/intel/seen/{smb.bro => smb.zeek} (100%) rename testing/btest/scripts/policy/frameworks/intel/seen/{smtp.bro => smtp.zeek} (100%) rename testing/btest/scripts/policy/frameworks/intel/{whitelisting.bro => whitelisting.zeek} (100%) rename testing/btest/scripts/policy/frameworks/software/{version-changes.bro => version-changes.zeek} (100%) rename testing/btest/scripts/policy/frameworks/software/{vulnerable.bro => vulnerable.zeek} (100%) rename testing/btest/scripts/policy/misc/{dump-events.bro => dump-events.zeek} (100%) rename testing/btest/scripts/policy/misc/{weird-stats-cluster.bro => weird-stats-cluster.zeek} (98%) rename testing/btest/scripts/policy/misc/{weird-stats.bro => weird-stats.zeek} (100%) rename testing/btest/scripts/policy/protocols/conn/{known-hosts.bro => known-hosts.zeek} (100%) rename testing/btest/scripts/policy/protocols/conn/{known-services.bro => known-services.zeek} (100%) rename testing/btest/scripts/policy/protocols/conn/{mac-logging.bro => mac-logging.zeek} (100%) rename testing/btest/scripts/policy/protocols/conn/{vlan-logging.bro => vlan-logging.zeek} (100%) rename testing/btest/scripts/policy/protocols/dns/{inverse-request.bro => inverse-request.zeek} (100%) rename testing/btest/scripts/policy/protocols/http/{flash-version.bro => flash-version.zeek} (100%) rename testing/btest/scripts/policy/protocols/http/{header-names.bro => header-names.zeek} (100%) rename testing/btest/scripts/policy/protocols/http/{test-sql-injection-regex.bro => test-sql-injection-regex.zeek} (100%) rename testing/btest/scripts/policy/protocols/krb/{ticket-logging.bro => ticket-logging.zeek} (100%) rename testing/btest/scripts/policy/protocols/ssh/{detect-bruteforcing.bro => detect-bruteforcing.zeek} (100%) rename testing/btest/scripts/policy/protocols/ssl/{expiring-certs.bro => expiring-certs.zeek} (100%) rename testing/btest/scripts/policy/protocols/ssl/{extract-certs-pem.bro => extract-certs-pem.zeek} (100%) rename testing/btest/scripts/policy/protocols/ssl/{heartbleed.bro => heartbleed.zeek} (100%) rename testing/btest/scripts/policy/protocols/ssl/{known-certs.bro => known-certs.zeek} (100%) rename testing/btest/scripts/policy/protocols/ssl/{log-hostcerts-only.bro => log-hostcerts-only.zeek} (100%) rename testing/btest/scripts/policy/protocols/ssl/{validate-certs-no-cache.bro => validate-certs-no-cache.zeek} (88%) rename testing/btest/scripts/policy/protocols/ssl/{validate-certs.bro => validate-certs.zeek} (84%) rename testing/btest/scripts/policy/protocols/ssl/{validate-ocsp.bro => validate-ocsp.zeek} (62%) rename testing/btest/scripts/policy/protocols/ssl/{validate-sct.bro => validate-sct.zeek} (88%) rename testing/btest/scripts/policy/protocols/ssl/{weak-keys.bro => weak-keys.zeek} (100%) rename testing/btest/signatures/{bad-eval-condition.bro => bad-eval-condition.zeek} (100%) rename testing/btest/signatures/{dpd.bro => dpd.zeek} (100%) rename testing/btest/signatures/{dst-ip-cidr-v4.bro => dst-ip-cidr-v4.zeek} (100%) rename testing/btest/signatures/{dst-ip-header-condition-v4-masks.bro => dst-ip-header-condition-v4-masks.zeek} (100%) rename testing/btest/signatures/{dst-ip-header-condition-v4.bro => dst-ip-header-condition-v4.zeek} (100%) rename testing/btest/signatures/{dst-ip-header-condition-v6-masks.bro => dst-ip-header-condition-v6-masks.zeek} (100%) rename testing/btest/signatures/{dst-ip-header-condition-v6.bro => dst-ip-header-condition-v6.zeek} (100%) rename testing/btest/signatures/{dst-port-header-condition.bro => dst-port-header-condition.zeek} (100%) rename testing/btest/signatures/{eval-condition-no-return-value.bro => eval-condition-no-return-value.zeek} (100%) rename testing/btest/signatures/{eval-condition.bro => eval-condition.zeek} (100%) rename testing/btest/signatures/{header-header-condition.bro => header-header-condition.zeek} (100%) rename testing/btest/signatures/{id-lookup.bro => id-lookup.zeek} (100%) rename testing/btest/signatures/{ip-proto-header-condition.bro => ip-proto-header-condition.zeek} (100%) rename testing/btest/signatures/{load-sigs.bro => load-sigs.zeek} (100%) rename testing/btest/signatures/{src-ip-header-condition-v4-masks.bro => src-ip-header-condition-v4-masks.zeek} (100%) rename testing/btest/signatures/{src-ip-header-condition-v4.bro => src-ip-header-condition-v4.zeek} (100%) rename testing/btest/signatures/{src-ip-header-condition-v6-masks.bro => src-ip-header-condition-v6-masks.zeek} (100%) rename testing/btest/signatures/{src-ip-header-condition-v6.bro => src-ip-header-condition-v6.zeek} (100%) rename testing/btest/signatures/{src-port-header-condition.bro => src-port-header-condition.zeek} (100%) rename testing/btest/signatures/{udp-packetwise-match.bro => udp-packetwise-match.zeek} (100%) rename testing/btest/signatures/{udp-payload-size.bro => udp-payload-size.zeek} (100%) delete mode 120000 testing/external/scripts/external-ca-list.bro create mode 120000 testing/external/scripts/external-ca-list.zeek rename testing/external/scripts/{testing-setup.bro => testing-setup.zeek} (91%) rename testing/scripts/{external-ca-list.bro => external-ca-list.zeek} (100%) rename testing/scripts/{file-analysis-test.bro => file-analysis-test.zeek} (100%) rename testing/scripts/{snmp-test.bro => snmp-test.zeek} (100%) diff --git a/CHANGES b/CHANGES index 8ca429af4c..d9146fbb9b 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.6-225 | 2019-04-16 16:07:49 -0700 + + * Use .zeek file suffix in unit tests (Jon Siwek, Corelight) + 2.6-223 | 2019-04-16 11:56:00 -0700 * Update tests and baselines due to renaming all scripts (Daniel Thayer) diff --git a/VERSION b/VERSION index 439c8eab2d..23ad9f21a7 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-223 +2.6-225 diff --git a/testing/btest/Baseline/bifs.to_double_from_string/error b/testing/btest/Baseline/bifs.to_double_from_string/error index d6c6c0c75b..ed0ae3a1f9 100644 --- a/testing/btest/Baseline/bifs.to_double_from_string/error +++ b/testing/btest/Baseline/bifs.to_double_from_string/error @@ -1,2 +1,2 @@ -error in /da/home/robin/bro/master/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.bro, line 7 and /da/home/robin/bro/master/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.bro, line 15: bad conversion to double (to_double(d) and NotADouble) -error in /da/home/robin/bro/master/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.bro, line 7 and /da/home/robin/bro/master/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.bro, line 16: bad conversion to double (to_double(d) and ) +error in /da/home/robin/bro/master/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.zeek, line 7 and /da/home/robin/bro/master/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.zeek, line 15: bad conversion to double (to_double(d) and NotADouble) +error in /da/home/robin/bro/master/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.zeek, line 7 and /da/home/robin/bro/master/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.zeek, line 16: bad conversion to double (to_double(d) and ) diff --git a/testing/btest/Baseline/core.div-by-zero/out b/testing/btest/Baseline/core.div-by-zero/out index dca1894e32..702d00c156 100644 --- a/testing/btest/Baseline/core.div-by-zero/out +++ b/testing/btest/Baseline/core.div-by-zero/out @@ -1,5 +1,5 @@ -expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.div-by-zero/div-by-zero.bro, line 6: division by zero (a / b) -expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.div-by-zero/div-by-zero.bro, line 11: division by zero (a / b) -expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.div-by-zero/div-by-zero.bro, line 16: division by zero (a / b) -expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.div-by-zero/div-by-zero.bro, line 21: modulo by zero (a % b) -expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.div-by-zero/div-by-zero.bro, line 26: modulo by zero (a % b) +expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.div-by-zero/div-by-zero.zeek, line 6: division by zero (a / b) +expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.div-by-zero/div-by-zero.zeek, line 11: division by zero (a / b) +expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.div-by-zero/div-by-zero.zeek, line 16: division by zero (a / b) +expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.div-by-zero/div-by-zero.zeek, line 21: modulo by zero (a % b) +expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.div-by-zero/div-by-zero.zeek, line 26: modulo by zero (a % b) diff --git a/testing/btest/Baseline/core.expr-exception/reporter.log b/testing/btest/Baseline/core.expr-exception/reporter.log index f546142dca..e2e1a4103f 100644 --- a/testing/btest/Baseline/core.expr-exception/reporter.log +++ b/testing/btest/Baseline/core.expr-exception/reporter.log @@ -6,13 +6,13 @@ #open 2011-03-18-19-06-08 #fields ts level message location #types time enum string string -1300475168.783842 Reporter::ERROR field value missing (c$ftp) /da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10 -1300475168.915940 Reporter::ERROR field value missing (c$ftp) /da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10 -1300475168.916118 Reporter::ERROR field value missing (c$ftp) /da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10 -1300475168.918295 Reporter::ERROR field value missing (c$ftp) /da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10 -1300475168.952193 Reporter::ERROR field value missing (c$ftp) /da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10 -1300475168.952228 Reporter::ERROR field value missing (c$ftp) /da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10 -1300475168.954761 Reporter::ERROR field value missing (c$ftp) /da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10 -1300475168.962628 Reporter::ERROR field value missing (c$ftp) /da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10 -1300475169.780331 Reporter::ERROR field value missing (c$ftp) /da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10 +1300475168.783842 Reporter::ERROR field value missing (c$ftp) /da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.zeek, line 10 +1300475168.915940 Reporter::ERROR field value missing (c$ftp) /da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.zeek, line 10 +1300475168.916118 Reporter::ERROR field value missing (c$ftp) /da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.zeek, line 10 +1300475168.918295 Reporter::ERROR field value missing (c$ftp) /da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.zeek, line 10 +1300475168.952193 Reporter::ERROR field value missing (c$ftp) /da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.zeek, line 10 +1300475168.952228 Reporter::ERROR field value missing (c$ftp) /da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.zeek, line 10 +1300475168.954761 Reporter::ERROR field value missing (c$ftp) /da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.zeek, line 10 +1300475168.962628 Reporter::ERROR field value missing (c$ftp) /da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.zeek, line 10 +1300475169.780331 Reporter::ERROR field value missing (c$ftp) /da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.zeek, line 10 #close 2011-03-18-19-06-13 diff --git a/testing/btest/Baseline/core.init-error/out b/testing/btest/Baseline/core.init-error/out index 50aea70a75..3079bdfcbd 100644 --- a/testing/btest/Baseline/core.init-error/out +++ b/testing/btest/Baseline/core.init-error/out @@ -1,4 +1,4 @@ -expression error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/core.init-error/init-error.bro, line 15: no such index (v[10]) +expression error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/core.init-error/init-error.zeek, line 15: no such index (v[10]) fatal error: errors occurred while initializing 1st event 2nd event diff --git a/testing/btest/Baseline/core.old_comm_usage/out b/testing/btest/Baseline/core.old_comm_usage/out index 219a2f5620..cf4820d82e 100644 --- a/testing/btest/Baseline/core.old_comm_usage/out +++ b/testing/btest/Baseline/core.old_comm_usage/out @@ -1,2 +1,2 @@ -warning in /Users/jon/projects/bro/bro/testing/btest/.tmp/core.old_comm_usage/old_comm_usage.bro, line 6: deprecated (terminate_communication) +warning in /Users/jon/projects/bro/bro/testing/btest/.tmp/core.old_comm_usage/old_comm_usage.zeek, line 6: deprecated (terminate_communication) fatal error: Detected old, deprecated communication system usages that will not work unless you explicitly take action to initizialize and set up the old comm. system. Set the 'old_comm_usage_is_ok' flag to bypass this error if you've taken such actions, but the suggested solution is to port scripts to use the new Broker API. diff --git a/testing/btest/Baseline/core.option-errors-2/.stderr b/testing/btest/Baseline/core.option-errors-2/.stderr index 90011d5c85..ef9fb3ae4e 100644 --- a/testing/btest/Baseline/core.option-errors-2/.stderr +++ b/testing/btest/Baseline/core.option-errors-2/.stderr @@ -1 +1 @@ -error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-errors-2/option-errors.bro, line 2: option variable must be initialized (testbool) +error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-errors-2/option-errors.zeek, line 2: option variable must be initialized (testbool) diff --git a/testing/btest/Baseline/core.option-errors-3/.stderr b/testing/btest/Baseline/core.option-errors-3/.stderr index ffe699c739..a3c52db614 100644 --- a/testing/btest/Baseline/core.option-errors-3/.stderr +++ b/testing/btest/Baseline/core.option-errors-3/.stderr @@ -1 +1 @@ -error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-errors-3/option-errors.bro, line 3: option is not a modifiable lvalue (testopt) +error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-errors-3/option-errors.zeek, line 3: option is not a modifiable lvalue (testopt) diff --git a/testing/btest/Baseline/core.option-errors/.stderr b/testing/btest/Baseline/core.option-errors/.stderr index 27a73e180d..3e5dc6c86c 100644 --- a/testing/btest/Baseline/core.option-errors/.stderr +++ b/testing/btest/Baseline/core.option-errors/.stderr @@ -1 +1 @@ -error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-errors/option-errors.bro, line 4: no type given (testbool) +error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-errors/option-errors.zeek, line 4: no type given (testbool) diff --git a/testing/btest/Baseline/core.option-runtime-errors-10/.stderr b/testing/btest/Baseline/core.option-runtime-errors-10/.stderr index 3b4cf422f5..6f385fbb29 100644 --- a/testing/btest/Baseline/core.option-runtime-errors-10/.stderr +++ b/testing/btest/Baseline/core.option-runtime-errors-10/.stderr @@ -1 +1 @@ -error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-10/option-runtime-errors.bro, line 7: ID 'A' is not an option (Option::set_change_handler(A, option_changed, (coerce 0 to int))) +error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-10/option-runtime-errors.zeek, line 7: ID 'A' is not an option (Option::set_change_handler(A, option_changed, (coerce 0 to int))) diff --git a/testing/btest/Baseline/core.option-runtime-errors-11/.stderr b/testing/btest/Baseline/core.option-runtime-errors-11/.stderr index 8fd7de5d2e..b0f531df70 100644 --- a/testing/btest/Baseline/core.option-runtime-errors-11/.stderr +++ b/testing/btest/Baseline/core.option-runtime-errors-11/.stderr @@ -1 +1 @@ -error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-11/option-runtime-errors.bro, line 4: Option::on_change needs function argument; got 'count' for ID 'A' (Option::set_change_handler(A, A, (coerce 0 to int))) +error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-11/option-runtime-errors.zeek, line 4: Option::on_change needs function argument; got 'count' for ID 'A' (Option::set_change_handler(A, A, (coerce 0 to int))) diff --git a/testing/btest/Baseline/core.option-runtime-errors-12/.stderr b/testing/btest/Baseline/core.option-runtime-errors-12/.stderr index 635b287c6b..bd38eea092 100644 --- a/testing/btest/Baseline/core.option-runtime-errors-12/.stderr +++ b/testing/btest/Baseline/core.option-runtime-errors-12/.stderr @@ -1 +1 @@ -error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-12/option-runtime-errors.bro, line 7: Third argument of passed function has to be string in Option::on_change for ID 'A'; got 'count' (Option::set_change_handler(A, option_changed, (coerce 0 to int))) +error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-12/option-runtime-errors.zeek, line 7: Third argument of passed function has to be string in Option::on_change for ID 'A'; got 'count' (Option::set_change_handler(A, option_changed, (coerce 0 to int))) diff --git a/testing/btest/Baseline/core.option-runtime-errors-13/.stderr b/testing/btest/Baseline/core.option-runtime-errors-13/.stderr index 7b58339d8b..738cfff6e5 100644 --- a/testing/btest/Baseline/core.option-runtime-errors-13/.stderr +++ b/testing/btest/Baseline/core.option-runtime-errors-13/.stderr @@ -1 +1 @@ -error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-13/option-runtime-errors.bro, line 7: Wrong number of arguments for passed function in Option::on_change for ID 'A'; expected 2 or 3, got 4 (Option::set_change_handler(A, option_changed, (coerce 0 to int))) +error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-13/option-runtime-errors.zeek, line 7: Wrong number of arguments for passed function in Option::on_change for ID 'A'; expected 2 or 3, got 4 (Option::set_change_handler(A, option_changed, (coerce 0 to int))) diff --git a/testing/btest/Baseline/core.option-runtime-errors-2/.stderr b/testing/btest/Baseline/core.option-runtime-errors-2/.stderr index ad027f69db..25d102b9f7 100644 --- a/testing/btest/Baseline/core.option-runtime-errors-2/.stderr +++ b/testing/btest/Baseline/core.option-runtime-errors-2/.stderr @@ -1 +1 @@ -error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-2/option-runtime-errors.bro, line 3: Incompatible type for set of ID 'A': got 'string', need 'count' (Option::set(A, hi, )) +error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-2/option-runtime-errors.zeek, line 3: Incompatible type for set of ID 'A': got 'string', need 'count' (Option::set(A, hi, )) diff --git a/testing/btest/Baseline/core.option-runtime-errors-3/.stderr b/testing/btest/Baseline/core.option-runtime-errors-3/.stderr index 2c98b170b7..d784841888 100644 --- a/testing/btest/Baseline/core.option-runtime-errors-3/.stderr +++ b/testing/btest/Baseline/core.option-runtime-errors-3/.stderr @@ -1 +1 @@ -error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-3/option-runtime-errors.bro, line 3: ID 'A' is not an option (Option::set(A, 6, )) +error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-3/option-runtime-errors.zeek, line 3: ID 'A' is not an option (Option::set(A, 6, )) diff --git a/testing/btest/Baseline/core.option-runtime-errors-4/.stderr b/testing/btest/Baseline/core.option-runtime-errors-4/.stderr index a965ddd3ae..ec76dc4be4 100644 --- a/testing/btest/Baseline/core.option-runtime-errors-4/.stderr +++ b/testing/btest/Baseline/core.option-runtime-errors-4/.stderr @@ -1 +1 @@ -error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-4/option-runtime-errors.bro, line 7: Second argument of passed function has to be count in Option::on_change for ID 'A'; got 'bool' (Option::set_change_handler(A, option_changed, (coerce 0 to int))) +error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-4/option-runtime-errors.zeek, line 7: Second argument of passed function has to be count in Option::on_change for ID 'A'; got 'bool' (Option::set_change_handler(A, option_changed, (coerce 0 to int))) diff --git a/testing/btest/Baseline/core.option-runtime-errors-5/.stderr b/testing/btest/Baseline/core.option-runtime-errors-5/.stderr index d931ff062a..4130f865d6 100644 --- a/testing/btest/Baseline/core.option-runtime-errors-5/.stderr +++ b/testing/btest/Baseline/core.option-runtime-errors-5/.stderr @@ -1 +1 @@ -error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-5/option-runtime-errors.bro, line 7: Wrong number of arguments for passed function in Option::on_change for ID 'A'; expected 2 or 3, got 1 (Option::set_change_handler(A, option_changed, (coerce 0 to int))) +error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-5/option-runtime-errors.zeek, line 7: Wrong number of arguments for passed function in Option::on_change for ID 'A'; expected 2 or 3, got 1 (Option::set_change_handler(A, option_changed, (coerce 0 to int))) diff --git a/testing/btest/Baseline/core.option-runtime-errors-6/.stderr b/testing/btest/Baseline/core.option-runtime-errors-6/.stderr index 593c239155..ee01ccfb1f 100644 --- a/testing/btest/Baseline/core.option-runtime-errors-6/.stderr +++ b/testing/btest/Baseline/core.option-runtime-errors-6/.stderr @@ -1 +1 @@ -error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-6/option-runtime-errors.bro, line 7: Passed function needs to return type 'count' for ID 'A'; got 'bool' (Option::set_change_handler(A, option_changed, (coerce 0 to int))) +error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-6/option-runtime-errors.zeek, line 7: Passed function needs to return type 'count' for ID 'A'; got 'bool' (Option::set_change_handler(A, option_changed, (coerce 0 to int))) diff --git a/testing/btest/Baseline/core.option-runtime-errors-7/.stderr b/testing/btest/Baseline/core.option-runtime-errors-7/.stderr index 57f7b5c21b..6d5f9f4595 100644 --- a/testing/btest/Baseline/core.option-runtime-errors-7/.stderr +++ b/testing/btest/Baseline/core.option-runtime-errors-7/.stderr @@ -1 +1 @@ -error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-7/option-runtime-errors.bro, line 7: Option::on_change needs function argument; not hook or event (Option::set_change_handler(A, option_changed, (coerce 0 to int))) +error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-7/option-runtime-errors.zeek, line 7: Option::on_change needs function argument; not hook or event (Option::set_change_handler(A, option_changed, (coerce 0 to int))) diff --git a/testing/btest/Baseline/core.option-runtime-errors-8/.stderr b/testing/btest/Baseline/core.option-runtime-errors-8/.stderr index 2e7735f433..90cec05f47 100644 --- a/testing/btest/Baseline/core.option-runtime-errors-8/.stderr +++ b/testing/btest/Baseline/core.option-runtime-errors-8/.stderr @@ -1 +1 @@ -error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-8/option-runtime-errors.bro, line 7: Option::on_change needs function argument; not hook or event (Option::set_change_handler(A, option_changed, (coerce 0 to int))) +error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-8/option-runtime-errors.zeek, line 7: Option::on_change needs function argument; not hook or event (Option::set_change_handler(A, option_changed, (coerce 0 to int))) diff --git a/testing/btest/Baseline/core.option-runtime-errors-9/.stderr b/testing/btest/Baseline/core.option-runtime-errors-9/.stderr index a95196eef7..f2ce6efd83 100644 --- a/testing/btest/Baseline/core.option-runtime-errors-9/.stderr +++ b/testing/btest/Baseline/core.option-runtime-errors-9/.stderr @@ -1 +1 @@ -error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-9/option-runtime-errors.bro, line 5: Could not find ID named 'A' (Option::set_change_handler(A, option_changed, (coerce 0 to int))) +error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-9/option-runtime-errors.zeek, line 5: Could not find ID named 'A' (Option::set_change_handler(A, option_changed, (coerce 0 to int))) diff --git a/testing/btest/Baseline/core.option-runtime-errors/.stderr b/testing/btest/Baseline/core.option-runtime-errors/.stderr index f3ad46d382..0d4da12312 100644 --- a/testing/btest/Baseline/core.option-runtime-errors/.stderr +++ b/testing/btest/Baseline/core.option-runtime-errors/.stderr @@ -1 +1 @@ -error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors/option-runtime-errors.bro, line 8: Could not find ID named 'B' (Option::set(B, 6, )) +error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors/option-runtime-errors.zeek, line 8: Could not find ID named 'B' (Option::set(B, 6, )) diff --git a/testing/btest/Baseline/core.reporter-error-in-handler/output b/testing/btest/Baseline/core.reporter-error-in-handler/output index ab5309b659..85014657a3 100644 --- a/testing/btest/Baseline/core.reporter-error-in-handler/output +++ b/testing/btest/Baseline/core.reporter-error-in-handler/output @@ -1,3 +1,3 @@ -expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter-error-in-handler/reporter-error-in-handler.bro, line 28: no such index (a[1]) -expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter-error-in-handler/reporter-error-in-handler.bro, line 22: no such index (a[2]) +expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter-error-in-handler/reporter-error-in-handler.zeek, line 28: no such index (a[1]) +expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter-error-in-handler/reporter-error-in-handler.zeek, line 22: no such index (a[2]) 1st error printed on script level diff --git a/testing/btest/Baseline/core.reporter-fmt-strings/output b/testing/btest/Baseline/core.reporter-fmt-strings/output index bbd76f3447..4e31478caa 100644 --- a/testing/btest/Baseline/core.reporter-fmt-strings/output +++ b/testing/btest/Baseline/core.reporter-fmt-strings/output @@ -1 +1 @@ -error in /da/home/robin/bro/master/testing/btest/.tmp/core.reporter-fmt-strings/reporter-fmt-strings.bro, line 9: not an event (dont_interpret_this(%s)) +error in /da/home/robin/bro/master/testing/btest/.tmp/core.reporter-fmt-strings/reporter-fmt-strings.zeek, line 9: not an event (dont_interpret_this(%s)) diff --git a/testing/btest/Baseline/core.reporter-parse-error/output b/testing/btest/Baseline/core.reporter-parse-error/output index 76535f75d1..4dd922fd24 100644 --- a/testing/btest/Baseline/core.reporter-parse-error/output +++ b/testing/btest/Baseline/core.reporter-parse-error/output @@ -1 +1 @@ -error in /da/home/robin/bro/master/testing/btest/.tmp/core.reporter-parse-error/reporter-parse-error.bro, line 7: unknown identifier TESTFAILURE, at or near "TESTFAILURE" +error in /da/home/robin/bro/master/testing/btest/.tmp/core.reporter-parse-error/reporter-parse-error.zeek, line 7: unknown identifier TESTFAILURE, at or near "TESTFAILURE" diff --git a/testing/btest/Baseline/core.reporter-runtime-error/output b/testing/btest/Baseline/core.reporter-runtime-error/output index 695e2e2f81..7e0ab11845 100644 --- a/testing/btest/Baseline/core.reporter-runtime-error/output +++ b/testing/btest/Baseline/core.reporter-runtime-error/output @@ -1,2 +1,2 @@ -expression error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/core.reporter-runtime-error/reporter-runtime-error.bro, line 12: no such index (a[1]) +expression error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/core.reporter-runtime-error/reporter-runtime-error.zeek, line 12: no such index (a[1]) fatal error: failed to execute script statements at top-level scope diff --git a/testing/btest/Baseline/core.reporter-type-mismatch/output b/testing/btest/Baseline/core.reporter-type-mismatch/output index 23eefd13e8..d54e6e2b9b 100644 --- a/testing/btest/Baseline/core.reporter-type-mismatch/output +++ b/testing/btest/Baseline/core.reporter-type-mismatch/output @@ -1,3 +1,3 @@ -error in string and /da/home/robin/bro/master/testing/btest/.tmp/core.reporter-type-mismatch/reporter-type-mismatch.bro, line 11: arithmetic mixed with non-arithmetic (string and 42) -error in /da/home/robin/bro/master/testing/btest/.tmp/core.reporter-type-mismatch/reporter-type-mismatch.bro, line 11 and string: type mismatch (42 and string) -error in /da/home/robin/bro/master/testing/btest/.tmp/core.reporter-type-mismatch/reporter-type-mismatch.bro, line 11: argument type mismatch in event invocation (foo(42)) +error in string and /da/home/robin/bro/master/testing/btest/.tmp/core.reporter-type-mismatch/reporter-type-mismatch.zeek, line 11: arithmetic mixed with non-arithmetic (string and 42) +error in /da/home/robin/bro/master/testing/btest/.tmp/core.reporter-type-mismatch/reporter-type-mismatch.zeek, line 11 and string: type mismatch (42 and string) +error in /da/home/robin/bro/master/testing/btest/.tmp/core.reporter-type-mismatch/reporter-type-mismatch.zeek, line 11: argument type mismatch in event invocation (foo(42)) diff --git a/testing/btest/Baseline/core.reporter/logger-test.log b/testing/btest/Baseline/core.reporter/logger-test.log index 4ee0d03341..1dc58b65cd 100644 --- a/testing/btest/Baseline/core.reporter/logger-test.log +++ b/testing/btest/Baseline/core.reporter/logger-test.log @@ -1,6 +1,6 @@ -reporter_info|init test-info|/Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter/reporter.bro, line 8|0.000000 -reporter_warning|init test-warning|/Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter/reporter.bro, line 9|0.000000 -reporter_error|init test-error|/Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter/reporter.bro, line 10|0.000000 -reporter_info|done test-info|/Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter/reporter.bro, line 15|0.000000 -reporter_warning|done test-warning|/Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter/reporter.bro, line 16|0.000000 -reporter_error|done test-error|/Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter/reporter.bro, line 17|0.000000 +reporter_info|init test-info|/Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter/reporter.zeek, line 8|0.000000 +reporter_warning|init test-warning|/Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter/reporter.zeek, line 9|0.000000 +reporter_error|init test-error|/Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter/reporter.zeek, line 10|0.000000 +reporter_info|done test-info|/Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter/reporter.zeek, line 15|0.000000 +reporter_warning|done test-warning|/Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter/reporter.zeek, line 16|0.000000 +reporter_error|done test-error|/Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter/reporter.zeek, line 17|0.000000 diff --git a/testing/btest/Baseline/core.reporter/output b/testing/btest/Baseline/core.reporter/output index 24a12f9679..12069545ba 100644 --- a/testing/btest/Baseline/core.reporter/output +++ b/testing/btest/Baseline/core.reporter/output @@ -1,9 +1,9 @@ -/Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter/reporter.bro, line 52: pre test-info -warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter/reporter.bro, line 53: pre test-warning -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter/reporter.bro, line 54: pre test-error -/Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter/reporter.bro, line 8: init test-info -warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter/reporter.bro, line 9: init test-warning -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter/reporter.bro, line 10: init test-error -/Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter/reporter.bro, line 15: done test-info -warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter/reporter.bro, line 16: done test-warning -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter/reporter.bro, line 17: done test-error +/Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter/reporter.zeek, line 52: pre test-info +warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter/reporter.zeek, line 53: pre test-warning +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter/reporter.zeek, line 54: pre test-error +/Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter/reporter.zeek, line 8: init test-info +warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter/reporter.zeek, line 9: init test-warning +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter/reporter.zeek, line 10: init test-error +/Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter/reporter.zeek, line 15: done test-info +warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter/reporter.zeek, line 16: done test-warning +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.reporter/reporter.zeek, line 17: done test-error diff --git a/testing/btest/Baseline/core.when-interpreter-exceptions/bro.output b/testing/btest/Baseline/core.when-interpreter-exceptions/bro.output index 27a90d137c..04236c9f83 100644 --- a/testing/btest/Baseline/core.when-interpreter-exceptions/bro.output +++ b/testing/btest/Baseline/core.when-interpreter-exceptions/bro.output @@ -1,7 +1,7 @@ -expression error in /Users/jon/Projects/bro/bro/testing/btest/.tmp/core.when-interpreter-exceptions/when-interpreter-exceptions.bro, line 47: field value missing (myrecord$notset) -expression error in /Users/jon/Projects/bro/bro/testing/btest/.tmp/core.when-interpreter-exceptions/when-interpreter-exceptions.bro, line 91: field value missing (myrecord$notset) -expression error in /Users/jon/Projects/bro/bro/testing/btest/.tmp/core.when-interpreter-exceptions/when-interpreter-exceptions.bro, line 72: field value missing (myrecord$notset) -expression error in /Users/jon/Projects/bro/bro/testing/btest/.tmp/core.when-interpreter-exceptions/when-interpreter-exceptions.bro, line 103: field value missing (myrecord$notset) +expression error in /Users/jon/Projects/bro/bro/testing/btest/.tmp/core.when-interpreter-exceptions/when-interpreter-exceptions.zeek, line 47: field value missing (myrecord$notset) +expression error in /Users/jon/Projects/bro/bro/testing/btest/.tmp/core.when-interpreter-exceptions/when-interpreter-exceptions.zeek, line 91: field value missing (myrecord$notset) +expression error in /Users/jon/Projects/bro/bro/testing/btest/.tmp/core.when-interpreter-exceptions/when-interpreter-exceptions.zeek, line 72: field value missing (myrecord$notset) +expression error in /Users/jon/Projects/bro/bro/testing/btest/.tmp/core.when-interpreter-exceptions/when-interpreter-exceptions.zeek, line 103: field value missing (myrecord$notset) received termination signal [f(F)] f() done, no exception, T diff --git a/testing/btest/Baseline/coverage.coverage-blacklist/output b/testing/btest/Baseline/coverage.coverage-blacklist/output index c54e4283b2..e27574face 100644 --- a/testing/btest/Baseline/coverage.coverage-blacklist/output +++ b/testing/btest/Baseline/coverage.coverage-blacklist/output @@ -1,5 +1,5 @@ -1 /da/home/robin/bro/master/testing/btest/.tmp/coverage.coverage-blacklist/coverage-blacklist.bro, line 13 print cover me; -1 /da/home/robin/bro/master/testing/btest/.tmp/coverage.coverage-blacklist/coverage-blacklist.bro, line 17 print always executed; -0 /da/home/robin/bro/master/testing/btest/.tmp/coverage.coverage-blacklist/coverage-blacklist.bro, line 26 print also impossible, but included in code coverage analysis; -1 /da/home/robin/bro/master/testing/btest/.tmp/coverage.coverage-blacklist/coverage-blacklist.bro, line 29 print success; -1 /da/home/robin/bro/master/testing/btest/.tmp/coverage.coverage-blacklist/coverage-blacklist.bro, line 5 print first; +1 /da/home/robin/bro/master/testing/btest/.tmp/coverage.coverage-blacklist/coverage-blacklist.zeek, line 13 print cover me; +1 /da/home/robin/bro/master/testing/btest/.tmp/coverage.coverage-blacklist/coverage-blacklist.zeek, line 17 print always executed; +0 /da/home/robin/bro/master/testing/btest/.tmp/coverage.coverage-blacklist/coverage-blacklist.zeek, line 26 print also impossible, but included in code coverage analysis; +1 /da/home/robin/bro/master/testing/btest/.tmp/coverage.coverage-blacklist/coverage-blacklist.zeek, line 29 print success; +1 /da/home/robin/bro/master/testing/btest/.tmp/coverage.coverage-blacklist/coverage-blacklist.zeek, line 5 print first; diff --git a/testing/btest/Baseline/language.at-deprecated/.stderr b/testing/btest/Baseline/language.at-deprecated/.stderr index 4668f2d7bf..97dc7ea331 100644 --- a/testing/btest/Baseline/language.at-deprecated/.stderr +++ b/testing/btest/Baseline/language.at-deprecated/.stderr @@ -1,3 +1,3 @@ -warning in ./foo.bro, line 1: deprecated script loaded from command line arguments -warning in ./bar.bro, line 1: deprecated script loaded from ./foo.bro:2 "Use '@load qux.bro' instead" -warning in ./baz.bro, line 1: deprecated script loaded from ./foo.bro:3 +warning in ./foo.zeek, line 1: deprecated script loaded from command line arguments +warning in ./bar.zeek, line 1: deprecated script loaded from ./foo.zeek:2 "Use '@load qux' instead" +warning in ./baz.zeek, line 1: deprecated script loaded from ./foo.zeek:3 diff --git a/testing/btest/Baseline/language.at-filename/out b/testing/btest/Baseline/language.at-filename/out index 12cfb152d9..23b37ef249 100644 --- a/testing/btest/Baseline/language.at-filename/out +++ b/testing/btest/Baseline/language.at-filename/out @@ -1 +1 @@ -at-filename.bro +at-filename.zeek diff --git a/testing/btest/Baseline/language.at-if-invalid/out b/testing/btest/Baseline/language.at-if-invalid/out index 63b93a3cf8..0214a8d2f8 100644 --- a/testing/btest/Baseline/language.at-if-invalid/out +++ b/testing/btest/Baseline/language.at-if-invalid/out @@ -1,4 +1,4 @@ -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.at-if-invalid/at-if-invalid.bro, line 28: referencing a local name in @if (xyz) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.at-if-invalid/at-if-invalid.bro, line 28: invalid expression in @if (F && foo(xyz)) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.at-if-invalid/at-if-invalid.bro, line 36: referencing a local name in @if (local_true_condition) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.at-if-invalid/at-if-invalid.bro, line 36: invalid expression in @if (T && TRUE_CONDITION && local_true_condition) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.at-if-invalid/at-if-invalid.zeek, line 28: referencing a local name in @if (xyz) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.at-if-invalid/at-if-invalid.zeek, line 28: invalid expression in @if (F && foo(xyz)) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.at-if-invalid/at-if-invalid.zeek, line 36: referencing a local name in @if (local_true_condition) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.at-if-invalid/at-if-invalid.zeek, line 36: invalid expression in @if (T && TRUE_CONDITION && local_true_condition) diff --git a/testing/btest/Baseline/language.attr-default-global-set-error/out b/testing/btest/Baseline/language.attr-default-global-set-error/out index c784bb683b..6f3fd63d4f 100644 --- a/testing/btest/Baseline/language.attr-default-global-set-error/out +++ b/testing/btest/Baseline/language.attr-default-global-set-error/out @@ -1,2 +1,2 @@ -error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.attr-default-global-set-error/attr-default-global-set-error.bro, line 4: arithmetic mixed with non-arithmetic (set[string] and 0) -error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.attr-default-global-set-error/attr-default-global-set-error.bro, line 4: &default value has inconsistent type (0 and set[string]) +error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.attr-default-global-set-error/attr-default-global-set-error.zeek, line 4: arithmetic mixed with non-arithmetic (set[string] and 0) +error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.attr-default-global-set-error/attr-default-global-set-error.zeek, line 4: &default value has inconsistent type (0 and set[string]) diff --git a/testing/btest/Baseline/language.common-mistakes/1.out b/testing/btest/Baseline/language.common-mistakes/1.out index 8070f84644..6c5428605f 100644 --- a/testing/btest/Baseline/language.common-mistakes/1.out +++ b/testing/btest/Baseline/language.common-mistakes/1.out @@ -1,4 +1,4 @@ -expression error in ./1.bro, line 9: field value missing (mr$f) +expression error in ./1.zeek, line 9: field value missing (mr$f) bar start foo start other bro_init diff --git a/testing/btest/Baseline/language.common-mistakes/2.out b/testing/btest/Baseline/language.common-mistakes/2.out index dd62af107c..dbf4ed7ae6 100644 --- a/testing/btest/Baseline/language.common-mistakes/2.out +++ b/testing/btest/Baseline/language.common-mistakes/2.out @@ -1,2 +1,2 @@ -expression error in ./2.bro, line 7: no such index (t[nope]) +expression error in ./2.zeek, line 7: no such index (t[nope]) in foo diff --git a/testing/btest/Baseline/language.common-mistakes/3.out b/testing/btest/Baseline/language.common-mistakes/3.out index d914d399a7..62cb349e7d 100644 --- a/testing/btest/Baseline/language.common-mistakes/3.out +++ b/testing/btest/Baseline/language.common-mistakes/3.out @@ -1,2 +1,2 @@ -expression error in ./3.bro, line 5: type-checking failed in vector append (v += ok) +expression error in ./3.zeek, line 5: type-checking failed in vector append (v += ok) in foo diff --git a/testing/btest/Baseline/language.const/invalid.stderr b/testing/btest/Baseline/language.const/invalid.stderr index b08c472708..5b6e120f8e 100644 --- a/testing/btest/Baseline/language.const/invalid.stderr +++ b/testing/btest/Baseline/language.const/invalid.stderr @@ -1,13 +1,13 @@ -error in ./invalid.bro, line 15: const is not a modifiable lvalue (foo) -error in ./invalid.bro, line 16: const is not a modifiable lvalue (foo) -error in ./invalid.bro, line 17: const is not a modifiable lvalue (bar) -error in ./invalid.bro, line 17: const is not a modifiable lvalue (foo) -error in ./invalid.bro, line 18: const is not a modifiable lvalue (foo) -error in ./invalid.bro, line 19: const is not a modifiable lvalue (foo) -error in ./invalid.bro, line 20: const is not a modifiable lvalue (foo) -error in ./invalid.bro, line 22: const is not a modifiable lvalue (foo) -error in ./invalid.bro, line 25: const is not a modifiable lvalue (bar) -error in ./invalid.bro, line 26: const is not a modifiable lvalue (baz) -error in ./invalid.bro, line 27: const is not a modifiable lvalue (bar) -error in ./invalid.bro, line 28: const is not a modifiable lvalue (baz) -error in ./invalid.bro, line 33: const is not a modifiable lvalue (foo) +error in ./invalid.zeek, line 15: const is not a modifiable lvalue (foo) +error in ./invalid.zeek, line 16: const is not a modifiable lvalue (foo) +error in ./invalid.zeek, line 17: const is not a modifiable lvalue (bar) +error in ./invalid.zeek, line 17: const is not a modifiable lvalue (foo) +error in ./invalid.zeek, line 18: const is not a modifiable lvalue (foo) +error in ./invalid.zeek, line 19: const is not a modifiable lvalue (foo) +error in ./invalid.zeek, line 20: const is not a modifiable lvalue (foo) +error in ./invalid.zeek, line 22: const is not a modifiable lvalue (foo) +error in ./invalid.zeek, line 25: const is not a modifiable lvalue (bar) +error in ./invalid.zeek, line 26: const is not a modifiable lvalue (baz) +error in ./invalid.zeek, line 27: const is not a modifiable lvalue (bar) +error in ./invalid.zeek, line 28: const is not a modifiable lvalue (baz) +error in ./invalid.zeek, line 33: const is not a modifiable lvalue (foo) diff --git a/testing/btest/Baseline/language.deprecated/out b/testing/btest/Baseline/language.deprecated/out index 5bdf87a62b..3126b1e78b 100644 --- a/testing/btest/Baseline/language.deprecated/out +++ b/testing/btest/Baseline/language.deprecated/out @@ -1,22 +1,22 @@ -warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.bro, line 30: deprecated (ONE) -warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.bro, line 31: deprecated (TWO) -warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.bro, line 33: deprecated (GREEN) -warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.bro, line 34: deprecated (BLUE) -warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.bro, line 36: deprecated (blah) -warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.bro, line 40: deprecated (my_event) -warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.bro, line 41: deprecated (my_event) -warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.bro, line 42: deprecated (my_hook) -warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.bro, line 44: deprecated (my_record$b) -warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.bro, line 45: deprecated (my_record$b) -warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.bro, line 46: deprecated (my_record$b) -warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.bro, line 48: deprecated (my_record?$b) -warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.bro, line 49: deprecated (my_record$b) -warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.bro, line 52: deprecated (my_record$b) -warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.bro, line 55: deprecated (my_event) -warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.bro, line 60: deprecated (my_hook) -warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.bro, line 65: deprecated (blah) -warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.bro, line 74: deprecated (dont_use_me) -warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.bro, line 79: deprecated (dont_use_me_either) +warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.zeek, line 30: deprecated (ONE) +warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.zeek, line 31: deprecated (TWO) +warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.zeek, line 33: deprecated (GREEN) +warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.zeek, line 34: deprecated (BLUE) +warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.zeek, line 36: deprecated (blah) +warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.zeek, line 40: deprecated (my_event) +warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.zeek, line 41: deprecated (my_event) +warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.zeek, line 42: deprecated (my_hook) +warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.zeek, line 44: deprecated (my_record$b) +warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.zeek, line 45: deprecated (my_record$b) +warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.zeek, line 46: deprecated (my_record$b) +warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.zeek, line 48: deprecated (my_record?$b) +warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.zeek, line 49: deprecated (my_record$b) +warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.zeek, line 52: deprecated (my_record$b) +warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.zeek, line 55: deprecated (my_event) +warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.zeek, line 60: deprecated (my_hook) +warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.zeek, line 65: deprecated (blah) +warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.zeek, line 74: deprecated (dont_use_me) +warning in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.deprecated/deprecated.zeek, line 79: deprecated (dont_use_me_either) ZERO ONE TWO diff --git a/testing/btest/Baseline/language.eof-parse-errors/output1 b/testing/btest/Baseline/language.eof-parse-errors/output1 index 47a1c328e3..0fd8331175 100644 --- a/testing/btest/Baseline/language.eof-parse-errors/output1 +++ b/testing/btest/Baseline/language.eof-parse-errors/output1 @@ -1 +1 @@ -error: syntax error, at end of file ./a.bro +error: syntax error, at end of file ./a.zeek diff --git a/testing/btest/Baseline/language.eof-parse-errors/output2 b/testing/btest/Baseline/language.eof-parse-errors/output2 index 6f382c2a12..b7a433b9b0 100644 --- a/testing/btest/Baseline/language.eof-parse-errors/output2 +++ b/testing/btest/Baseline/language.eof-parse-errors/output2 @@ -1 +1 @@ -error in ./b.bro, line 1: syntax error, at or near "module" or end of file ./a.bro +error in ./b.zeek, line 1: syntax error, at or near "module" or end of file ./a.zeek diff --git a/testing/btest/Baseline/language.event-local-var/out b/testing/btest/Baseline/language.event-local-var/out index 2802c45d69..465a97d5cf 100644 --- a/testing/btest/Baseline/language.event-local-var/out +++ b/testing/btest/Baseline/language.event-local-var/out @@ -1 +1 @@ -error in /home/jgras/devel/bro/testing/btest/.tmp/language.event-local-var/event-local-var.bro, line 15: local identifier "v" cannot be used to reference an event, at or near ")" +error in /home/jgras/devel/bro/testing/btest/.tmp/language.event-local-var/event-local-var.zeek, line 15: local identifier "v" cannot be used to reference an event, at or near ")" diff --git a/testing/btest/Baseline/language.expire-expr-error/output b/testing/btest/Baseline/language.expire-expr-error/output index dfa0bf64c3..5bc22b8202 100644 --- a/testing/btest/Baseline/language.expire-expr-error/output +++ b/testing/btest/Baseline/language.expire-expr-error/output @@ -1,2 +1,2 @@ -expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-expr-error/expire-expr-error.bro, line 8: no such index (x[kaputt]) +expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-expr-error/expire-expr-error.zeek, line 8: no such index (x[kaputt]) received termination signal diff --git a/testing/btest/Baseline/language.expire-func-undef/output b/testing/btest/Baseline/language.expire-func-undef/output index cf869bbe6b..fb783261be 100644 --- a/testing/btest/Baseline/language.expire-func-undef/output +++ b/testing/btest/Baseline/language.expire-func-undef/output @@ -1,20 +1,20 @@ -1299470395.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary) -1299470405.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary) -1299473995.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary) -1299474005.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary) -1299477595.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary) -1299477605.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary) -1299481195.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary) -1299481205.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary) -1299484795.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary) -1299484805.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary) -1299488395.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary) -1299488405.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary) -1299491995.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary) -1299492005.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary) -1299495595.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary) -1299495605.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary) -1299499195.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary) -1299499205.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary) -1299502795.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary) +1299470395.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.zeek, line 12: value used but not set (segfault::scan_summary) +1299470405.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.zeek, line 12: value used but not set (segfault::scan_summary) +1299473995.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.zeek, line 12: value used but not set (segfault::scan_summary) +1299474005.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.zeek, line 12: value used but not set (segfault::scan_summary) +1299477595.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.zeek, line 12: value used but not set (segfault::scan_summary) +1299477605.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.zeek, line 12: value used but not set (segfault::scan_summary) +1299481195.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.zeek, line 12: value used but not set (segfault::scan_summary) +1299481205.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.zeek, line 12: value used but not set (segfault::scan_summary) +1299484795.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.zeek, line 12: value used but not set (segfault::scan_summary) +1299484805.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.zeek, line 12: value used but not set (segfault::scan_summary) +1299488395.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.zeek, line 12: value used but not set (segfault::scan_summary) +1299488405.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.zeek, line 12: value used but not set (segfault::scan_summary) +1299491995.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.zeek, line 12: value used but not set (segfault::scan_summary) +1299492005.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.zeek, line 12: value used but not set (segfault::scan_summary) +1299495595.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.zeek, line 12: value used but not set (segfault::scan_summary) +1299495605.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.zeek, line 12: value used but not set (segfault::scan_summary) +1299499195.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.zeek, line 12: value used but not set (segfault::scan_summary) +1299499205.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.zeek, line 12: value used but not set (segfault::scan_summary) +1299502795.000000 expression error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.zeek, line 12: value used but not set (segfault::scan_summary) orig: 10.0.0.2: peers: {\x0a\x0910.0.0.3\x0a} diff --git a/testing/btest/Baseline/language.expire-type-error/out b/testing/btest/Baseline/language.expire-type-error/out index c0987a6341..1050304b06 100644 --- a/testing/btest/Baseline/language.expire-type-error/out +++ b/testing/btest/Baseline/language.expire-type-error/out @@ -1 +1 @@ -error in /home/robin/bro/master/testing/btest/.tmp/language.expire-type-error/expire-type-error.bro, line 4: expiration interval has wrong type (kaputt) +error in /home/robin/bro/master/testing/btest/.tmp/language.expire-type-error/expire-type-error.zeek, line 4: expiration interval has wrong type (kaputt) diff --git a/testing/btest/Baseline/language.hook_calls/invalid.out b/testing/btest/Baseline/language.hook_calls/invalid.out index 3412c1900e..fdfd719cd8 100644 --- a/testing/btest/Baseline/language.hook_calls/invalid.out +++ b/testing/btest/Baseline/language.hook_calls/invalid.out @@ -1,10 +1,10 @@ -error in ./invalid.bro, line 9: hook cannot be called directly, use hook operator (myhook) -warning in ./invalid.bro, line 9: expression value ignored (myhook(3)) -error in ./invalid.bro, line 10: hook cannot be called directly, use hook operator (myhook) -error in ./invalid.bro, line 11: hook cannot be called directly, use hook operator (myhook) -error in ./invalid.bro, line 12: not a valid hook call expression (2 + 2) -warning in ./invalid.bro, line 12: expression value ignored (2 + 2) -error in ./invalid.bro, line 13: not a valid hook call expression (2 + 2) -error in ./invalid.bro, line 15: hook cannot be called directly, use hook operator (h) -warning in ./invalid.bro, line 15: expression value ignored (h(3)) -error in ./invalid.bro, line 16: hook cannot be called directly, use hook operator (h) +error in ./invalid.zeek, line 9: hook cannot be called directly, use hook operator (myhook) +warning in ./invalid.zeek, line 9: expression value ignored (myhook(3)) +error in ./invalid.zeek, line 10: hook cannot be called directly, use hook operator (myhook) +error in ./invalid.zeek, line 11: hook cannot be called directly, use hook operator (myhook) +error in ./invalid.zeek, line 12: not a valid hook call expression (2 + 2) +warning in ./invalid.zeek, line 12: expression value ignored (2 + 2) +error in ./invalid.zeek, line 13: not a valid hook call expression (2 + 2) +error in ./invalid.zeek, line 15: hook cannot be called directly, use hook operator (h) +warning in ./invalid.zeek, line 15: expression value ignored (h(3)) +error in ./invalid.zeek, line 16: hook cannot be called directly, use hook operator (h) diff --git a/testing/btest/Baseline/language.index-assignment-invalid/out b/testing/btest/Baseline/language.index-assignment-invalid/out index 44e82d16f6..02dd4100ce 100644 --- a/testing/btest/Baseline/language.index-assignment-invalid/out +++ b/testing/btest/Baseline/language.index-assignment-invalid/out @@ -1,5 +1,5 @@ runtime error in /home/jon/pro/zeek/zeek/scripts/base/utils/queue.zeek, line 152: vector index assignment failed for invalid type 'myrec', value: [a=T, b=hi, c=], expression: Queue::ret[Queue::j], call stack: - #0 Queue::get_vector([initialized=T, vals={[2] = test,[6] = jkl;,[4] = asdf,[1] = goodbye,[5] = 3,[0] = hello,[3] = [a=T, b=hi, c=]}, settings=[max_len=], top=7, bottom=0, size=0], [hello, goodbye, test]) at /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.bro:19 - #1 bar(55) at /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.bro:27 - #2 foo(hi, 13) at /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.bro:39 + #0 Queue::get_vector([initialized=T, vals={[2] = test,[6] = jkl;,[4] = asdf,[1] = goodbye,[5] = 3,[0] = hello,[3] = [a=T, b=hi, c=]}, settings=[max_len=], top=7, bottom=0, size=0], [hello, goodbye, test]) at /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.zeek:19 + #1 bar(55) at /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.zeek:27 + #2 foo(hi, 13) at /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.zeek:39 #3 bro_init() diff --git a/testing/btest/Baseline/language.invalid_index/out b/testing/btest/Baseline/language.invalid_index/out index 4ba0373e91..aa3784aa3e 100644 --- a/testing/btest/Baseline/language.invalid_index/out +++ b/testing/btest/Baseline/language.invalid_index/out @@ -1,5 +1,5 @@ -expression error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.invalid_index/invalid_index.bro, line 10: no such index (foo[1]) -expression error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.invalid_index/invalid_index.bro, line 16: no such index (foo2[1]) +expression error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.invalid_index/invalid_index.zeek, line 10: no such index (foo[1]) +expression error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.invalid_index/invalid_index.zeek, line 16: no such index (foo2[1]) foo[0], 42 foo2[0], 13 done diff --git a/testing/btest/Baseline/language.outer_param_binding/out b/testing/btest/Baseline/language.outer_param_binding/out index 28ad03c85a..afdc4191cd 100644 --- a/testing/btest/Baseline/language.outer_param_binding/out +++ b/testing/btest/Baseline/language.outer_param_binding/out @@ -1,3 +1,3 @@ -error in /home/robin/bro/master/testing/btest/.tmp/language.outer_param_binding/outer_param_binding.bro, line 16: referencing outer function IDs not supported (c) -error in /home/robin/bro/master/testing/btest/.tmp/language.outer_param_binding/outer_param_binding.bro, line 16: referencing outer function IDs not supported (d) -error in /home/robin/bro/master/testing/btest/.tmp/language.outer_param_binding/outer_param_binding.bro, line 17: referencing outer function IDs not supported (b) +error in /home/robin/bro/master/testing/btest/.tmp/language.outer_param_binding/outer_param_binding.zeek, line 16: referencing outer function IDs not supported (c) +error in /home/robin/bro/master/testing/btest/.tmp/language.outer_param_binding/outer_param_binding.zeek, line 16: referencing outer function IDs not supported (d) +error in /home/robin/bro/master/testing/btest/.tmp/language.outer_param_binding/outer_param_binding.zeek, line 17: referencing outer function IDs not supported (b) diff --git a/testing/btest/Baseline/language.record-bad-ctor/out b/testing/btest/Baseline/language.record-bad-ctor/out index d30d0ab9d3..e6ff4a8fd5 100644 --- a/testing/btest/Baseline/language.record-bad-ctor/out +++ b/testing/btest/Baseline/language.record-bad-ctor/out @@ -1,2 +1,2 @@ -error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.record-bad-ctor/record-bad-ctor.bro, line 6: no type given (asdfasdf) -expression error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.record-bad-ctor/record-bad-ctor.bro, line 7: uninitialized list value ($ports=asdfasdf) +error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.record-bad-ctor/record-bad-ctor.zeek, line 6: no type given (asdfasdf) +expression error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.record-bad-ctor/record-bad-ctor.zeek, line 7: uninitialized list value ($ports=asdfasdf) diff --git a/testing/btest/Baseline/language.record-bad-ctor2/out b/testing/btest/Baseline/language.record-bad-ctor2/out index d5ce540dd8..12b0fe3959 100644 --- a/testing/btest/Baseline/language.record-bad-ctor2/out +++ b/testing/btest/Baseline/language.record-bad-ctor2/out @@ -1 +1 @@ -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.record-bad-ctor2/record-bad-ctor2.bro, line 14: bad type in record constructor ([[$cmd=echo hi]] and [$cmd=echo hi]) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.record-bad-ctor2/record-bad-ctor2.zeek, line 14: bad type in record constructor ([[$cmd=echo hi]] and [$cmd=echo hi]) diff --git a/testing/btest/Baseline/language.record-ceorce-orphan/out b/testing/btest/Baseline/language.record-ceorce-orphan/out index 59df204af2..f848945979 100644 --- a/testing/btest/Baseline/language.record-ceorce-orphan/out +++ b/testing/btest/Baseline/language.record-ceorce-orphan/out @@ -1,2 +1,2 @@ -error in /home/robin/bro/master/testing/btest/.tmp/language.record-ceorce-orphan/record-ceorce-orphan.bro, line 19: orphaned field "wtf" in record coercion ((coerce [$a=test, $b=42, $wtf=1.0 sec] to myrec)) -error in /home/robin/bro/master/testing/btest/.tmp/language.record-ceorce-orphan/record-ceorce-orphan.bro, line 21: orphaned field "wtf" in record coercion ((coerce [$a=test, $b=42, $wtf=1.0 sec] to myrec)) +error in /home/robin/bro/master/testing/btest/.tmp/language.record-ceorce-orphan/record-ceorce-orphan.zeek, line 19: orphaned field "wtf" in record coercion ((coerce [$a=test, $b=42, $wtf=1.0 sec] to myrec)) +error in /home/robin/bro/master/testing/btest/.tmp/language.record-ceorce-orphan/record-ceorce-orphan.zeek, line 21: orphaned field "wtf" in record coercion ((coerce [$a=test, $b=42, $wtf=1.0 sec] to myrec)) diff --git a/testing/btest/Baseline/language.record-coerce-clash/out b/testing/btest/Baseline/language.record-coerce-clash/out index 9ef4116c7e..cb45413c63 100644 --- a/testing/btest/Baseline/language.record-coerce-clash/out +++ b/testing/btest/Baseline/language.record-coerce-clash/out @@ -1 +1 @@ -error in /Users/jon/Projects/bro/bro/testing/btest/.tmp/language.record-coerce-clash/record-coerce-clash.bro, line 13: type clash for field "cid" ((coerce [$cid=[$orig_h=1.2.3.4, $orig_p=0/tcp, $resp_h=0.0.0.0, $resp_p=wrong]] to myrec) and record { orig_h:addr; orig_p:port; resp_h:addr; resp_p:string; }) +error in /Users/jon/Projects/bro/bro/testing/btest/.tmp/language.record-coerce-clash/record-coerce-clash.zeek, line 13: type clash for field "cid" ((coerce [$cid=[$orig_h=1.2.3.4, $orig_p=0/tcp, $resp_h=0.0.0.0, $resp_p=wrong]] to myrec) and record { orig_h:addr; orig_p:port; resp_h:addr; resp_p:string; }) diff --git a/testing/btest/Baseline/language.record-default-set-mismatch/out b/testing/btest/Baseline/language.record-default-set-mismatch/out index c005138c0c..ba40f934f7 100644 --- a/testing/btest/Baseline/language.record-default-set-mismatch/out +++ b/testing/btest/Baseline/language.record-default-set-mismatch/out @@ -1 +1 @@ -error in /home/robin/bro/master/testing/btest/.tmp/language.record-default-set-mismatch/record-default-set-mismatch.bro, line 5: &default value has inconsistent type (&default=set(1, 2, 3)) +error in /home/robin/bro/master/testing/btest/.tmp/language.record-default-set-mismatch/record-default-set-mismatch.zeek, line 5: &default value has inconsistent type (&default=set(1, 2, 3)) diff --git a/testing/btest/Baseline/language.record-type-checking/out b/testing/btest/Baseline/language.record-type-checking/out index ecd5d7b8bb..50b0db5d8c 100644 --- a/testing/btest/Baseline/language.record-type-checking/out +++ b/testing/btest/Baseline/language.record-type-checking/out @@ -1,11 +1,11 @@ -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.record-type-checking/record-type-checking.bro, line 9 and count: type clash for field "a" ((coerce [$a=0] to MyRec) and count) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.record-type-checking/record-type-checking.bro, line 9: bad record initializer ((coerce [$a=0] to error)) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.record-type-checking/record-type-checking.bro, line 12 and count: type clash for field "a" ((coerce [$a=1] to MyRec) and count) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.record-type-checking/record-type-checking.bro, line 12: bad record initializer ((coerce (coerce [$a=1] to error) to error)) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.record-type-checking/record-type-checking.bro, line 18 and count: type clash for field "a" ((coerce [$a=2] to MyRec) and count) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.record-type-checking/record-type-checking.bro, line 22 and count: type clash for field "a" ((coerce [$a=3] to MyRec) and count) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.record-type-checking/record-type-checking.bro, line 22: bad record initializer ((coerce [$a=3] to error)) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.record-type-checking/record-type-checking.bro, line 27 and count: type clash for field "a" ((coerce [$a=1000] to MyRec) and count) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.record-type-checking/record-type-checking.bro, line 33 and count: type clash for field "a" ((coerce [$a=1001] to MyRec) and count) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.record-type-checking/record-type-checking.bro, line 40 and count: type clash for field "a" ((coerce [$a=1002] to MyRec) and count) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.record-type-checking/record-type-checking.bro, line 46 and count: type clash for field "a" ((coerce [$a=1003] to MyRec) and count) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.record-type-checking/record-type-checking.zeek, line 9 and count: type clash for field "a" ((coerce [$a=0] to MyRec) and count) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.record-type-checking/record-type-checking.zeek, line 9: bad record initializer ((coerce [$a=0] to error)) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.record-type-checking/record-type-checking.zeek, line 12 and count: type clash for field "a" ((coerce [$a=1] to MyRec) and count) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.record-type-checking/record-type-checking.zeek, line 12: bad record initializer ((coerce (coerce [$a=1] to error) to error)) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.record-type-checking/record-type-checking.zeek, line 18 and count: type clash for field "a" ((coerce [$a=2] to MyRec) and count) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.record-type-checking/record-type-checking.zeek, line 22 and count: type clash for field "a" ((coerce [$a=3] to MyRec) and count) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.record-type-checking/record-type-checking.zeek, line 22: bad record initializer ((coerce [$a=3] to error)) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.record-type-checking/record-type-checking.zeek, line 27 and count: type clash for field "a" ((coerce [$a=1000] to MyRec) and count) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.record-type-checking/record-type-checking.zeek, line 33 and count: type clash for field "a" ((coerce [$a=1001] to MyRec) and count) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.record-type-checking/record-type-checking.zeek, line 40 and count: type clash for field "a" ((coerce [$a=1002] to MyRec) and count) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.record-type-checking/record-type-checking.zeek, line 46 and count: type clash for field "a" ((coerce [$a=1003] to MyRec) and count) diff --git a/testing/btest/Baseline/language.set-type-checking/out b/testing/btest/Baseline/language.set-type-checking/out index 0387146723..d27da6205a 100644 --- a/testing/btest/Baseline/language.set-type-checking/out +++ b/testing/btest/Baseline/language.set-type-checking/out @@ -1,24 +1,24 @@ -error in port and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 7: arithmetic mixed with non-arithmetic (port and 0) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 7 and port: type mismatch (0 and port) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 7: inconsistent type in set constructor (set(0)) -error in port and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 10: arithmetic mixed with non-arithmetic (port and 1) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 10 and port: type mismatch (1 and port) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 10: inconsistent type in set constructor (set(1)) -error in port and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 16: arithmetic mixed with non-arithmetic (port and 2) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 16 and port: type mismatch (2 and port) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 16: inconsistent type in set constructor (set(2)) +error in port and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.zeek, line 7: arithmetic mixed with non-arithmetic (port and 0) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.zeek, line 7 and port: type mismatch (0 and port) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.zeek, line 7: inconsistent type in set constructor (set(0)) +error in port and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.zeek, line 10: arithmetic mixed with non-arithmetic (port and 1) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.zeek, line 10 and port: type mismatch (1 and port) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.zeek, line 10: inconsistent type in set constructor (set(1)) +error in port and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.zeek, line 16: arithmetic mixed with non-arithmetic (port and 2) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.zeek, line 16 and port: type mismatch (2 and port) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.zeek, line 16: inconsistent type in set constructor (set(2)) error in port: arithmetic mixed with non-arithmetic (port and 3) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 20: initialization type mismatch in set (set(3) and 3) -error in port and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 25: arithmetic mixed with non-arithmetic (port and 1000) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 25 and port: type mismatch (1000 and port) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 25: inconsistent type in set constructor (set(1000)) -error in port and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 31: arithmetic mixed with non-arithmetic (port and 1001) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 31 and port: type mismatch (1001 and port) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 31: inconsistent type in set constructor (set(1001)) -error in port and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 38: arithmetic mixed with non-arithmetic (port and 1002) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 38 and port: type mismatch (1002 and port) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 38: inconsistent type in set constructor (set(1002)) -error in port and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 44: arithmetic mixed with non-arithmetic (port and 1003) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 44 and port: type mismatch (1003 and port) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 44: inconsistent type in set constructor (set(1003)) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.bro, line 44: type clash in assignment (lea = set(1003)) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.zeek, line 20: initialization type mismatch in set (set(3) and 3) +error in port and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.zeek, line 25: arithmetic mixed with non-arithmetic (port and 1000) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.zeek, line 25 and port: type mismatch (1000 and port) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.zeek, line 25: inconsistent type in set constructor (set(1000)) +error in port and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.zeek, line 31: arithmetic mixed with non-arithmetic (port and 1001) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.zeek, line 31 and port: type mismatch (1001 and port) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.zeek, line 31: inconsistent type in set constructor (set(1001)) +error in port and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.zeek, line 38: arithmetic mixed with non-arithmetic (port and 1002) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.zeek, line 38 and port: type mismatch (1002 and port) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.zeek, line 38: inconsistent type in set constructor (set(1002)) +error in port and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.zeek, line 44: arithmetic mixed with non-arithmetic (port and 1003) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.zeek, line 44 and port: type mismatch (1003 and port) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.zeek, line 44: inconsistent type in set constructor (set(1003)) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.set-type-checking/set-type-checking.zeek, line 44: type clash in assignment (lea = set(1003)) diff --git a/testing/btest/Baseline/language.subnet-errors/out b/testing/btest/Baseline/language.subnet-errors/out index 5d8e3d76da..97e999ef9b 100644 --- a/testing/btest/Baseline/language.subnet-errors/out +++ b/testing/btest/Baseline/language.subnet-errors/out @@ -1,5 +1,5 @@ -expression error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.subnet-errors/subnet-errors.bro, line 9: bad IPv4 subnet prefix length: 33 (1.2.3.4 / i) -expression error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.subnet-errors/subnet-errors.bro, line 18: bad IPv6 subnet prefix length: 129 (:: / i) +expression error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.subnet-errors/subnet-errors.zeek, line 9: bad IPv4 subnet prefix length: 33 (1.2.3.4 / i) +expression error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.subnet-errors/subnet-errors.zeek, line 18: bad IPv6 subnet prefix length: 129 (:: / i) 1.2.3.4/32 ::/128 init last diff --git a/testing/btest/Baseline/language.switch-error-mixed/out b/testing/btest/Baseline/language.switch-error-mixed/out index 75fa1d84c2..679b34f6ef 100644 --- a/testing/btest/Baseline/language.switch-error-mixed/out +++ b/testing/btest/Baseline/language.switch-error-mixed/out @@ -1 +1 @@ -error in /home/robin/bro/lang-ext/testing/btest/.tmp/language.switch-error-mixed/switch-error-mixed.bro, line 6: cannot mix cases with expressions and types (switch (v) {case 42:{ return (42!)}case type count:{ return (Count!)}}) +error in /home/robin/bro/lang-ext/testing/btest/.tmp/language.switch-error-mixed/switch-error-mixed.zeek, line 6: cannot mix cases with expressions and types (switch (v) {case 42:{ return (42!)}case type count:{ return (Count!)}}) diff --git a/testing/btest/Baseline/language.switch-incomplete/out b/testing/btest/Baseline/language.switch-incomplete/out index bfe4429956..4ce7d39a08 100644 --- a/testing/btest/Baseline/language.switch-incomplete/out +++ b/testing/btest/Baseline/language.switch-incomplete/out @@ -1 +1 @@ -error in /home/robin/bro/master/testing/btest/.tmp/language.switch-incomplete/switch-incomplete.bro, lines 7-8: case block must end in break/fallthrough/return statement (case 1:{ print 1}) +error in /home/robin/bro/master/testing/btest/.tmp/language.switch-incomplete/switch-incomplete.zeek, lines 7-8: case block must end in break/fallthrough/return statement (case 1:{ print 1}) diff --git a/testing/btest/Baseline/language.switch-types-error-duplicate/out b/testing/btest/Baseline/language.switch-types-error-duplicate/out index e523b14550..0ab618bc16 100644 --- a/testing/btest/Baseline/language.switch-types-error-duplicate/out +++ b/testing/btest/Baseline/language.switch-types-error-duplicate/out @@ -1 +1 @@ -error in /home/robin/bro/lang-ext/testing/btest/.tmp/language.switch-types-error-duplicate/switch-types-error-duplicate.bro, lines 11-12: duplicate case label (case type bool, type count:{ return (Bool or address!)}) +error in /home/robin/bro/lang-ext/testing/btest/.tmp/language.switch-types-error-duplicate/switch-types-error-duplicate.zeek, lines 11-12: duplicate case label (case type bool, type count:{ return (Bool or address!)}) diff --git a/testing/btest/Baseline/language.switch-types-error-unsupported/out b/testing/btest/Baseline/language.switch-types-error-unsupported/out index 133c8653f2..7932073710 100644 --- a/testing/btest/Baseline/language.switch-types-error-unsupported/out +++ b/testing/btest/Baseline/language.switch-types-error-unsupported/out @@ -1,3 +1,3 @@ -error in /home/robin/bro/lang-ext/testing/btest/.tmp/language.switch-types-error-unsupported/switch-types-error-unsupported.bro, lines 9-10: cannot cast switch expression to case type (case type count:{ return (Count!)}) -error in /home/robin/bro/lang-ext/testing/btest/.tmp/language.switch-types-error-unsupported/switch-types-error-unsupported.bro, lines 11-12: cannot cast switch expression to case type (case type bool, type addr:{ return (Bool or address!)}) -error in /home/robin/bro/lang-ext/testing/btest/.tmp/language.switch-types-error-unsupported/switch-types-error-unsupported.bro, lines 11-12: cannot cast switch expression to case type (case type bool, type addr:{ return (Bool or address!)}) +error in /home/robin/bro/lang-ext/testing/btest/.tmp/language.switch-types-error-unsupported/switch-types-error-unsupported.zeek, lines 9-10: cannot cast switch expression to case type (case type count:{ return (Count!)}) +error in /home/robin/bro/lang-ext/testing/btest/.tmp/language.switch-types-error-unsupported/switch-types-error-unsupported.zeek, lines 11-12: cannot cast switch expression to case type (case type bool, type addr:{ return (Bool or address!)}) +error in /home/robin/bro/lang-ext/testing/btest/.tmp/language.switch-types-error-unsupported/switch-types-error-unsupported.zeek, lines 11-12: cannot cast switch expression to case type (case type bool, type addr:{ return (Bool or address!)}) diff --git a/testing/btest/Baseline/language.table-type-checking/out b/testing/btest/Baseline/language.table-type-checking/out index 488cb83ab2..a6307a6155 100644 --- a/testing/btest/Baseline/language.table-type-checking/out +++ b/testing/btest/Baseline/language.table-type-checking/out @@ -1,14 +1,14 @@ -error in port and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.table-type-checking/table-type-checking.bro, line 7: type clash (port and zero) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.table-type-checking/table-type-checking.bro, line 7: inconsistent types in table constructor (table(zero = 0)) -error in port and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.table-type-checking/table-type-checking.bro, line 10: type clash (port and one) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.table-type-checking/table-type-checking.bro, line 10: inconsistent types in table constructor (table(one = 1)) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.table-type-checking/table-type-checking.bro, line 17: type clash in assignment (gda = gda2) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.table-type-checking/table-type-checking.bro, line 21 and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.table-type-checking/table-type-checking.bro, line 4: index type doesn't match table (three and list of port) -expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.table-type-checking/table-type-checking.bro, line 21: type clash in table assignment (three = 3) -error in port and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.table-type-checking/table-type-checking.bro, line 26: type clash (port and thousand) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.table-type-checking/table-type-checking.bro, line 26: inconsistent types in table constructor (table(thousand = 1000)) -error in port and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.table-type-checking/table-type-checking.bro, line 32: type clash (port and thousand-one) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.table-type-checking/table-type-checking.bro, line 32: inconsistent types in table constructor (table(thousand-one = 1001)) -error in port and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.table-type-checking/table-type-checking.bro, line 39: type clash (port and thousand-two) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.table-type-checking/table-type-checking.bro, line 39: inconsistent types in table constructor (table(thousand-two = 1002)) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.table-type-checking/table-type-checking.bro, line 45: type clash in assignment (lea = table(thousand-three = 1003)) +error in port and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.table-type-checking/table-type-checking.zeek, line 7: type clash (port and zero) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.table-type-checking/table-type-checking.zeek, line 7: inconsistent types in table constructor (table(zero = 0)) +error in port and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.table-type-checking/table-type-checking.zeek, line 10: type clash (port and one) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.table-type-checking/table-type-checking.zeek, line 10: inconsistent types in table constructor (table(one = 1)) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.table-type-checking/table-type-checking.zeek, line 17: type clash in assignment (gda = gda2) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.table-type-checking/table-type-checking.zeek, line 21 and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.table-type-checking/table-type-checking.zeek, line 4: index type doesn't match table (three and list of port) +expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.table-type-checking/table-type-checking.zeek, line 21: type clash in table assignment (three = 3) +error in port and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.table-type-checking/table-type-checking.zeek, line 26: type clash (port and thousand) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.table-type-checking/table-type-checking.zeek, line 26: inconsistent types in table constructor (table(thousand = 1000)) +error in port and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.table-type-checking/table-type-checking.zeek, line 32: type clash (port and thousand-one) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.table-type-checking/table-type-checking.zeek, line 32: inconsistent types in table constructor (table(thousand-one = 1001)) +error in port and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.table-type-checking/table-type-checking.zeek, line 39: type clash (port and thousand-two) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.table-type-checking/table-type-checking.zeek, line 39: inconsistent types in table constructor (table(thousand-two = 1002)) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.table-type-checking/table-type-checking.zeek, line 45: type clash in assignment (lea = table(thousand-three = 1003)) diff --git a/testing/btest/Baseline/language.ternary-record-mismatch/out b/testing/btest/Baseline/language.ternary-record-mismatch/out index 0c1cefce0d..91a3aa2e02 100644 --- a/testing/btest/Baseline/language.ternary-record-mismatch/out +++ b/testing/btest/Baseline/language.ternary-record-mismatch/out @@ -1 +1 @@ -error in /Users/jon/pro/zeek/zeek/testing/btest/.tmp/language.ternary-record-mismatch/ternary-record-mismatch.bro, lines 13-14: operands must be of the same type ((F) ? (coerce [$a=a string, $b=6] to MyRecord) : [$a=a different string, $b=7]) +error in /Users/jon/pro/zeek/zeek/testing/btest/.tmp/language.ternary-record-mismatch/ternary-record-mismatch.zeek, lines 13-14: operands must be of the same type ((F) ? (coerce [$a=a string, $b=6] to MyRecord) : [$a=a different string, $b=7]) diff --git a/testing/btest/Baseline/language.type-cast-error-dynamic/output b/testing/btest/Baseline/language.type-cast-error-dynamic/output index 7c4ec0332f..dfac361f11 100644 --- a/testing/btest/Baseline/language.type-cast-error-dynamic/output +++ b/testing/btest/Baseline/language.type-cast-error-dynamic/output @@ -1,4 +1,4 @@ -expression error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.type-cast-error-dynamic/type-cast-error-dynamic.bro, line 11: invalid cast of value with type 'count' to type 'string' (a as string) -expression error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.type-cast-error-dynamic/type-cast-error-dynamic.bro, line 11: invalid cast of value with type 'record { a:addr; b:port; }' to type 'string' (a as string) -expression error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.type-cast-error-dynamic/type-cast-error-dynamic.bro, line 11: invalid cast of value with type 'record { data:opaque of Broker::Data; }' to type 'string' (nil $data field) (a as string) +expression error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.type-cast-error-dynamic/type-cast-error-dynamic.zeek, line 11: invalid cast of value with type 'count' to type 'string' (a as string) +expression error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.type-cast-error-dynamic/type-cast-error-dynamic.zeek, line 11: invalid cast of value with type 'record { a:addr; b:port; }' to type 'string' (a as string) +expression error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.type-cast-error-dynamic/type-cast-error-dynamic.zeek, line 11: invalid cast of value with type 'record { data:opaque of Broker::Data; }' to type 'string' (nil $data field) (a as string) data is string, F diff --git a/testing/btest/Baseline/language.type-cast-error-static/output b/testing/btest/Baseline/language.type-cast-error-static/output index a93e262f21..bd00361939 100644 --- a/testing/btest/Baseline/language.type-cast-error-static/output +++ b/testing/btest/Baseline/language.type-cast-error-static/output @@ -1,2 +1,2 @@ -error in /home/robin/bro/lang-ext/testing/btest/.tmp/language.type-cast-error-static/type-cast-error-static.bro, line 14: cast not supported (string as count) -error in /home/robin/bro/lang-ext/testing/btest/.tmp/language.type-cast-error-static/type-cast-error-static.bro, line 15: cast not supported (string as X) +error in /home/robin/bro/lang-ext/testing/btest/.tmp/language.type-cast-error-static/type-cast-error-static.zeek, line 14: cast not supported (string as count) +error in /home/robin/bro/lang-ext/testing/btest/.tmp/language.type-cast-error-static/type-cast-error-static.zeek, line 15: cast not supported (string as X) diff --git a/testing/btest/Baseline/language.type-type-error/.stderr b/testing/btest/Baseline/language.type-type-error/.stderr index 95cb065ece..b0e0800c72 100644 --- a/testing/btest/Baseline/language.type-type-error/.stderr +++ b/testing/btest/Baseline/language.type-type-error/.stderr @@ -1 +1 @@ -error in /home/jsiwek/bro/testing/btest/.tmp/language.type-type-error/type-type-error.bro, line 13: not a record (r$a) +error in /home/jsiwek/bro/testing/btest/.tmp/language.type-type-error/type-type-error.zeek, line 13: not a record (r$a) diff --git a/testing/btest/Baseline/language.undefined-delete-field/output b/testing/btest/Baseline/language.undefined-delete-field/output index bd0fb99289..99a71b1087 100644 --- a/testing/btest/Baseline/language.undefined-delete-field/output +++ b/testing/btest/Baseline/language.undefined-delete-field/output @@ -1,2 +1,2 @@ -error in /Users/johanna/bro/master/testing/btest/.tmp/language.undefined-delete-field/undefined-delete-field.bro, line 14: no such field in record (x$c) +error in /Users/johanna/bro/master/testing/btest/.tmp/language.undefined-delete-field/undefined-delete-field.zeek, line 14: no such field in record (x$c) 1 diff --git a/testing/btest/Baseline/language.uninitialized-local/out b/testing/btest/Baseline/language.uninitialized-local/out index 24d45d3456..dd6867f524 100644 --- a/testing/btest/Baseline/language.uninitialized-local/out +++ b/testing/btest/Baseline/language.uninitialized-local/out @@ -1 +1 @@ -expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.uninitialized-local/uninitialized-local.bro, line 16: value used but not set (my_string) +expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.uninitialized-local/uninitialized-local.zeek, line 16: value used but not set (my_string) diff --git a/testing/btest/Baseline/language.uninitialized-local2/out b/testing/btest/Baseline/language.uninitialized-local2/out index bba567878e..ba668f08ff 100644 --- a/testing/btest/Baseline/language.uninitialized-local2/out +++ b/testing/btest/Baseline/language.uninitialized-local2/out @@ -1,2 +1,2 @@ -expression error in /home/jon/projects/bro/bro/testing/btest/.tmp/language.uninitialized-local2/uninitialized-local2.bro, line 19: value used but not set (var_b) +expression error in /home/jon/projects/bro/bro/testing/btest/.tmp/language.uninitialized-local2/uninitialized-local2.zeek, line 19: value used but not set (var_b) var_a is, baz diff --git a/testing/btest/Baseline/language.vector-type-checking/out b/testing/btest/Baseline/language.vector-type-checking/out index e96017082a..33be41836f 100644 --- a/testing/btest/Baseline/language.vector-type-checking/out +++ b/testing/btest/Baseline/language.vector-type-checking/out @@ -1,19 +1,19 @@ -error in count and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.bro, line 7: arithmetic mixed with non-arithmetic (count and zero) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.bro, line 7 and count: type mismatch (zero and count) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.bro, line 7: inconsistent types in vector constructor (vector(zero)) -error in count and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.bro, line 10: arithmetic mixed with non-arithmetic (count and one) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.bro, line 10 and count: type mismatch (one and count) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.bro, line 10: inconsistent types in vector constructor (vector(one)) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.bro, line 17: type clash in assignment (gda = gda2) -error in count and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.bro, line 21: arithmetic mixed with non-arithmetic (count and three) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.bro, line 21: initialization type mismatch at index 0 (vector(three) and three) -error in count and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.bro, line 26: arithmetic mixed with non-arithmetic (count and thousand) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.bro, line 26 and count: type mismatch (thousand and count) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.bro, line 26: inconsistent types in vector constructor (vector(thousand)) -error in count and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.bro, line 32: arithmetic mixed with non-arithmetic (count and thousand-one) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.bro, line 32 and count: type mismatch (thousand-one and count) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.bro, line 32: inconsistent types in vector constructor (vector(thousand-one)) -error in count and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.bro, line 39: arithmetic mixed with non-arithmetic (count and thousand-two) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.bro, line 39 and count: type mismatch (thousand-two and count) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.bro, line 39: inconsistent types in vector constructor (vector(thousand-two)) -error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.bro, line 45: type clash in assignment (lea = vector(thousand-three)) +error in count and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.zeek, line 7: arithmetic mixed with non-arithmetic (count and zero) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.zeek, line 7 and count: type mismatch (zero and count) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.zeek, line 7: inconsistent types in vector constructor (vector(zero)) +error in count and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.zeek, line 10: arithmetic mixed with non-arithmetic (count and one) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.zeek, line 10 and count: type mismatch (one and count) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.zeek, line 10: inconsistent types in vector constructor (vector(one)) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.zeek, line 17: type clash in assignment (gda = gda2) +error in count and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.zeek, line 21: arithmetic mixed with non-arithmetic (count and three) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.zeek, line 21: initialization type mismatch at index 0 (vector(three) and three) +error in count and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.zeek, line 26: arithmetic mixed with non-arithmetic (count and thousand) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.zeek, line 26 and count: type mismatch (thousand and count) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.zeek, line 26: inconsistent types in vector constructor (vector(thousand)) +error in count and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.zeek, line 32: arithmetic mixed with non-arithmetic (count and thousand-one) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.zeek, line 32 and count: type mismatch (thousand-one and count) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.zeek, line 32: inconsistent types in vector constructor (vector(thousand-one)) +error in count and /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.zeek, line 39: arithmetic mixed with non-arithmetic (count and thousand-two) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.zeek, line 39 and count: type mismatch (thousand-two and count) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.zeek, line 39: inconsistent types in vector constructor (vector(thousand-two)) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.vector-type-checking/vector-type-checking.zeek, line 45: type clash in assignment (lea = vector(thousand-three)) diff --git a/testing/btest/Baseline/language.when-unitialized-rhs/out b/testing/btest/Baseline/language.when-unitialized-rhs/out index 6698887be0..bad1bdbb78 100644 --- a/testing/btest/Baseline/language.when-unitialized-rhs/out +++ b/testing/btest/Baseline/language.when-unitialized-rhs/out @@ -1,5 +1,5 @@ -expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.when-unitialized-rhs/when-unitialized-rhs.bro, line 9: value used but not set (crashMe) -expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.when-unitialized-rhs/when-unitialized-rhs.bro, line 14: value used but not set (x) +expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.when-unitialized-rhs/when-unitialized-rhs.zeek, line 9: value used but not set (crashMe) +expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.when-unitialized-rhs/when-unitialized-rhs.zeek, line 14: value used but not set (x) 1 2 3 diff --git a/testing/btest/Baseline/language.wrong-delete-field/output b/testing/btest/Baseline/language.wrong-delete-field/output index 1eefa1d2fe..1250f03c3d 100644 --- a/testing/btest/Baseline/language.wrong-delete-field/output +++ b/testing/btest/Baseline/language.wrong-delete-field/output @@ -1 +1 @@ -error in /da/home/robin/bro/master/testing/btest/.tmp/language.wrong-delete-field/wrong-delete-field.bro, line 10: illegal delete statement (delete x$a) +error in /da/home/robin/bro/master/testing/btest/.tmp/language.wrong-delete-field/wrong-delete-field.zeek, line 10: illegal delete statement (delete x$a) diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output index 0d383879f7..cd3ac7337f 100644 --- a/testing/btest/Baseline/plugins.hooks/output +++ b/testing/btest/Baseline/plugins.hooks/output @@ -788,7 +788,7 @@ 0.000000 MetaHookPost LoadFile(0, .<...>/weird.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, <...>/__load__.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, <...>/__preload__.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, <...>/hooks.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, <...>/hooks.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/Bro_KRB.types.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/Bro_SNMP.types.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/active-http.zeek) -> -1 @@ -1691,7 +1691,7 @@ 0.000000 MetaHookPre LoadFile(0, .<...>/weird.zeek) 0.000000 MetaHookPre LoadFile(0, <...>/__load__.zeek) 0.000000 MetaHookPre LoadFile(0, <...>/__preload__.zeek) -0.000000 MetaHookPre LoadFile(0, <...>/hooks.bro) +0.000000 MetaHookPre LoadFile(0, <...>/hooks.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/Bro_KRB.types.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/Bro_SNMP.types.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/active-http.zeek) @@ -2602,7 +2602,7 @@ 0.000000 | HookLoadFile .<...>/weird.zeek 0.000000 | HookLoadFile <...>/__load__.zeek 0.000000 | HookLoadFile <...>/__preload__.zeek -0.000000 | HookLoadFile <...>/hooks.bro +0.000000 | HookLoadFile <...>/hooks.zeek 0.000000 | HookLoadFile base<...>/Bro_KRB.types.bif.zeek 0.000000 | HookLoadFile base<...>/Bro_SNMP.types.bif.zeek 0.000000 | HookLoadFile base<...>/active-http.zeek diff --git a/testing/btest/Baseline/plugins.reporter-hook/output b/testing/btest/Baseline/plugins.reporter-hook/output index 8f706ec644..36418d2405 100644 --- a/testing/btest/Baseline/plugins.reporter-hook/output +++ b/testing/btest/Baseline/plugins.reporter-hook/output @@ -1,10 +1,10 @@ - | Hook Some Info <...>/reporter-hook.bro, line 16 - | Hook error An Error <...>/reporter-hook.bro, line 18 - | Hook error An Error that does not show up in the log <...>/reporter-hook.bro, line 19 - | Hook expression error field value missing (b$a) <...>/reporter-hook.bro, line 23 - | Hook warning A warning <...>/reporter-hook.bro, line 17 -<...>/reporter-hook.bro, line 16: Some Info -error in <...>/reporter-hook.bro, line 18: An Error -error in <...>/reporter-hook.bro, line 19: An Error that does not show up in the log -expression error in <...>/reporter-hook.bro, line 23: field value missing (b$a) -warning in <...>/reporter-hook.bro, line 17: A warning + | Hook Some Info <...>/reporter-hook.zeek, line 16 + | Hook error An Error <...>/reporter-hook.zeek, line 18 + | Hook error An Error that does not show up in the log <...>/reporter-hook.zeek, line 19 + | Hook expression error field value missing (b$a) <...>/reporter-hook.zeek, line 23 + | Hook warning A warning <...>/reporter-hook.zeek, line 17 +<...>/reporter-hook.zeek, line 16: Some Info +error in <...>/reporter-hook.zeek, line 18: An Error +error in <...>/reporter-hook.zeek, line 19: An Error that does not show up in the log +expression error in <...>/reporter-hook.zeek, line 23: field value missing (b$a) +warning in <...>/reporter-hook.zeek, line 17: A warning diff --git a/testing/btest/Baseline/plugins.reporter-hook/reporter.log b/testing/btest/Baseline/plugins.reporter-hook/reporter.log index bce2fb909f..fc5a79bc86 100644 --- a/testing/btest/Baseline/plugins.reporter-hook/reporter.log +++ b/testing/btest/Baseline/plugins.reporter-hook/reporter.log @@ -6,8 +6,8 @@ #open 2017-07-26-17-58-52 #fields ts level message location #types time enum string string -0.000000 Reporter::INFO Some Info /Users/johanna/corelight/bro/testing/btest/.tmp/plugins.reporter-hook/reporter-hook.bro, line 16 -0.000000 Reporter::WARNING A warning /Users/johanna/corelight/bro/testing/btest/.tmp/plugins.reporter-hook/reporter-hook.bro, line 17 -0.000000 Reporter::ERROR An Error /Users/johanna/corelight/bro/testing/btest/.tmp/plugins.reporter-hook/reporter-hook.bro, line 18 -0.000000 Reporter::ERROR field value missing (b$a) /Users/johanna/corelight/bro/testing/btest/.tmp/plugins.reporter-hook/reporter-hook.bro, line 23 +0.000000 Reporter::INFO Some Info /Users/johanna/corelight/bro/testing/btest/.tmp/plugins.reporter-hook/reporter-hook.zeek, line 16 +0.000000 Reporter::WARNING A warning /Users/johanna/corelight/bro/testing/btest/.tmp/plugins.reporter-hook/reporter-hook.zeek, line 17 +0.000000 Reporter::ERROR An Error /Users/johanna/corelight/bro/testing/btest/.tmp/plugins.reporter-hook/reporter-hook.zeek, line 18 +0.000000 Reporter::ERROR field value missing (b$a) /Users/johanna/corelight/bro/testing/btest/.tmp/plugins.reporter-hook/reporter-hook.zeek, line 23 #close 2017-07-26-17-58-52 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.field-extension-cluster-error/manager-reporter.log b/testing/btest/Baseline/scripts.base.frameworks.logging.field-extension-cluster-error/manager-reporter.log index f4b240d619..a58380f26c 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.field-extension-cluster-error/manager-reporter.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.field-extension-cluster-error/manager-reporter.log @@ -1,2 +1,2 @@ -1535139819.649067 Reporter::INFO qux /home/jon/projects/bro/bro/testing/btest/.tmp/scripts.base.frameworks.logging.field-extension-cluster-error/field-extension-cluster-error.bro, line XX -1535139821.906059 bah manager-1 0.000000 Reporter::INFO qux /home/jon/projects/bro/bro/testing/btest/.tmp/scripts.base.frameworks.logging.field-extension-cluster-error/field-extension-cluster-error.bro, line XX +1535139819.649067 Reporter::INFO qux /home/jon/projects/bro/bro/testing/btest/.tmp/scripts.base.frameworks.logging.field-extension-cluster-error/field-extension-cluster-error.zeek, line XX +1535139821.906059 bah manager-1 0.000000 Reporter::INFO qux /home/jon/projects/bro/bro/testing/btest/.tmp/scripts.base.frameworks.logging.field-extension-cluster-error/field-extension-cluster-error.zeek, line XX diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.field-extension-table/.stderr b/testing/btest/Baseline/scripts.base.frameworks.logging.field-extension-table/.stderr index ff76d4ea54..5efd4bac43 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.field-extension-table/.stderr +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.field-extension-table/.stderr @@ -1,2 +1,2 @@ -error in /testing/btest/.tmp/scripts.base.frameworks.logging.field-extension-table/field-extension-table.bro, line 9: &log applied to a type that cannot be logged (&log) -error in /testing/btest/.tmp/scripts.base.frameworks.logging.field-extension-table/field-extension-table.bro, line 18: syntax error, at or near "{" +error in /testing/btest/.tmp/scripts.base.frameworks.logging.field-extension-table/field-extension-table.zeek, line 9: &log applied to a type that cannot be logged (&log) +error in /testing/btest/.tmp/scripts.base.frameworks.logging.field-extension-table/field-extension-table.zeek, line 18: syntax error, at or near "{" diff --git a/testing/btest/Baseline/scripts.base.frameworks.reporter.disable-stderr/reporter.log b/testing/btest/Baseline/scripts.base.frameworks.reporter.disable-stderr/reporter.log index 144c094b2f..744f050046 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.reporter.disable-stderr/reporter.log +++ b/testing/btest/Baseline/scripts.base.frameworks.reporter.disable-stderr/reporter.log @@ -6,5 +6,5 @@ #open 2012-08-10-20-09-16 #fields ts level message location #types time enum string string -0.000000 Reporter::ERROR no such index (test[3]) /da/home/robin/bro/master/testing/btest/.tmp/scripts.base.frameworks.reporter.disable-stderr/disable-stderr.bro, line 12 +0.000000 Reporter::ERROR no such index (test[3]) /da/home/robin/bro/master/testing/btest/.tmp/scripts.base.frameworks.reporter.disable-stderr/disable-stderr.zeek, line 12 #close 2012-08-10-20-09-16 diff --git a/testing/btest/Baseline/scripts.base.frameworks.reporter.stderr/.stderr b/testing/btest/Baseline/scripts.base.frameworks.reporter.stderr/.stderr index ed161b2409..b01cfa1e84 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.reporter.stderr/.stderr +++ b/testing/btest/Baseline/scripts.base.frameworks.reporter.stderr/.stderr @@ -1 +1 @@ -expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/scripts.base.frameworks.reporter.stderr/stderr.bro, line 9: no such index (test[3]) +expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/scripts.base.frameworks.reporter.stderr/stderr.zeek, line 9: no such index (test[3]) diff --git a/testing/btest/Baseline/scripts.base.frameworks.reporter.stderr/reporter.log b/testing/btest/Baseline/scripts.base.frameworks.reporter.stderr/reporter.log index 391cf77a00..705bb357fa 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.reporter.stderr/reporter.log +++ b/testing/btest/Baseline/scripts.base.frameworks.reporter.stderr/reporter.log @@ -6,5 +6,5 @@ #open 2013-01-18-18-29-30 #fields ts level message location #types time enum string string -0.000000 Reporter::ERROR no such index (test[3]) /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/scripts.base.frameworks.reporter.stderr/stderr.bro, line 9 +0.000000 Reporter::ERROR no such index (test[3]) /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/scripts.base.frameworks.reporter.stderr/stderr.zeek, line 9 #close 2013-01-18-18-29-30 diff --git a/testing/btest/bifs/addr_count_conversion.bro b/testing/btest/bifs/addr_count_conversion.zeek similarity index 100% rename from testing/btest/bifs/addr_count_conversion.bro rename to testing/btest/bifs/addr_count_conversion.zeek diff --git a/testing/btest/bifs/addr_to_ptr_name.bro b/testing/btest/bifs/addr_to_ptr_name.zeek similarity index 100% rename from testing/btest/bifs/addr_to_ptr_name.bro rename to testing/btest/bifs/addr_to_ptr_name.zeek diff --git a/testing/btest/bifs/addr_version.bro b/testing/btest/bifs/addr_version.zeek similarity index 100% rename from testing/btest/bifs/addr_version.bro rename to testing/btest/bifs/addr_version.zeek diff --git a/testing/btest/bifs/all_set.bro b/testing/btest/bifs/all_set.zeek similarity index 100% rename from testing/btest/bifs/all_set.bro rename to testing/btest/bifs/all_set.zeek diff --git a/testing/btest/bifs/analyzer_name.bro b/testing/btest/bifs/analyzer_name.zeek similarity index 100% rename from testing/btest/bifs/analyzer_name.bro rename to testing/btest/bifs/analyzer_name.zeek diff --git a/testing/btest/bifs/any_set.bro b/testing/btest/bifs/any_set.zeek similarity index 100% rename from testing/btest/bifs/any_set.bro rename to testing/btest/bifs/any_set.zeek diff --git a/testing/btest/bifs/bloomfilter-seed.bro b/testing/btest/bifs/bloomfilter-seed.zeek similarity index 100% rename from testing/btest/bifs/bloomfilter-seed.bro rename to testing/btest/bifs/bloomfilter-seed.zeek diff --git a/testing/btest/bifs/bloomfilter.bro b/testing/btest/bifs/bloomfilter.zeek similarity index 100% rename from testing/btest/bifs/bloomfilter.bro rename to testing/btest/bifs/bloomfilter.zeek diff --git a/testing/btest/bifs/bro_version.bro b/testing/btest/bifs/bro_version.zeek similarity index 100% rename from testing/btest/bifs/bro_version.bro rename to testing/btest/bifs/bro_version.zeek diff --git a/testing/btest/bifs/bytestring_to_count.bro b/testing/btest/bifs/bytestring_to_count.zeek similarity index 100% rename from testing/btest/bifs/bytestring_to_count.bro rename to testing/btest/bifs/bytestring_to_count.zeek diff --git a/testing/btest/bifs/bytestring_to_double.bro b/testing/btest/bifs/bytestring_to_double.zeek similarity index 100% rename from testing/btest/bifs/bytestring_to_double.bro rename to testing/btest/bifs/bytestring_to_double.zeek diff --git a/testing/btest/bifs/bytestring_to_hexstr.bro b/testing/btest/bifs/bytestring_to_hexstr.zeek similarity index 100% rename from testing/btest/bifs/bytestring_to_hexstr.bro rename to testing/btest/bifs/bytestring_to_hexstr.zeek diff --git a/testing/btest/bifs/capture_state_updates.bro b/testing/btest/bifs/capture_state_updates.zeek similarity index 100% rename from testing/btest/bifs/capture_state_updates.bro rename to testing/btest/bifs/capture_state_updates.zeek diff --git a/testing/btest/bifs/cat.bro b/testing/btest/bifs/cat.zeek similarity index 100% rename from testing/btest/bifs/cat.bro rename to testing/btest/bifs/cat.zeek diff --git a/testing/btest/bifs/cat_string_array.bro b/testing/btest/bifs/cat_string_array.zeek similarity index 100% rename from testing/btest/bifs/cat_string_array.bro rename to testing/btest/bifs/cat_string_array.zeek diff --git a/testing/btest/bifs/check_subnet.bro b/testing/btest/bifs/check_subnet.zeek similarity index 100% rename from testing/btest/bifs/check_subnet.bro rename to testing/btest/bifs/check_subnet.zeek diff --git a/testing/btest/bifs/checkpoint_state.bro b/testing/btest/bifs/checkpoint_state.zeek similarity index 100% rename from testing/btest/bifs/checkpoint_state.bro rename to testing/btest/bifs/checkpoint_state.zeek diff --git a/testing/btest/bifs/clear_table.bro b/testing/btest/bifs/clear_table.zeek similarity index 100% rename from testing/btest/bifs/clear_table.bro rename to testing/btest/bifs/clear_table.zeek diff --git a/testing/btest/bifs/convert_for_pattern.bro b/testing/btest/bifs/convert_for_pattern.zeek similarity index 100% rename from testing/btest/bifs/convert_for_pattern.bro rename to testing/btest/bifs/convert_for_pattern.zeek diff --git a/testing/btest/bifs/count_to_addr.bro b/testing/btest/bifs/count_to_addr.zeek similarity index 100% rename from testing/btest/bifs/count_to_addr.bro rename to testing/btest/bifs/count_to_addr.zeek diff --git a/testing/btest/bifs/create_file.bro b/testing/btest/bifs/create_file.zeek similarity index 100% rename from testing/btest/bifs/create_file.bro rename to testing/btest/bifs/create_file.zeek diff --git a/testing/btest/bifs/current_analyzer.bro b/testing/btest/bifs/current_analyzer.zeek similarity index 100% rename from testing/btest/bifs/current_analyzer.bro rename to testing/btest/bifs/current_analyzer.zeek diff --git a/testing/btest/bifs/current_time.bro b/testing/btest/bifs/current_time.zeek similarity index 100% rename from testing/btest/bifs/current_time.bro rename to testing/btest/bifs/current_time.zeek diff --git a/testing/btest/bifs/decode_base64.bro b/testing/btest/bifs/decode_base64.zeek similarity index 100% rename from testing/btest/bifs/decode_base64.bro rename to testing/btest/bifs/decode_base64.zeek diff --git a/testing/btest/bifs/decode_base64_conn.bro b/testing/btest/bifs/decode_base64_conn.zeek similarity index 100% rename from testing/btest/bifs/decode_base64_conn.bro rename to testing/btest/bifs/decode_base64_conn.zeek diff --git a/testing/btest/bifs/directory_operations.bro b/testing/btest/bifs/directory_operations.zeek similarity index 100% rename from testing/btest/bifs/directory_operations.bro rename to testing/btest/bifs/directory_operations.zeek diff --git a/testing/btest/bifs/dump_current_packet.bro b/testing/btest/bifs/dump_current_packet.zeek similarity index 100% rename from testing/btest/bifs/dump_current_packet.bro rename to testing/btest/bifs/dump_current_packet.zeek diff --git a/testing/btest/bifs/edit.bro b/testing/btest/bifs/edit.zeek similarity index 100% rename from testing/btest/bifs/edit.bro rename to testing/btest/bifs/edit.zeek diff --git a/testing/btest/bifs/encode_base64.bro b/testing/btest/bifs/encode_base64.zeek similarity index 100% rename from testing/btest/bifs/encode_base64.bro rename to testing/btest/bifs/encode_base64.zeek diff --git a/testing/btest/bifs/entropy_test.bro b/testing/btest/bifs/entropy_test.zeek similarity index 100% rename from testing/btest/bifs/entropy_test.bro rename to testing/btest/bifs/entropy_test.zeek diff --git a/testing/btest/bifs/enum_to_int.bro b/testing/btest/bifs/enum_to_int.zeek similarity index 100% rename from testing/btest/bifs/enum_to_int.bro rename to testing/btest/bifs/enum_to_int.zeek diff --git a/testing/btest/bifs/escape_string.bro b/testing/btest/bifs/escape_string.zeek similarity index 100% rename from testing/btest/bifs/escape_string.bro rename to testing/btest/bifs/escape_string.zeek diff --git a/testing/btest/bifs/exit.bro b/testing/btest/bifs/exit.zeek similarity index 100% rename from testing/btest/bifs/exit.bro rename to testing/btest/bifs/exit.zeek diff --git a/testing/btest/bifs/file_mode.bro b/testing/btest/bifs/file_mode.zeek similarity index 100% rename from testing/btest/bifs/file_mode.bro rename to testing/btest/bifs/file_mode.zeek diff --git a/testing/btest/bifs/filter_subnet_table.bro b/testing/btest/bifs/filter_subnet_table.zeek similarity index 100% rename from testing/btest/bifs/filter_subnet_table.bro rename to testing/btest/bifs/filter_subnet_table.zeek diff --git a/testing/btest/bifs/find_all.bro b/testing/btest/bifs/find_all.zeek similarity index 100% rename from testing/btest/bifs/find_all.bro rename to testing/btest/bifs/find_all.zeek diff --git a/testing/btest/bifs/find_entropy.bro b/testing/btest/bifs/find_entropy.zeek similarity index 100% rename from testing/btest/bifs/find_entropy.bro rename to testing/btest/bifs/find_entropy.zeek diff --git a/testing/btest/bifs/find_last.bro b/testing/btest/bifs/find_last.zeek similarity index 100% rename from testing/btest/bifs/find_last.bro rename to testing/btest/bifs/find_last.zeek diff --git a/testing/btest/bifs/fmt.bro b/testing/btest/bifs/fmt.zeek similarity index 100% rename from testing/btest/bifs/fmt.bro rename to testing/btest/bifs/fmt.zeek diff --git a/testing/btest/bifs/fmt_ftp_port.bro b/testing/btest/bifs/fmt_ftp_port.zeek similarity index 100% rename from testing/btest/bifs/fmt_ftp_port.bro rename to testing/btest/bifs/fmt_ftp_port.zeek diff --git a/testing/btest/bifs/get_current_packet_header.bro b/testing/btest/bifs/get_current_packet_header.zeek similarity index 100% rename from testing/btest/bifs/get_current_packet_header.bro rename to testing/btest/bifs/get_current_packet_header.zeek diff --git a/testing/btest/bifs/get_matcher_stats.bro b/testing/btest/bifs/get_matcher_stats.zeek similarity index 100% rename from testing/btest/bifs/get_matcher_stats.bro rename to testing/btest/bifs/get_matcher_stats.zeek diff --git a/testing/btest/bifs/get_port_transport_proto.bro b/testing/btest/bifs/get_port_transport_proto.zeek similarity index 100% rename from testing/btest/bifs/get_port_transport_proto.bro rename to testing/btest/bifs/get_port_transport_proto.zeek diff --git a/testing/btest/bifs/gethostname.bro b/testing/btest/bifs/gethostname.zeek similarity index 100% rename from testing/btest/bifs/gethostname.bro rename to testing/btest/bifs/gethostname.zeek diff --git a/testing/btest/bifs/getpid.bro b/testing/btest/bifs/getpid.zeek similarity index 100% rename from testing/btest/bifs/getpid.bro rename to testing/btest/bifs/getpid.zeek diff --git a/testing/btest/bifs/getsetenv.bro b/testing/btest/bifs/getsetenv.zeek similarity index 100% rename from testing/btest/bifs/getsetenv.bro rename to testing/btest/bifs/getsetenv.zeek diff --git a/testing/btest/bifs/global_ids.bro b/testing/btest/bifs/global_ids.zeek similarity index 100% rename from testing/btest/bifs/global_ids.bro rename to testing/btest/bifs/global_ids.zeek diff --git a/testing/btest/bifs/global_sizes.bro b/testing/btest/bifs/global_sizes.zeek similarity index 100% rename from testing/btest/bifs/global_sizes.bro rename to testing/btest/bifs/global_sizes.zeek diff --git a/testing/btest/bifs/haversine_distance.bro b/testing/btest/bifs/haversine_distance.zeek similarity index 100% rename from testing/btest/bifs/haversine_distance.bro rename to testing/btest/bifs/haversine_distance.zeek diff --git a/testing/btest/bifs/hexdump.bro b/testing/btest/bifs/hexdump.zeek similarity index 100% rename from testing/btest/bifs/hexdump.bro rename to testing/btest/bifs/hexdump.zeek diff --git a/testing/btest/bifs/hexstr_to_bytestring.bro b/testing/btest/bifs/hexstr_to_bytestring.zeek similarity index 100% rename from testing/btest/bifs/hexstr_to_bytestring.bro rename to testing/btest/bifs/hexstr_to_bytestring.zeek diff --git a/testing/btest/bifs/hll_cardinality.bro b/testing/btest/bifs/hll_cardinality.zeek similarity index 100% rename from testing/btest/bifs/hll_cardinality.bro rename to testing/btest/bifs/hll_cardinality.zeek diff --git a/testing/btest/bifs/hll_large_estimate.bro b/testing/btest/bifs/hll_large_estimate.zeek similarity index 100% rename from testing/btest/bifs/hll_large_estimate.bro rename to testing/btest/bifs/hll_large_estimate.zeek diff --git a/testing/btest/bifs/identify_data.bro b/testing/btest/bifs/identify_data.zeek similarity index 100% rename from testing/btest/bifs/identify_data.bro rename to testing/btest/bifs/identify_data.zeek diff --git a/testing/btest/bifs/is_ascii.bro b/testing/btest/bifs/is_ascii.zeek similarity index 100% rename from testing/btest/bifs/is_ascii.bro rename to testing/btest/bifs/is_ascii.zeek diff --git a/testing/btest/bifs/is_local_interface.bro b/testing/btest/bifs/is_local_interface.zeek similarity index 100% rename from testing/btest/bifs/is_local_interface.bro rename to testing/btest/bifs/is_local_interface.zeek diff --git a/testing/btest/bifs/is_port.bro b/testing/btest/bifs/is_port.zeek similarity index 100% rename from testing/btest/bifs/is_port.bro rename to testing/btest/bifs/is_port.zeek diff --git a/testing/btest/bifs/join_string.bro b/testing/btest/bifs/join_string.zeek similarity index 100% rename from testing/btest/bifs/join_string.bro rename to testing/btest/bifs/join_string.zeek diff --git a/testing/btest/bifs/levenshtein_distance.bro b/testing/btest/bifs/levenshtein_distance.zeek similarity index 100% rename from testing/btest/bifs/levenshtein_distance.bro rename to testing/btest/bifs/levenshtein_distance.zeek diff --git a/testing/btest/bifs/lookup_ID.bro b/testing/btest/bifs/lookup_ID.zeek similarity index 100% rename from testing/btest/bifs/lookup_ID.bro rename to testing/btest/bifs/lookup_ID.zeek diff --git a/testing/btest/bifs/lowerupper.bro b/testing/btest/bifs/lowerupper.zeek similarity index 100% rename from testing/btest/bifs/lowerupper.bro rename to testing/btest/bifs/lowerupper.zeek diff --git a/testing/btest/bifs/lstrip.bro b/testing/btest/bifs/lstrip.zeek similarity index 100% rename from testing/btest/bifs/lstrip.bro rename to testing/btest/bifs/lstrip.zeek diff --git a/testing/btest/bifs/mask_addr.bro b/testing/btest/bifs/mask_addr.zeek similarity index 100% rename from testing/btest/bifs/mask_addr.bro rename to testing/btest/bifs/mask_addr.zeek diff --git a/testing/btest/bifs/matching_subnets.bro b/testing/btest/bifs/matching_subnets.zeek similarity index 100% rename from testing/btest/bifs/matching_subnets.bro rename to testing/btest/bifs/matching_subnets.zeek diff --git a/testing/btest/bifs/math.bro b/testing/btest/bifs/math.zeek similarity index 100% rename from testing/btest/bifs/math.bro rename to testing/btest/bifs/math.zeek diff --git a/testing/btest/bifs/merge_pattern.bro b/testing/btest/bifs/merge_pattern.zeek similarity index 100% rename from testing/btest/bifs/merge_pattern.bro rename to testing/btest/bifs/merge_pattern.zeek diff --git a/testing/btest/bifs/netbios-functions.bro b/testing/btest/bifs/netbios-functions.zeek similarity index 100% rename from testing/btest/bifs/netbios-functions.bro rename to testing/btest/bifs/netbios-functions.zeek diff --git a/testing/btest/bifs/order.bro b/testing/btest/bifs/order.zeek similarity index 100% rename from testing/btest/bifs/order.bro rename to testing/btest/bifs/order.zeek diff --git a/testing/btest/bifs/parse_ftp.bro b/testing/btest/bifs/parse_ftp.zeek similarity index 100% rename from testing/btest/bifs/parse_ftp.bro rename to testing/btest/bifs/parse_ftp.zeek diff --git a/testing/btest/bifs/piped_exec.bro b/testing/btest/bifs/piped_exec.zeek similarity index 100% rename from testing/btest/bifs/piped_exec.bro rename to testing/btest/bifs/piped_exec.zeek diff --git a/testing/btest/bifs/ptr_name_to_addr.bro b/testing/btest/bifs/ptr_name_to_addr.zeek similarity index 100% rename from testing/btest/bifs/ptr_name_to_addr.bro rename to testing/btest/bifs/ptr_name_to_addr.zeek diff --git a/testing/btest/bifs/rand.bro b/testing/btest/bifs/rand.zeek similarity index 100% rename from testing/btest/bifs/rand.bro rename to testing/btest/bifs/rand.zeek diff --git a/testing/btest/bifs/raw_bytes_to_v4_addr.bro b/testing/btest/bifs/raw_bytes_to_v4_addr.zeek similarity index 100% rename from testing/btest/bifs/raw_bytes_to_v4_addr.bro rename to testing/btest/bifs/raw_bytes_to_v4_addr.zeek diff --git a/testing/btest/bifs/reading_traces.bro b/testing/btest/bifs/reading_traces.zeek similarity index 100% rename from testing/btest/bifs/reading_traces.bro rename to testing/btest/bifs/reading_traces.zeek diff --git a/testing/btest/bifs/record_type_to_vector.bro b/testing/btest/bifs/record_type_to_vector.zeek similarity index 100% rename from testing/btest/bifs/record_type_to_vector.bro rename to testing/btest/bifs/record_type_to_vector.zeek diff --git a/testing/btest/bifs/records_fields.bro b/testing/btest/bifs/records_fields.zeek similarity index 100% rename from testing/btest/bifs/records_fields.bro rename to testing/btest/bifs/records_fields.zeek diff --git a/testing/btest/bifs/remask_addr.bro b/testing/btest/bifs/remask_addr.zeek similarity index 100% rename from testing/btest/bifs/remask_addr.bro rename to testing/btest/bifs/remask_addr.zeek diff --git a/testing/btest/bifs/resize.bro b/testing/btest/bifs/resize.zeek similarity index 100% rename from testing/btest/bifs/resize.bro rename to testing/btest/bifs/resize.zeek diff --git a/testing/btest/bifs/reverse.bro b/testing/btest/bifs/reverse.zeek similarity index 100% rename from testing/btest/bifs/reverse.bro rename to testing/btest/bifs/reverse.zeek diff --git a/testing/btest/bifs/rotate_file.bro b/testing/btest/bifs/rotate_file.zeek similarity index 100% rename from testing/btest/bifs/rotate_file.bro rename to testing/btest/bifs/rotate_file.zeek diff --git a/testing/btest/bifs/rotate_file_by_name.bro b/testing/btest/bifs/rotate_file_by_name.zeek similarity index 100% rename from testing/btest/bifs/rotate_file_by_name.bro rename to testing/btest/bifs/rotate_file_by_name.zeek diff --git a/testing/btest/bifs/rstrip.bro b/testing/btest/bifs/rstrip.zeek similarity index 100% rename from testing/btest/bifs/rstrip.bro rename to testing/btest/bifs/rstrip.zeek diff --git a/testing/btest/bifs/safe_shell_quote.bro b/testing/btest/bifs/safe_shell_quote.zeek similarity index 100% rename from testing/btest/bifs/safe_shell_quote.bro rename to testing/btest/bifs/safe_shell_quote.zeek diff --git a/testing/btest/bifs/same_object.bro b/testing/btest/bifs/same_object.zeek similarity index 100% rename from testing/btest/bifs/same_object.bro rename to testing/btest/bifs/same_object.zeek diff --git a/testing/btest/bifs/sort.bro b/testing/btest/bifs/sort.zeek similarity index 100% rename from testing/btest/bifs/sort.bro rename to testing/btest/bifs/sort.zeek diff --git a/testing/btest/bifs/sort_string_array.bro b/testing/btest/bifs/sort_string_array.zeek similarity index 100% rename from testing/btest/bifs/sort_string_array.bro rename to testing/btest/bifs/sort_string_array.zeek diff --git a/testing/btest/bifs/split.bro b/testing/btest/bifs/split.zeek similarity index 100% rename from testing/btest/bifs/split.bro rename to testing/btest/bifs/split.zeek diff --git a/testing/btest/bifs/split_string.bro b/testing/btest/bifs/split_string.zeek similarity index 100% rename from testing/btest/bifs/split_string.bro rename to testing/btest/bifs/split_string.zeek diff --git a/testing/btest/bifs/str_shell_escape.bro b/testing/btest/bifs/str_shell_escape.zeek similarity index 100% rename from testing/btest/bifs/str_shell_escape.bro rename to testing/btest/bifs/str_shell_escape.zeek diff --git a/testing/btest/bifs/strcmp.bro b/testing/btest/bifs/strcmp.zeek similarity index 100% rename from testing/btest/bifs/strcmp.bro rename to testing/btest/bifs/strcmp.zeek diff --git a/testing/btest/bifs/strftime.bro b/testing/btest/bifs/strftime.zeek similarity index 100% rename from testing/btest/bifs/strftime.bro rename to testing/btest/bifs/strftime.zeek diff --git a/testing/btest/bifs/string_fill.bro b/testing/btest/bifs/string_fill.zeek similarity index 100% rename from testing/btest/bifs/string_fill.bro rename to testing/btest/bifs/string_fill.zeek diff --git a/testing/btest/bifs/string_to_pattern.bro b/testing/btest/bifs/string_to_pattern.zeek similarity index 100% rename from testing/btest/bifs/string_to_pattern.bro rename to testing/btest/bifs/string_to_pattern.zeek diff --git a/testing/btest/bifs/strip.bro b/testing/btest/bifs/strip.zeek similarity index 100% rename from testing/btest/bifs/strip.bro rename to testing/btest/bifs/strip.zeek diff --git a/testing/btest/bifs/strptime.bro b/testing/btest/bifs/strptime.zeek similarity index 100% rename from testing/btest/bifs/strptime.bro rename to testing/btest/bifs/strptime.zeek diff --git a/testing/btest/bifs/strstr.bro b/testing/btest/bifs/strstr.zeek similarity index 100% rename from testing/btest/bifs/strstr.bro rename to testing/btest/bifs/strstr.zeek diff --git a/testing/btest/bifs/sub.bro b/testing/btest/bifs/sub.zeek similarity index 100% rename from testing/btest/bifs/sub.bro rename to testing/btest/bifs/sub.zeek diff --git a/testing/btest/bifs/subnet_to_addr.bro b/testing/btest/bifs/subnet_to_addr.zeek similarity index 100% rename from testing/btest/bifs/subnet_to_addr.bro rename to testing/btest/bifs/subnet_to_addr.zeek diff --git a/testing/btest/bifs/subnet_version.bro b/testing/btest/bifs/subnet_version.zeek similarity index 100% rename from testing/btest/bifs/subnet_version.bro rename to testing/btest/bifs/subnet_version.zeek diff --git a/testing/btest/bifs/subst_string.bro b/testing/btest/bifs/subst_string.zeek similarity index 100% rename from testing/btest/bifs/subst_string.bro rename to testing/btest/bifs/subst_string.zeek diff --git a/testing/btest/bifs/system.bro b/testing/btest/bifs/system.zeek similarity index 100% rename from testing/btest/bifs/system.bro rename to testing/btest/bifs/system.zeek diff --git a/testing/btest/bifs/system_env.bro b/testing/btest/bifs/system_env.zeek similarity index 100% rename from testing/btest/bifs/system_env.bro rename to testing/btest/bifs/system_env.zeek diff --git a/testing/btest/bifs/to_addr.bro b/testing/btest/bifs/to_addr.zeek similarity index 100% rename from testing/btest/bifs/to_addr.bro rename to testing/btest/bifs/to_addr.zeek diff --git a/testing/btest/bifs/to_count.bro b/testing/btest/bifs/to_count.zeek similarity index 100% rename from testing/btest/bifs/to_count.bro rename to testing/btest/bifs/to_count.zeek diff --git a/testing/btest/bifs/to_double.bro b/testing/btest/bifs/to_double.zeek similarity index 100% rename from testing/btest/bifs/to_double.bro rename to testing/btest/bifs/to_double.zeek diff --git a/testing/btest/bifs/to_double_from_string.bro b/testing/btest/bifs/to_double_from_string.zeek similarity index 100% rename from testing/btest/bifs/to_double_from_string.bro rename to testing/btest/bifs/to_double_from_string.zeek diff --git a/testing/btest/bifs/to_int.bro b/testing/btest/bifs/to_int.zeek similarity index 100% rename from testing/btest/bifs/to_int.bro rename to testing/btest/bifs/to_int.zeek diff --git a/testing/btest/bifs/to_interval.bro b/testing/btest/bifs/to_interval.zeek similarity index 100% rename from testing/btest/bifs/to_interval.bro rename to testing/btest/bifs/to_interval.zeek diff --git a/testing/btest/bifs/to_port.bro b/testing/btest/bifs/to_port.zeek similarity index 100% rename from testing/btest/bifs/to_port.bro rename to testing/btest/bifs/to_port.zeek diff --git a/testing/btest/bifs/to_subnet.bro b/testing/btest/bifs/to_subnet.zeek similarity index 100% rename from testing/btest/bifs/to_subnet.bro rename to testing/btest/bifs/to_subnet.zeek diff --git a/testing/btest/bifs/to_time.bro b/testing/btest/bifs/to_time.zeek similarity index 100% rename from testing/btest/bifs/to_time.bro rename to testing/btest/bifs/to_time.zeek diff --git a/testing/btest/bifs/topk.bro b/testing/btest/bifs/topk.zeek similarity index 100% rename from testing/btest/bifs/topk.bro rename to testing/btest/bifs/topk.zeek diff --git a/testing/btest/bifs/type_name.bro b/testing/btest/bifs/type_name.zeek similarity index 100% rename from testing/btest/bifs/type_name.bro rename to testing/btest/bifs/type_name.zeek diff --git a/testing/btest/bifs/unique_id-pools.bro b/testing/btest/bifs/unique_id-pools.zeek similarity index 87% rename from testing/btest/bifs/unique_id-pools.bro rename to testing/btest/bifs/unique_id-pools.zeek index abdc4b22ba..ba31485dc3 100644 --- a/testing/btest/bifs/unique_id-pools.bro +++ b/testing/btest/bifs/unique_id-pools.zeek @@ -3,7 +3,7 @@ # @TEST-EXEC: bro order_base | sort >out.2 # @TEST-EXEC: cmp out.1 out.2 -@TEST-START-FILE order_rand.bro +@TEST-START-FILE order_rand.zeek print unique_id("A-"); print unique_id_from(5, "E-"); @@ -14,7 +14,7 @@ print unique_id_from(5, "F-"); @TEST-END-FILE -@TEST-START-FILE order_base.bro +@TEST-START-FILE order_base.zeek print unique_id("A-"); print unique_id("B-"); diff --git a/testing/btest/bifs/unique_id-rnd.bro b/testing/btest/bifs/unique_id-rnd.zeek similarity index 100% rename from testing/btest/bifs/unique_id-rnd.bro rename to testing/btest/bifs/unique_id-rnd.zeek diff --git a/testing/btest/bifs/unique_id.bro b/testing/btest/bifs/unique_id.zeek similarity index 100% rename from testing/btest/bifs/unique_id.bro rename to testing/btest/bifs/unique_id.zeek diff --git a/testing/btest/bifs/uuid_to_string.bro b/testing/btest/bifs/uuid_to_string.zeek similarity index 100% rename from testing/btest/bifs/uuid_to_string.bro rename to testing/btest/bifs/uuid_to_string.zeek diff --git a/testing/btest/bifs/val_size.bro b/testing/btest/bifs/val_size.zeek similarity index 100% rename from testing/btest/bifs/val_size.bro rename to testing/btest/bifs/val_size.zeek diff --git a/testing/btest/bifs/x509_verify.bro b/testing/btest/bifs/x509_verify.zeek similarity index 100% rename from testing/btest/bifs/x509_verify.bro rename to testing/btest/bifs/x509_verify.zeek diff --git a/testing/btest/broker/connect-on-retry.bro b/testing/btest/broker/connect-on-retry.zeek similarity index 91% rename from testing/btest/broker/connect-on-retry.bro rename to testing/btest/broker/connect-on-retry.zeek index 56e479b7ea..56df29cab1 100644 --- a/testing/btest/broker/connect-on-retry.bro +++ b/testing/btest/broker/connect-on-retry.zeek @@ -1,13 +1,13 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.bro >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.bro >send.out" +# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out # @TEST-EXEC: btest-diff send/send.out -@TEST-START-FILE send.bro +@TEST-START-FILE send.zeek # Using btest's environment settings for connect/listen retry of 1sec. redef exit_only_after_terminate = T; @@ -49,7 +49,7 @@ event pong(msg: string, n: count) @TEST-END-FILE -@TEST-START-FILE recv.bro +@TEST-START-FILE recv.zeek redef exit_only_after_terminate = T; diff --git a/testing/btest/broker/disconnect.bro b/testing/btest/broker/disconnect.zeek similarity index 82% rename from testing/btest/broker/disconnect.bro rename to testing/btest/broker/disconnect.zeek index 08d80f0441..10a3fbfa69 100644 --- a/testing/btest/broker/disconnect.bro +++ b/testing/btest/broker/disconnect.zeek @@ -1,18 +1,18 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.bro >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.bro >send.out" +# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" # @TEST-EXEC: $SCRIPTS/wait-for-pid $(cat recv/.pid) 45 || (btest-bg-wait -k 1 && false) -# @TEST-EXEC: btest-bg-run recv2 "bro -B broker -b ../recv.bro >recv2.out" +# @TEST-EXEC: btest-bg-run recv2 "bro -B broker -b ../recv.zeek >recv2.out" # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff send/send.out # @TEST-EXEC: btest-diff recv/recv.out # @TEST-EXEC: btest-diff recv2/recv2.out -@TEST-START-FILE send.bro +@TEST-START-FILE send.zeek redef exit_only_after_terminate = T; @@ -48,7 +48,7 @@ event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string) @TEST-END-FILE -@TEST-START-FILE recv.bro +@TEST-START-FILE recv.zeek redef exit_only_after_terminate = T; diff --git a/testing/btest/broker/error.bro b/testing/btest/broker/error.zeek similarity index 88% rename from testing/btest/broker/error.bro rename to testing/btest/broker/error.zeek index aa413ea2ac..a3feac10fb 100644 --- a/testing/btest/broker/error.bro +++ b/testing/btest/broker/error.zeek @@ -1,8 +1,8 @@ -# @TEST-EXEC: bro -B main-loop,broker -b send.bro >send.out +# @TEST-EXEC: bro -B main-loop,broker -b send.zeek >send.out # @TEST-EXEC: btest-diff send.out # -@TEST-START-FILE send.bro +@TEST-START-FILE send.zeek redef exit_only_after_terminate = T; diff --git a/testing/btest/broker/remote_event.bro b/testing/btest/broker/remote_event.zeek similarity index 92% rename from testing/btest/broker/remote_event.bro rename to testing/btest/broker/remote_event.zeek index a9e22ec25f..7a4ffec627 100644 --- a/testing/btest/broker/remote_event.bro +++ b/testing/btest/broker/remote_event.zeek @@ -1,13 +1,13 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.bro >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.bro >send.out" +# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out # @TEST-EXEC: btest-diff send/send.out -@TEST-START-FILE send.bro +@TEST-START-FILE send.zeek redef exit_only_after_terminate = T; @@ -53,7 +53,7 @@ event pong(msg: string, n: count) @TEST-END-FILE -@TEST-START-FILE recv.bro +@TEST-START-FILE recv.zeek redef exit_only_after_terminate = T; diff --git a/testing/btest/broker/remote_event_any.bro b/testing/btest/broker/remote_event_any.zeek similarity index 92% rename from testing/btest/broker/remote_event_any.bro rename to testing/btest/broker/remote_event_any.zeek index b45e5017ef..f0bb5713ca 100644 --- a/testing/btest/broker/remote_event_any.bro +++ b/testing/btest/broker/remote_event_any.zeek @@ -1,13 +1,13 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.bro >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.bro >send.out" +# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out # @TEST-EXEC: btest-diff send/send.out -@TEST-START-FILE send.bro +@TEST-START-FILE send.zeek redef exit_only_after_terminate = T; @@ -56,7 +56,7 @@ event pong(msg: string, n: any) @TEST-END-FILE -@TEST-START-FILE recv.bro +@TEST-START-FILE recv.zeek redef exit_only_after_terminate = T; diff --git a/testing/btest/broker/remote_event_auto.bro b/testing/btest/broker/remote_event_auto.zeek similarity index 92% rename from testing/btest/broker/remote_event_auto.bro rename to testing/btest/broker/remote_event_auto.zeek index 04570b9e6d..9917be84f8 100644 --- a/testing/btest/broker/remote_event_auto.bro +++ b/testing/btest/broker/remote_event_auto.zeek @@ -1,13 +1,13 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b ../send.bro >send.out" +# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "bro -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out # @TEST-EXEC: btest-diff send/send.out -@TEST-START-FILE send.bro +@TEST-START-FILE send.zeek redef exit_only_after_terminate = T; @@ -48,7 +48,7 @@ event pong(msg: string, n: count) @TEST-END-FILE -@TEST-START-FILE recv.bro +@TEST-START-FILE recv.zeek redef exit_only_after_terminate = T; diff --git a/testing/btest/broker/remote_event_ssl_auth.bro b/testing/btest/broker/remote_event_ssl_auth.zeek similarity index 98% rename from testing/btest/broker/remote_event_ssl_auth.bro rename to testing/btest/broker/remote_event_ssl_auth.zeek index 2422638416..d6c3d779ac 100644 --- a/testing/btest/broker/remote_event_ssl_auth.bro +++ b/testing/btest/broker/remote_event_ssl_auth.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.bro >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.bro >send.out" +# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out @@ -162,7 +162,7 @@ vq+Zqu15QV9T4BVWKHv0 -----END CERTIFICATE----- @TEST-END-FILE -@TEST-START-FILE send.bro +@TEST-START-FILE send.zeek redef exit_only_after_terminate = T; @@ -210,7 +210,7 @@ event pong(msg: string, n: count) @TEST-END-FILE -@TEST-START-FILE recv.bro +@TEST-START-FILE recv.zeek redef exit_only_after_terminate = T; diff --git a/testing/btest/broker/remote_event_vector_any.bro b/testing/btest/broker/remote_event_vector_any.zeek similarity index 88% rename from testing/btest/broker/remote_event_vector_any.bro rename to testing/btest/broker/remote_event_vector_any.zeek index 6f03d97c56..e0e3c9f879 100644 --- a/testing/btest/broker/remote_event_vector_any.bro +++ b/testing/btest/broker/remote_event_vector_any.zeek @@ -1,12 +1,12 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.bro >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.bro >send.out" +# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out -@TEST-START-FILE send.bro +@TEST-START-FILE send.zeek redef exit_only_after_terminate = T; @@ -41,7 +41,7 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string) @TEST-END-FILE -@TEST-START-FILE recv.bro +@TEST-START-FILE recv.zeek redef exit_only_after_terminate = T; diff --git a/testing/btest/broker/remote_id.bro b/testing/btest/broker/remote_id.zeek similarity index 83% rename from testing/btest/broker/remote_id.bro rename to testing/btest/broker/remote_id.zeek index 62cddb9f25..52fc304364 100644 --- a/testing/btest/broker/remote_id.bro +++ b/testing/btest/broker/remote_id.zeek @@ -1,12 +1,12 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.bro >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.bro test_var=newval >send.out" +# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek test_var=newval >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out -@TEST-START-FILE send.bro +@TEST-START-FILE send.zeek const test_var = "init" &redef; @@ -29,7 +29,7 @@ event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string) @TEST-END-FILE -@TEST-START-FILE recv.bro +@TEST-START-FILE recv.zeek const test_var = "init" &redef; diff --git a/testing/btest/broker/remote_log.bro b/testing/btest/broker/remote_log.zeek similarity index 83% rename from testing/btest/broker/remote_log.bro rename to testing/btest/broker/remote_log.zeek index dae89d42b2..2274555cc7 100644 --- a/testing/btest/broker/remote_log.bro +++ b/testing/btest/broker/remote_log.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.bro >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.bro >send.out" +# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out @@ -9,7 +9,7 @@ # @TEST-EXEC: btest-diff send/send.out # @TEST-EXEC: btest-diff send/test.log -@TEST-START-FILE common.bro +@TEST-START-FILE common.zeek redef exit_only_after_terminate = T; @@ -37,10 +37,10 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string) @TEST-END-FILE -@TEST-START-FILE recv.bro +@TEST-START-FILE recv.zeek -@load ./common.bro +@load ./common event bro_init() { @@ -55,11 +55,11 @@ event Broker::peer_removed(endpoint: Broker::EndpointInfo, msg: string) @TEST-END-FILE -@TEST-START-FILE send.bro +@TEST-START-FILE send.zeek -@load ./common.bro +@load ./common event bro_init() { diff --git a/testing/btest/broker/remote_log_late_join.bro b/testing/btest/broker/remote_log_late_join.zeek similarity index 85% rename from testing/btest/broker/remote_log_late_join.bro rename to testing/btest/broker/remote_log_late_join.zeek index aea7846996..3b3666b98b 100644 --- a/testing/btest/broker/remote_log_late_join.bro +++ b/testing/btest/broker/remote_log_late_join.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b ../send.bro >send.out" +# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "bro -b ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out @@ -9,7 +9,7 @@ # @TEST-EXEC: btest-diff send/send.out # @TEST-EXEC: btest-diff send/test.log -@TEST-START-FILE common.bro +@TEST-START-FILE common.zeek redef exit_only_after_terminate = T; @@ -37,10 +37,10 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string) @TEST-END-FILE -@TEST-START-FILE recv.bro +@TEST-START-FILE recv.zeek -@load ./common.bro +@load ./common event bro_init() { @@ -55,11 +55,11 @@ event Broker::peer_removed(endpoint: Broker::EndpointInfo, msg: string) @TEST-END-FILE -@TEST-START-FILE send.bro +@TEST-START-FILE send.zeek -@load ./common.bro +@load ./common event doconnect() { diff --git a/testing/btest/broker/remote_log_types.bro b/testing/btest/broker/remote_log_types.zeek similarity index 90% rename from testing/btest/broker/remote_log_types.bro rename to testing/btest/broker/remote_log_types.zeek index 8bbc66eaa2..2d7f56da92 100644 --- a/testing/btest/broker/remote_log_types.bro +++ b/testing/btest/broker/remote_log_types.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b ../send.bro >send.out" +# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "bro -b ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out @@ -12,7 +12,7 @@ # @TEST-EXEC: cat recv/test.log | grep -v '#close' | grep -v '#open' >recv/test.log.filtered # @TEST-EXEC: diff -u send/test.log.filtered recv/test.log.filtered -@TEST-START-FILE common.bro +@TEST-START-FILE common.zeek redef exit_only_after_terminate = T; @@ -54,9 +54,9 @@ event bro_init() &priority=5 @TEST-END-FILE -@TEST-START-FILE recv.bro +@TEST-START-FILE recv.zeek -@load ./common.bro +@load ./common event bro_init() { @@ -71,11 +71,11 @@ event quit_receiver() @TEST-END-FILE -@TEST-START-FILE send.bro +@TEST-START-FILE send.zeek -@load ./common.bro +@load ./common event bro_init() { diff --git a/testing/btest/broker/ssl_auth_failure.bro b/testing/btest/broker/ssl_auth_failure.zeek similarity index 96% rename from testing/btest/broker/ssl_auth_failure.bro rename to testing/btest/broker/ssl_auth_failure.zeek index bc90d86298..41c79236d4 100644 --- a/testing/btest/broker/ssl_auth_failure.bro +++ b/testing/btest/broker/ssl_auth_failure.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.bro >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.bro >send.out" +# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out @@ -86,7 +86,7 @@ BTdqMbieumB/zL97iK5baHUFEJ4VRtLQhh/SOXgew/BF8ccpilI= -----END RSA PRIVATE KEY----- @TEST-END-FILE -@TEST-START-FILE send.bro +@TEST-START-FILE send.zeek redef exit_only_after_terminate = T; @@ -130,7 +130,7 @@ event Broker::error(code: Broker::ErrorCode, msg: string) @TEST-END-FILE -@TEST-START-FILE recv.bro +@TEST-START-FILE recv.zeek redef exit_only_after_terminate = T; diff --git a/testing/btest/broker/store/clone.bro b/testing/btest/broker/store/clone.zeek similarity index 96% rename from testing/btest/broker/store/clone.bro rename to testing/btest/broker/store/clone.zeek index 5620303410..25021a226f 100644 --- a/testing/btest/broker/store/clone.bro +++ b/testing/btest/broker/store/clone.zeek @@ -1,13 +1,13 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run clone "bro -B broker -b ../clone-main.bro >clone.out" -# @TEST-EXEC: btest-bg-run master "bro -B broker -b ../master-main.bro >master.out" +# @TEST-EXEC: btest-bg-run clone "bro -B broker -b ../clone-main.zeek >clone.out" +# @TEST-EXEC: btest-bg-run master "bro -B broker -b ../master-main.zeek >master.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff clone/clone.out # @TEST-EXEC: btest-diff master/master.out -@TEST-START-FILE master-main.bro +@TEST-START-FILE master-main.zeek redef exit_only_after_terminate = T; global query_timeout = 1sec; @@ -75,7 +75,7 @@ event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string) @TEST-END-FILE -@TEST-START-FILE clone-main.bro +@TEST-START-FILE clone-main.zeek redef exit_only_after_terminate = T; diff --git a/testing/btest/broker/store/local.bro b/testing/btest/broker/store/local.zeek similarity index 100% rename from testing/btest/broker/store/local.bro rename to testing/btest/broker/store/local.zeek diff --git a/testing/btest/broker/store/ops.bro b/testing/btest/broker/store/ops.zeek similarity index 100% rename from testing/btest/broker/store/ops.bro rename to testing/btest/broker/store/ops.zeek diff --git a/testing/btest/broker/store/record.bro b/testing/btest/broker/store/record.zeek similarity index 100% rename from testing/btest/broker/store/record.bro rename to testing/btest/broker/store/record.zeek diff --git a/testing/btest/broker/store/set.bro b/testing/btest/broker/store/set.zeek similarity index 100% rename from testing/btest/broker/store/set.bro rename to testing/btest/broker/store/set.zeek diff --git a/testing/btest/broker/store/sqlite.bro b/testing/btest/broker/store/sqlite.zeek similarity index 100% rename from testing/btest/broker/store/sqlite.bro rename to testing/btest/broker/store/sqlite.zeek diff --git a/testing/btest/broker/store/table.bro b/testing/btest/broker/store/table.zeek similarity index 100% rename from testing/btest/broker/store/table.bro rename to testing/btest/broker/store/table.zeek diff --git a/testing/btest/broker/store/type-conversion.bro b/testing/btest/broker/store/type-conversion.zeek similarity index 100% rename from testing/btest/broker/store/type-conversion.bro rename to testing/btest/broker/store/type-conversion.zeek diff --git a/testing/btest/broker/store/vector.bro b/testing/btest/broker/store/vector.zeek similarity index 100% rename from testing/btest/broker/store/vector.bro rename to testing/btest/broker/store/vector.zeek diff --git a/testing/btest/broker/unpeer.bro b/testing/btest/broker/unpeer.zeek similarity index 89% rename from testing/btest/broker/unpeer.bro rename to testing/btest/broker/unpeer.zeek index b591815955..57bdf0301f 100644 --- a/testing/btest/broker/unpeer.bro +++ b/testing/btest/broker/unpeer.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b ../send.bro >send.out" +# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "bro -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out @@ -12,7 +12,7 @@ # @TEST-EXEC: btest-diff recv/broker.filtered.log # @TEST-EXEC: btest-diff send/broker.filtered.log -@TEST-START-FILE send.bro +@TEST-START-FILE send.zeek redef exit_only_after_terminate = T; @@ -51,7 +51,7 @@ event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string) @TEST-END-FILE -@TEST-START-FILE recv.bro +@TEST-START-FILE recv.zeek redef exit_only_after_terminate = T; diff --git a/testing/btest/core/bits_per_uid.bro b/testing/btest/core/bits_per_uid.zeek similarity index 100% rename from testing/btest/core/bits_per_uid.bro rename to testing/btest/core/bits_per_uid.zeek diff --git a/testing/btest/core/cisco-fabric-path.bro b/testing/btest/core/cisco-fabric-path.zeek similarity index 100% rename from testing/btest/core/cisco-fabric-path.bro rename to testing/btest/core/cisco-fabric-path.zeek diff --git a/testing/btest/core/conn-size-threshold.bro b/testing/btest/core/conn-size-threshold.zeek similarity index 100% rename from testing/btest/core/conn-size-threshold.bro rename to testing/btest/core/conn-size-threshold.zeek diff --git a/testing/btest/core/conn-uid.bro b/testing/btest/core/conn-uid.zeek similarity index 100% rename from testing/btest/core/conn-uid.bro rename to testing/btest/core/conn-uid.zeek diff --git a/testing/btest/core/connection_flip_roles.bro b/testing/btest/core/connection_flip_roles.zeek similarity index 100% rename from testing/btest/core/connection_flip_roles.bro rename to testing/btest/core/connection_flip_roles.zeek diff --git a/testing/btest/core/discarder.bro b/testing/btest/core/discarder.zeek similarity index 88% rename from testing/btest/core/discarder.bro rename to testing/btest/core/discarder.zeek index 9e8f5e7a2f..71b78373e9 100644 --- a/testing/btest/core/discarder.bro +++ b/testing/btest/core/discarder.zeek @@ -1,10 +1,10 @@ -# @TEST-EXEC: bro -b -C -r $TRACES/wikipedia.trace discarder-ip.bro >output -# @TEST-EXEC: bro -b -C -r $TRACES/wikipedia.trace discarder-tcp.bro >>output -# @TEST-EXEC: bro -b -C -r $TRACES/wikipedia.trace discarder-udp.bro >>output -# @TEST-EXEC: bro -b -C -r $TRACES/icmp/icmp-destunreach-udp.pcap discarder-icmp.bro >>output +# @TEST-EXEC: bro -b -C -r $TRACES/wikipedia.trace discarder-ip.zeek >output +# @TEST-EXEC: bro -b -C -r $TRACES/wikipedia.trace discarder-tcp.zeek >>output +# @TEST-EXEC: bro -b -C -r $TRACES/wikipedia.trace discarder-udp.zeek >>output +# @TEST-EXEC: bro -b -C -r $TRACES/icmp/icmp-destunreach-udp.pcap discarder-icmp.zeek >>output # @TEST-EXEC: btest-diff output -@TEST-START-FILE discarder-ip.bro +@TEST-START-FILE discarder-ip.zeek event bro_init() { @@ -26,7 +26,7 @@ event new_packet(c: connection, p: pkt_hdr) @TEST-END-FILE -@TEST-START-FILE discarder-tcp.bro +@TEST-START-FILE discarder-tcp.zeek event bro_init() { @@ -48,7 +48,7 @@ event new_packet(c: connection, p: pkt_hdr) @TEST-END-FILE -@TEST-START-FILE discarder-udp.bro +@TEST-START-FILE discarder-udp.zeek event bro_init() { @@ -70,7 +70,7 @@ event new_packet(c: connection, p: pkt_hdr) @TEST-END-FILE -@TEST-START-FILE discarder-icmp.bro +@TEST-START-FILE discarder-icmp.zeek event bro_init() { diff --git a/testing/btest/core/div-by-zero.bro b/testing/btest/core/div-by-zero.zeek similarity index 100% rename from testing/btest/core/div-by-zero.bro rename to testing/btest/core/div-by-zero.zeek diff --git a/testing/btest/core/dns-init.bro b/testing/btest/core/dns-init.zeek similarity index 100% rename from testing/btest/core/dns-init.bro rename to testing/btest/core/dns-init.zeek diff --git a/testing/btest/core/embedded-null.bro b/testing/btest/core/embedded-null.zeek similarity index 100% rename from testing/btest/core/embedded-null.bro rename to testing/btest/core/embedded-null.zeek diff --git a/testing/btest/core/enum-redef-exists.bro b/testing/btest/core/enum-redef-exists.zeek similarity index 100% rename from testing/btest/core/enum-redef-exists.bro rename to testing/btest/core/enum-redef-exists.zeek diff --git a/testing/btest/core/erspan.bro b/testing/btest/core/erspan.zeek similarity index 100% rename from testing/btest/core/erspan.bro rename to testing/btest/core/erspan.zeek diff --git a/testing/btest/core/erspanII.bro b/testing/btest/core/erspanII.zeek similarity index 100% rename from testing/btest/core/erspanII.bro rename to testing/btest/core/erspanII.zeek diff --git a/testing/btest/core/erspanIII.bro b/testing/btest/core/erspanIII.zeek similarity index 100% rename from testing/btest/core/erspanIII.bro rename to testing/btest/core/erspanIII.zeek diff --git a/testing/btest/core/ether-addrs.bro b/testing/btest/core/ether-addrs.zeek similarity index 100% rename from testing/btest/core/ether-addrs.bro rename to testing/btest/core/ether-addrs.zeek diff --git a/testing/btest/core/event-arg-reuse.bro b/testing/btest/core/event-arg-reuse.zeek similarity index 100% rename from testing/btest/core/event-arg-reuse.bro rename to testing/btest/core/event-arg-reuse.zeek diff --git a/testing/btest/core/expr-exception.bro b/testing/btest/core/expr-exception.zeek similarity index 100% rename from testing/btest/core/expr-exception.bro rename to testing/btest/core/expr-exception.zeek diff --git a/testing/btest/core/fake_dns.bro b/testing/btest/core/fake_dns.zeek similarity index 100% rename from testing/btest/core/fake_dns.bro rename to testing/btest/core/fake_dns.zeek diff --git a/testing/btest/core/global_opaque_val.bro b/testing/btest/core/global_opaque_val.zeek similarity index 100% rename from testing/btest/core/global_opaque_val.bro rename to testing/btest/core/global_opaque_val.zeek diff --git a/testing/btest/core/history-flip.bro b/testing/btest/core/history-flip.zeek similarity index 100% rename from testing/btest/core/history-flip.bro rename to testing/btest/core/history-flip.zeek diff --git a/testing/btest/core/icmp/icmp_sent.bro b/testing/btest/core/icmp/icmp_sent.zeek similarity index 100% rename from testing/btest/core/icmp/icmp_sent.bro rename to testing/btest/core/icmp/icmp_sent.zeek diff --git a/testing/btest/core/init-error.bro b/testing/btest/core/init-error.zeek similarity index 100% rename from testing/btest/core/init-error.bro rename to testing/btest/core/init-error.zeek diff --git a/testing/btest/core/ip-broken-header.bro b/testing/btest/core/ip-broken-header.zeek similarity index 100% rename from testing/btest/core/ip-broken-header.bro rename to testing/btest/core/ip-broken-header.zeek diff --git a/testing/btest/core/leaks/basic-cluster.bro b/testing/btest/core/leaks/basic-cluster.zeek similarity index 98% rename from testing/btest/core/leaks/basic-cluster.bro rename to testing/btest/core/leaks/basic-cluster.zeek index fa73fb9a96..7e08756bb7 100644 --- a/testing/btest/core/leaks/basic-cluster.bro +++ b/testing/btest/core/leaks/basic-cluster.zeek @@ -12,7 +12,7 @@ # @TEST-EXEC: btest-bg-run worker-2 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro -m %INPUT # @TEST-EXEC: btest-bg-wait 60 -@TEST-START-FILE cluster-layout.bro +@TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], ["worker-1"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1", $interface="eth0"], diff --git a/testing/btest/core/leaks/bloomfilter.bro b/testing/btest/core/leaks/bloomfilter.zeek similarity index 100% rename from testing/btest/core/leaks/bloomfilter.bro rename to testing/btest/core/leaks/bloomfilter.zeek diff --git a/testing/btest/core/leaks/broker/clone_store.bro b/testing/btest/core/leaks/broker/clone_store.zeek similarity index 93% rename from testing/btest/core/leaks/broker/clone_store.bro rename to testing/btest/core/leaks/broker/clone_store.zeek index 68235c7bab..9dc9b6072c 100644 --- a/testing/btest/core/leaks/broker/clone_store.bro +++ b/testing/btest/core/leaks/broker/clone_store.zeek @@ -2,13 +2,13 @@ # @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks # @TEST-GROUP: leaks -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run clone "bro -m -b ../clone.bro >clone.out" -# @TEST-EXEC: btest-bg-run master "bro -b ../master.bro >master.out" +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run clone "bro -m -b ../clone.zeek >clone.out" +# @TEST-EXEC: btest-bg-run master "bro -b ../master.zeek >master.out" # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff clone/clone.out -@TEST-START-FILE master.bro +@TEST-START-FILE master.zeek redef exit_only_after_terminate = T; global query_timeout = 1sec; @@ -76,7 +76,7 @@ event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string) @TEST-END-FILE -@TEST-START-FILE clone.bro +@TEST-START-FILE clone.zeek redef exit_only_after_terminate = T; diff --git a/testing/btest/core/leaks/broker/data.bro b/testing/btest/core/leaks/broker/data.zeek similarity index 100% rename from testing/btest/core/leaks/broker/data.bro rename to testing/btest/core/leaks/broker/data.zeek diff --git a/testing/btest/core/leaks/broker/master_store.bro b/testing/btest/core/leaks/broker/master_store.zeek similarity index 100% rename from testing/btest/core/leaks/broker/master_store.bro rename to testing/btest/core/leaks/broker/master_store.zeek diff --git a/testing/btest/core/leaks/broker/remote_event.test b/testing/btest/core/leaks/broker/remote_event.test index 5000bd98d7..972f8cbf93 100644 --- a/testing/btest/core/leaks/broker/remote_event.test +++ b/testing/btest/core/leaks/broker/remote_event.test @@ -2,14 +2,14 @@ # @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks # @TEST-GROUP: leaks -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run recv "bro -m -b ../recv.bro >recv.out" -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run send "bro -m -b ../send.bro >send.out" +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run recv "bro -m -b ../recv.zeek >recv.out" +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run send "bro -m -b ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out # @TEST-EXEC: btest-diff send/send.out -@TEST-START-FILE recv.bro +@TEST-START-FILE recv.zeek redef exit_only_after_terminate = T; @@ -43,7 +43,7 @@ event event_handler(msg: string, n: count) @TEST-END-FILE -@TEST-START-FILE send.bro +@TEST-START-FILE send.zeek redef exit_only_after_terminate = T; diff --git a/testing/btest/core/leaks/broker/remote_log.test b/testing/btest/core/leaks/broker/remote_log.test index 12abc1a313..5f41ba9682 100644 --- a/testing/btest/core/leaks/broker/remote_log.test +++ b/testing/btest/core/leaks/broker/remote_log.test @@ -2,8 +2,8 @@ # @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks # @TEST-GROUP: leaks -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run recv "bro -m -b ../recv.bro >recv.out" -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run send "bro -m -b ../send.bro >send.out" +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run recv "bro -m -b ../recv.zeek >recv.out" +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run send "bro -m -b ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out @@ -11,7 +11,7 @@ # @TEST-EXEC: btest-diff send/send.out # @TEST-EXEC: btest-diff send/test.log -@TEST-START-FILE common.bro +@TEST-START-FILE common.zeek redef exit_only_after_terminate = T; @@ -39,9 +39,9 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string) @TEST-END-FILE -@TEST-START-FILE recv.bro +@TEST-START-FILE recv.zeek -@load ./common.bro +@load ./common event bro_init() { @@ -56,9 +56,9 @@ event Broker::peer_removed(endpoint: Broker::EndpointInfo, msg: string) @TEST-END-FILE -@TEST-START-FILE send.bro +@TEST-START-FILE send.zeek -@load ./common.bro +@load ./common event bro_init() { diff --git a/testing/btest/core/leaks/dns-nsec3.bro b/testing/btest/core/leaks/dns-nsec3.zeek similarity index 100% rename from testing/btest/core/leaks/dns-nsec3.bro rename to testing/btest/core/leaks/dns-nsec3.zeek diff --git a/testing/btest/core/leaks/dns-txt.bro b/testing/btest/core/leaks/dns-txt.zeek similarity index 100% rename from testing/btest/core/leaks/dns-txt.bro rename to testing/btest/core/leaks/dns-txt.zeek diff --git a/testing/btest/core/leaks/dns.bro b/testing/btest/core/leaks/dns.zeek similarity index 100% rename from testing/btest/core/leaks/dns.bro rename to testing/btest/core/leaks/dns.zeek diff --git a/testing/btest/core/leaks/dtls.bro b/testing/btest/core/leaks/dtls.zeek similarity index 100% rename from testing/btest/core/leaks/dtls.bro rename to testing/btest/core/leaks/dtls.zeek diff --git a/testing/btest/core/leaks/exec.test b/testing/btest/core/leaks/exec.test index 4cc8240012..a859c4d4c3 100644 --- a/testing/btest/core/leaks/exec.test +++ b/testing/btest/core/leaks/exec.test @@ -4,10 +4,10 @@ # # @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b ../exectest.bro +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b ../exectest.zeek # @TEST-EXEC: btest-bg-wait 60 -@TEST-START-FILE exectest.bro +@TEST-START-FILE exectest.zeek @load base/utils/exec redef exit_only_after_terminate = T; diff --git a/testing/btest/core/leaks/file-analysis-http-get.bro b/testing/btest/core/leaks/file-analysis-http-get.zeek similarity index 95% rename from testing/btest/core/leaks/file-analysis-http-get.bro rename to testing/btest/core/leaks/file-analysis-http-get.zeek index 29aa6535a3..960a510137 100644 --- a/testing/btest/core/leaks/file-analysis-http-get.bro +++ b/testing/btest/core/leaks/file-analysis-http-get.zeek @@ -4,7 +4,7 @@ # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.bro %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT # @TEST-EXEC: btest-bg-wait 60 redef test_file_analysis_source = "HTTP"; diff --git a/testing/btest/core/leaks/hll_cluster.bro b/testing/btest/core/leaks/hll_cluster.zeek similarity index 98% rename from testing/btest/core/leaks/hll_cluster.bro rename to testing/btest/core/leaks/hll_cluster.zeek index e565778fbc..613e458985 100644 --- a/testing/btest/core/leaks/hll_cluster.bro +++ b/testing/btest/core/leaks/hll_cluster.zeek @@ -17,7 +17,7 @@ # @TEST-EXEC: btest-diff worker-1/.stdout # @TEST-EXEC: btest-diff worker-2/.stdout -@TEST-START-FILE cluster-layout.bro +@TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], ["worker-1"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1"], diff --git a/testing/btest/core/leaks/hook.bro b/testing/btest/core/leaks/hook.zeek similarity index 100% rename from testing/btest/core/leaks/hook.bro rename to testing/btest/core/leaks/hook.zeek diff --git a/testing/btest/core/leaks/http-connect.bro b/testing/btest/core/leaks/http-connect.zeek similarity index 100% rename from testing/btest/core/leaks/http-connect.bro rename to testing/btest/core/leaks/http-connect.zeek diff --git a/testing/btest/core/leaks/input-basic.bro b/testing/btest/core/leaks/input-basic.zeek similarity index 100% rename from testing/btest/core/leaks/input-basic.bro rename to testing/btest/core/leaks/input-basic.zeek diff --git a/testing/btest/core/leaks/input-errors.bro b/testing/btest/core/leaks/input-errors.zeek similarity index 100% rename from testing/btest/core/leaks/input-errors.bro rename to testing/btest/core/leaks/input-errors.zeek diff --git a/testing/btest/core/leaks/input-missing-enum.bro b/testing/btest/core/leaks/input-missing-enum.zeek similarity index 100% rename from testing/btest/core/leaks/input-missing-enum.bro rename to testing/btest/core/leaks/input-missing-enum.zeek diff --git a/testing/btest/core/leaks/input-optional-event.bro b/testing/btest/core/leaks/input-optional-event.zeek similarity index 100% rename from testing/btest/core/leaks/input-optional-event.bro rename to testing/btest/core/leaks/input-optional-event.zeek diff --git a/testing/btest/core/leaks/input-optional-table.bro b/testing/btest/core/leaks/input-optional-table.zeek similarity index 100% rename from testing/btest/core/leaks/input-optional-table.bro rename to testing/btest/core/leaks/input-optional-table.zeek diff --git a/testing/btest/core/leaks/input-raw.bro b/testing/btest/core/leaks/input-raw.zeek similarity index 100% rename from testing/btest/core/leaks/input-raw.bro rename to testing/btest/core/leaks/input-raw.zeek diff --git a/testing/btest/core/leaks/input-reread.bro b/testing/btest/core/leaks/input-reread.zeek similarity index 100% rename from testing/btest/core/leaks/input-reread.bro rename to testing/btest/core/leaks/input-reread.zeek diff --git a/testing/btest/core/leaks/input-sqlite.bro b/testing/btest/core/leaks/input-sqlite.zeek similarity index 100% rename from testing/btest/core/leaks/input-sqlite.bro rename to testing/btest/core/leaks/input-sqlite.zeek diff --git a/testing/btest/core/leaks/input-with-remove.bro b/testing/btest/core/leaks/input-with-remove.zeek similarity index 100% rename from testing/btest/core/leaks/input-with-remove.bro rename to testing/btest/core/leaks/input-with-remove.zeek diff --git a/testing/btest/core/leaks/kv-iteration.bro b/testing/btest/core/leaks/kv-iteration.zeek similarity index 100% rename from testing/btest/core/leaks/kv-iteration.bro rename to testing/btest/core/leaks/kv-iteration.zeek diff --git a/testing/btest/core/leaks/pattern.bro b/testing/btest/core/leaks/pattern.zeek similarity index 100% rename from testing/btest/core/leaks/pattern.bro rename to testing/btest/core/leaks/pattern.zeek diff --git a/testing/btest/core/leaks/returnwhen.bro b/testing/btest/core/leaks/returnwhen.zeek similarity index 100% rename from testing/btest/core/leaks/returnwhen.bro rename to testing/btest/core/leaks/returnwhen.zeek diff --git a/testing/btest/core/leaks/set.bro b/testing/btest/core/leaks/set.zeek similarity index 100% rename from testing/btest/core/leaks/set.bro rename to testing/btest/core/leaks/set.zeek diff --git a/testing/btest/core/leaks/snmp.test b/testing/btest/core/leaks/snmp.test index 4f212d2699..43112eb9bf 100644 --- a/testing/btest/core/leaks/snmp.test +++ b/testing/btest/core/leaks/snmp.test @@ -4,7 +4,7 @@ # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/snmp/snmpv1_get.pcap -r $TRACES/snmp/snmpv1_get_short.pcap -r $TRACES/snmp/snmpv1_set.pcap -r $TRACES/snmp/snmpv1_trap.pcap -r $TRACES/snmp/snmpv2_get_bulk.pcap -r $TRACES/snmp/snmpv2_get_next.pcap -r $TRACES/snmp/snmpv2_get.pcap -r $TRACES/snmp/snmpv3_get_next.pcap $SCRIPTS/snmp-test.bro %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/snmp/snmpv1_get.pcap -r $TRACES/snmp/snmpv1_get_short.pcap -r $TRACES/snmp/snmpv1_set.pcap -r $TRACES/snmp/snmpv1_trap.pcap -r $TRACES/snmp/snmpv2_get_bulk.pcap -r $TRACES/snmp/snmpv2_get_next.pcap -r $TRACES/snmp/snmpv2_get.pcap -r $TRACES/snmp/snmpv3_get_next.pcap $SCRIPTS/snmp-test.zeek %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/snmp diff --git a/testing/btest/core/leaks/stats.bro b/testing/btest/core/leaks/stats.zeek similarity index 92% rename from testing/btest/core/leaks/stats.bro rename to testing/btest/core/leaks/stats.zeek index a3459fdc93..7df104be95 100644 --- a/testing/btest/core/leaks/stats.bro +++ b/testing/btest/core/leaks/stats.zeek @@ -7,7 +7,7 @@ # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 -@load policy/misc/stats.bro +@load policy/misc/stats event load_sample(samples: load_sample_info, CPU: interval, dmem: int) { diff --git a/testing/btest/core/leaks/string-indexing.bro b/testing/btest/core/leaks/string-indexing.zeek similarity index 100% rename from testing/btest/core/leaks/string-indexing.bro rename to testing/btest/core/leaks/string-indexing.zeek diff --git a/testing/btest/core/leaks/switch-statement.bro b/testing/btest/core/leaks/switch-statement.zeek similarity index 100% rename from testing/btest/core/leaks/switch-statement.bro rename to testing/btest/core/leaks/switch-statement.zeek diff --git a/testing/btest/core/leaks/teredo.bro b/testing/btest/core/leaks/teredo.zeek similarity index 100% rename from testing/btest/core/leaks/teredo.bro rename to testing/btest/core/leaks/teredo.zeek diff --git a/testing/btest/core/leaks/test-all.bro b/testing/btest/core/leaks/test-all.zeek similarity index 100% rename from testing/btest/core/leaks/test-all.bro rename to testing/btest/core/leaks/test-all.zeek diff --git a/testing/btest/core/leaks/while.bro b/testing/btest/core/leaks/while.zeek similarity index 100% rename from testing/btest/core/leaks/while.bro rename to testing/btest/core/leaks/while.zeek diff --git a/testing/btest/core/leaks/x509_ocsp_verify.bro b/testing/btest/core/leaks/x509_ocsp_verify.zeek similarity index 100% rename from testing/btest/core/leaks/x509_ocsp_verify.bro rename to testing/btest/core/leaks/x509_ocsp_verify.zeek diff --git a/testing/btest/core/leaks/x509_verify.bro b/testing/btest/core/leaks/x509_verify.zeek similarity index 100% rename from testing/btest/core/leaks/x509_verify.bro rename to testing/btest/core/leaks/x509_verify.zeek diff --git a/testing/btest/core/load-duplicates.bro b/testing/btest/core/load-duplicates.zeek similarity index 100% rename from testing/btest/core/load-duplicates.bro rename to testing/btest/core/load-duplicates.zeek diff --git a/testing/btest/core/load-file-extension.bro b/testing/btest/core/load-file-extension.zeek similarity index 100% rename from testing/btest/core/load-file-extension.bro rename to testing/btest/core/load-file-extension.zeek diff --git a/testing/btest/core/load-pkg.bro b/testing/btest/core/load-pkg.zeek similarity index 100% rename from testing/btest/core/load-pkg.bro rename to testing/btest/core/load-pkg.zeek diff --git a/testing/btest/core/load-prefixes.bro b/testing/btest/core/load-prefixes.zeek similarity index 95% rename from testing/btest/core/load-prefixes.bro rename to testing/btest/core/load-prefixes.zeek index 5147bd0250..c91f278a65 100644 --- a/testing/btest/core/load-prefixes.bro +++ b/testing/btest/core/load-prefixes.zeek @@ -3,7 +3,7 @@ # @TEST-EXEC: bro addprefixes >output # @TEST-EXEC: btest-diff output -@TEST-START-FILE addprefixes.bro +@TEST-START-FILE addprefixes.zeek @prefixes += lcl @prefixes += lcl2 @TEST-END-FILE diff --git a/testing/btest/core/load-relative.bro b/testing/btest/core/load-relative.zeek similarity index 74% rename from testing/btest/core/load-relative.bro rename to testing/btest/core/load-relative.zeek index 3bd082cf8a..439563c201 100644 --- a/testing/btest/core/load-relative.bro +++ b/testing/btest/core/load-relative.zeek @@ -3,16 +3,16 @@ # @TEST-EXEC: bro -b foo/foo >output # @TEST-EXEC: btest-diff output -@TEST-START-FILE foo/foo.bro +@TEST-START-FILE foo/foo.zeek @load ./bar @load ../baz print "foo loaded"; @TEST-END-FILE -@TEST-START-FILE foo/bar.bro +@TEST-START-FILE foo/bar.zeek print "bar loaded"; @TEST-END-FILE -@TEST-START-FILE baz.bro +@TEST-START-FILE baz.zeek print "baz loaded"; @TEST-END-FILE diff --git a/testing/btest/core/load-unload.bro b/testing/btest/core/load-unload.zeek similarity index 100% rename from testing/btest/core/load-unload.bro rename to testing/btest/core/load-unload.zeek diff --git a/testing/btest/core/mpls-in-vlan.bro b/testing/btest/core/mpls-in-vlan.zeek similarity index 100% rename from testing/btest/core/mpls-in-vlan.bro rename to testing/btest/core/mpls-in-vlan.zeek diff --git a/testing/btest/core/nflog.bro b/testing/btest/core/nflog.zeek similarity index 100% rename from testing/btest/core/nflog.bro rename to testing/btest/core/nflog.zeek diff --git a/testing/btest/core/nop.bro b/testing/btest/core/nop.zeek similarity index 100% rename from testing/btest/core/nop.bro rename to testing/btest/core/nop.zeek diff --git a/testing/btest/core/old_comm_usage.bro b/testing/btest/core/old_comm_usage.zeek similarity index 100% rename from testing/btest/core/old_comm_usage.bro rename to testing/btest/core/old_comm_usage.zeek diff --git a/testing/btest/core/option-errors.bro b/testing/btest/core/option-errors.zeek similarity index 100% rename from testing/btest/core/option-errors.bro rename to testing/btest/core/option-errors.zeek diff --git a/testing/btest/core/option-priorities.bro b/testing/btest/core/option-priorities.zeek similarity index 100% rename from testing/btest/core/option-priorities.bro rename to testing/btest/core/option-priorities.zeek diff --git a/testing/btest/core/option-redef.bro b/testing/btest/core/option-redef.zeek similarity index 100% rename from testing/btest/core/option-redef.bro rename to testing/btest/core/option-redef.zeek diff --git a/testing/btest/core/option-runtime-errors.bro b/testing/btest/core/option-runtime-errors.zeek similarity index 100% rename from testing/btest/core/option-runtime-errors.bro rename to testing/btest/core/option-runtime-errors.zeek diff --git a/testing/btest/core/pcap/dumper.bro b/testing/btest/core/pcap/dumper.zeek similarity index 100% rename from testing/btest/core/pcap/dumper.bro rename to testing/btest/core/pcap/dumper.zeek diff --git a/testing/btest/core/pcap/dynamic-filter.bro b/testing/btest/core/pcap/dynamic-filter.zeek similarity index 100% rename from testing/btest/core/pcap/dynamic-filter.bro rename to testing/btest/core/pcap/dynamic-filter.zeek diff --git a/testing/btest/core/pcap/filter-error.bro b/testing/btest/core/pcap/filter-error.zeek similarity index 100% rename from testing/btest/core/pcap/filter-error.bro rename to testing/btest/core/pcap/filter-error.zeek diff --git a/testing/btest/core/pcap/input-error.bro b/testing/btest/core/pcap/input-error.zeek similarity index 100% rename from testing/btest/core/pcap/input-error.bro rename to testing/btest/core/pcap/input-error.zeek diff --git a/testing/btest/core/pcap/pseudo-realtime.bro b/testing/btest/core/pcap/pseudo-realtime.zeek similarity index 100% rename from testing/btest/core/pcap/pseudo-realtime.bro rename to testing/btest/core/pcap/pseudo-realtime.zeek diff --git a/testing/btest/core/pcap/read-trace-with-filter.bro b/testing/btest/core/pcap/read-trace-with-filter.zeek similarity index 100% rename from testing/btest/core/pcap/read-trace-with-filter.bro rename to testing/btest/core/pcap/read-trace-with-filter.zeek diff --git a/testing/btest/core/pppoe-over-qinq.bro b/testing/btest/core/pppoe-over-qinq.zeek similarity index 100% rename from testing/btest/core/pppoe-over-qinq.bro rename to testing/btest/core/pppoe-over-qinq.zeek diff --git a/testing/btest/core/print-bpf-filters.bro b/testing/btest/core/print-bpf-filters.zeek similarity index 100% rename from testing/btest/core/print-bpf-filters.bro rename to testing/btest/core/print-bpf-filters.zeek diff --git a/testing/btest/core/q-in-q.bro b/testing/btest/core/q-in-q.zeek similarity index 100% rename from testing/btest/core/q-in-q.bro rename to testing/btest/core/q-in-q.zeek diff --git a/testing/btest/core/radiotap.bro b/testing/btest/core/radiotap.zeek similarity index 100% rename from testing/btest/core/radiotap.bro rename to testing/btest/core/radiotap.zeek diff --git a/testing/btest/core/raw_packet.bro b/testing/btest/core/raw_packet.zeek similarity index 100% rename from testing/btest/core/raw_packet.bro rename to testing/btest/core/raw_packet.zeek diff --git a/testing/btest/core/reassembly.bro b/testing/btest/core/reassembly.zeek similarity index 100% rename from testing/btest/core/reassembly.bro rename to testing/btest/core/reassembly.zeek diff --git a/testing/btest/core/recursive-event.bro b/testing/btest/core/recursive-event.zeek similarity index 100% rename from testing/btest/core/recursive-event.bro rename to testing/btest/core/recursive-event.zeek diff --git a/testing/btest/core/reporter-error-in-handler.bro b/testing/btest/core/reporter-error-in-handler.zeek similarity index 100% rename from testing/btest/core/reporter-error-in-handler.bro rename to testing/btest/core/reporter-error-in-handler.zeek diff --git a/testing/btest/core/reporter-fmt-strings.bro b/testing/btest/core/reporter-fmt-strings.zeek similarity index 100% rename from testing/btest/core/reporter-fmt-strings.bro rename to testing/btest/core/reporter-fmt-strings.zeek diff --git a/testing/btest/core/reporter-parse-error.bro b/testing/btest/core/reporter-parse-error.zeek similarity index 100% rename from testing/btest/core/reporter-parse-error.bro rename to testing/btest/core/reporter-parse-error.zeek diff --git a/testing/btest/core/reporter-runtime-error.bro b/testing/btest/core/reporter-runtime-error.zeek similarity index 100% rename from testing/btest/core/reporter-runtime-error.bro rename to testing/btest/core/reporter-runtime-error.zeek diff --git a/testing/btest/core/reporter-shutdown-order-errors.bro b/testing/btest/core/reporter-shutdown-order-errors.zeek similarity index 100% rename from testing/btest/core/reporter-shutdown-order-errors.bro rename to testing/btest/core/reporter-shutdown-order-errors.zeek diff --git a/testing/btest/core/reporter-type-mismatch.bro b/testing/btest/core/reporter-type-mismatch.zeek similarity index 100% rename from testing/btest/core/reporter-type-mismatch.bro rename to testing/btest/core/reporter-type-mismatch.zeek diff --git a/testing/btest/core/reporter-weird-sampling-disable.bro b/testing/btest/core/reporter-weird-sampling-disable.zeek similarity index 100% rename from testing/btest/core/reporter-weird-sampling-disable.bro rename to testing/btest/core/reporter-weird-sampling-disable.zeek diff --git a/testing/btest/core/reporter-weird-sampling.bro b/testing/btest/core/reporter-weird-sampling.zeek similarity index 100% rename from testing/btest/core/reporter-weird-sampling.bro rename to testing/btest/core/reporter-weird-sampling.zeek diff --git a/testing/btest/core/reporter.bro b/testing/btest/core/reporter.zeek similarity index 100% rename from testing/btest/core/reporter.bro rename to testing/btest/core/reporter.zeek diff --git a/testing/btest/core/tcp/fin-retransmit.bro b/testing/btest/core/tcp/fin-retransmit.zeek similarity index 100% rename from testing/btest/core/tcp/fin-retransmit.bro rename to testing/btest/core/tcp/fin-retransmit.zeek diff --git a/testing/btest/core/tcp/large-file-reassembly.bro b/testing/btest/core/tcp/large-file-reassembly.zeek similarity index 100% rename from testing/btest/core/tcp/large-file-reassembly.bro rename to testing/btest/core/tcp/large-file-reassembly.zeek diff --git a/testing/btest/core/tcp/miss-end-data.bro b/testing/btest/core/tcp/miss-end-data.zeek similarity index 100% rename from testing/btest/core/tcp/miss-end-data.bro rename to testing/btest/core/tcp/miss-end-data.zeek diff --git a/testing/btest/core/tcp/missing-syn.bro b/testing/btest/core/tcp/missing-syn.zeek similarity index 100% rename from testing/btest/core/tcp/missing-syn.bro rename to testing/btest/core/tcp/missing-syn.zeek diff --git a/testing/btest/core/tcp/quantum-insert.bro b/testing/btest/core/tcp/quantum-insert.zeek similarity index 100% rename from testing/btest/core/tcp/quantum-insert.bro rename to testing/btest/core/tcp/quantum-insert.zeek diff --git a/testing/btest/core/tcp/rst-after-syn.bro b/testing/btest/core/tcp/rst-after-syn.zeek similarity index 100% rename from testing/btest/core/tcp/rst-after-syn.bro rename to testing/btest/core/tcp/rst-after-syn.zeek diff --git a/testing/btest/core/tcp/rxmit-history.bro b/testing/btest/core/tcp/rxmit-history.zeek similarity index 100% rename from testing/btest/core/tcp/rxmit-history.bro rename to testing/btest/core/tcp/rxmit-history.zeek diff --git a/testing/btest/core/tcp/truncated-header.bro b/testing/btest/core/tcp/truncated-header.zeek similarity index 100% rename from testing/btest/core/tcp/truncated-header.bro rename to testing/btest/core/tcp/truncated-header.zeek diff --git a/testing/btest/core/tunnels/false-teredo.bro b/testing/btest/core/tunnels/false-teredo.zeek similarity index 100% rename from testing/btest/core/tunnels/false-teredo.bro rename to testing/btest/core/tunnels/false-teredo.zeek diff --git a/testing/btest/core/tunnels/ip-in-ip-version.bro b/testing/btest/core/tunnels/ip-in-ip-version.zeek similarity index 100% rename from testing/btest/core/tunnels/ip-in-ip-version.bro rename to testing/btest/core/tunnels/ip-in-ip-version.zeek diff --git a/testing/btest/core/tunnels/teredo.bro b/testing/btest/core/tunnels/teredo.zeek similarity index 100% rename from testing/btest/core/tunnels/teredo.bro rename to testing/btest/core/tunnels/teredo.zeek diff --git a/testing/btest/core/tunnels/vxlan.bro b/testing/btest/core/tunnels/vxlan.zeek similarity index 100% rename from testing/btest/core/tunnels/vxlan.bro rename to testing/btest/core/tunnels/vxlan.zeek diff --git a/testing/btest/core/vector-assignment.bro b/testing/btest/core/vector-assignment.zeek similarity index 100% rename from testing/btest/core/vector-assignment.bro rename to testing/btest/core/vector-assignment.zeek diff --git a/testing/btest/core/vlan-mpls.bro b/testing/btest/core/vlan-mpls.zeek similarity index 100% rename from testing/btest/core/vlan-mpls.bro rename to testing/btest/core/vlan-mpls.zeek diff --git a/testing/btest/core/when-interpreter-exceptions.bro b/testing/btest/core/when-interpreter-exceptions.zeek similarity index 100% rename from testing/btest/core/when-interpreter-exceptions.bro rename to testing/btest/core/when-interpreter-exceptions.zeek diff --git a/testing/btest/core/wlanmon.bro b/testing/btest/core/wlanmon.zeek similarity index 100% rename from testing/btest/core/wlanmon.bro rename to testing/btest/core/wlanmon.zeek diff --git a/testing/btest/core/x509-generalizedtime.bro b/testing/btest/core/x509-generalizedtime.zeek similarity index 100% rename from testing/btest/core/x509-generalizedtime.bro rename to testing/btest/core/x509-generalizedtime.zeek diff --git a/testing/btest/coverage/coverage-blacklist.bro b/testing/btest/coverage/coverage-blacklist.zeek similarity index 100% rename from testing/btest/coverage/coverage-blacklist.bro rename to testing/btest/coverage/coverage-blacklist.zeek diff --git a/testing/btest/doc/broxygen/command_line.bro b/testing/btest/doc/broxygen/command_line.zeek similarity index 100% rename from testing/btest/doc/broxygen/command_line.bro rename to testing/btest/doc/broxygen/command_line.zeek diff --git a/testing/btest/doc/broxygen/comment_retrieval_bifs.bro b/testing/btest/doc/broxygen/comment_retrieval_bifs.zeek similarity index 100% rename from testing/btest/doc/broxygen/comment_retrieval_bifs.bro rename to testing/btest/doc/broxygen/comment_retrieval_bifs.zeek diff --git a/testing/btest/doc/broxygen/enums.bro b/testing/btest/doc/broxygen/enums.zeek similarity index 100% rename from testing/btest/doc/broxygen/enums.bro rename to testing/btest/doc/broxygen/enums.zeek diff --git a/testing/btest/doc/broxygen/example.bro b/testing/btest/doc/broxygen/example.zeek similarity index 100% rename from testing/btest/doc/broxygen/example.bro rename to testing/btest/doc/broxygen/example.zeek diff --git a/testing/btest/doc/broxygen/func-params.bro b/testing/btest/doc/broxygen/func-params.zeek similarity index 100% rename from testing/btest/doc/broxygen/func-params.bro rename to testing/btest/doc/broxygen/func-params.zeek diff --git a/testing/btest/doc/broxygen/identifier.bro b/testing/btest/doc/broxygen/identifier.zeek similarity index 100% rename from testing/btest/doc/broxygen/identifier.bro rename to testing/btest/doc/broxygen/identifier.zeek diff --git a/testing/btest/doc/broxygen/package.bro b/testing/btest/doc/broxygen/package.zeek similarity index 100% rename from testing/btest/doc/broxygen/package.bro rename to testing/btest/doc/broxygen/package.zeek diff --git a/testing/btest/doc/broxygen/package_index.bro b/testing/btest/doc/broxygen/package_index.zeek similarity index 100% rename from testing/btest/doc/broxygen/package_index.bro rename to testing/btest/doc/broxygen/package_index.zeek diff --git a/testing/btest/doc/broxygen/records.bro b/testing/btest/doc/broxygen/records.zeek similarity index 100% rename from testing/btest/doc/broxygen/records.bro rename to testing/btest/doc/broxygen/records.zeek diff --git a/testing/btest/doc/broxygen/script_index.bro b/testing/btest/doc/broxygen/script_index.zeek similarity index 100% rename from testing/btest/doc/broxygen/script_index.bro rename to testing/btest/doc/broxygen/script_index.zeek diff --git a/testing/btest/doc/broxygen/script_summary.bro b/testing/btest/doc/broxygen/script_summary.zeek similarity index 100% rename from testing/btest/doc/broxygen/script_summary.bro rename to testing/btest/doc/broxygen/script_summary.zeek diff --git a/testing/btest/doc/broxygen/type-aliases.bro b/testing/btest/doc/broxygen/type-aliases.zeek similarity index 100% rename from testing/btest/doc/broxygen/type-aliases.bro rename to testing/btest/doc/broxygen/type-aliases.zeek diff --git a/testing/btest/doc/broxygen/vectors.bro b/testing/btest/doc/broxygen/vectors.zeek similarity index 100% rename from testing/btest/doc/broxygen/vectors.bro rename to testing/btest/doc/broxygen/vectors.zeek diff --git a/testing/btest/doc/record-add.bro b/testing/btest/doc/record-add.zeek similarity index 100% rename from testing/btest/doc/record-add.bro rename to testing/btest/doc/record-add.zeek diff --git a/testing/btest/doc/record-attr-check.bro b/testing/btest/doc/record-attr-check.zeek similarity index 100% rename from testing/btest/doc/record-attr-check.bro rename to testing/btest/doc/record-attr-check.zeek diff --git a/testing/btest/language/addr.bro b/testing/btest/language/addr.zeek similarity index 100% rename from testing/btest/language/addr.bro rename to testing/btest/language/addr.zeek diff --git a/testing/btest/language/any.bro b/testing/btest/language/any.zeek similarity index 100% rename from testing/btest/language/any.bro rename to testing/btest/language/any.zeek diff --git a/testing/btest/language/at-deprecated.bro b/testing/btest/language/at-deprecated.zeek similarity index 63% rename from testing/btest/language/at-deprecated.bro rename to testing/btest/language/at-deprecated.zeek index dd0f746658..271a918e5e 100644 --- a/testing/btest/language/at-deprecated.bro +++ b/testing/btest/language/at-deprecated.zeek @@ -1,16 +1,16 @@ # @TEST-EXEC: bro -b foo # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr -@TEST-START-FILE foo.bro +@TEST-START-FILE foo.zeek @deprecated @load bar @load baz @TEST-END-FILE -@TEST-START-FILE bar.bro -@deprecated "Use '@load qux.bro' instead" +@TEST-START-FILE bar.zeek +@deprecated "Use '@load qux' instead" @TEST-END-FILE -@TEST-START-FILE baz.bro +@TEST-START-FILE baz.zeek @deprecated @TEST-END-FILE diff --git a/testing/btest/language/at-dir.bro b/testing/btest/language/at-dir.zeek similarity index 75% rename from testing/btest/language/at-dir.bro rename to testing/btest/language/at-dir.zeek index b826e3a5da..a366285a5b 100644 --- a/testing/btest/language/at-dir.bro +++ b/testing/btest/language/at-dir.zeek @@ -1,10 +1,10 @@ # @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out -# @TEST-EXEC: bro -b ./pathtest.bro >out2 +# @TEST-EXEC: bro -b ./pathtest.zeek >out2 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out2 print @DIR; -@TEST-START-FILE pathtest.bro +@TEST-START-FILE pathtest.zeek print @DIR; @TEST-END-FILE diff --git a/testing/btest/language/at-filename.bro b/testing/btest/language/at-filename.zeek similarity index 100% rename from testing/btest/language/at-filename.bro rename to testing/btest/language/at-filename.zeek diff --git a/testing/btest/language/at-if-event.bro b/testing/btest/language/at-if-event.zeek similarity index 100% rename from testing/btest/language/at-if-event.bro rename to testing/btest/language/at-if-event.zeek diff --git a/testing/btest/language/at-if-invalid.bro b/testing/btest/language/at-if-invalid.zeek similarity index 100% rename from testing/btest/language/at-if-invalid.bro rename to testing/btest/language/at-if-invalid.zeek diff --git a/testing/btest/language/at-if.bro b/testing/btest/language/at-if.zeek similarity index 100% rename from testing/btest/language/at-if.bro rename to testing/btest/language/at-if.zeek diff --git a/testing/btest/language/at-ifdef.bro b/testing/btest/language/at-ifdef.zeek similarity index 100% rename from testing/btest/language/at-ifdef.bro rename to testing/btest/language/at-ifdef.zeek diff --git a/testing/btest/language/at-ifndef.bro b/testing/btest/language/at-ifndef.zeek similarity index 100% rename from testing/btest/language/at-ifndef.bro rename to testing/btest/language/at-ifndef.zeek diff --git a/testing/btest/language/at-load.bro b/testing/btest/language/at-load.zeek similarity index 100% rename from testing/btest/language/at-load.bro rename to testing/btest/language/at-load.zeek diff --git a/testing/btest/language/attr-default-coercion.bro b/testing/btest/language/attr-default-coercion.zeek similarity index 100% rename from testing/btest/language/attr-default-coercion.bro rename to testing/btest/language/attr-default-coercion.zeek diff --git a/testing/btest/language/attr-default-global-set-error.bro b/testing/btest/language/attr-default-global-set-error.zeek similarity index 100% rename from testing/btest/language/attr-default-global-set-error.bro rename to testing/btest/language/attr-default-global-set-error.zeek diff --git a/testing/btest/language/bool.bro b/testing/btest/language/bool.zeek similarity index 100% rename from testing/btest/language/bool.bro rename to testing/btest/language/bool.zeek diff --git a/testing/btest/language/common-mistakes.bro b/testing/btest/language/common-mistakes.zeek similarity index 87% rename from testing/btest/language/common-mistakes.bro rename to testing/btest/language/common-mistakes.zeek index 361aae0ff4..de7d02da23 100644 --- a/testing/btest/language/common-mistakes.bro +++ b/testing/btest/language/common-mistakes.zeek @@ -2,16 +2,16 @@ # handled internally by way of throwing an exception to unwind out # of the current event handler body. -# @TEST-EXEC: bro -b 1.bro >1.out 2>&1 +# @TEST-EXEC: bro -b 1.zeek >1.out 2>&1 # @TEST-EXEC: btest-diff 1.out -# @TEST-EXEC: bro -b 2.bro >2.out 2>&1 +# @TEST-EXEC: bro -b 2.zeek >2.out 2>&1 # @TEST-EXEC: btest-diff 2.out -# @TEST-EXEC: bro -b 3.bro >3.out 2>&1 +# @TEST-EXEC: bro -b 3.zeek >3.out 2>&1 # @TEST-EXEC: btest-diff 3.out -@TEST-START-FILE 1.bro +@TEST-START-FILE 1.zeek type myrec: record { f: string &optional; }; @@ -47,7 +47,7 @@ event bro_init() &priority=-10 } @TEST-END-FILE -@TEST-START-FILE 2.bro +@TEST-START-FILE 2.zeek function foo() { print "in foo"; @@ -74,7 +74,7 @@ event bro_init() @TEST-END-FILE -@TEST-START-FILE 3.bro +@TEST-START-FILE 3.zeek function foo(v: vector of any) { print "in foo"; diff --git a/testing/btest/language/conditional-expression.bro b/testing/btest/language/conditional-expression.zeek similarity index 100% rename from testing/btest/language/conditional-expression.bro rename to testing/btest/language/conditional-expression.zeek diff --git a/testing/btest/language/const.bro b/testing/btest/language/const.zeek similarity index 84% rename from testing/btest/language/const.bro rename to testing/btest/language/const.zeek index ee938e8d45..1c70d4d04b 100644 --- a/testing/btest/language/const.bro +++ b/testing/btest/language/const.zeek @@ -1,12 +1,12 @@ -# @TEST-EXEC: bro -b valid.bro 2>valid.stderr 1>valid.stdout +# @TEST-EXEC: bro -b valid.zeek 2>valid.stderr 1>valid.stdout # @TEST-EXEC: btest-diff valid.stderr # @TEST-EXEC: btest-diff valid.stdout -# @TEST-EXEC-FAIL: bro -b invalid.bro 2>invalid.stderr 1>invalid.stdout +# @TEST-EXEC-FAIL: bro -b invalid.zeek 2>invalid.stderr 1>invalid.stdout # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff invalid.stderr # @TEST-EXEC: btest-diff invalid.stdout -@TEST-START-FILE valid.bro +@TEST-START-FILE valid.zeek # First some simple code that should be valid and error-free. function f(c: count) @@ -40,7 +40,7 @@ event bro_init() @TEST-END-FILE -@TEST-START-FILE invalid.bro +@TEST-START-FILE invalid.zeek # Now some const assignments that should generate errors at parse-time. const foo = 0 &redef; diff --git a/testing/btest/language/container-ctor-scope.bro b/testing/btest/language/container-ctor-scope.zeek similarity index 100% rename from testing/btest/language/container-ctor-scope.bro rename to testing/btest/language/container-ctor-scope.zeek diff --git a/testing/btest/language/copy.bro b/testing/btest/language/copy.zeek similarity index 100% rename from testing/btest/language/copy.bro rename to testing/btest/language/copy.zeek diff --git a/testing/btest/language/count.bro b/testing/btest/language/count.zeek similarity index 100% rename from testing/btest/language/count.bro rename to testing/btest/language/count.zeek diff --git a/testing/btest/language/cross-product-init.bro b/testing/btest/language/cross-product-init.zeek similarity index 100% rename from testing/btest/language/cross-product-init.bro rename to testing/btest/language/cross-product-init.zeek diff --git a/testing/btest/language/default-params.bro b/testing/btest/language/default-params.zeek similarity index 100% rename from testing/btest/language/default-params.bro rename to testing/btest/language/default-params.zeek diff --git a/testing/btest/language/delete-field-set.bro b/testing/btest/language/delete-field-set.zeek similarity index 100% rename from testing/btest/language/delete-field-set.bro rename to testing/btest/language/delete-field-set.zeek diff --git a/testing/btest/language/delete-field.bro b/testing/btest/language/delete-field.zeek similarity index 100% rename from testing/btest/language/delete-field.bro rename to testing/btest/language/delete-field.zeek diff --git a/testing/btest/language/deprecated.bro b/testing/btest/language/deprecated.zeek similarity index 100% rename from testing/btest/language/deprecated.bro rename to testing/btest/language/deprecated.zeek diff --git a/testing/btest/language/double.bro b/testing/btest/language/double.zeek similarity index 100% rename from testing/btest/language/double.bro rename to testing/btest/language/double.zeek diff --git a/testing/btest/language/enum-desc.bro b/testing/btest/language/enum-desc.zeek similarity index 100% rename from testing/btest/language/enum-desc.bro rename to testing/btest/language/enum-desc.zeek diff --git a/testing/btest/language/enum-scope.bro b/testing/btest/language/enum-scope.zeek similarity index 100% rename from testing/btest/language/enum-scope.bro rename to testing/btest/language/enum-scope.zeek diff --git a/testing/btest/language/enum.bro b/testing/btest/language/enum.zeek similarity index 100% rename from testing/btest/language/enum.bro rename to testing/btest/language/enum.zeek diff --git a/testing/btest/language/eof-parse-errors.bro b/testing/btest/language/eof-parse-errors.zeek similarity index 55% rename from testing/btest/language/eof-parse-errors.bro rename to testing/btest/language/eof-parse-errors.zeek index a2c6edc66d..58d8eeacc4 100644 --- a/testing/btest/language/eof-parse-errors.bro +++ b/testing/btest/language/eof-parse-errors.zeek @@ -1,9 +1,9 @@ -# @TEST-EXEC-FAIL: bro -b a.bro >output1 2>&1 -# @TEST-EXEC-FAIL: bro -b a.bro b.bro >output2 2>&1 +# @TEST-EXEC-FAIL: bro -b a.zeek >output1 2>&1 +# @TEST-EXEC-FAIL: bro -b a.zeek b.zeek >output2 2>&1 # @TEST-EXEC: btest-diff output1 # @TEST-EXEC: btest-diff output2 -@TEST-START-FILE a.bro +@TEST-START-FILE a.zeek module A; event bro_init() @@ -11,7 +11,7 @@ event bro_init() print "a"; @TEST-END-FILE -@TEST-START-FILE b.bro +@TEST-START-FILE b.zeek module B; event bro_init() diff --git a/testing/btest/language/event-local-var.bro b/testing/btest/language/event-local-var.zeek similarity index 100% rename from testing/btest/language/event-local-var.bro rename to testing/btest/language/event-local-var.zeek diff --git a/testing/btest/language/event.bro b/testing/btest/language/event.zeek similarity index 100% rename from testing/btest/language/event.bro rename to testing/btest/language/event.zeek diff --git a/testing/btest/language/expire-expr-error.bro b/testing/btest/language/expire-expr-error.zeek similarity index 100% rename from testing/btest/language/expire-expr-error.bro rename to testing/btest/language/expire-expr-error.zeek diff --git a/testing/btest/language/expire-func-undef.bro b/testing/btest/language/expire-func-undef.zeek similarity index 100% rename from testing/btest/language/expire-func-undef.bro rename to testing/btest/language/expire-func-undef.zeek diff --git a/testing/btest/language/expire-redef.bro b/testing/btest/language/expire-redef.zeek similarity index 100% rename from testing/btest/language/expire-redef.bro rename to testing/btest/language/expire-redef.zeek diff --git a/testing/btest/language/expire-type-error.bro b/testing/btest/language/expire-type-error.zeek similarity index 100% rename from testing/btest/language/expire-type-error.bro rename to testing/btest/language/expire-type-error.zeek diff --git a/testing/btest/language/expire_func_mod.bro b/testing/btest/language/expire_func_mod.zeek similarity index 100% rename from testing/btest/language/expire_func_mod.bro rename to testing/btest/language/expire_func_mod.zeek diff --git a/testing/btest/language/file.bro b/testing/btest/language/file.zeek similarity index 100% rename from testing/btest/language/file.bro rename to testing/btest/language/file.zeek diff --git a/testing/btest/language/for.bro b/testing/btest/language/for.zeek similarity index 100% rename from testing/btest/language/for.bro rename to testing/btest/language/for.zeek diff --git a/testing/btest/language/func-assignment.bro b/testing/btest/language/func-assignment.zeek similarity index 100% rename from testing/btest/language/func-assignment.bro rename to testing/btest/language/func-assignment.zeek diff --git a/testing/btest/language/function.bro b/testing/btest/language/function.zeek similarity index 100% rename from testing/btest/language/function.bro rename to testing/btest/language/function.zeek diff --git a/testing/btest/language/hook.bro b/testing/btest/language/hook.zeek similarity index 100% rename from testing/btest/language/hook.bro rename to testing/btest/language/hook.zeek diff --git a/testing/btest/language/hook_calls.bro b/testing/btest/language/hook_calls.zeek similarity index 89% rename from testing/btest/language/hook_calls.bro rename to testing/btest/language/hook_calls.zeek index 41ef6f52ae..411e0018bb 100644 --- a/testing/btest/language/hook_calls.bro +++ b/testing/btest/language/hook_calls.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b valid.bro >valid.out +# @TEST-EXEC: bro -b valid.zeek >valid.out # @TEST-EXEC: btest-diff valid.out -# @TEST-EXEC-FAIL: bro -b invalid.bro > invalid.out 2>&1 +# @TEST-EXEC-FAIL: bro -b invalid.zeek > invalid.out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff invalid.out # hook functions must be called using the "hook" keyword as an operator... -@TEST-START-FILE valid.bro +@TEST-START-FILE valid.zeek hook myhook(i: count) { print "myhook()", i; @@ -59,7 +59,7 @@ event bro_init() @TEST-END-FILE -@TEST-START-FILE invalid.bro +@TEST-START-FILE invalid.zeek hook myhook(i: count) { print "myhook()", i; diff --git a/testing/btest/language/if.bro b/testing/btest/language/if.zeek similarity index 100% rename from testing/btest/language/if.bro rename to testing/btest/language/if.zeek diff --git a/testing/btest/language/index-assignment-invalid.bro b/testing/btest/language/index-assignment-invalid.zeek similarity index 100% rename from testing/btest/language/index-assignment-invalid.bro rename to testing/btest/language/index-assignment-invalid.zeek diff --git a/testing/btest/language/init-in-anon-function.bro b/testing/btest/language/init-in-anon-function.zeek similarity index 100% rename from testing/btest/language/init-in-anon-function.bro rename to testing/btest/language/init-in-anon-function.zeek diff --git a/testing/btest/language/int.bro b/testing/btest/language/int.zeek similarity index 100% rename from testing/btest/language/int.bro rename to testing/btest/language/int.zeek diff --git a/testing/btest/language/interval.bro b/testing/btest/language/interval.zeek similarity index 100% rename from testing/btest/language/interval.bro rename to testing/btest/language/interval.zeek diff --git a/testing/btest/language/invalid_index.bro b/testing/btest/language/invalid_index.zeek similarity index 100% rename from testing/btest/language/invalid_index.bro rename to testing/btest/language/invalid_index.zeek diff --git a/testing/btest/language/ipv6-literals.bro b/testing/btest/language/ipv6-literals.zeek similarity index 100% rename from testing/btest/language/ipv6-literals.bro rename to testing/btest/language/ipv6-literals.zeek diff --git a/testing/btest/language/key-value-for.bro b/testing/btest/language/key-value-for.zeek similarity index 100% rename from testing/btest/language/key-value-for.bro rename to testing/btest/language/key-value-for.zeek diff --git a/testing/btest/language/module.bro b/testing/btest/language/module.zeek similarity index 100% rename from testing/btest/language/module.bro rename to testing/btest/language/module.zeek diff --git a/testing/btest/language/named-record-ctors.bro b/testing/btest/language/named-record-ctors.zeek similarity index 100% rename from testing/btest/language/named-record-ctors.bro rename to testing/btest/language/named-record-ctors.zeek diff --git a/testing/btest/language/named-set-ctors.bro b/testing/btest/language/named-set-ctors.zeek similarity index 100% rename from testing/btest/language/named-set-ctors.bro rename to testing/btest/language/named-set-ctors.zeek diff --git a/testing/btest/language/named-table-ctors.bro b/testing/btest/language/named-table-ctors.zeek similarity index 100% rename from testing/btest/language/named-table-ctors.bro rename to testing/btest/language/named-table-ctors.zeek diff --git a/testing/btest/language/named-vector-ctors.bro b/testing/btest/language/named-vector-ctors.zeek similarity index 100% rename from testing/btest/language/named-vector-ctors.bro rename to testing/btest/language/named-vector-ctors.zeek diff --git a/testing/btest/language/nested-sets.bro b/testing/btest/language/nested-sets.zeek similarity index 100% rename from testing/btest/language/nested-sets.bro rename to testing/btest/language/nested-sets.zeek diff --git a/testing/btest/language/next-test.bro b/testing/btest/language/next-test.zeek similarity index 100% rename from testing/btest/language/next-test.bro rename to testing/btest/language/next-test.zeek diff --git a/testing/btest/language/no-module.bro b/testing/btest/language/no-module.zeek similarity index 100% rename from testing/btest/language/no-module.bro rename to testing/btest/language/no-module.zeek diff --git a/testing/btest/language/null-statement.bro b/testing/btest/language/null-statement.zeek similarity index 100% rename from testing/btest/language/null-statement.bro rename to testing/btest/language/null-statement.zeek diff --git a/testing/btest/language/outer_param_binding.bro b/testing/btest/language/outer_param_binding.zeek similarity index 100% rename from testing/btest/language/outer_param_binding.bro rename to testing/btest/language/outer_param_binding.zeek diff --git a/testing/btest/language/pattern.bro b/testing/btest/language/pattern.zeek similarity index 100% rename from testing/btest/language/pattern.bro rename to testing/btest/language/pattern.zeek diff --git a/testing/btest/language/port.bro b/testing/btest/language/port.zeek similarity index 100% rename from testing/btest/language/port.bro rename to testing/btest/language/port.zeek diff --git a/testing/btest/language/precedence.bro b/testing/btest/language/precedence.zeek similarity index 100% rename from testing/btest/language/precedence.bro rename to testing/btest/language/precedence.zeek diff --git a/testing/btest/language/rec-comp-init.bro b/testing/btest/language/rec-comp-init.zeek similarity index 100% rename from testing/btest/language/rec-comp-init.bro rename to testing/btest/language/rec-comp-init.zeek diff --git a/testing/btest/language/rec-nested-opt.bro b/testing/btest/language/rec-nested-opt.zeek similarity index 100% rename from testing/btest/language/rec-nested-opt.bro rename to testing/btest/language/rec-nested-opt.zeek diff --git a/testing/btest/language/rec-of-tbl.bro b/testing/btest/language/rec-of-tbl.zeek similarity index 100% rename from testing/btest/language/rec-of-tbl.bro rename to testing/btest/language/rec-of-tbl.zeek diff --git a/testing/btest/language/rec-table-default.bro b/testing/btest/language/rec-table-default.zeek similarity index 100% rename from testing/btest/language/rec-table-default.bro rename to testing/btest/language/rec-table-default.zeek diff --git a/testing/btest/language/record-bad-ctor.bro b/testing/btest/language/record-bad-ctor.zeek similarity index 100% rename from testing/btest/language/record-bad-ctor.bro rename to testing/btest/language/record-bad-ctor.zeek diff --git a/testing/btest/language/record-bad-ctor2.bro b/testing/btest/language/record-bad-ctor2.zeek similarity index 100% rename from testing/btest/language/record-bad-ctor2.bro rename to testing/btest/language/record-bad-ctor2.zeek diff --git a/testing/btest/language/record-ceorce-orphan.bro b/testing/btest/language/record-ceorce-orphan.zeek similarity index 100% rename from testing/btest/language/record-ceorce-orphan.bro rename to testing/btest/language/record-ceorce-orphan.zeek diff --git a/testing/btest/language/record-coerce-clash.bro b/testing/btest/language/record-coerce-clash.zeek similarity index 100% rename from testing/btest/language/record-coerce-clash.bro rename to testing/btest/language/record-coerce-clash.zeek diff --git a/testing/btest/language/record-default-coercion.bro b/testing/btest/language/record-default-coercion.zeek similarity index 100% rename from testing/btest/language/record-default-coercion.bro rename to testing/btest/language/record-default-coercion.zeek diff --git a/testing/btest/language/record-default-set-mismatch.bro b/testing/btest/language/record-default-set-mismatch.zeek similarity index 100% rename from testing/btest/language/record-default-set-mismatch.bro rename to testing/btest/language/record-default-set-mismatch.zeek diff --git a/testing/btest/language/record-extension.bro b/testing/btest/language/record-extension.zeek similarity index 100% rename from testing/btest/language/record-extension.bro rename to testing/btest/language/record-extension.zeek diff --git a/testing/btest/language/record-function-recursion.bro b/testing/btest/language/record-function-recursion.zeek similarity index 100% rename from testing/btest/language/record-function-recursion.bro rename to testing/btest/language/record-function-recursion.zeek diff --git a/testing/btest/language/record-index-complex-fields.bro b/testing/btest/language/record-index-complex-fields.zeek similarity index 100% rename from testing/btest/language/record-index-complex-fields.bro rename to testing/btest/language/record-index-complex-fields.zeek diff --git a/testing/btest/language/record-recursive-coercion.bro b/testing/btest/language/record-recursive-coercion.zeek similarity index 100% rename from testing/btest/language/record-recursive-coercion.bro rename to testing/btest/language/record-recursive-coercion.zeek diff --git a/testing/btest/language/record-redef-after-init.bro b/testing/btest/language/record-redef-after-init.zeek similarity index 100% rename from testing/btest/language/record-redef-after-init.bro rename to testing/btest/language/record-redef-after-init.zeek diff --git a/testing/btest/language/record-ref-assign.bro b/testing/btest/language/record-ref-assign.zeek similarity index 100% rename from testing/btest/language/record-ref-assign.bro rename to testing/btest/language/record-ref-assign.zeek diff --git a/testing/btest/language/record-type-checking.bro b/testing/btest/language/record-type-checking.zeek similarity index 100% rename from testing/btest/language/record-type-checking.bro rename to testing/btest/language/record-type-checking.zeek diff --git a/testing/btest/language/redef-same-prefixtable-idx.bro b/testing/btest/language/redef-same-prefixtable-idx.zeek similarity index 100% rename from testing/btest/language/redef-same-prefixtable-idx.bro rename to testing/btest/language/redef-same-prefixtable-idx.zeek diff --git a/testing/btest/language/redef-vector.bro b/testing/btest/language/redef-vector.zeek similarity index 100% rename from testing/btest/language/redef-vector.bro rename to testing/btest/language/redef-vector.zeek diff --git a/testing/btest/language/returnwhen.bro b/testing/btest/language/returnwhen.zeek similarity index 100% rename from testing/btest/language/returnwhen.bro rename to testing/btest/language/returnwhen.zeek diff --git a/testing/btest/language/set-opt-record-index.bro b/testing/btest/language/set-opt-record-index.zeek similarity index 100% rename from testing/btest/language/set-opt-record-index.bro rename to testing/btest/language/set-opt-record-index.zeek diff --git a/testing/btest/language/set-type-checking.bro b/testing/btest/language/set-type-checking.zeek similarity index 100% rename from testing/btest/language/set-type-checking.bro rename to testing/btest/language/set-type-checking.zeek diff --git a/testing/btest/language/set.bro b/testing/btest/language/set.zeek similarity index 100% rename from testing/btest/language/set.bro rename to testing/btest/language/set.zeek diff --git a/testing/btest/language/short-circuit.bro b/testing/btest/language/short-circuit.zeek similarity index 100% rename from testing/btest/language/short-circuit.bro rename to testing/btest/language/short-circuit.zeek diff --git a/testing/btest/language/sizeof.bro b/testing/btest/language/sizeof.zeek similarity index 100% rename from testing/btest/language/sizeof.bro rename to testing/btest/language/sizeof.zeek diff --git a/testing/btest/language/smith-waterman-test.bro b/testing/btest/language/smith-waterman-test.zeek similarity index 100% rename from testing/btest/language/smith-waterman-test.bro rename to testing/btest/language/smith-waterman-test.zeek diff --git a/testing/btest/language/string-indexing.bro b/testing/btest/language/string-indexing.zeek similarity index 100% rename from testing/btest/language/string-indexing.bro rename to testing/btest/language/string-indexing.zeek diff --git a/testing/btest/language/string.bro b/testing/btest/language/string.zeek similarity index 100% rename from testing/btest/language/string.bro rename to testing/btest/language/string.zeek diff --git a/testing/btest/language/strings.bro b/testing/btest/language/strings.zeek similarity index 100% rename from testing/btest/language/strings.bro rename to testing/btest/language/strings.zeek diff --git a/testing/btest/language/subnet-errors.bro b/testing/btest/language/subnet-errors.zeek similarity index 100% rename from testing/btest/language/subnet-errors.bro rename to testing/btest/language/subnet-errors.zeek diff --git a/testing/btest/language/subnet.bro b/testing/btest/language/subnet.zeek similarity index 100% rename from testing/btest/language/subnet.bro rename to testing/btest/language/subnet.zeek diff --git a/testing/btest/language/switch-error-mixed.bro b/testing/btest/language/switch-error-mixed.zeek similarity index 100% rename from testing/btest/language/switch-error-mixed.bro rename to testing/btest/language/switch-error-mixed.zeek diff --git a/testing/btest/language/switch-incomplete.bro b/testing/btest/language/switch-incomplete.zeek similarity index 100% rename from testing/btest/language/switch-incomplete.bro rename to testing/btest/language/switch-incomplete.zeek diff --git a/testing/btest/language/switch-statement.bro b/testing/btest/language/switch-statement.zeek similarity index 100% rename from testing/btest/language/switch-statement.bro rename to testing/btest/language/switch-statement.zeek diff --git a/testing/btest/language/switch-types-error-duplicate.bro b/testing/btest/language/switch-types-error-duplicate.zeek similarity index 100% rename from testing/btest/language/switch-types-error-duplicate.bro rename to testing/btest/language/switch-types-error-duplicate.zeek diff --git a/testing/btest/language/switch-types-error-unsupported.bro b/testing/btest/language/switch-types-error-unsupported.zeek similarity index 100% rename from testing/btest/language/switch-types-error-unsupported.bro rename to testing/btest/language/switch-types-error-unsupported.zeek diff --git a/testing/btest/language/switch-types-vars.bro b/testing/btest/language/switch-types-vars.zeek similarity index 100% rename from testing/btest/language/switch-types-vars.bro rename to testing/btest/language/switch-types-vars.zeek diff --git a/testing/btest/language/switch-types.bro b/testing/btest/language/switch-types.zeek similarity index 100% rename from testing/btest/language/switch-types.bro rename to testing/btest/language/switch-types.zeek diff --git a/testing/btest/language/table-default-record.bro b/testing/btest/language/table-default-record.zeek similarity index 100% rename from testing/btest/language/table-default-record.bro rename to testing/btest/language/table-default-record.zeek diff --git a/testing/btest/language/table-init-attrs.bro b/testing/btest/language/table-init-attrs.zeek similarity index 100% rename from testing/btest/language/table-init-attrs.bro rename to testing/btest/language/table-init-attrs.zeek diff --git a/testing/btest/language/table-init-container-ctors.bro b/testing/btest/language/table-init-container-ctors.zeek similarity index 100% rename from testing/btest/language/table-init-container-ctors.bro rename to testing/btest/language/table-init-container-ctors.zeek diff --git a/testing/btest/language/table-init-record-idx.bro b/testing/btest/language/table-init-record-idx.zeek similarity index 100% rename from testing/btest/language/table-init-record-idx.bro rename to testing/btest/language/table-init-record-idx.zeek diff --git a/testing/btest/language/table-init.bro b/testing/btest/language/table-init.zeek similarity index 100% rename from testing/btest/language/table-init.bro rename to testing/btest/language/table-init.zeek diff --git a/testing/btest/language/table-redef.bro b/testing/btest/language/table-redef.zeek similarity index 100% rename from testing/btest/language/table-redef.bro rename to testing/btest/language/table-redef.zeek diff --git a/testing/btest/language/table-type-checking.bro b/testing/btest/language/table-type-checking.zeek similarity index 100% rename from testing/btest/language/table-type-checking.bro rename to testing/btest/language/table-type-checking.zeek diff --git a/testing/btest/language/table.bro b/testing/btest/language/table.zeek similarity index 100% rename from testing/btest/language/table.bro rename to testing/btest/language/table.zeek diff --git a/testing/btest/language/ternary-record-mismatch.bro b/testing/btest/language/ternary-record-mismatch.zeek similarity index 100% rename from testing/btest/language/ternary-record-mismatch.bro rename to testing/btest/language/ternary-record-mismatch.zeek diff --git a/testing/btest/language/time.bro b/testing/btest/language/time.zeek similarity index 100% rename from testing/btest/language/time.bro rename to testing/btest/language/time.zeek diff --git a/testing/btest/language/timeout.bro b/testing/btest/language/timeout.zeek similarity index 100% rename from testing/btest/language/timeout.bro rename to testing/btest/language/timeout.zeek diff --git a/testing/btest/language/type-cast-any.bro b/testing/btest/language/type-cast-any.zeek similarity index 100% rename from testing/btest/language/type-cast-any.bro rename to testing/btest/language/type-cast-any.zeek diff --git a/testing/btest/language/type-cast-error-dynamic.bro b/testing/btest/language/type-cast-error-dynamic.zeek similarity index 100% rename from testing/btest/language/type-cast-error-dynamic.bro rename to testing/btest/language/type-cast-error-dynamic.zeek diff --git a/testing/btest/language/type-cast-error-static.bro b/testing/btest/language/type-cast-error-static.zeek similarity index 100% rename from testing/btest/language/type-cast-error-static.bro rename to testing/btest/language/type-cast-error-static.zeek diff --git a/testing/btest/language/type-cast-same.bro b/testing/btest/language/type-cast-same.zeek similarity index 100% rename from testing/btest/language/type-cast-same.bro rename to testing/btest/language/type-cast-same.zeek diff --git a/testing/btest/language/type-check-any.bro b/testing/btest/language/type-check-any.zeek similarity index 100% rename from testing/btest/language/type-check-any.bro rename to testing/btest/language/type-check-any.zeek diff --git a/testing/btest/language/type-check-vector.bro b/testing/btest/language/type-check-vector.zeek similarity index 100% rename from testing/btest/language/type-check-vector.bro rename to testing/btest/language/type-check-vector.zeek diff --git a/testing/btest/language/type-type-error.bro b/testing/btest/language/type-type-error.zeek similarity index 100% rename from testing/btest/language/type-type-error.bro rename to testing/btest/language/type-type-error.zeek diff --git a/testing/btest/language/undefined-delete-field.bro b/testing/btest/language/undefined-delete-field.zeek similarity index 100% rename from testing/btest/language/undefined-delete-field.bro rename to testing/btest/language/undefined-delete-field.zeek diff --git a/testing/btest/language/uninitialized-local.bro b/testing/btest/language/uninitialized-local.zeek similarity index 100% rename from testing/btest/language/uninitialized-local.bro rename to testing/btest/language/uninitialized-local.zeek diff --git a/testing/btest/language/uninitialized-local2.bro b/testing/btest/language/uninitialized-local2.zeek similarity index 100% rename from testing/btest/language/uninitialized-local2.bro rename to testing/btest/language/uninitialized-local2.zeek diff --git a/testing/btest/language/vector-any-append.bro b/testing/btest/language/vector-any-append.zeek similarity index 100% rename from testing/btest/language/vector-any-append.bro rename to testing/btest/language/vector-any-append.zeek diff --git a/testing/btest/language/vector-coerce-expr.bro b/testing/btest/language/vector-coerce-expr.zeek similarity index 100% rename from testing/btest/language/vector-coerce-expr.bro rename to testing/btest/language/vector-coerce-expr.zeek diff --git a/testing/btest/language/vector-in-operator.bro b/testing/btest/language/vector-in-operator.zeek similarity index 100% rename from testing/btest/language/vector-in-operator.bro rename to testing/btest/language/vector-in-operator.zeek diff --git a/testing/btest/language/vector-list-init-records.bro b/testing/btest/language/vector-list-init-records.zeek similarity index 100% rename from testing/btest/language/vector-list-init-records.bro rename to testing/btest/language/vector-list-init-records.zeek diff --git a/testing/btest/language/vector-type-checking.bro b/testing/btest/language/vector-type-checking.zeek similarity index 100% rename from testing/btest/language/vector-type-checking.bro rename to testing/btest/language/vector-type-checking.zeek diff --git a/testing/btest/language/vector-unspecified.bro b/testing/btest/language/vector-unspecified.zeek similarity index 100% rename from testing/btest/language/vector-unspecified.bro rename to testing/btest/language/vector-unspecified.zeek diff --git a/testing/btest/language/vector.bro b/testing/btest/language/vector.zeek similarity index 100% rename from testing/btest/language/vector.bro rename to testing/btest/language/vector.zeek diff --git a/testing/btest/language/when-unitialized-rhs.bro b/testing/btest/language/when-unitialized-rhs.zeek similarity index 100% rename from testing/btest/language/when-unitialized-rhs.bro rename to testing/btest/language/when-unitialized-rhs.zeek diff --git a/testing/btest/language/when.bro b/testing/btest/language/when.zeek similarity index 100% rename from testing/btest/language/when.bro rename to testing/btest/language/when.zeek diff --git a/testing/btest/language/while.bro b/testing/btest/language/while.zeek similarity index 100% rename from testing/btest/language/while.bro rename to testing/btest/language/while.zeek diff --git a/testing/btest/language/wrong-delete-field.bro b/testing/btest/language/wrong-delete-field.zeek similarity index 100% rename from testing/btest/language/wrong-delete-field.bro rename to testing/btest/language/wrong-delete-field.zeek diff --git a/testing/btest/language/wrong-record-extension.bro b/testing/btest/language/wrong-record-extension.zeek similarity index 100% rename from testing/btest/language/wrong-record-extension.bro rename to testing/btest/language/wrong-record-extension.zeek diff --git a/testing/btest/plugins/file.bro b/testing/btest/plugins/file.zeek similarity index 100% rename from testing/btest/plugins/file.bro rename to testing/btest/plugins/file.zeek diff --git a/testing/btest/plugins/hooks.bro b/testing/btest/plugins/hooks.zeek similarity index 100% rename from testing/btest/plugins/hooks.bro rename to testing/btest/plugins/hooks.zeek diff --git a/testing/btest/plugins/init-plugin.bro b/testing/btest/plugins/init-plugin.zeek similarity index 100% rename from testing/btest/plugins/init-plugin.bro rename to testing/btest/plugins/init-plugin.zeek diff --git a/testing/btest/plugins/logging-hooks.bro b/testing/btest/plugins/logging-hooks.zeek similarity index 100% rename from testing/btest/plugins/logging-hooks.bro rename to testing/btest/plugins/logging-hooks.zeek diff --git a/testing/btest/plugins/pktdumper.bro b/testing/btest/plugins/pktdumper.zeek similarity index 100% rename from testing/btest/plugins/pktdumper.bro rename to testing/btest/plugins/pktdumper.zeek diff --git a/testing/btest/plugins/pktsrc.bro b/testing/btest/plugins/pktsrc.zeek similarity index 100% rename from testing/btest/plugins/pktsrc.bro rename to testing/btest/plugins/pktsrc.zeek diff --git a/testing/btest/plugins/plugin-nopatchversion.bro b/testing/btest/plugins/plugin-nopatchversion.zeek similarity index 100% rename from testing/btest/plugins/plugin-nopatchversion.bro rename to testing/btest/plugins/plugin-nopatchversion.zeek diff --git a/testing/btest/plugins/plugin-withpatchversion.bro b/testing/btest/plugins/plugin-withpatchversion.zeek similarity index 100% rename from testing/btest/plugins/plugin-withpatchversion.bro rename to testing/btest/plugins/plugin-withpatchversion.zeek diff --git a/testing/btest/plugins/protocol-plugin/scripts/Demo/Foo/base/main.bro b/testing/btest/plugins/protocol-plugin/scripts/Demo/Foo/base/main.zeek similarity index 100% rename from testing/btest/plugins/protocol-plugin/scripts/Demo/Foo/base/main.bro rename to testing/btest/plugins/protocol-plugin/scripts/Demo/Foo/base/main.zeek diff --git a/testing/btest/plugins/protocol.bro b/testing/btest/plugins/protocol.zeek similarity index 100% rename from testing/btest/plugins/protocol.bro rename to testing/btest/plugins/protocol.zeek diff --git a/testing/btest/plugins/reader.bro b/testing/btest/plugins/reader.zeek similarity index 100% rename from testing/btest/plugins/reader.bro rename to testing/btest/plugins/reader.zeek diff --git a/testing/btest/plugins/reporter-hook.bro b/testing/btest/plugins/reporter-hook.zeek similarity index 100% rename from testing/btest/plugins/reporter-hook.bro rename to testing/btest/plugins/reporter-hook.zeek diff --git a/testing/btest/plugins/writer.bro b/testing/btest/plugins/writer.zeek similarity index 100% rename from testing/btest/plugins/writer.bro rename to testing/btest/plugins/writer.zeek diff --git a/testing/btest/scripts/base/files/data_event/basic.bro b/testing/btest/scripts/base/files/data_event/basic.zeek similarity index 100% rename from testing/btest/scripts/base/files/data_event/basic.bro rename to testing/btest/scripts/base/files/data_event/basic.zeek diff --git a/testing/btest/scripts/base/files/extract/limit.bro b/testing/btest/scripts/base/files/extract/limit.zeek similarity index 100% rename from testing/btest/scripts/base/files/extract/limit.bro rename to testing/btest/scripts/base/files/extract/limit.zeek diff --git a/testing/btest/scripts/base/files/unified2/alert.bro b/testing/btest/scripts/base/files/unified2/alert.zeek similarity index 100% rename from testing/btest/scripts/base/files/unified2/alert.bro rename to testing/btest/scripts/base/files/unified2/alert.zeek diff --git a/testing/btest/scripts/base/frameworks/analyzer/disable-analyzer.bro b/testing/btest/scripts/base/frameworks/analyzer/disable-analyzer.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/analyzer/disable-analyzer.bro rename to testing/btest/scripts/base/frameworks/analyzer/disable-analyzer.zeek diff --git a/testing/btest/scripts/base/frameworks/analyzer/enable-analyzer.bro b/testing/btest/scripts/base/frameworks/analyzer/enable-analyzer.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/analyzer/enable-analyzer.bro rename to testing/btest/scripts/base/frameworks/analyzer/enable-analyzer.zeek diff --git a/testing/btest/scripts/base/frameworks/analyzer/register-for-port.bro b/testing/btest/scripts/base/frameworks/analyzer/register-for-port.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/analyzer/register-for-port.bro rename to testing/btest/scripts/base/frameworks/analyzer/register-for-port.zeek diff --git a/testing/btest/scripts/base/frameworks/analyzer/schedule-analyzer.bro b/testing/btest/scripts/base/frameworks/analyzer/schedule-analyzer.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/analyzer/schedule-analyzer.bro rename to testing/btest/scripts/base/frameworks/analyzer/schedule-analyzer.zeek diff --git a/testing/btest/scripts/base/frameworks/cluster/custom_pool_exclusivity.bro b/testing/btest/scripts/base/frameworks/cluster/custom_pool_exclusivity.zeek similarity index 98% rename from testing/btest/scripts/base/frameworks/cluster/custom_pool_exclusivity.bro rename to testing/btest/scripts/base/frameworks/cluster/custom_pool_exclusivity.zeek index dc2558f2a4..6a9cb6ed00 100644 --- a/testing/btest/scripts/base/frameworks/cluster/custom_pool_exclusivity.bro +++ b/testing/btest/scripts/base/frameworks/cluster/custom_pool_exclusivity.zeek @@ -10,7 +10,7 @@ # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: btest-diff manager-1/.stdout -@TEST-START-FILE cluster-layout.bro +@TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], ["proxy-1"] = [$node_type=Cluster::PROXY, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1"], diff --git a/testing/btest/scripts/base/frameworks/cluster/custom_pool_limits.bro b/testing/btest/scripts/base/frameworks/cluster/custom_pool_limits.zeek similarity index 98% rename from testing/btest/scripts/base/frameworks/cluster/custom_pool_limits.bro rename to testing/btest/scripts/base/frameworks/cluster/custom_pool_limits.zeek index 08202bd727..fdc291ab35 100644 --- a/testing/btest/scripts/base/frameworks/cluster/custom_pool_limits.bro +++ b/testing/btest/scripts/base/frameworks/cluster/custom_pool_limits.zeek @@ -10,7 +10,7 @@ # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: btest-diff manager-1/.stdout -@TEST-START-FILE cluster-layout.bro +@TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], ["proxy-1"] = [$node_type=Cluster::PROXY, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1"], diff --git a/testing/btest/scripts/base/frameworks/cluster/forwarding.bro b/testing/btest/scripts/base/frameworks/cluster/forwarding.zeek similarity index 98% rename from testing/btest/scripts/base/frameworks/cluster/forwarding.bro rename to testing/btest/scripts/base/frameworks/cluster/forwarding.zeek index e62a2ced66..7c679277d4 100644 --- a/testing/btest/scripts/base/frameworks/cluster/forwarding.bro +++ b/testing/btest/scripts/base/frameworks/cluster/forwarding.zeek @@ -16,7 +16,7 @@ # @TEST-EXEC: btest-diff worker-1/.stdout # @TEST-EXEC: btest-diff worker-2/.stdout -@TEST-START-FILE cluster-layout.bro +@TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], ["proxy-1"] = [$node_type=Cluster::PROXY, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1"], diff --git a/testing/btest/scripts/base/frameworks/cluster/log_distribution.bro b/testing/btest/scripts/base/frameworks/cluster/log_distribution.zeek similarity index 98% rename from testing/btest/scripts/base/frameworks/cluster/log_distribution.bro rename to testing/btest/scripts/base/frameworks/cluster/log_distribution.zeek index 199e265674..375665356c 100644 --- a/testing/btest/scripts/base/frameworks/cluster/log_distribution.bro +++ b/testing/btest/scripts/base/frameworks/cluster/log_distribution.zeek @@ -11,7 +11,7 @@ # @TEST-EXEC: btest-diff logger-1/test.log # @TEST-EXEC: btest-diff logger-2/test.log -@TEST-START-FILE cluster-layout.bro +@TEST-START-FILE cluster-layout.zeek redef Cluster::manager_is_logger = F; redef Cluster::nodes = { diff --git a/testing/btest/scripts/base/frameworks/cluster/start-it-up-logger.bro b/testing/btest/scripts/base/frameworks/cluster/start-it-up-logger.zeek similarity index 98% rename from testing/btest/scripts/base/frameworks/cluster/start-it-up-logger.bro rename to testing/btest/scripts/base/frameworks/cluster/start-it-up-logger.zeek index d94875e858..c28f3f0fe3 100644 --- a/testing/btest/scripts/base/frameworks/cluster/start-it-up-logger.bro +++ b/testing/btest/scripts/base/frameworks/cluster/start-it-up-logger.zeek @@ -19,7 +19,7 @@ # @TEST-EXEC: btest-diff worker-1/.stdout # @TEST-EXEC: btest-diff worker-2/.stdout -@TEST-START-FILE cluster-layout.bro +@TEST-START-FILE cluster-layout.zeek redef Cluster::manager_is_logger = F; redef Cluster::nodes = { ["logger-1"] = [$node_type=Cluster::LOGGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], diff --git a/testing/btest/scripts/base/frameworks/cluster/start-it-up.bro b/testing/btest/scripts/base/frameworks/cluster/start-it-up.zeek similarity index 98% rename from testing/btest/scripts/base/frameworks/cluster/start-it-up.bro rename to testing/btest/scripts/base/frameworks/cluster/start-it-up.zeek index eee6c29215..4580183d6f 100644 --- a/testing/btest/scripts/base/frameworks/cluster/start-it-up.bro +++ b/testing/btest/scripts/base/frameworks/cluster/start-it-up.zeek @@ -16,7 +16,7 @@ # @TEST-EXEC: btest-diff worker-1/.stdout # @TEST-EXEC: btest-diff worker-2/.stdout -@TEST-START-FILE cluster-layout.bro +@TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], ["proxy-1"] = [$node_type=Cluster::PROXY, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1"], diff --git a/testing/btest/scripts/base/frameworks/cluster/topic_distribution.bro b/testing/btest/scripts/base/frameworks/cluster/topic_distribution.zeek similarity index 98% rename from testing/btest/scripts/base/frameworks/cluster/topic_distribution.bro rename to testing/btest/scripts/base/frameworks/cluster/topic_distribution.zeek index 317a38fbaa..94a78e5304 100644 --- a/testing/btest/scripts/base/frameworks/cluster/topic_distribution.bro +++ b/testing/btest/scripts/base/frameworks/cluster/topic_distribution.zeek @@ -10,7 +10,7 @@ # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: btest-diff manager-1/.stdout -@TEST-START-FILE cluster-layout.bro +@TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], ["proxy-1"] = [$node_type=Cluster::PROXY, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1"], diff --git a/testing/btest/scripts/base/frameworks/cluster/topic_distribution_bifs.bro b/testing/btest/scripts/base/frameworks/cluster/topic_distribution_bifs.zeek similarity index 98% rename from testing/btest/scripts/base/frameworks/cluster/topic_distribution_bifs.bro rename to testing/btest/scripts/base/frameworks/cluster/topic_distribution_bifs.zeek index 35ed52f883..a0b98aeb39 100644 --- a/testing/btest/scripts/base/frameworks/cluster/topic_distribution_bifs.bro +++ b/testing/btest/scripts/base/frameworks/cluster/topic_distribution_bifs.zeek @@ -12,7 +12,7 @@ # @TEST-EXEC: btest-diff proxy-1/.stdout # @TEST-EXEC: btest-diff proxy-2/.stdout -@TEST-START-FILE cluster-layout.bro +@TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], ["proxy-1"] = [$node_type=Cluster::PROXY, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1"], diff --git a/testing/btest/scripts/base/frameworks/config/basic.bro b/testing/btest/scripts/base/frameworks/config/basic.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/config/basic.bro rename to testing/btest/scripts/base/frameworks/config/basic.zeek diff --git a/testing/btest/scripts/base/frameworks/config/basic_cluster.bro b/testing/btest/scripts/base/frameworks/config/basic_cluster.zeek similarity index 98% rename from testing/btest/scripts/base/frameworks/config/basic_cluster.bro rename to testing/btest/scripts/base/frameworks/config/basic_cluster.zeek index 99f1de8aeb..866901e752 100644 --- a/testing/btest/scripts/base/frameworks/config/basic_cluster.bro +++ b/testing/btest/scripts/base/frameworks/config/basic_cluster.zeek @@ -15,7 +15,7 @@ @load base/frameworks/config -@TEST-START-FILE cluster-layout.bro +@TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], ["worker-1"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1", $interface="eth0"], diff --git a/testing/btest/scripts/base/frameworks/config/cluster_resend.bro b/testing/btest/scripts/base/frameworks/config/cluster_resend.zeek similarity index 98% rename from testing/btest/scripts/base/frameworks/config/cluster_resend.bro rename to testing/btest/scripts/base/frameworks/config/cluster_resend.zeek index c66d5b2ba2..6390eda2c0 100644 --- a/testing/btest/scripts/base/frameworks/config/cluster_resend.bro +++ b/testing/btest/scripts/base/frameworks/config/cluster_resend.zeek @@ -19,7 +19,7 @@ @load base/frameworks/config -@TEST-START-FILE cluster-layout.bro +@TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], ["worker-1"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1", $interface="eth0"], diff --git a/testing/btest/scripts/base/frameworks/config/read_config.bro b/testing/btest/scripts/base/frameworks/config/read_config.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/config/read_config.bro rename to testing/btest/scripts/base/frameworks/config/read_config.zeek diff --git a/testing/btest/scripts/base/frameworks/config/read_config_cluster.bro b/testing/btest/scripts/base/frameworks/config/read_config_cluster.zeek similarity index 98% rename from testing/btest/scripts/base/frameworks/config/read_config_cluster.bro rename to testing/btest/scripts/base/frameworks/config/read_config_cluster.zeek index 3f77a0fdc3..c5b9bcdbb5 100644 --- a/testing/btest/scripts/base/frameworks/config/read_config_cluster.bro +++ b/testing/btest/scripts/base/frameworks/config/read_config_cluster.zeek @@ -15,7 +15,7 @@ @load base/frameworks/config -@TEST-START-FILE cluster-layout.bro +@TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], ["worker-1"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1", $interface="eth0"], diff --git a/testing/btest/scripts/base/frameworks/config/several-files.bro b/testing/btest/scripts/base/frameworks/config/several-files.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/config/several-files.bro rename to testing/btest/scripts/base/frameworks/config/several-files.zeek diff --git a/testing/btest/scripts/base/frameworks/config/updates.bro b/testing/btest/scripts/base/frameworks/config/updates.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/config/updates.bro rename to testing/btest/scripts/base/frameworks/config/updates.zeek diff --git a/testing/btest/scripts/base/frameworks/config/weird.bro b/testing/btest/scripts/base/frameworks/config/weird.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/config/weird.bro rename to testing/btest/scripts/base/frameworks/config/weird.zeek diff --git a/testing/btest/scripts/base/frameworks/control/configuration_update.bro b/testing/btest/scripts/base/frameworks/control/configuration_update.zeek similarity index 97% rename from testing/btest/scripts/base/frameworks/control/configuration_update.bro rename to testing/btest/scripts/base/frameworks/control/configuration_update.zeek index e90151bcbb..f0bbc6c907 100644 --- a/testing/btest/scripts/base/frameworks/control/configuration_update.bro +++ b/testing/btest/scripts/base/frameworks/control/configuration_update.zeek @@ -7,7 +7,7 @@ const test_var = "ORIGINAL VALUE (this should be printed out first)" &redef; -@TEST-START-FILE test-redef.bro +@TEST-START-FILE test-redef.zeek redef test_var = "NEW VALUE (this should be printed out second)"; @TEST-END-FILE diff --git a/testing/btest/scripts/base/frameworks/control/id_value.bro b/testing/btest/scripts/base/frameworks/control/id_value.zeek similarity index 95% rename from testing/btest/scripts/base/frameworks/control/id_value.bro rename to testing/btest/scripts/base/frameworks/control/id_value.zeek index 2528b28c25..a557f6487e 100644 --- a/testing/btest/scripts/base/frameworks/control/id_value.bro +++ b/testing/btest/scripts/base/frameworks/control/id_value.zeek @@ -8,7 +8,7 @@ # This value shouldn't ever be printed to the controllers stdout. const test_var = "Original value" &redef; -@TEST-START-FILE only-for-controllee.bro +@TEST-START-FILE only-for-controllee.zeek # This is only loaded on the controllee, but it's sent to the controller # and should be printed there. redef test_var = "This is the value from the controllee"; diff --git a/testing/btest/scripts/base/frameworks/control/shutdown.bro b/testing/btest/scripts/base/frameworks/control/shutdown.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/control/shutdown.bro rename to testing/btest/scripts/base/frameworks/control/shutdown.zeek diff --git a/testing/btest/scripts/base/frameworks/file-analysis/actions/data_event.bro b/testing/btest/scripts/base/frameworks/file-analysis/actions/data_event.zeek similarity index 84% rename from testing/btest/scripts/base/frameworks/file-analysis/actions/data_event.bro rename to testing/btest/scripts/base/frameworks/file-analysis/actions/data_event.zeek index bcecbd8aa3..919d3b62c6 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/actions/data_event.bro +++ b/testing/btest/scripts/base/frameworks/file-analysis/actions/data_event.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.bro %INPUT >out +# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out redef test_print_file_data_events = T; diff --git a/testing/btest/scripts/base/frameworks/file-analysis/bifs/file_exists_lookup_file.bro b/testing/btest/scripts/base/frameworks/file-analysis/bifs/file_exists_lookup_file.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/file-analysis/bifs/file_exists_lookup_file.bro rename to testing/btest/scripts/base/frameworks/file-analysis/bifs/file_exists_lookup_file.zeek diff --git a/testing/btest/scripts/base/frameworks/file-analysis/bifs/register_mime_type.bro b/testing/btest/scripts/base/frameworks/file-analysis/bifs/register_mime_type.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/file-analysis/bifs/register_mime_type.bro rename to testing/btest/scripts/base/frameworks/file-analysis/bifs/register_mime_type.zeek diff --git a/testing/btest/scripts/base/frameworks/file-analysis/bifs/remove_action.bro b/testing/btest/scripts/base/frameworks/file-analysis/bifs/remove_action.zeek similarity index 94% rename from testing/btest/scripts/base/frameworks/file-analysis/bifs/remove_action.bro rename to testing/btest/scripts/base/frameworks/file-analysis/bifs/remove_action.zeek index a3704618bd..2c6f0a3d07 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/bifs/remove_action.bro +++ b/testing/btest/scripts/base/frameworks/file-analysis/bifs/remove_action.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.bro %INPUT >get.out +# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT >get.out # @TEST-EXEC: btest-diff get.out redef test_file_analysis_source = "HTTP"; diff --git a/testing/btest/scripts/base/frameworks/file-analysis/bifs/set_timeout_interval.bro b/testing/btest/scripts/base/frameworks/file-analysis/bifs/set_timeout_interval.zeek similarity index 92% rename from testing/btest/scripts/base/frameworks/file-analysis/bifs/set_timeout_interval.bro rename to testing/btest/scripts/base/frameworks/file-analysis/bifs/set_timeout_interval.zeek index c9eac4c31d..c44b1ec66b 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/bifs/set_timeout_interval.bro +++ b/testing/btest/scripts/base/frameworks/file-analysis/bifs/set_timeout_interval.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -r $TRACES/http/206_example_b.pcap $SCRIPTS/file-analysis-test.bro %INPUT +# @TEST-EXEC: btest-bg-run bro bro -r $TRACES/http/206_example_b.pcap $SCRIPTS/file-analysis-test.zeek %INPUT # @TEST-EXEC: btest-bg-wait 8 # @TEST-EXEC: btest-diff bro/.stdout diff --git a/testing/btest/scripts/base/frameworks/file-analysis/bifs/stop.bro b/testing/btest/scripts/base/frameworks/file-analysis/bifs/stop.zeek similarity index 86% rename from testing/btest/scripts/base/frameworks/file-analysis/bifs/stop.bro rename to testing/btest/scripts/base/frameworks/file-analysis/bifs/stop.zeek index dd40c69684..cfd2e0c67b 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/bifs/stop.bro +++ b/testing/btest/scripts/base/frameworks/file-analysis/bifs/stop.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.bro %INPUT >get.out +# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT >get.out # @TEST-EXEC: btest-diff get.out # @TEST-EXEC: test ! -s Cx92a0ym5R8-file diff --git a/testing/btest/scripts/base/frameworks/file-analysis/big-bof-buffer.bro b/testing/btest/scripts/base/frameworks/file-analysis/big-bof-buffer.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/file-analysis/big-bof-buffer.bro rename to testing/btest/scripts/base/frameworks/file-analysis/big-bof-buffer.zeek diff --git a/testing/btest/scripts/base/frameworks/file-analysis/byteranges.bro b/testing/btest/scripts/base/frameworks/file-analysis/byteranges.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/file-analysis/byteranges.bro rename to testing/btest/scripts/base/frameworks/file-analysis/byteranges.zeek diff --git a/testing/btest/scripts/base/frameworks/file-analysis/ftp.bro b/testing/btest/scripts/base/frameworks/file-analysis/ftp.zeek similarity index 91% rename from testing/btest/scripts/base/frameworks/file-analysis/ftp.bro rename to testing/btest/scripts/base/frameworks/file-analysis/ftp.zeek index 2c2da188fe..a25fde74e5 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/ftp.bro +++ b/testing/btest/scripts/base/frameworks/file-analysis/ftp.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/ftp/retr.trace $SCRIPTS/file-analysis-test.bro %INPUT >out +# @TEST-EXEC: bro -r $TRACES/ftp/retr.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff thefile diff --git a/testing/btest/scripts/base/frameworks/file-analysis/http/get.bro b/testing/btest/scripts/base/frameworks/file-analysis/http/get.zeek similarity index 84% rename from testing/btest/scripts/base/frameworks/file-analysis/http/get.bro rename to testing/btest/scripts/base/frameworks/file-analysis/http/get.zeek index f7f4a0395b..d90e08e08b 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/http/get.bro +++ b/testing/btest/scripts/base/frameworks/file-analysis/http/get.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.bro %INPUT c=1 >get.out -# @TEST-EXEC: bro -r $TRACES/http/get-gzip.trace $SCRIPTS/file-analysis-test.bro %INPUT c=2 >get-gzip.out +# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT c=1 >get.out +# @TEST-EXEC: bro -r $TRACES/http/get-gzip.trace $SCRIPTS/file-analysis-test.zeek %INPUT c=2 >get-gzip.out # @TEST-EXEC: btest-diff get.out # @TEST-EXEC: btest-diff get-gzip.out # @TEST-EXEC: btest-diff 1-file diff --git a/testing/btest/scripts/base/frameworks/file-analysis/http/multipart.bro b/testing/btest/scripts/base/frameworks/file-analysis/http/multipart.zeek similarity index 92% rename from testing/btest/scripts/base/frameworks/file-analysis/http/multipart.bro rename to testing/btest/scripts/base/frameworks/file-analysis/http/multipart.zeek index 57fe2348c2..400b787b52 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/http/multipart.bro +++ b/testing/btest/scripts/base/frameworks/file-analysis/http/multipart.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/multipart.trace $SCRIPTS/file-analysis-test.bro %INPUT >out +# @TEST-EXEC: bro -r $TRACES/http/multipart.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff 1-file # @TEST-EXEC: btest-diff 2-file diff --git a/testing/btest/scripts/base/frameworks/file-analysis/http/partial-content.bro b/testing/btest/scripts/base/frameworks/file-analysis/http/partial-content.zeek similarity index 87% rename from testing/btest/scripts/base/frameworks/file-analysis/http/partial-content.bro rename to testing/btest/scripts/base/frameworks/file-analysis/http/partial-content.zeek index 93443f0ca8..bb5ef7f800 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/http/partial-content.bro +++ b/testing/btest/scripts/base/frameworks/file-analysis/http/partial-content.zeek @@ -1,14 +1,14 @@ -# @TEST-EXEC: bro -r $TRACES/http/206_example_a.pcap $SCRIPTS/file-analysis-test.bro %INPUT >a.out +# @TEST-EXEC: bro -r $TRACES/http/206_example_a.pcap $SCRIPTS/file-analysis-test.zeek %INPUT >a.out # @TEST-EXEC: btest-diff a.out # @TEST-EXEC: wc -c file-0 | sed 's/^[ \t]* //g' >a.size # @TEST-EXEC: btest-diff a.size -# @TEST-EXEC: bro -r $TRACES/http/206_example_b.pcap $SCRIPTS/file-analysis-test.bro %INPUT >b.out +# @TEST-EXEC: bro -r $TRACES/http/206_example_b.pcap $SCRIPTS/file-analysis-test.zeek %INPUT >b.out # @TEST-EXEC: btest-diff b.out # @TEST-EXEC: wc -c file-0 | sed 's/^[ \t]* //g' >b.size # @TEST-EXEC: btest-diff b.size -# @TEST-EXEC: bro -r $TRACES/http/206_example_c.pcap $SCRIPTS/file-analysis-test.bro %INPUT >c.out +# @TEST-EXEC: bro -r $TRACES/http/206_example_c.pcap $SCRIPTS/file-analysis-test.zeek %INPUT >c.out # @TEST-EXEC: btest-diff c.out # @TEST-EXEC: wc -c file-0 | sed 's/^[ \t]* //g' >c.size # @TEST-EXEC: btest-diff c.size diff --git a/testing/btest/scripts/base/frameworks/file-analysis/http/pipeline.bro b/testing/btest/scripts/base/frameworks/file-analysis/http/pipeline.zeek similarity index 90% rename from testing/btest/scripts/base/frameworks/file-analysis/http/pipeline.bro rename to testing/btest/scripts/base/frameworks/file-analysis/http/pipeline.zeek index 36743a8bad..cdd69b84a9 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/http/pipeline.bro +++ b/testing/btest/scripts/base/frameworks/file-analysis/http/pipeline.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/pipelined-requests.trace $SCRIPTS/file-analysis-test.bro %INPUT >out +# @TEST-EXEC: bro -r $TRACES/http/pipelined-requests.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff 1-file # @TEST-EXEC: btest-diff 2-file diff --git a/testing/btest/scripts/base/frameworks/file-analysis/http/post.bro b/testing/btest/scripts/base/frameworks/file-analysis/http/post.zeek similarity index 92% rename from testing/btest/scripts/base/frameworks/file-analysis/http/post.bro rename to testing/btest/scripts/base/frameworks/file-analysis/http/post.zeek index 79ac1cb5c1..75efb27781 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/http/post.bro +++ b/testing/btest/scripts/base/frameworks/file-analysis/http/post.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/post.trace $SCRIPTS/file-analysis-test.bro %INPUT >out +# @TEST-EXEC: bro -r $TRACES/http/post.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff 1-file # @TEST-EXEC: btest-diff 2-file diff --git a/testing/btest/scripts/base/frameworks/file-analysis/input/basic.bro b/testing/btest/scripts/base/frameworks/file-analysis/input/basic.zeek similarity index 98% rename from testing/btest/scripts/base/frameworks/file-analysis/input/basic.bro rename to testing/btest/scripts/base/frameworks/file-analysis/input/basic.zeek index 053341c840..27be2b943c 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/input/basic.bro +++ b/testing/btest/scripts/base/frameworks/file-analysis/input/basic.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b $SCRIPTS/file-analysis-test.bro %INPUT +# @TEST-EXEC: btest-bg-run bro bro -b $SCRIPTS/file-analysis-test.zeek %INPUT # @TEST-EXEC: btest-bg-wait 8 # @TEST-EXEC: btest-diff bro/.stdout # @TEST-EXEC: diff -q bro/FK8WqY1Q9U1rVxnDge-file input.log diff --git a/testing/btest/scripts/base/frameworks/file-analysis/irc.bro b/testing/btest/scripts/base/frameworks/file-analysis/irc.zeek similarity index 92% rename from testing/btest/scripts/base/frameworks/file-analysis/irc.bro rename to testing/btest/scripts/base/frameworks/file-analysis/irc.zeek index 9fd8e06613..a1fd1e36d5 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/irc.bro +++ b/testing/btest/scripts/base/frameworks/file-analysis/irc.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace $SCRIPTS/file-analysis-test.bro %INPUT >out +# @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff thefile diff --git a/testing/btest/scripts/base/frameworks/file-analysis/logging.bro b/testing/btest/scripts/base/frameworks/file-analysis/logging.zeek similarity index 92% rename from testing/btest/scripts/base/frameworks/file-analysis/logging.bro rename to testing/btest/scripts/base/frameworks/file-analysis/logging.zeek index 1d1f5fd721..597f8a26bb 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/logging.bro +++ b/testing/btest/scripts/base/frameworks/file-analysis/logging.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.bro %INPUT +# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT # @TEST-EXEC: btest-diff files.log redef test_file_analysis_source = "HTTP"; diff --git a/testing/btest/scripts/base/frameworks/file-analysis/smtp.bro b/testing/btest/scripts/base/frameworks/file-analysis/smtp.zeek similarity index 95% rename from testing/btest/scripts/base/frameworks/file-analysis/smtp.bro rename to testing/btest/scripts/base/frameworks/file-analysis/smtp.zeek index 79b929c4cd..9edec8abc1 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/smtp.bro +++ b/testing/btest/scripts/base/frameworks/file-analysis/smtp.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smtp.trace $SCRIPTS/file-analysis-test.bro %INPUT >out +# @TEST-EXEC: bro -r $TRACES/smtp.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff thefile0 # @TEST-EXEC: btest-diff thefile1 diff --git a/testing/btest/scripts/base/frameworks/input/basic.bro b/testing/btest/scripts/base/frameworks/input/basic.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/basic.bro rename to testing/btest/scripts/base/frameworks/input/basic.zeek diff --git a/testing/btest/scripts/base/frameworks/input/bignumber.bro b/testing/btest/scripts/base/frameworks/input/bignumber.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/bignumber.bro rename to testing/btest/scripts/base/frameworks/input/bignumber.zeek diff --git a/testing/btest/scripts/base/frameworks/input/binary.bro b/testing/btest/scripts/base/frameworks/input/binary.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/binary.bro rename to testing/btest/scripts/base/frameworks/input/binary.zeek diff --git a/testing/btest/scripts/base/frameworks/input/config/basic.bro b/testing/btest/scripts/base/frameworks/input/config/basic.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/config/basic.bro rename to testing/btest/scripts/base/frameworks/input/config/basic.zeek diff --git a/testing/btest/scripts/base/frameworks/input/config/errors.bro b/testing/btest/scripts/base/frameworks/input/config/errors.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/config/errors.bro rename to testing/btest/scripts/base/frameworks/input/config/errors.zeek diff --git a/testing/btest/scripts/base/frameworks/input/config/spaces.bro b/testing/btest/scripts/base/frameworks/input/config/spaces.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/config/spaces.bro rename to testing/btest/scripts/base/frameworks/input/config/spaces.zeek diff --git a/testing/btest/scripts/base/frameworks/input/default.bro b/testing/btest/scripts/base/frameworks/input/default.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/default.bro rename to testing/btest/scripts/base/frameworks/input/default.zeek diff --git a/testing/btest/scripts/base/frameworks/input/empty-values-hashing.bro b/testing/btest/scripts/base/frameworks/input/empty-values-hashing.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/empty-values-hashing.bro rename to testing/btest/scripts/base/frameworks/input/empty-values-hashing.zeek diff --git a/testing/btest/scripts/base/frameworks/input/emptyvals.bro b/testing/btest/scripts/base/frameworks/input/emptyvals.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/emptyvals.bro rename to testing/btest/scripts/base/frameworks/input/emptyvals.zeek diff --git a/testing/btest/scripts/base/frameworks/input/errors.bro b/testing/btest/scripts/base/frameworks/input/errors.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/errors.bro rename to testing/btest/scripts/base/frameworks/input/errors.zeek diff --git a/testing/btest/scripts/base/frameworks/input/event.bro b/testing/btest/scripts/base/frameworks/input/event.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/event.bro rename to testing/btest/scripts/base/frameworks/input/event.zeek diff --git a/testing/btest/scripts/base/frameworks/input/invalid-lines.bro b/testing/btest/scripts/base/frameworks/input/invalid-lines.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/invalid-lines.bro rename to testing/btest/scripts/base/frameworks/input/invalid-lines.zeek diff --git a/testing/btest/scripts/base/frameworks/input/invalidnumbers.bro b/testing/btest/scripts/base/frameworks/input/invalidnumbers.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/invalidnumbers.bro rename to testing/btest/scripts/base/frameworks/input/invalidnumbers.zeek diff --git a/testing/btest/scripts/base/frameworks/input/invalidset.bro b/testing/btest/scripts/base/frameworks/input/invalidset.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/invalidset.bro rename to testing/btest/scripts/base/frameworks/input/invalidset.zeek diff --git a/testing/btest/scripts/base/frameworks/input/invalidtext.bro b/testing/btest/scripts/base/frameworks/input/invalidtext.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/invalidtext.bro rename to testing/btest/scripts/base/frameworks/input/invalidtext.zeek diff --git a/testing/btest/scripts/base/frameworks/input/missing-enum.bro b/testing/btest/scripts/base/frameworks/input/missing-enum.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/missing-enum.bro rename to testing/btest/scripts/base/frameworks/input/missing-enum.zeek diff --git a/testing/btest/scripts/base/frameworks/input/missing-file-initially.bro b/testing/btest/scripts/base/frameworks/input/missing-file-initially.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/missing-file-initially.bro rename to testing/btest/scripts/base/frameworks/input/missing-file-initially.zeek diff --git a/testing/btest/scripts/base/frameworks/input/missing-file.bro b/testing/btest/scripts/base/frameworks/input/missing-file.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/missing-file.bro rename to testing/btest/scripts/base/frameworks/input/missing-file.zeek diff --git a/testing/btest/scripts/base/frameworks/input/onecolumn-norecord.bro b/testing/btest/scripts/base/frameworks/input/onecolumn-norecord.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/onecolumn-norecord.bro rename to testing/btest/scripts/base/frameworks/input/onecolumn-norecord.zeek diff --git a/testing/btest/scripts/base/frameworks/input/onecolumn-record.bro b/testing/btest/scripts/base/frameworks/input/onecolumn-record.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/onecolumn-record.bro rename to testing/btest/scripts/base/frameworks/input/onecolumn-record.zeek diff --git a/testing/btest/scripts/base/frameworks/input/optional.bro b/testing/btest/scripts/base/frameworks/input/optional.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/optional.bro rename to testing/btest/scripts/base/frameworks/input/optional.zeek diff --git a/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-prefix.bro b/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-prefix.zeek similarity index 92% rename from testing/btest/scripts/base/frameworks/input/path-prefix/absolute-prefix.bro rename to testing/btest/scripts/base/frameworks/input/path-prefix/absolute-prefix.zeek index df8a68613d..68805679a9 100644 --- a/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-prefix.bro +++ b/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-prefix.zeek @@ -19,7 +19,7 @@ 127.0.3.3 value @TEST-END-FILE -@load path-prefix-common-table.bro +@load path-prefix-common-table.zeek redef InputAscii::path_prefix = "@path_prefix@"; event bro_init() @@ -32,7 +32,7 @@ event bro_init() # # The same test, but using event streams for input. -@load path-prefix-common-event.bro +@load path-prefix-common-event.zeek redef InputAscii::path_prefix = "@path_prefix@"; event bro_init() @@ -45,7 +45,7 @@ event bro_init() # # The same test again, but using file analysis w/ binary readers. -@load path-prefix-common-analysis.bro +@load path-prefix-common-analysis.zeek redef InputBinary::path_prefix = "@path_prefix@"; event bro_init() diff --git a/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-source.bro b/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-source.zeek similarity index 91% rename from testing/btest/scripts/base/frameworks/input/path-prefix/absolute-source.bro rename to testing/btest/scripts/base/frameworks/input/path-prefix/absolute-source.zeek index 06d711a5e8..238150ffef 100644 --- a/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-source.bro +++ b/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-source.zeek @@ -13,7 +13,7 @@ 127.0.4.3 value @TEST-END-FILE -@load path-prefix-common-table.bro +@load path-prefix-common-table.zeek redef InputAscii::path_prefix = "/this/does/not/exist"; event bro_init() @@ -26,7 +26,7 @@ event bro_init() # # The same test, but using event streams for input. -@load path-prefix-common-event.bro +@load path-prefix-common-event.zeek redef InputAscii::path_prefix = "/this/does/not/exist"; event bro_init() @@ -39,7 +39,7 @@ event bro_init() # # The same test again, but using file analysis w/ binary readers. -@load path-prefix-common-analysis.bro +@load path-prefix-common-analysis.zeek redef InputBinary::path_prefix = "/this/does/not/exist"; event bro_init() diff --git a/testing/btest/scripts/base/frameworks/input/path-prefix/no-paths.bro b/testing/btest/scripts/base/frameworks/input/path-prefix/no-paths.zeek similarity index 89% rename from testing/btest/scripts/base/frameworks/input/path-prefix/no-paths.bro rename to testing/btest/scripts/base/frameworks/input/path-prefix/no-paths.zeek index dd38fd7796..ed1cccbda8 100644 --- a/testing/btest/scripts/base/frameworks/input/path-prefix/no-paths.bro +++ b/testing/btest/scripts/base/frameworks/input/path-prefix/no-paths.zeek @@ -11,7 +11,7 @@ 127.0.0.3 value @TEST-END-FILE -@load path-prefix-common-table.bro +@load path-prefix-common-table.zeek event bro_init() { @@ -23,7 +23,7 @@ event bro_init() # # The same test, but using event streams for input. -@load path-prefix-common-event.bro +@load path-prefix-common-event.zeek event bro_init() { @@ -35,7 +35,7 @@ event bro_init() # # The same test again, but using file analysis w/ binary readers. -@load path-prefix-common-analysis.bro +@load path-prefix-common-analysis.zeek event bro_init() { diff --git a/testing/btest/scripts/base/frameworks/input/path-prefix/path-prefix-common-analysis.bro b/testing/btest/scripts/base/frameworks/input/path-prefix/path-prefix-common-analysis.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/path-prefix/path-prefix-common-analysis.bro rename to testing/btest/scripts/base/frameworks/input/path-prefix/path-prefix-common-analysis.zeek diff --git a/testing/btest/scripts/base/frameworks/input/path-prefix/path-prefix-common-event.bro b/testing/btest/scripts/base/frameworks/input/path-prefix/path-prefix-common-event.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/path-prefix/path-prefix-common-event.bro rename to testing/btest/scripts/base/frameworks/input/path-prefix/path-prefix-common-event.zeek diff --git a/testing/btest/scripts/base/frameworks/input/path-prefix/path-prefix-common-table.bro b/testing/btest/scripts/base/frameworks/input/path-prefix/path-prefix-common-table.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/path-prefix/path-prefix-common-table.bro rename to testing/btest/scripts/base/frameworks/input/path-prefix/path-prefix-common-table.zeek diff --git a/testing/btest/scripts/base/frameworks/input/path-prefix/relative-prefix.bro b/testing/btest/scripts/base/frameworks/input/path-prefix/relative-prefix.zeek similarity index 91% rename from testing/btest/scripts/base/frameworks/input/path-prefix/relative-prefix.bro rename to testing/btest/scripts/base/frameworks/input/path-prefix/relative-prefix.zeek index 52ae233289..8706ade3f5 100644 --- a/testing/btest/scripts/base/frameworks/input/path-prefix/relative-prefix.bro +++ b/testing/btest/scripts/base/frameworks/input/path-prefix/relative-prefix.zeek @@ -13,7 +13,7 @@ 127.0.1.3 value @TEST-END-FILE -@load path-prefix-common-table.bro +@load path-prefix-common-table.zeek redef InputAscii::path_prefix = "alternative"; event bro_init() @@ -26,7 +26,7 @@ event bro_init() # # The same test, but using event streams for input. -@load path-prefix-common-event.bro +@load path-prefix-common-event.zeek redef InputAscii::path_prefix = "alternative"; event bro_init() @@ -39,7 +39,7 @@ event bro_init() # # The same test again, but using file analysis w/ binary readers. -@load path-prefix-common-analysis.bro +@load path-prefix-common-analysis.zeek redef InputBinary::path_prefix = "alternative"; event bro_init() diff --git a/testing/btest/scripts/base/frameworks/input/port-embedded.bro b/testing/btest/scripts/base/frameworks/input/port-embedded.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/port-embedded.bro rename to testing/btest/scripts/base/frameworks/input/port-embedded.zeek diff --git a/testing/btest/scripts/base/frameworks/input/port.bro b/testing/btest/scripts/base/frameworks/input/port.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/port.bro rename to testing/btest/scripts/base/frameworks/input/port.zeek diff --git a/testing/btest/scripts/base/frameworks/input/predicate-stream.bro b/testing/btest/scripts/base/frameworks/input/predicate-stream.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/predicate-stream.bro rename to testing/btest/scripts/base/frameworks/input/predicate-stream.zeek diff --git a/testing/btest/scripts/base/frameworks/input/predicate.bro b/testing/btest/scripts/base/frameworks/input/predicate.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/predicate.bro rename to testing/btest/scripts/base/frameworks/input/predicate.zeek diff --git a/testing/btest/scripts/base/frameworks/input/predicatemodify.bro b/testing/btest/scripts/base/frameworks/input/predicatemodify.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/predicatemodify.bro rename to testing/btest/scripts/base/frameworks/input/predicatemodify.zeek diff --git a/testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.bro b/testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.bro rename to testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.zeek diff --git a/testing/btest/scripts/base/frameworks/input/predicaterefusesecondsamerecord.bro b/testing/btest/scripts/base/frameworks/input/predicaterefusesecondsamerecord.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/predicaterefusesecondsamerecord.bro rename to testing/btest/scripts/base/frameworks/input/predicaterefusesecondsamerecord.zeek diff --git a/testing/btest/scripts/base/frameworks/input/raw/basic.bro b/testing/btest/scripts/base/frameworks/input/raw/basic.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/raw/basic.bro rename to testing/btest/scripts/base/frameworks/input/raw/basic.zeek diff --git a/testing/btest/scripts/base/frameworks/input/raw/execute.bro b/testing/btest/scripts/base/frameworks/input/raw/execute.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/raw/execute.bro rename to testing/btest/scripts/base/frameworks/input/raw/execute.zeek diff --git a/testing/btest/scripts/base/frameworks/input/raw/executestdin.bro b/testing/btest/scripts/base/frameworks/input/raw/executestdin.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/raw/executestdin.bro rename to testing/btest/scripts/base/frameworks/input/raw/executestdin.zeek diff --git a/testing/btest/scripts/base/frameworks/input/raw/executestream.bro b/testing/btest/scripts/base/frameworks/input/raw/executestream.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/raw/executestream.bro rename to testing/btest/scripts/base/frameworks/input/raw/executestream.zeek diff --git a/testing/btest/scripts/base/frameworks/input/raw/long.bro b/testing/btest/scripts/base/frameworks/input/raw/long.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/raw/long.bro rename to testing/btest/scripts/base/frameworks/input/raw/long.zeek diff --git a/testing/btest/scripts/base/frameworks/input/raw/offset.bro b/testing/btest/scripts/base/frameworks/input/raw/offset.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/raw/offset.bro rename to testing/btest/scripts/base/frameworks/input/raw/offset.zeek diff --git a/testing/btest/scripts/base/frameworks/input/raw/rereadraw.bro b/testing/btest/scripts/base/frameworks/input/raw/rereadraw.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/raw/rereadraw.bro rename to testing/btest/scripts/base/frameworks/input/raw/rereadraw.zeek diff --git a/testing/btest/scripts/base/frameworks/input/raw/stderr.bro b/testing/btest/scripts/base/frameworks/input/raw/stderr.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/raw/stderr.bro rename to testing/btest/scripts/base/frameworks/input/raw/stderr.zeek diff --git a/testing/btest/scripts/base/frameworks/input/raw/streamraw.bro b/testing/btest/scripts/base/frameworks/input/raw/streamraw.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/raw/streamraw.bro rename to testing/btest/scripts/base/frameworks/input/raw/streamraw.zeek diff --git a/testing/btest/scripts/base/frameworks/input/repeat.bro b/testing/btest/scripts/base/frameworks/input/repeat.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/repeat.bro rename to testing/btest/scripts/base/frameworks/input/repeat.zeek diff --git a/testing/btest/scripts/base/frameworks/input/reread.bro b/testing/btest/scripts/base/frameworks/input/reread.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/reread.bro rename to testing/btest/scripts/base/frameworks/input/reread.zeek diff --git a/testing/btest/scripts/base/frameworks/input/set.bro b/testing/btest/scripts/base/frameworks/input/set.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/set.bro rename to testing/btest/scripts/base/frameworks/input/set.zeek diff --git a/testing/btest/scripts/base/frameworks/input/setseparator.bro b/testing/btest/scripts/base/frameworks/input/setseparator.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/setseparator.bro rename to testing/btest/scripts/base/frameworks/input/setseparator.zeek diff --git a/testing/btest/scripts/base/frameworks/input/setspecialcases.bro b/testing/btest/scripts/base/frameworks/input/setspecialcases.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/setspecialcases.bro rename to testing/btest/scripts/base/frameworks/input/setspecialcases.zeek diff --git a/testing/btest/scripts/base/frameworks/input/sqlite/basic.bro b/testing/btest/scripts/base/frameworks/input/sqlite/basic.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/sqlite/basic.bro rename to testing/btest/scripts/base/frameworks/input/sqlite/basic.zeek diff --git a/testing/btest/scripts/base/frameworks/input/sqlite/error.bro b/testing/btest/scripts/base/frameworks/input/sqlite/error.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/sqlite/error.bro rename to testing/btest/scripts/base/frameworks/input/sqlite/error.zeek diff --git a/testing/btest/scripts/base/frameworks/input/sqlite/port.bro b/testing/btest/scripts/base/frameworks/input/sqlite/port.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/sqlite/port.bro rename to testing/btest/scripts/base/frameworks/input/sqlite/port.zeek diff --git a/testing/btest/scripts/base/frameworks/input/sqlite/types.bro b/testing/btest/scripts/base/frameworks/input/sqlite/types.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/sqlite/types.bro rename to testing/btest/scripts/base/frameworks/input/sqlite/types.zeek diff --git a/testing/btest/scripts/base/frameworks/input/stream.bro b/testing/btest/scripts/base/frameworks/input/stream.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/stream.bro rename to testing/btest/scripts/base/frameworks/input/stream.zeek diff --git a/testing/btest/scripts/base/frameworks/input/subrecord-event.bro b/testing/btest/scripts/base/frameworks/input/subrecord-event.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/subrecord-event.bro rename to testing/btest/scripts/base/frameworks/input/subrecord-event.zeek diff --git a/testing/btest/scripts/base/frameworks/input/subrecord.bro b/testing/btest/scripts/base/frameworks/input/subrecord.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/subrecord.bro rename to testing/btest/scripts/base/frameworks/input/subrecord.zeek diff --git a/testing/btest/scripts/base/frameworks/input/tableevent.bro b/testing/btest/scripts/base/frameworks/input/tableevent.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/tableevent.bro rename to testing/btest/scripts/base/frameworks/input/tableevent.zeek diff --git a/testing/btest/scripts/base/frameworks/input/twotables.bro b/testing/btest/scripts/base/frameworks/input/twotables.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/twotables.bro rename to testing/btest/scripts/base/frameworks/input/twotables.zeek diff --git a/testing/btest/scripts/base/frameworks/input/unsupported_types.bro b/testing/btest/scripts/base/frameworks/input/unsupported_types.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/unsupported_types.bro rename to testing/btest/scripts/base/frameworks/input/unsupported_types.zeek diff --git a/testing/btest/scripts/base/frameworks/input/windows.bro b/testing/btest/scripts/base/frameworks/input/windows.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/input/windows.bro rename to testing/btest/scripts/base/frameworks/input/windows.zeek diff --git a/testing/btest/scripts/base/frameworks/intel/cluster-transparency-with-proxy.bro b/testing/btest/scripts/base/frameworks/intel/cluster-transparency-with-proxy.zeek similarity index 98% rename from testing/btest/scripts/base/frameworks/intel/cluster-transparency-with-proxy.bro rename to testing/btest/scripts/base/frameworks/intel/cluster-transparency-with-proxy.zeek index b81cac9bac..98fc45c29d 100644 --- a/testing/btest/scripts/base/frameworks/intel/cluster-transparency-with-proxy.bro +++ b/testing/btest/scripts/base/frameworks/intel/cluster-transparency-with-proxy.zeek @@ -13,7 +13,7 @@ # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff worker-2/.stdout # @TEST-EXEC: btest-diff manager-1/intel.log -@TEST-START-FILE cluster-layout.bro +@TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], ["worker-1"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1"], diff --git a/testing/btest/scripts/base/frameworks/intel/cluster-transparency.bro b/testing/btest/scripts/base/frameworks/intel/cluster-transparency.zeek similarity index 98% rename from testing/btest/scripts/base/frameworks/intel/cluster-transparency.bro rename to testing/btest/scripts/base/frameworks/intel/cluster-transparency.zeek index 5362886cd7..ecec5a0831 100644 --- a/testing/btest/scripts/base/frameworks/intel/cluster-transparency.bro +++ b/testing/btest/scripts/base/frameworks/intel/cluster-transparency.zeek @@ -11,7 +11,7 @@ # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff worker-2/.stdout # @TEST-EXEC: btest-diff manager-1/intel.log -@TEST-START-FILE cluster-layout.bro +@TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], ["worker-1"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1"], diff --git a/testing/btest/scripts/base/frameworks/intel/expire-item.bro b/testing/btest/scripts/base/frameworks/intel/expire-item.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/intel/expire-item.bro rename to testing/btest/scripts/base/frameworks/intel/expire-item.zeek diff --git a/testing/btest/scripts/base/frameworks/intel/filter-item.bro b/testing/btest/scripts/base/frameworks/intel/filter-item.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/intel/filter-item.bro rename to testing/btest/scripts/base/frameworks/intel/filter-item.zeek diff --git a/testing/btest/scripts/base/frameworks/intel/input-and-match.bro b/testing/btest/scripts/base/frameworks/intel/input-and-match.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/intel/input-and-match.bro rename to testing/btest/scripts/base/frameworks/intel/input-and-match.zeek diff --git a/testing/btest/scripts/base/frameworks/intel/match-subnet.bro b/testing/btest/scripts/base/frameworks/intel/match-subnet.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/intel/match-subnet.bro rename to testing/btest/scripts/base/frameworks/intel/match-subnet.zeek diff --git a/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-absolute-prefixes.bro b/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-absolute-prefixes.zeek similarity index 96% rename from testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-absolute-prefixes.bro rename to testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-absolute-prefixes.zeek index 14ce01d32e..e637ebb3c5 100644 --- a/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-absolute-prefixes.bro +++ b/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-absolute-prefixes.zeek @@ -16,7 +16,7 @@ 127.0.2.3 Intel::ADDR this btest @TEST-END-FILE -@load path-prefix-common.bro +@load path-prefix-common.zeek redef Intel::read_files += { "test.data" }; redef InputAscii::path_prefix = "/this/does/not/exist"; diff --git a/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-relative-prefixes.bro b/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-relative-prefixes.zeek similarity index 95% rename from testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-relative-prefixes.bro rename to testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-relative-prefixes.zeek index 346f3bad81..1e7050aee9 100644 --- a/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-relative-prefixes.bro +++ b/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-relative-prefixes.zeek @@ -13,7 +13,7 @@ 127.0.1.3 Intel::ADDR this btest @TEST-END-FILE -@load path-prefix-common.bro +@load path-prefix-common.zeek redef Intel::read_files += { "test.data" }; redef InputAscii::path_prefix = "input"; diff --git a/testing/btest/scripts/base/frameworks/intel/path-prefix/input-prefix.bro b/testing/btest/scripts/base/frameworks/intel/path-prefix/input-prefix.zeek similarity index 95% rename from testing/btest/scripts/base/frameworks/intel/path-prefix/input-prefix.bro rename to testing/btest/scripts/base/frameworks/intel/path-prefix/input-prefix.zeek index 19828ea8af..2e602752f1 100644 --- a/testing/btest/scripts/base/frameworks/intel/path-prefix/input-prefix.bro +++ b/testing/btest/scripts/base/frameworks/intel/path-prefix/input-prefix.zeek @@ -14,7 +14,7 @@ 127.0.0.3 Intel::ADDR this btest @TEST-END-FILE -@load path-prefix-common.bro +@load path-prefix-common.zeek redef Intel::read_files += { "test.data" }; redef InputAscii::path_prefix = "alternative"; diff --git a/testing/btest/scripts/base/frameworks/intel/path-prefix/no-paths.bro b/testing/btest/scripts/base/frameworks/intel/path-prefix/no-paths.zeek similarity index 94% rename from testing/btest/scripts/base/frameworks/intel/path-prefix/no-paths.bro rename to testing/btest/scripts/base/frameworks/intel/path-prefix/no-paths.zeek index 7148c1e857..7d02a0ac6a 100644 --- a/testing/btest/scripts/base/frameworks/intel/path-prefix/no-paths.bro +++ b/testing/btest/scripts/base/frameworks/intel/path-prefix/no-paths.zeek @@ -11,6 +11,6 @@ 127.0.0.3 Intel::ADDR this btest @TEST-END-FILE -@load path-prefix-common.bro +@load path-prefix-common.zeek redef Intel::read_files += { "test.data" }; diff --git a/testing/btest/scripts/base/frameworks/intel/path-prefix/path-prefix-common.bro b/testing/btest/scripts/base/frameworks/intel/path-prefix/path-prefix-common.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/intel/path-prefix/path-prefix-common.bro rename to testing/btest/scripts/base/frameworks/intel/path-prefix/path-prefix-common.zeek diff --git a/testing/btest/scripts/base/frameworks/intel/read-file-dist-cluster.bro b/testing/btest/scripts/base/frameworks/intel/read-file-dist-cluster.zeek similarity index 98% rename from testing/btest/scripts/base/frameworks/intel/read-file-dist-cluster.bro rename to testing/btest/scripts/base/frameworks/intel/read-file-dist-cluster.zeek index a4becfb2b3..f262898966 100644 --- a/testing/btest/scripts/base/frameworks/intel/read-file-dist-cluster.bro +++ b/testing/btest/scripts/base/frameworks/intel/read-file-dist-cluster.zeek @@ -11,7 +11,7 @@ # @TEST-EXEC: btest-diff worker-1/.stdout # @TEST-EXEC: btest-diff worker-2/.stdout -@TEST-START-FILE cluster-layout.bro +@TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], ["worker-1"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1"], diff --git a/testing/btest/scripts/base/frameworks/intel/remove-item-cluster.bro b/testing/btest/scripts/base/frameworks/intel/remove-item-cluster.zeek similarity index 98% rename from testing/btest/scripts/base/frameworks/intel/remove-item-cluster.bro rename to testing/btest/scripts/base/frameworks/intel/remove-item-cluster.zeek index 5241231e1f..16ec0df4a4 100644 --- a/testing/btest/scripts/base/frameworks/intel/remove-item-cluster.bro +++ b/testing/btest/scripts/base/frameworks/intel/remove-item-cluster.zeek @@ -8,7 +8,7 @@ # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff worker-1/.stdout # @TEST-EXEC: btest-diff manager-1/intel.log -# @TEST-START-FILE cluster-layout.bro +# @TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], ["worker-1"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1"], diff --git a/testing/btest/scripts/base/frameworks/intel/remove-non-existing.bro b/testing/btest/scripts/base/frameworks/intel/remove-non-existing.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/intel/remove-non-existing.bro rename to testing/btest/scripts/base/frameworks/intel/remove-non-existing.zeek diff --git a/testing/btest/scripts/base/frameworks/intel/updated-match.bro b/testing/btest/scripts/base/frameworks/intel/updated-match.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/intel/updated-match.bro rename to testing/btest/scripts/base/frameworks/intel/updated-match.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/adapt-filter.bro b/testing/btest/scripts/base/frameworks/logging/adapt-filter.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/adapt-filter.bro rename to testing/btest/scripts/base/frameworks/logging/adapt-filter.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-binary.bro b/testing/btest/scripts/base/frameworks/logging/ascii-binary.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/ascii-binary.bro rename to testing/btest/scripts/base/frameworks/logging/ascii-binary.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-double.bro b/testing/btest/scripts/base/frameworks/logging/ascii-double.zeek similarity index 95% rename from testing/btest/scripts/base/frameworks/logging/ascii-double.bro rename to testing/btest/scripts/base/frameworks/logging/ascii-double.zeek index b824d93676..86a9716312 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-double.bro +++ b/testing/btest/scripts/base/frameworks/logging/ascii-double.zeek @@ -1,6 +1,6 @@ # @TEST-DOC: Test that the ASCII writer logs values of type "double" correctly. # -# @TEST-EXEC: bro -b %INPUT test-json.bro +# @TEST-EXEC: bro -b %INPUT test-json.zeek # @TEST-EXEC: mv test.log json.log # @TEST-EXEC: bro -b %INPUT # @TEST-EXEC: btest-diff test.log @@ -78,7 +78,7 @@ event bro_init() logwrite(d); } -# @TEST-START-FILE test-json.bro +# @TEST-START-FILE test-json.zeek redef LogAscii::use_json = T; diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-empty.bro b/testing/btest/scripts/base/frameworks/logging/ascii-empty.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/ascii-empty.bro rename to testing/btest/scripts/base/frameworks/logging/ascii-empty.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape-binary.bro b/testing/btest/scripts/base/frameworks/logging/ascii-escape-binary.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/ascii-escape-binary.bro rename to testing/btest/scripts/base/frameworks/logging/ascii-escape-binary.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape-empty-str.bro b/testing/btest/scripts/base/frameworks/logging/ascii-escape-empty-str.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/ascii-escape-empty-str.bro rename to testing/btest/scripts/base/frameworks/logging/ascii-escape-empty-str.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape-notset-str.bro b/testing/btest/scripts/base/frameworks/logging/ascii-escape-notset-str.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/ascii-escape-notset-str.bro rename to testing/btest/scripts/base/frameworks/logging/ascii-escape-notset-str.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape-odd-url.bro b/testing/btest/scripts/base/frameworks/logging/ascii-escape-odd-url.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/ascii-escape-odd-url.bro rename to testing/btest/scripts/base/frameworks/logging/ascii-escape-odd-url.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape-set-separator.bro b/testing/btest/scripts/base/frameworks/logging/ascii-escape-set-separator.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/ascii-escape-set-separator.bro rename to testing/btest/scripts/base/frameworks/logging/ascii-escape-set-separator.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape.bro b/testing/btest/scripts/base/frameworks/logging/ascii-escape.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/ascii-escape.bro rename to testing/btest/scripts/base/frameworks/logging/ascii-escape.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-gz-rotate.bro b/testing/btest/scripts/base/frameworks/logging/ascii-gz-rotate.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/ascii-gz-rotate.bro rename to testing/btest/scripts/base/frameworks/logging/ascii-gz-rotate.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-gz.bro b/testing/btest/scripts/base/frameworks/logging/ascii-gz.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/ascii-gz.bro rename to testing/btest/scripts/base/frameworks/logging/ascii-gz.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-json-iso-timestamps.bro b/testing/btest/scripts/base/frameworks/logging/ascii-json-iso-timestamps.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/ascii-json-iso-timestamps.bro rename to testing/btest/scripts/base/frameworks/logging/ascii-json-iso-timestamps.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-json-optional.bro b/testing/btest/scripts/base/frameworks/logging/ascii-json-optional.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/ascii-json-optional.bro rename to testing/btest/scripts/base/frameworks/logging/ascii-json-optional.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-json.bro b/testing/btest/scripts/base/frameworks/logging/ascii-json.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/ascii-json.bro rename to testing/btest/scripts/base/frameworks/logging/ascii-json.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-line-like-comment.bro b/testing/btest/scripts/base/frameworks/logging/ascii-line-like-comment.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/ascii-line-like-comment.bro rename to testing/btest/scripts/base/frameworks/logging/ascii-line-like-comment.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-options.bro b/testing/btest/scripts/base/frameworks/logging/ascii-options.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/ascii-options.bro rename to testing/btest/scripts/base/frameworks/logging/ascii-options.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-timestamps.bro b/testing/btest/scripts/base/frameworks/logging/ascii-timestamps.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/ascii-timestamps.bro rename to testing/btest/scripts/base/frameworks/logging/ascii-timestamps.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-tsv.bro b/testing/btest/scripts/base/frameworks/logging/ascii-tsv.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/ascii-tsv.bro rename to testing/btest/scripts/base/frameworks/logging/ascii-tsv.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/attr-extend.bro b/testing/btest/scripts/base/frameworks/logging/attr-extend.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/attr-extend.bro rename to testing/btest/scripts/base/frameworks/logging/attr-extend.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/attr.bro b/testing/btest/scripts/base/frameworks/logging/attr.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/attr.bro rename to testing/btest/scripts/base/frameworks/logging/attr.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/disable-stream.bro b/testing/btest/scripts/base/frameworks/logging/disable-stream.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/disable-stream.bro rename to testing/btest/scripts/base/frameworks/logging/disable-stream.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/empty-event.bro b/testing/btest/scripts/base/frameworks/logging/empty-event.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/empty-event.bro rename to testing/btest/scripts/base/frameworks/logging/empty-event.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/enable-stream.bro b/testing/btest/scripts/base/frameworks/logging/enable-stream.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/enable-stream.bro rename to testing/btest/scripts/base/frameworks/logging/enable-stream.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/events.bro b/testing/btest/scripts/base/frameworks/logging/events.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/events.bro rename to testing/btest/scripts/base/frameworks/logging/events.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/exclude.bro b/testing/btest/scripts/base/frameworks/logging/exclude.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/exclude.bro rename to testing/btest/scripts/base/frameworks/logging/exclude.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension-cluster-error.bro b/testing/btest/scripts/base/frameworks/logging/field-extension-cluster-error.zeek similarity index 87% rename from testing/btest/scripts/base/frameworks/logging/field-extension-cluster-error.bro rename to testing/btest/scripts/base/frameworks/logging/field-extension-cluster-error.zeek index dd30ad4c6f..a974a3e195 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-extension-cluster-error.bro +++ b/testing/btest/scripts/base/frameworks/logging/field-extension-cluster-error.zeek @@ -1,15 +1,15 @@ # @TEST-PORT: BROKER_PORT1 # @TEST-PORT: BROKER_PORT2 # -# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.bro . && CLUSTER_NODE=manager-1 bro %INPUT" -# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/wikipedia.trace %INPUT" +# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 bro %INPUT" +# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/wikipedia.trace %INPUT" # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: grep qux manager-1/reporter.log | sed 's#line ..#line XX#g' > manager-reporter.log # @TEST-EXEC: grep qux manager-1/reporter-2.log | sed 's#line ..*#line XX#g' >> manager-reporter.log # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-canonifier | $SCRIPTS/diff-remove-abspath | grep -v ^# | $SCRIPTS/diff-sort" btest-diff manager-reporter.log -@TEST-START-FILE cluster-layout.bro +@TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], ["worker-1"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1", $interface="eth0"], diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension-cluster.bro b/testing/btest/scripts/base/frameworks/logging/field-extension-cluster.zeek similarity index 84% rename from testing/btest/scripts/base/frameworks/logging/field-extension-cluster.bro rename to testing/btest/scripts/base/frameworks/logging/field-extension-cluster.zeek index d38b5b744b..4159d91c59 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-extension-cluster.bro +++ b/testing/btest/scripts/base/frameworks/logging/field-extension-cluster.zeek @@ -1,13 +1,13 @@ # @TEST-PORT: BROKER_PORT1 # @TEST-PORT: BROKER_PORT2 # -# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.bro . && CLUSTER_NODE=manager-1 bro %INPUT" -# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/wikipedia.trace %INPUT" +# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 bro %INPUT" +# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/wikipedia.trace %INPUT" # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff manager-1/http.log -@TEST-START-FILE cluster-layout.bro +@TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], ["worker-1"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1", $interface="eth0"], diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension-complex.bro b/testing/btest/scripts/base/frameworks/logging/field-extension-complex.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/field-extension-complex.bro rename to testing/btest/scripts/base/frameworks/logging/field-extension-complex.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension-invalid.bro b/testing/btest/scripts/base/frameworks/logging/field-extension-invalid.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/field-extension-invalid.bro rename to testing/btest/scripts/base/frameworks/logging/field-extension-invalid.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension-optional.bro b/testing/btest/scripts/base/frameworks/logging/field-extension-optional.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/field-extension-optional.bro rename to testing/btest/scripts/base/frameworks/logging/field-extension-optional.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension-table.bro b/testing/btest/scripts/base/frameworks/logging/field-extension-table.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/field-extension-table.bro rename to testing/btest/scripts/base/frameworks/logging/field-extension-table.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension.bro b/testing/btest/scripts/base/frameworks/logging/field-extension.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/field-extension.bro rename to testing/btest/scripts/base/frameworks/logging/field-extension.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/field-name-map.bro b/testing/btest/scripts/base/frameworks/logging/field-name-map.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/field-name-map.bro rename to testing/btest/scripts/base/frameworks/logging/field-name-map.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/field-name-map2.bro b/testing/btest/scripts/base/frameworks/logging/field-name-map2.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/field-name-map2.bro rename to testing/btest/scripts/base/frameworks/logging/field-name-map2.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/file.bro b/testing/btest/scripts/base/frameworks/logging/file.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/file.bro rename to testing/btest/scripts/base/frameworks/logging/file.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/include.bro b/testing/btest/scripts/base/frameworks/logging/include.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/include.bro rename to testing/btest/scripts/base/frameworks/logging/include.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/no-local.bro b/testing/btest/scripts/base/frameworks/logging/no-local.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/no-local.bro rename to testing/btest/scripts/base/frameworks/logging/no-local.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/none-debug.bro b/testing/btest/scripts/base/frameworks/logging/none-debug.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/none-debug.bro rename to testing/btest/scripts/base/frameworks/logging/none-debug.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/path-func-column-demote.bro b/testing/btest/scripts/base/frameworks/logging/path-func-column-demote.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/path-func-column-demote.bro rename to testing/btest/scripts/base/frameworks/logging/path-func-column-demote.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/path-func.bro b/testing/btest/scripts/base/frameworks/logging/path-func.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/path-func.bro rename to testing/btest/scripts/base/frameworks/logging/path-func.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/pred.bro b/testing/btest/scripts/base/frameworks/logging/pred.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/pred.bro rename to testing/btest/scripts/base/frameworks/logging/pred.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/remove.bro b/testing/btest/scripts/base/frameworks/logging/remove.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/remove.bro rename to testing/btest/scripts/base/frameworks/logging/remove.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/rotate-custom.bro b/testing/btest/scripts/base/frameworks/logging/rotate-custom.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/rotate-custom.bro rename to testing/btest/scripts/base/frameworks/logging/rotate-custom.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/rotate.bro b/testing/btest/scripts/base/frameworks/logging/rotate.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/rotate.bro rename to testing/btest/scripts/base/frameworks/logging/rotate.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/scope_sep.bro b/testing/btest/scripts/base/frameworks/logging/scope_sep.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/scope_sep.bro rename to testing/btest/scripts/base/frameworks/logging/scope_sep.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/scope_sep_and_field_name_map.bro b/testing/btest/scripts/base/frameworks/logging/scope_sep_and_field_name_map.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/scope_sep_and_field_name_map.bro rename to testing/btest/scripts/base/frameworks/logging/scope_sep_and_field_name_map.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/error.bro b/testing/btest/scripts/base/frameworks/logging/sqlite/error.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/sqlite/error.bro rename to testing/btest/scripts/base/frameworks/logging/sqlite/error.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/set.bro b/testing/btest/scripts/base/frameworks/logging/sqlite/set.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/sqlite/set.bro rename to testing/btest/scripts/base/frameworks/logging/sqlite/set.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/simultaneous-writes.bro b/testing/btest/scripts/base/frameworks/logging/sqlite/simultaneous-writes.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/sqlite/simultaneous-writes.bro rename to testing/btest/scripts/base/frameworks/logging/sqlite/simultaneous-writes.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/types.bro b/testing/btest/scripts/base/frameworks/logging/sqlite/types.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/sqlite/types.bro rename to testing/btest/scripts/base/frameworks/logging/sqlite/types.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.bro b/testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.bro rename to testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/stdout.bro b/testing/btest/scripts/base/frameworks/logging/stdout.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/stdout.bro rename to testing/btest/scripts/base/frameworks/logging/stdout.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/test-logging.bro b/testing/btest/scripts/base/frameworks/logging/test-logging.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/test-logging.bro rename to testing/btest/scripts/base/frameworks/logging/test-logging.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/types.bro b/testing/btest/scripts/base/frameworks/logging/types.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/types.bro rename to testing/btest/scripts/base/frameworks/logging/types.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/unset-record.bro b/testing/btest/scripts/base/frameworks/logging/unset-record.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/unset-record.bro rename to testing/btest/scripts/base/frameworks/logging/unset-record.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/vec.bro b/testing/btest/scripts/base/frameworks/logging/vec.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/vec.bro rename to testing/btest/scripts/base/frameworks/logging/vec.zeek diff --git a/testing/btest/scripts/base/frameworks/logging/writer-path-conflict.bro b/testing/btest/scripts/base/frameworks/logging/writer-path-conflict.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/writer-path-conflict.bro rename to testing/btest/scripts/base/frameworks/logging/writer-path-conflict.zeek diff --git a/testing/btest/scripts/base/frameworks/netcontrol/acld-hook.bro b/testing/btest/scripts/base/frameworks/netcontrol/acld-hook.zeek similarity index 95% rename from testing/btest/scripts/base/frameworks/netcontrol/acld-hook.bro rename to testing/btest/scripts/base/frameworks/netcontrol/acld-hook.zeek index 9e0db8531a..4aadb33417 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/acld-hook.bro +++ b/testing/btest/scripts/base/frameworks/netcontrol/acld-hook.zeek @@ -1,12 +1,12 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime ../send.bro >send.out" +# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff recv/recv.out # @TEST-EXEC: btest-diff send/send.out -@TEST-START-FILE send.bro +@TEST-START-FILE send.zeek @load base/frameworks/netcontrol @@ -89,7 +89,7 @@ event NetControl::rule_removed(r: NetControl::Rule, p: NetControl::PluginState, @TEST-END-FILE -@TEST-START-FILE recv.bro +@TEST-START-FILE recv.zeek @load base/frameworks/netcontrol @load base/frameworks/broker diff --git a/testing/btest/scripts/base/frameworks/netcontrol/acld.bro b/testing/btest/scripts/base/frameworks/netcontrol/acld.zeek similarity index 95% rename from testing/btest/scripts/base/frameworks/netcontrol/acld.bro rename to testing/btest/scripts/base/frameworks/netcontrol/acld.zeek index 243e5e9b7c..91591336c3 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/acld.bro +++ b/testing/btest/scripts/base/frameworks/netcontrol/acld.zeek @@ -1,13 +1,13 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime ../send.bro >send.out" +# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff send/netcontrol.log # @TEST-EXEC: btest-diff recv/recv.out # @TEST-EXEC: btest-diff send/send.out -@TEST-START-FILE send.bro +@TEST-START-FILE send.zeek @load base/frameworks/netcontrol @@ -94,7 +94,7 @@ event NetControl::rule_error(r: NetControl::Rule, p: NetControl::PluginState, ms @TEST-END-FILE -@TEST-START-FILE recv.bro +@TEST-START-FILE recv.zeek @load base/frameworks/netcontrol @load base/frameworks/broker diff --git a/testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.bro b/testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.zeek similarity index 81% rename from testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.bro rename to testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.zeek index 50c04433ad..ec619f5b6b 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.bro +++ b/testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.zeek @@ -2,17 +2,17 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.bro . && CLUSTER_NODE=manager-1 bro %INPUT" -# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/tls/ecdhe.pcap %INPUT" +# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 bro %INPUT" +# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/tls/ecdhe.pcap %INPUT" # @TEST-EXEC: $SCRIPTS/wait-for-pid $(cat worker-1/.pid) 10 || (btest-bg-wait -k 1 && false) -# @TEST-EXEC: btest-bg-run worker-2 "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-2 bro --pseudo-realtime -C -r $TRACES/tls/ecdhe.pcap %INPUT" +# @TEST-EXEC: btest-bg-run worker-2 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-2 bro --pseudo-realtime -C -r $TRACES/tls/ecdhe.pcap %INPUT" # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff worker-1/.stdout # @TEST-EXEC: btest-diff worker-2/.stdout -@TEST-START-FILE cluster-layout.bro +@TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], ["worker-1"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1", $interface="eth0"], diff --git a/testing/btest/scripts/base/frameworks/netcontrol/basic.bro b/testing/btest/scripts/base/frameworks/netcontrol/basic.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/netcontrol/basic.bro rename to testing/btest/scripts/base/frameworks/netcontrol/basic.zeek diff --git a/testing/btest/scripts/base/frameworks/netcontrol/broker.bro b/testing/btest/scripts/base/frameworks/netcontrol/broker.zeek similarity index 95% rename from testing/btest/scripts/base/frameworks/netcontrol/broker.bro rename to testing/btest/scripts/base/frameworks/netcontrol/broker.zeek index 4d232c3325..9933e635c6 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/broker.bro +++ b/testing/btest/scripts/base/frameworks/netcontrol/broker.zeek @@ -1,13 +1,13 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/smtp.trace --pseudo-realtime ../send.bro >send.out" +# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/smtp.trace --pseudo-realtime ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff send/netcontrol.log # @TEST-EXEC: btest-diff recv/recv.out # @TEST-EXEC: btest-diff send/send.out -@TEST-START-FILE send.bro +@TEST-START-FILE send.zeek @load base/frameworks/netcontrol @@ -78,7 +78,7 @@ event NetControl::rule_timeout(r: NetControl::Rule, i: NetControl::FlowInfo, p: @TEST-END-FILE -@TEST-START-FILE recv.bro +@TEST-START-FILE recv.zeek @load base/frameworks/netcontrol @load base/frameworks/broker diff --git a/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release-forgotten.bro b/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release-forgotten.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/netcontrol/catch-and-release-forgotten.bro rename to testing/btest/scripts/base/frameworks/netcontrol/catch-and-release-forgotten.zeek diff --git a/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release.bro b/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/netcontrol/catch-and-release.bro rename to testing/btest/scripts/base/frameworks/netcontrol/catch-and-release.zeek diff --git a/testing/btest/scripts/base/frameworks/netcontrol/delete-internal-state.bro b/testing/btest/scripts/base/frameworks/netcontrol/delete-internal-state.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/netcontrol/delete-internal-state.bro rename to testing/btest/scripts/base/frameworks/netcontrol/delete-internal-state.zeek diff --git a/testing/btest/scripts/base/frameworks/netcontrol/duplicate.bro b/testing/btest/scripts/base/frameworks/netcontrol/duplicate.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/netcontrol/duplicate.bro rename to testing/btest/scripts/base/frameworks/netcontrol/duplicate.zeek diff --git a/testing/btest/scripts/base/frameworks/netcontrol/find-rules.bro b/testing/btest/scripts/base/frameworks/netcontrol/find-rules.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/netcontrol/find-rules.bro rename to testing/btest/scripts/base/frameworks/netcontrol/find-rules.zeek diff --git a/testing/btest/scripts/base/frameworks/netcontrol/hook.bro b/testing/btest/scripts/base/frameworks/netcontrol/hook.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/netcontrol/hook.bro rename to testing/btest/scripts/base/frameworks/netcontrol/hook.zeek diff --git a/testing/btest/scripts/base/frameworks/netcontrol/multiple.bro b/testing/btest/scripts/base/frameworks/netcontrol/multiple.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/netcontrol/multiple.bro rename to testing/btest/scripts/base/frameworks/netcontrol/multiple.zeek diff --git a/testing/btest/scripts/base/frameworks/netcontrol/openflow.bro b/testing/btest/scripts/base/frameworks/netcontrol/openflow.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/netcontrol/openflow.bro rename to testing/btest/scripts/base/frameworks/netcontrol/openflow.zeek diff --git a/testing/btest/scripts/base/frameworks/netcontrol/packetfilter.bro b/testing/btest/scripts/base/frameworks/netcontrol/packetfilter.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/netcontrol/packetfilter.bro rename to testing/btest/scripts/base/frameworks/netcontrol/packetfilter.zeek diff --git a/testing/btest/scripts/base/frameworks/netcontrol/quarantine-openflow.bro b/testing/btest/scripts/base/frameworks/netcontrol/quarantine-openflow.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/netcontrol/quarantine-openflow.bro rename to testing/btest/scripts/base/frameworks/netcontrol/quarantine-openflow.zeek diff --git a/testing/btest/scripts/base/frameworks/netcontrol/timeout.bro b/testing/btest/scripts/base/frameworks/netcontrol/timeout.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/netcontrol/timeout.bro rename to testing/btest/scripts/base/frameworks/netcontrol/timeout.zeek diff --git a/testing/btest/scripts/base/frameworks/notice/cluster.bro b/testing/btest/scripts/base/frameworks/notice/cluster.zeek similarity index 97% rename from testing/btest/scripts/base/frameworks/notice/cluster.bro rename to testing/btest/scripts/base/frameworks/notice/cluster.zeek index 69d1ac8364..cda5fc857e 100644 --- a/testing/btest/scripts/base/frameworks/notice/cluster.bro +++ b/testing/btest/scripts/base/frameworks/notice/cluster.zeek @@ -8,7 +8,7 @@ # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff manager-1/notice.log -@TEST-START-FILE cluster-layout.bro +@TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], ["proxy-1"] = [$node_type=Cluster::PROXY, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1"], diff --git a/testing/btest/scripts/base/frameworks/notice/mail-alarms.bro b/testing/btest/scripts/base/frameworks/notice/mail-alarms.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/notice/mail-alarms.bro rename to testing/btest/scripts/base/frameworks/notice/mail-alarms.zeek diff --git a/testing/btest/scripts/base/frameworks/notice/suppression-cluster.bro b/testing/btest/scripts/base/frameworks/notice/suppression-cluster.zeek similarity index 98% rename from testing/btest/scripts/base/frameworks/notice/suppression-cluster.bro rename to testing/btest/scripts/base/frameworks/notice/suppression-cluster.zeek index e9b31e1756..73cd65cfe9 100644 --- a/testing/btest/scripts/base/frameworks/notice/suppression-cluster.bro +++ b/testing/btest/scripts/base/frameworks/notice/suppression-cluster.zeek @@ -10,7 +10,7 @@ # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff manager-1/notice.log -@TEST-START-FILE cluster-layout.bro +@TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], ["proxy-1"] = [$node_type=Cluster::PROXY, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1"], diff --git a/testing/btest/scripts/base/frameworks/notice/suppression-disable.bro b/testing/btest/scripts/base/frameworks/notice/suppression-disable.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/notice/suppression-disable.bro rename to testing/btest/scripts/base/frameworks/notice/suppression-disable.zeek diff --git a/testing/btest/scripts/base/frameworks/notice/suppression.bro b/testing/btest/scripts/base/frameworks/notice/suppression.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/notice/suppression.bro rename to testing/btest/scripts/base/frameworks/notice/suppression.zeek diff --git a/testing/btest/scripts/base/frameworks/openflow/broker-basic.bro b/testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek similarity index 94% rename from testing/btest/scripts/base/frameworks/openflow/broker-basic.bro rename to testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek index 9d43089b93..c46c00d2f3 100644 --- a/testing/btest/scripts/base/frameworks/openflow/broker-basic.bro +++ b/testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek @@ -1,12 +1,12 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/smtp.trace --pseudo-realtime ../send.bro >send.out" +# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/smtp.trace --pseudo-realtime ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff recv/recv.out # @TEST-EXEC: btest-diff send/send.out -@TEST-START-FILE send.bro +@TEST-START-FILE send.zeek @load base/protocols/conn @load base/frameworks/openflow @@ -67,7 +67,7 @@ event OpenFlow::flow_mod_failure(name: string, match: OpenFlow::ofp_match, flow_ @TEST-END-FILE -@TEST-START-FILE recv.bro +@TEST-START-FILE recv.zeek @load base/frameworks/openflow diff --git a/testing/btest/scripts/base/frameworks/openflow/log-basic.bro b/testing/btest/scripts/base/frameworks/openflow/log-basic.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/openflow/log-basic.bro rename to testing/btest/scripts/base/frameworks/openflow/log-basic.zeek diff --git a/testing/btest/scripts/base/frameworks/openflow/log-cluster.bro b/testing/btest/scripts/base/frameworks/openflow/log-cluster.zeek similarity index 84% rename from testing/btest/scripts/base/frameworks/openflow/log-cluster.bro rename to testing/btest/scripts/base/frameworks/openflow/log-cluster.zeek index 33f20f8ce5..08cfbb581d 100644 --- a/testing/btest/scripts/base/frameworks/openflow/log-cluster.bro +++ b/testing/btest/scripts/base/frameworks/openflow/log-cluster.zeek @@ -1,12 +1,12 @@ # @TEST-PORT: BROKER_PORT1 # @TEST-PORT: BROKER_PORT2 # -# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.bro . && CLUSTER_NODE=manager-1 bro %INPUT" -# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/smtp.trace %INPUT" +# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 bro %INPUT" +# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/smtp.trace %INPUT" # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff manager-1/openflow.log -@TEST-START-FILE cluster-layout.bro +@TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], ["worker-1"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1", $interface="eth0"], diff --git a/testing/btest/scripts/base/frameworks/openflow/ryu-basic.bro b/testing/btest/scripts/base/frameworks/openflow/ryu-basic.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/openflow/ryu-basic.bro rename to testing/btest/scripts/base/frameworks/openflow/ryu-basic.zeek diff --git a/testing/btest/scripts/base/frameworks/reporter/disable-stderr.bro b/testing/btest/scripts/base/frameworks/reporter/disable-stderr.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/reporter/disable-stderr.bro rename to testing/btest/scripts/base/frameworks/reporter/disable-stderr.zeek diff --git a/testing/btest/scripts/base/frameworks/reporter/stderr.bro b/testing/btest/scripts/base/frameworks/reporter/stderr.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/reporter/stderr.bro rename to testing/btest/scripts/base/frameworks/reporter/stderr.zeek diff --git a/testing/btest/scripts/base/frameworks/software/version-parsing.bro b/testing/btest/scripts/base/frameworks/software/version-parsing.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/software/version-parsing.bro rename to testing/btest/scripts/base/frameworks/software/version-parsing.zeek diff --git a/testing/btest/scripts/base/frameworks/sumstats/basic-cluster.bro b/testing/btest/scripts/base/frameworks/sumstats/basic-cluster.zeek similarity index 98% rename from testing/btest/scripts/base/frameworks/sumstats/basic-cluster.bro rename to testing/btest/scripts/base/frameworks/sumstats/basic-cluster.zeek index 8f4bd26ef1..d611d29907 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/basic-cluster.bro +++ b/testing/btest/scripts/base/frameworks/sumstats/basic-cluster.zeek @@ -9,7 +9,7 @@ # @TEST-EXEC: btest-diff manager-1/.stdout -@TEST-START-FILE cluster-layout.bro +@TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], ["worker-1"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1", $interface="eth0"], diff --git a/testing/btest/scripts/base/frameworks/sumstats/basic.bro b/testing/btest/scripts/base/frameworks/sumstats/basic.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/sumstats/basic.bro rename to testing/btest/scripts/base/frameworks/sumstats/basic.zeek diff --git a/testing/btest/scripts/base/frameworks/sumstats/cluster-intermediate-update.bro b/testing/btest/scripts/base/frameworks/sumstats/cluster-intermediate-update.zeek similarity index 98% rename from testing/btest/scripts/base/frameworks/sumstats/cluster-intermediate-update.bro rename to testing/btest/scripts/base/frameworks/sumstats/cluster-intermediate-update.zeek index 949fcb3644..5bda9e3705 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/cluster-intermediate-update.bro +++ b/testing/btest/scripts/base/frameworks/sumstats/cluster-intermediate-update.zeek @@ -8,7 +8,7 @@ # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff manager-1/.stdout -@TEST-START-FILE cluster-layout.bro +@TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], ["worker-1"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1", $interface="eth0"], diff --git a/testing/btest/scripts/base/frameworks/sumstats/last-cluster.bro b/testing/btest/scripts/base/frameworks/sumstats/last-cluster.zeek similarity index 98% rename from testing/btest/scripts/base/frameworks/sumstats/last-cluster.bro rename to testing/btest/scripts/base/frameworks/sumstats/last-cluster.zeek index da8f8fb80f..00dab1212b 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/last-cluster.bro +++ b/testing/btest/scripts/base/frameworks/sumstats/last-cluster.zeek @@ -7,7 +7,7 @@ # @TEST-EXEC: btest-diff manager-1/.stdout # -@TEST-START-FILE cluster-layout.bro +@TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], ["worker-1"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1", $interface="eth0"], diff --git a/testing/btest/scripts/base/frameworks/sumstats/on-demand-cluster.bro b/testing/btest/scripts/base/frameworks/sumstats/on-demand-cluster.zeek similarity index 98% rename from testing/btest/scripts/base/frameworks/sumstats/on-demand-cluster.bro rename to testing/btest/scripts/base/frameworks/sumstats/on-demand-cluster.zeek index bb429a52cb..2c5621743f 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/on-demand-cluster.bro +++ b/testing/btest/scripts/base/frameworks/sumstats/on-demand-cluster.zeek @@ -10,7 +10,7 @@ # @TEST-EXEC: btest-diff manager-1/.stdout # -@TEST-START-FILE cluster-layout.bro +@TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], ["worker-1"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1", $interface="eth0"], diff --git a/testing/btest/scripts/base/frameworks/sumstats/on-demand.bro b/testing/btest/scripts/base/frameworks/sumstats/on-demand.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/sumstats/on-demand.bro rename to testing/btest/scripts/base/frameworks/sumstats/on-demand.zeek diff --git a/testing/btest/scripts/base/frameworks/sumstats/sample-cluster.bro b/testing/btest/scripts/base/frameworks/sumstats/sample-cluster.zeek similarity index 99% rename from testing/btest/scripts/base/frameworks/sumstats/sample-cluster.bro rename to testing/btest/scripts/base/frameworks/sumstats/sample-cluster.zeek index 227313635a..088b3c9c14 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/sample-cluster.bro +++ b/testing/btest/scripts/base/frameworks/sumstats/sample-cluster.zeek @@ -8,7 +8,7 @@ # @TEST-EXEC: btest-bg-wait 15 # @TEST-EXEC: btest-diff manager-1/.stdout -@TEST-START-FILE cluster-layout.bro +@TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], ["worker-1"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1", $interface="eth0"], diff --git a/testing/btest/scripts/base/frameworks/sumstats/sample.bro b/testing/btest/scripts/base/frameworks/sumstats/sample.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/sumstats/sample.bro rename to testing/btest/scripts/base/frameworks/sumstats/sample.zeek diff --git a/testing/btest/scripts/base/frameworks/sumstats/thresholding.bro b/testing/btest/scripts/base/frameworks/sumstats/thresholding.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/sumstats/thresholding.bro rename to testing/btest/scripts/base/frameworks/sumstats/thresholding.zeek diff --git a/testing/btest/scripts/base/frameworks/sumstats/topk-cluster.bro b/testing/btest/scripts/base/frameworks/sumstats/topk-cluster.zeek similarity index 98% rename from testing/btest/scripts/base/frameworks/sumstats/topk-cluster.bro rename to testing/btest/scripts/base/frameworks/sumstats/topk-cluster.zeek index 8a3a9bcf1b..f26eca11cf 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/topk-cluster.bro +++ b/testing/btest/scripts/base/frameworks/sumstats/topk-cluster.zeek @@ -9,7 +9,7 @@ # @TEST-EXEC: btest-diff manager-1/.stdout # -@TEST-START-FILE cluster-layout.bro +@TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], ["worker-1"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1", $interface="eth0"], diff --git a/testing/btest/scripts/base/frameworks/sumstats/topk.bro b/testing/btest/scripts/base/frameworks/sumstats/topk.zeek similarity index 100% rename from testing/btest/scripts/base/frameworks/sumstats/topk.bro rename to testing/btest/scripts/base/frameworks/sumstats/topk.zeek diff --git a/testing/btest/scripts/base/misc/version.bro b/testing/btest/scripts/base/misc/version.zeek similarity index 100% rename from testing/btest/scripts/base/misc/version.bro rename to testing/btest/scripts/base/misc/version.zeek diff --git a/testing/btest/scripts/base/protocols/conn/new_connection_contents.bro b/testing/btest/scripts/base/protocols/conn/new_connection_contents.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/conn/new_connection_contents.bro rename to testing/btest/scripts/base/protocols/conn/new_connection_contents.zeek diff --git a/testing/btest/scripts/base/protocols/conn/threshold.bro b/testing/btest/scripts/base/protocols/conn/threshold.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/conn/threshold.bro rename to testing/btest/scripts/base/protocols/conn/threshold.zeek diff --git a/testing/btest/scripts/base/protocols/dce-rpc/context.bro b/testing/btest/scripts/base/protocols/dce-rpc/context.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/dce-rpc/context.bro rename to testing/btest/scripts/base/protocols/dce-rpc/context.zeek diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_del_measure.bro b/testing/btest/scripts/base/protocols/dnp3/dnp3_del_measure.zeek similarity index 96% rename from testing/btest/scripts/base/protocols/dnp3/dnp3_del_measure.bro rename to testing/btest/scripts/base/protocols/dnp3/dnp3_del_measure.zeek index 533bfd8e0b..e551bbf7d6 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_del_measure.bro +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_del_measure.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_del_measure.pcap %DIR/events.bro >output +# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_del_measure.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_en_spon.bro b/testing/btest/scripts/base/protocols/dnp3/dnp3_en_spon.zeek similarity index 97% rename from testing/btest/scripts/base/protocols/dnp3/dnp3_en_spon.bro rename to testing/btest/scripts/base/protocols/dnp3/dnp3_en_spon.zeek index 3e8c4f56d4..489be56505 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_en_spon.bro +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_en_spon.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_en_spon.pcap %DIR/events.bro >output +# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_en_spon.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_del.bro b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_del.zeek similarity index 96% rename from testing/btest/scripts/base/protocols/dnp3/dnp3_file_del.bro rename to testing/btest/scripts/base/protocols/dnp3/dnp3_file_del.zeek index e95637b67d..9155ea0174 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_del.bro +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_del.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_file_del.pcap %DIR/events.bro >output +# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_file_del.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_read.bro b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_read.zeek similarity index 96% rename from testing/btest/scripts/base/protocols/dnp3/dnp3_file_read.bro rename to testing/btest/scripts/base/protocols/dnp3/dnp3_file_read.zeek index 8da9f078a4..87140ec1fe 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_read.bro +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_read.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_file_read.pcap %DIR/events.bro >output +# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_file_read.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_write.bro b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_write.zeek similarity index 96% rename from testing/btest/scripts/base/protocols/dnp3/dnp3_file_write.bro rename to testing/btest/scripts/base/protocols/dnp3/dnp3_file_write.zeek index 60761360ed..8ca9e3107d 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_write.bro +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_write.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_file_write.pcap %DIR/events.bro >output +# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_file_write.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.bro b/testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.zeek similarity index 95% rename from testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.bro rename to testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.zeek index 867382148b..868ce39cc0 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.bro +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -C -r $TRACES/dnp3/dnp3_link_only.pcap %DIR/events.bro >output +# @TEST-EXEC: bro -C -r $TRACES/dnp3/dnp3_link_only.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_write.bro b/testing/btest/scripts/base/protocols/dnp3/dnp3_read.zeek similarity index 83% rename from testing/btest/scripts/base/protocols/dnp3/dnp3_write.bro rename to testing/btest/scripts/base/protocols/dnp3/dnp3_read.zeek index 8669d701b2..340e2b3132 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_write.bro +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_read.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_write.pcap %DIR/events.bro >output +# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_read.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_rec_time.bro b/testing/btest/scripts/base/protocols/dnp3/dnp3_rec_time.zeek similarity index 96% rename from testing/btest/scripts/base/protocols/dnp3/dnp3_rec_time.bro rename to testing/btest/scripts/base/protocols/dnp3/dnp3_rec_time.zeek index d97d37d0ce..f88c262d54 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_rec_time.bro +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_rec_time.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_rec_time.pcap %DIR/events.bro >output +# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_rec_time.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_select_operate.bro b/testing/btest/scripts/base/protocols/dnp3/dnp3_select_operate.zeek similarity index 95% rename from testing/btest/scripts/base/protocols/dnp3/dnp3_select_operate.bro rename to testing/btest/scripts/base/protocols/dnp3/dnp3_select_operate.zeek index a8acf4755c..9119c33a97 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_select_operate.bro +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_select_operate.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_select_operate.pcap %DIR/events.bro >output +# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_select_operate.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_en_spon.bro b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_en_spon.zeek similarity index 96% rename from testing/btest/scripts/base/protocols/dnp3/dnp3_udp_en_spon.bro rename to testing/btest/scripts/base/protocols/dnp3/dnp3_udp_en_spon.zeek index a5f1f895cc..07479c92a2 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_en_spon.bro +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_en_spon.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_udp_en_spon.pcap %DIR/events.bro >output +# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_udp_en_spon.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_read.bro b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_read.zeek similarity index 96% rename from testing/btest/scripts/base/protocols/dnp3/dnp3_udp_read.bro rename to testing/btest/scripts/base/protocols/dnp3/dnp3_udp_read.zeek index 073e758df4..cf64179dfe 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_read.bro +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_read.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_udp_read.pcap %DIR/events.bro >output +# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_udp_read.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_select_operate.bro b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_select_operate.zeek similarity index 94% rename from testing/btest/scripts/base/protocols/dnp3/dnp3_udp_select_operate.bro rename to testing/btest/scripts/base/protocols/dnp3/dnp3_udp_select_operate.zeek index c8708b10cd..c6deb5eb69 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_select_operate.bro +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_select_operate.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_udp_select_operate.pcap %DIR/events.bro >output +# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_udp_select_operate.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_write.bro b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_write.zeek similarity index 96% rename from testing/btest/scripts/base/protocols/dnp3/dnp3_udp_write.bro rename to testing/btest/scripts/base/protocols/dnp3/dnp3_udp_write.zeek index d832d937a7..f88e04f37a 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_write.bro +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_write.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_udp_write.pcap %DIR/events.bro >output +# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_udp_write.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_read.bro b/testing/btest/scripts/base/protocols/dnp3/dnp3_write.zeek similarity index 82% rename from testing/btest/scripts/base/protocols/dnp3/dnp3_read.bro rename to testing/btest/scripts/base/protocols/dnp3/dnp3_write.zeek index ffb0e03653..86b99a11c7 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_read.bro +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_write.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_read.pcap %DIR/events.bro >output +# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_write.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/events.bro b/testing/btest/scripts/base/protocols/dnp3/events.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/dnp3/events.bro rename to testing/btest/scripts/base/protocols/dnp3/events.zeek diff --git a/testing/btest/scripts/base/protocols/dns/caa.bro b/testing/btest/scripts/base/protocols/dns/caa.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/dns/caa.bro rename to testing/btest/scripts/base/protocols/dns/caa.zeek diff --git a/testing/btest/scripts/base/protocols/dns/dns-key.bro b/testing/btest/scripts/base/protocols/dns/dns-key.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/dns/dns-key.bro rename to testing/btest/scripts/base/protocols/dns/dns-key.zeek diff --git a/testing/btest/scripts/base/protocols/dns/dnskey.bro b/testing/btest/scripts/base/protocols/dns/dnskey.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/dns/dnskey.bro rename to testing/btest/scripts/base/protocols/dns/dnskey.zeek diff --git a/testing/btest/scripts/base/protocols/dns/ds.bro b/testing/btest/scripts/base/protocols/dns/ds.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/dns/ds.bro rename to testing/btest/scripts/base/protocols/dns/ds.zeek diff --git a/testing/btest/scripts/base/protocols/dns/duplicate-reponses.bro b/testing/btest/scripts/base/protocols/dns/duplicate-reponses.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/dns/duplicate-reponses.bro rename to testing/btest/scripts/base/protocols/dns/duplicate-reponses.zeek diff --git a/testing/btest/scripts/base/protocols/dns/flip.bro b/testing/btest/scripts/base/protocols/dns/flip.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/dns/flip.bro rename to testing/btest/scripts/base/protocols/dns/flip.zeek diff --git a/testing/btest/scripts/base/protocols/dns/huge-ttl.bro b/testing/btest/scripts/base/protocols/dns/huge-ttl.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/dns/huge-ttl.bro rename to testing/btest/scripts/base/protocols/dns/huge-ttl.zeek diff --git a/testing/btest/scripts/base/protocols/dns/multiple-txt-strings.bro b/testing/btest/scripts/base/protocols/dns/multiple-txt-strings.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/dns/multiple-txt-strings.bro rename to testing/btest/scripts/base/protocols/dns/multiple-txt-strings.zeek diff --git a/testing/btest/scripts/base/protocols/dns/nsec.bro b/testing/btest/scripts/base/protocols/dns/nsec.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/dns/nsec.bro rename to testing/btest/scripts/base/protocols/dns/nsec.zeek diff --git a/testing/btest/scripts/base/protocols/dns/nsec3.bro b/testing/btest/scripts/base/protocols/dns/nsec3.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/dns/nsec3.bro rename to testing/btest/scripts/base/protocols/dns/nsec3.zeek diff --git a/testing/btest/scripts/base/protocols/dns/rrsig.bro b/testing/btest/scripts/base/protocols/dns/rrsig.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/dns/rrsig.bro rename to testing/btest/scripts/base/protocols/dns/rrsig.zeek diff --git a/testing/btest/scripts/base/protocols/dns/tsig.bro b/testing/btest/scripts/base/protocols/dns/tsig.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/dns/tsig.bro rename to testing/btest/scripts/base/protocols/dns/tsig.zeek diff --git a/testing/btest/scripts/base/protocols/dns/zero-responses.bro b/testing/btest/scripts/base/protocols/dns/zero-responses.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/dns/zero-responses.bro rename to testing/btest/scripts/base/protocols/dns/zero-responses.zeek diff --git a/testing/btest/scripts/base/protocols/ftp/cwd-navigation.bro b/testing/btest/scripts/base/protocols/ftp/cwd-navigation.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/ftp/cwd-navigation.bro rename to testing/btest/scripts/base/protocols/ftp/cwd-navigation.zeek diff --git a/testing/btest/scripts/base/protocols/ftp/ftp-get-file-size.bro b/testing/btest/scripts/base/protocols/ftp/ftp-get-file-size.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/ftp/ftp-get-file-size.bro rename to testing/btest/scripts/base/protocols/ftp/ftp-get-file-size.zeek diff --git a/testing/btest/scripts/base/protocols/ftp/ftp-ipv4.bro b/testing/btest/scripts/base/protocols/ftp/ftp-ipv4.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/ftp/ftp-ipv4.bro rename to testing/btest/scripts/base/protocols/ftp/ftp-ipv4.zeek diff --git a/testing/btest/scripts/base/protocols/ftp/ftp-ipv6.bro b/testing/btest/scripts/base/protocols/ftp/ftp-ipv6.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/ftp/ftp-ipv6.bro rename to testing/btest/scripts/base/protocols/ftp/ftp-ipv6.zeek diff --git a/testing/btest/scripts/base/protocols/http/100-continue.bro b/testing/btest/scripts/base/protocols/http/100-continue.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/http/100-continue.bro rename to testing/btest/scripts/base/protocols/http/100-continue.zeek diff --git a/testing/btest/scripts/base/protocols/http/101-switching-protocols.bro b/testing/btest/scripts/base/protocols/http/101-switching-protocols.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/http/101-switching-protocols.bro rename to testing/btest/scripts/base/protocols/http/101-switching-protocols.zeek diff --git a/testing/btest/scripts/base/protocols/http/content-range-gap-skip.bro b/testing/btest/scripts/base/protocols/http/content-range-gap-skip.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/http/content-range-gap-skip.bro rename to testing/btest/scripts/base/protocols/http/content-range-gap-skip.zeek diff --git a/testing/btest/scripts/base/protocols/http/content-range-gap.bro b/testing/btest/scripts/base/protocols/http/content-range-gap.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/http/content-range-gap.bro rename to testing/btest/scripts/base/protocols/http/content-range-gap.zeek diff --git a/testing/btest/scripts/base/protocols/http/content-range-less-than-len.bro b/testing/btest/scripts/base/protocols/http/content-range-less-than-len.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/http/content-range-less-than-len.bro rename to testing/btest/scripts/base/protocols/http/content-range-less-than-len.zeek diff --git a/testing/btest/scripts/base/protocols/http/entity-gap.bro b/testing/btest/scripts/base/protocols/http/entity-gap.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/http/entity-gap.bro rename to testing/btest/scripts/base/protocols/http/entity-gap.zeek diff --git a/testing/btest/scripts/base/protocols/http/entity-gap2.bro b/testing/btest/scripts/base/protocols/http/entity-gap2.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/http/entity-gap2.bro rename to testing/btest/scripts/base/protocols/http/entity-gap2.zeek diff --git a/testing/btest/scripts/base/protocols/http/fake-content-length.bro b/testing/btest/scripts/base/protocols/http/fake-content-length.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/http/fake-content-length.bro rename to testing/btest/scripts/base/protocols/http/fake-content-length.zeek diff --git a/testing/btest/scripts/base/protocols/http/http-bad-request-with-version.bro b/testing/btest/scripts/base/protocols/http/http-bad-request-with-version.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/http/http-bad-request-with-version.bro rename to testing/btest/scripts/base/protocols/http/http-bad-request-with-version.zeek diff --git a/testing/btest/scripts/base/protocols/http/http-connect-with-header.bro b/testing/btest/scripts/base/protocols/http/http-connect-with-header.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/http/http-connect-with-header.bro rename to testing/btest/scripts/base/protocols/http/http-connect-with-header.zeek diff --git a/testing/btest/scripts/base/protocols/http/http-connect.bro b/testing/btest/scripts/base/protocols/http/http-connect.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/http/http-connect.bro rename to testing/btest/scripts/base/protocols/http/http-connect.zeek diff --git a/testing/btest/scripts/base/protocols/http/http-filename.bro b/testing/btest/scripts/base/protocols/http/http-filename.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/http/http-filename.bro rename to testing/btest/scripts/base/protocols/http/http-filename.zeek diff --git a/testing/btest/scripts/base/protocols/http/http-header-crlf.bro b/testing/btest/scripts/base/protocols/http/http-header-crlf.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/http/http-header-crlf.bro rename to testing/btest/scripts/base/protocols/http/http-header-crlf.zeek diff --git a/testing/btest/scripts/base/protocols/http/http-methods.bro b/testing/btest/scripts/base/protocols/http/http-methods.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/http/http-methods.bro rename to testing/btest/scripts/base/protocols/http/http-methods.zeek diff --git a/testing/btest/scripts/base/protocols/http/http-pipelining.bro b/testing/btest/scripts/base/protocols/http/http-pipelining.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/http/http-pipelining.bro rename to testing/btest/scripts/base/protocols/http/http-pipelining.zeek diff --git a/testing/btest/scripts/base/protocols/http/missing-zlib-header.bro b/testing/btest/scripts/base/protocols/http/missing-zlib-header.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/http/missing-zlib-header.bro rename to testing/btest/scripts/base/protocols/http/missing-zlib-header.zeek diff --git a/testing/btest/scripts/base/protocols/http/multipart-extract.bro b/testing/btest/scripts/base/protocols/http/multipart-extract.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/http/multipart-extract.bro rename to testing/btest/scripts/base/protocols/http/multipart-extract.zeek diff --git a/testing/btest/scripts/base/protocols/http/multipart-file-limit.bro b/testing/btest/scripts/base/protocols/http/multipart-file-limit.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/http/multipart-file-limit.bro rename to testing/btest/scripts/base/protocols/http/multipart-file-limit.zeek diff --git a/testing/btest/scripts/base/protocols/http/no-uri.bro b/testing/btest/scripts/base/protocols/http/no-uri.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/http/no-uri.bro rename to testing/btest/scripts/base/protocols/http/no-uri.zeek diff --git a/testing/btest/scripts/base/protocols/http/no-version.bro b/testing/btest/scripts/base/protocols/http/no-version.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/http/no-version.bro rename to testing/btest/scripts/base/protocols/http/no-version.zeek diff --git a/testing/btest/scripts/base/protocols/http/percent-end-of-line.bro b/testing/btest/scripts/base/protocols/http/percent-end-of-line.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/http/percent-end-of-line.bro rename to testing/btest/scripts/base/protocols/http/percent-end-of-line.zeek diff --git a/testing/btest/scripts/base/protocols/http/x-gzip.bro b/testing/btest/scripts/base/protocols/http/x-gzip.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/http/x-gzip.bro rename to testing/btest/scripts/base/protocols/http/x-gzip.zeek diff --git a/testing/btest/scripts/base/protocols/http/zero-length-bodies-with-drops.bro b/testing/btest/scripts/base/protocols/http/zero-length-bodies-with-drops.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/http/zero-length-bodies-with-drops.bro rename to testing/btest/scripts/base/protocols/http/zero-length-bodies-with-drops.zeek diff --git a/testing/btest/scripts/base/protocols/irc/names-weird.bro b/testing/btest/scripts/base/protocols/irc/names-weird.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/irc/names-weird.bro rename to testing/btest/scripts/base/protocols/irc/names-weird.zeek diff --git a/testing/btest/scripts/base/protocols/modbus/coil_parsing_big.bro b/testing/btest/scripts/base/protocols/modbus/coil_parsing_big.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/modbus/coil_parsing_big.bro rename to testing/btest/scripts/base/protocols/modbus/coil_parsing_big.zeek diff --git a/testing/btest/scripts/base/protocols/modbus/coil_parsing_small.bro b/testing/btest/scripts/base/protocols/modbus/coil_parsing_small.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/modbus/coil_parsing_small.bro rename to testing/btest/scripts/base/protocols/modbus/coil_parsing_small.zeek diff --git a/testing/btest/scripts/base/protocols/modbus/events.bro b/testing/btest/scripts/base/protocols/modbus/events.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/modbus/events.bro rename to testing/btest/scripts/base/protocols/modbus/events.zeek diff --git a/testing/btest/scripts/base/protocols/modbus/length_mismatch.bro b/testing/btest/scripts/base/protocols/modbus/length_mismatch.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/modbus/length_mismatch.bro rename to testing/btest/scripts/base/protocols/modbus/length_mismatch.zeek diff --git a/testing/btest/scripts/base/protocols/modbus/policy.bro b/testing/btest/scripts/base/protocols/modbus/policy.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/modbus/policy.bro rename to testing/btest/scripts/base/protocols/modbus/policy.zeek diff --git a/testing/btest/scripts/base/protocols/modbus/register_parsing.bro b/testing/btest/scripts/base/protocols/modbus/register_parsing.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/modbus/register_parsing.bro rename to testing/btest/scripts/base/protocols/modbus/register_parsing.zeek diff --git a/testing/btest/scripts/base/protocols/ncp/event.bro b/testing/btest/scripts/base/protocols/ncp/event.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/ncp/event.bro rename to testing/btest/scripts/base/protocols/ncp/event.zeek diff --git a/testing/btest/scripts/base/protocols/ncp/frame_size_tuning.bro b/testing/btest/scripts/base/protocols/ncp/frame_size_tuning.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/ncp/frame_size_tuning.bro rename to testing/btest/scripts/base/protocols/ncp/frame_size_tuning.zeek diff --git a/testing/btest/scripts/base/protocols/pop3/starttls.bro b/testing/btest/scripts/base/protocols/pop3/starttls.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/pop3/starttls.bro rename to testing/btest/scripts/base/protocols/pop3/starttls.zeek diff --git a/testing/btest/scripts/base/protocols/rdp/rdp-proprietary-encryption.bro b/testing/btest/scripts/base/protocols/rdp/rdp-proprietary-encryption.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/rdp/rdp-proprietary-encryption.bro rename to testing/btest/scripts/base/protocols/rdp/rdp-proprietary-encryption.zeek diff --git a/testing/btest/scripts/base/protocols/rdp/rdp-to-ssl.bro b/testing/btest/scripts/base/protocols/rdp/rdp-to-ssl.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/rdp/rdp-to-ssl.bro rename to testing/btest/scripts/base/protocols/rdp/rdp-to-ssl.zeek diff --git a/testing/btest/scripts/base/protocols/rdp/rdp-x509.bro b/testing/btest/scripts/base/protocols/rdp/rdp-x509.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/rdp/rdp-x509.bro rename to testing/btest/scripts/base/protocols/rdp/rdp-x509.zeek diff --git a/testing/btest/scripts/base/protocols/smb/smb2-read-write.bro b/testing/btest/scripts/base/protocols/smb/smb2-read-write.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/smb/smb2-read-write.bro rename to testing/btest/scripts/base/protocols/smb/smb2-read-write.zeek diff --git a/testing/btest/scripts/base/protocols/snmp/snmp-addr.bro b/testing/btest/scripts/base/protocols/snmp/snmp-addr.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/snmp/snmp-addr.bro rename to testing/btest/scripts/base/protocols/snmp/snmp-addr.zeek diff --git a/testing/btest/scripts/base/protocols/snmp/v1.bro b/testing/btest/scripts/base/protocols/snmp/v1.zeek similarity index 78% rename from testing/btest/scripts/base/protocols/snmp/v1.bro rename to testing/btest/scripts/base/protocols/snmp/v1.zeek index 7dd5bd4a68..09f86a28e4 100644 --- a/testing/btest/scripts/base/protocols/snmp/v1.bro +++ b/testing/btest/scripts/base/protocols/snmp/v1.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv1_get.pcap %INPUT $SCRIPTS/snmp-test.bro >out1 -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv1_get_short.pcap %INPUT $SCRIPTS/snmp-test.bro >out2 -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv1_set.pcap %INPUT $SCRIPTS/snmp-test.bro >out3 -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv1_trap.pcap %INPUT $SCRIPTS/snmp-test.bro >out4 +# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv1_get.pcap %INPUT $SCRIPTS/snmp-test.zeek >out1 +# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv1_get_short.pcap %INPUT $SCRIPTS/snmp-test.zeek >out2 +# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv1_set.pcap %INPUT $SCRIPTS/snmp-test.zeek >out3 +# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv1_trap.pcap %INPUT $SCRIPTS/snmp-test.zeek >out4 # @TEST-EXEC: btest-diff out1 # @TEST-EXEC: btest-diff out2 diff --git a/testing/btest/scripts/base/protocols/snmp/v2.bro b/testing/btest/scripts/base/protocols/snmp/v2.zeek similarity index 77% rename from testing/btest/scripts/base/protocols/snmp/v2.bro rename to testing/btest/scripts/base/protocols/snmp/v2.zeek index a2b9885fbb..58491d33b2 100644 --- a/testing/btest/scripts/base/protocols/snmp/v2.bro +++ b/testing/btest/scripts/base/protocols/snmp/v2.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv2_get.pcap %INPUT $SCRIPTS/snmp-test.bro >out1 -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv2_get_bulk.pcap %INPUT $SCRIPTS/snmp-test.bro >out2 -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv2_get_next.pcap %INPUT $SCRIPTS/snmp-test.bro >out3 +# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv2_get.pcap %INPUT $SCRIPTS/snmp-test.zeek >out1 +# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv2_get_bulk.pcap %INPUT $SCRIPTS/snmp-test.zeek >out2 +# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv2_get_next.pcap %INPUT $SCRIPTS/snmp-test.zeek >out3 # @TEST-EXEC: btest-diff out1 # @TEST-EXEC: btest-diff out2 diff --git a/testing/btest/scripts/base/protocols/snmp/v3.bro b/testing/btest/scripts/base/protocols/snmp/v3.zeek similarity index 79% rename from testing/btest/scripts/base/protocols/snmp/v3.bro rename to testing/btest/scripts/base/protocols/snmp/v3.zeek index 43edbdc2df..4d72b6476d 100644 --- a/testing/btest/scripts/base/protocols/snmp/v3.bro +++ b/testing/btest/scripts/base/protocols/snmp/v3.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv3_get_next.pcap %INPUT $SCRIPTS/snmp-test.bro >out1 +# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv3_get_next.pcap %INPUT $SCRIPTS/snmp-test.zeek >out1 # @TEST-EXEC: btest-diff out1 diff --git a/testing/btest/scripts/base/protocols/socks/socks-auth.bro b/testing/btest/scripts/base/protocols/socks/socks-auth.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/socks/socks-auth.bro rename to testing/btest/scripts/base/protocols/socks/socks-auth.zeek diff --git a/testing/btest/scripts/base/protocols/syslog/missing-pri.bro b/testing/btest/scripts/base/protocols/syslog/missing-pri.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/syslog/missing-pri.bro rename to testing/btest/scripts/base/protocols/syslog/missing-pri.zeek diff --git a/testing/btest/scripts/base/protocols/tcp/pending.bro b/testing/btest/scripts/base/protocols/tcp/pending.zeek similarity index 100% rename from testing/btest/scripts/base/protocols/tcp/pending.bro rename to testing/btest/scripts/base/protocols/tcp/pending.zeek diff --git a/testing/btest/scripts/base/utils/decompose_uri.bro b/testing/btest/scripts/base/utils/decompose_uri.zeek similarity index 100% rename from testing/btest/scripts/base/utils/decompose_uri.bro rename to testing/btest/scripts/base/utils/decompose_uri.zeek diff --git a/testing/btest/scripts/base/utils/dir.test b/testing/btest/scripts/base/utils/dir.test index 4cbb4a3c89..d7071e1d4c 100644 --- a/testing/btest/scripts/base/utils/dir.test +++ b/testing/btest/scripts/base/utils/dir.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b ../dirtest.bro +# @TEST-EXEC: btest-bg-run bro bro -b ../dirtest.zeek # @TEST-EXEC: $SCRIPTS/wait-for-file bro/next1 10 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: touch testdir/newone # @TEST-EXEC: rm testdir/bye @@ -8,7 +8,7 @@ # @TEST-EXEC: touch testdir/newone # @TEST-EXEC: btest-diff bro/.stdout -@TEST-START-FILE dirtest.bro +@TEST-START-FILE dirtest.zeek @load base/utils/dir redef exit_only_after_terminate = T; diff --git a/testing/btest/scripts/base/utils/exec.test b/testing/btest/scripts/base/utils/exec.test index 0b926df402..d761587f31 100644 --- a/testing/btest/scripts/base/utils/exec.test +++ b/testing/btest/scripts/base/utils/exec.test @@ -1,8 +1,8 @@ -# @TEST-EXEC: btest-bg-run bro bro -b ../exectest.bro +# @TEST-EXEC: btest-bg-run bro bro -b ../exectest.zeek # @TEST-EXEC: btest-bg-wait 15 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff bro/.stdout -@TEST-START-FILE exectest.bro +@TEST-START-FILE exectest.zeek @load base/utils/exec redef exit_only_after_terminate = T; diff --git a/testing/btest/scripts/base/utils/hash_hrw.bro b/testing/btest/scripts/base/utils/hash_hrw.zeek similarity index 100% rename from testing/btest/scripts/base/utils/hash_hrw.bro rename to testing/btest/scripts/base/utils/hash_hrw.zeek diff --git a/testing/btest/scripts/check-test-all-policy.bro b/testing/btest/scripts/check-test-all-policy.zeek similarity index 100% rename from testing/btest/scripts/check-test-all-policy.bro rename to testing/btest/scripts/check-test-all-policy.zeek diff --git a/testing/btest/scripts/policy/frameworks/files/extract-all.bro b/testing/btest/scripts/policy/frameworks/files/extract-all.zeek similarity index 100% rename from testing/btest/scripts/policy/frameworks/files/extract-all.bro rename to testing/btest/scripts/policy/frameworks/files/extract-all.zeek diff --git a/testing/btest/scripts/policy/frameworks/intel/removal.bro b/testing/btest/scripts/policy/frameworks/intel/removal.zeek similarity index 100% rename from testing/btest/scripts/policy/frameworks/intel/removal.bro rename to testing/btest/scripts/policy/frameworks/intel/removal.zeek diff --git a/testing/btest/scripts/policy/frameworks/intel/seen/certs.bro b/testing/btest/scripts/policy/frameworks/intel/seen/certs.zeek similarity index 100% rename from testing/btest/scripts/policy/frameworks/intel/seen/certs.bro rename to testing/btest/scripts/policy/frameworks/intel/seen/certs.zeek diff --git a/testing/btest/scripts/policy/frameworks/intel/seen/smb.bro b/testing/btest/scripts/policy/frameworks/intel/seen/smb.zeek similarity index 100% rename from testing/btest/scripts/policy/frameworks/intel/seen/smb.bro rename to testing/btest/scripts/policy/frameworks/intel/seen/smb.zeek diff --git a/testing/btest/scripts/policy/frameworks/intel/seen/smtp.bro b/testing/btest/scripts/policy/frameworks/intel/seen/smtp.zeek similarity index 100% rename from testing/btest/scripts/policy/frameworks/intel/seen/smtp.bro rename to testing/btest/scripts/policy/frameworks/intel/seen/smtp.zeek diff --git a/testing/btest/scripts/policy/frameworks/intel/whitelisting.bro b/testing/btest/scripts/policy/frameworks/intel/whitelisting.zeek similarity index 100% rename from testing/btest/scripts/policy/frameworks/intel/whitelisting.bro rename to testing/btest/scripts/policy/frameworks/intel/whitelisting.zeek diff --git a/testing/btest/scripts/policy/frameworks/software/version-changes.bro b/testing/btest/scripts/policy/frameworks/software/version-changes.zeek similarity index 100% rename from testing/btest/scripts/policy/frameworks/software/version-changes.bro rename to testing/btest/scripts/policy/frameworks/software/version-changes.zeek diff --git a/testing/btest/scripts/policy/frameworks/software/vulnerable.bro b/testing/btest/scripts/policy/frameworks/software/vulnerable.zeek similarity index 100% rename from testing/btest/scripts/policy/frameworks/software/vulnerable.bro rename to testing/btest/scripts/policy/frameworks/software/vulnerable.zeek diff --git a/testing/btest/scripts/policy/misc/dump-events.bro b/testing/btest/scripts/policy/misc/dump-events.zeek similarity index 100% rename from testing/btest/scripts/policy/misc/dump-events.bro rename to testing/btest/scripts/policy/misc/dump-events.zeek diff --git a/testing/btest/scripts/policy/misc/weird-stats-cluster.bro b/testing/btest/scripts/policy/misc/weird-stats-cluster.zeek similarity index 98% rename from testing/btest/scripts/policy/misc/weird-stats-cluster.bro rename to testing/btest/scripts/policy/misc/weird-stats-cluster.zeek index 140bb3b006..0c73ccf189 100644 --- a/testing/btest/scripts/policy/misc/weird-stats-cluster.bro +++ b/testing/btest/scripts/policy/misc/weird-stats-cluster.zeek @@ -9,7 +9,7 @@ # @TEST-EXEC: btest-diff manager-1/weird_stats.log -@TEST-START-FILE cluster-layout.bro +@TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], ["worker-1"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1", $interface="eth0"], diff --git a/testing/btest/scripts/policy/misc/weird-stats.bro b/testing/btest/scripts/policy/misc/weird-stats.zeek similarity index 100% rename from testing/btest/scripts/policy/misc/weird-stats.bro rename to testing/btest/scripts/policy/misc/weird-stats.zeek diff --git a/testing/btest/scripts/policy/protocols/conn/known-hosts.bro b/testing/btest/scripts/policy/protocols/conn/known-hosts.zeek similarity index 100% rename from testing/btest/scripts/policy/protocols/conn/known-hosts.bro rename to testing/btest/scripts/policy/protocols/conn/known-hosts.zeek diff --git a/testing/btest/scripts/policy/protocols/conn/known-services.bro b/testing/btest/scripts/policy/protocols/conn/known-services.zeek similarity index 100% rename from testing/btest/scripts/policy/protocols/conn/known-services.bro rename to testing/btest/scripts/policy/protocols/conn/known-services.zeek diff --git a/testing/btest/scripts/policy/protocols/conn/mac-logging.bro b/testing/btest/scripts/policy/protocols/conn/mac-logging.zeek similarity index 100% rename from testing/btest/scripts/policy/protocols/conn/mac-logging.bro rename to testing/btest/scripts/policy/protocols/conn/mac-logging.zeek diff --git a/testing/btest/scripts/policy/protocols/conn/vlan-logging.bro b/testing/btest/scripts/policy/protocols/conn/vlan-logging.zeek similarity index 100% rename from testing/btest/scripts/policy/protocols/conn/vlan-logging.bro rename to testing/btest/scripts/policy/protocols/conn/vlan-logging.zeek diff --git a/testing/btest/scripts/policy/protocols/dns/inverse-request.bro b/testing/btest/scripts/policy/protocols/dns/inverse-request.zeek similarity index 100% rename from testing/btest/scripts/policy/protocols/dns/inverse-request.bro rename to testing/btest/scripts/policy/protocols/dns/inverse-request.zeek diff --git a/testing/btest/scripts/policy/protocols/http/flash-version.bro b/testing/btest/scripts/policy/protocols/http/flash-version.zeek similarity index 100% rename from testing/btest/scripts/policy/protocols/http/flash-version.bro rename to testing/btest/scripts/policy/protocols/http/flash-version.zeek diff --git a/testing/btest/scripts/policy/protocols/http/header-names.bro b/testing/btest/scripts/policy/protocols/http/header-names.zeek similarity index 100% rename from testing/btest/scripts/policy/protocols/http/header-names.bro rename to testing/btest/scripts/policy/protocols/http/header-names.zeek diff --git a/testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.bro b/testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.zeek similarity index 100% rename from testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.bro rename to testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.zeek diff --git a/testing/btest/scripts/policy/protocols/krb/ticket-logging.bro b/testing/btest/scripts/policy/protocols/krb/ticket-logging.zeek similarity index 100% rename from testing/btest/scripts/policy/protocols/krb/ticket-logging.bro rename to testing/btest/scripts/policy/protocols/krb/ticket-logging.zeek diff --git a/testing/btest/scripts/policy/protocols/ssh/detect-bruteforcing.bro b/testing/btest/scripts/policy/protocols/ssh/detect-bruteforcing.zeek similarity index 100% rename from testing/btest/scripts/policy/protocols/ssh/detect-bruteforcing.bro rename to testing/btest/scripts/policy/protocols/ssh/detect-bruteforcing.zeek diff --git a/testing/btest/scripts/policy/protocols/ssl/expiring-certs.bro b/testing/btest/scripts/policy/protocols/ssl/expiring-certs.zeek similarity index 100% rename from testing/btest/scripts/policy/protocols/ssl/expiring-certs.bro rename to testing/btest/scripts/policy/protocols/ssl/expiring-certs.zeek diff --git a/testing/btest/scripts/policy/protocols/ssl/extract-certs-pem.bro b/testing/btest/scripts/policy/protocols/ssl/extract-certs-pem.zeek similarity index 100% rename from testing/btest/scripts/policy/protocols/ssl/extract-certs-pem.bro rename to testing/btest/scripts/policy/protocols/ssl/extract-certs-pem.zeek diff --git a/testing/btest/scripts/policy/protocols/ssl/heartbleed.bro b/testing/btest/scripts/policy/protocols/ssl/heartbleed.zeek similarity index 100% rename from testing/btest/scripts/policy/protocols/ssl/heartbleed.bro rename to testing/btest/scripts/policy/protocols/ssl/heartbleed.zeek diff --git a/testing/btest/scripts/policy/protocols/ssl/known-certs.bro b/testing/btest/scripts/policy/protocols/ssl/known-certs.zeek similarity index 100% rename from testing/btest/scripts/policy/protocols/ssl/known-certs.bro rename to testing/btest/scripts/policy/protocols/ssl/known-certs.zeek diff --git a/testing/btest/scripts/policy/protocols/ssl/log-hostcerts-only.bro b/testing/btest/scripts/policy/protocols/ssl/log-hostcerts-only.zeek similarity index 100% rename from testing/btest/scripts/policy/protocols/ssl/log-hostcerts-only.bro rename to testing/btest/scripts/policy/protocols/ssl/log-hostcerts-only.zeek diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.bro b/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.zeek similarity index 88% rename from testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.bro rename to testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.zeek index 712e333037..ccca29fd7c 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.bro +++ b/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap $SCRIPTS/external-ca-list.bro %INPUT +# @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap $SCRIPTS/external-ca-list.zeek %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl.log @load protocols/ssl/validate-certs diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-certs.bro b/testing/btest/scripts/policy/protocols/ssl/validate-certs.zeek similarity index 84% rename from testing/btest/scripts/policy/protocols/ssl/validate-certs.bro rename to testing/btest/scripts/policy/protocols/ssl/validate-certs.zeek index 03803fe2fa..9686c1ab28 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-certs.bro +++ b/testing/btest/scripts/policy/protocols/ssl/validate-certs.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: bro -r $TRACES/tls/tls-expired-cert.trace $SCRIPTS/external-ca-list.bro %INPUT +# @TEST-EXEC: bro -r $TRACES/tls/tls-expired-cert.trace $SCRIPTS/external-ca-list.zeek %INPUT # @TEST-EXEC: cat ssl.log > ssl-all.log -# @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap $SCRIPTS/external-ca-list.bro %INPUT +# @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap $SCRIPTS/external-ca-list.zeek %INPUT # @TEST-EXEC: cat ssl.log >> ssl-all.log # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-all.log diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-ocsp.bro b/testing/btest/scripts/policy/protocols/ssl/validate-ocsp.zeek similarity index 62% rename from testing/btest/scripts/policy/protocols/ssl/validate-ocsp.bro rename to testing/btest/scripts/policy/protocols/ssl/validate-ocsp.zeek index 4e53a46b02..21d174be91 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-ocsp.bro +++ b/testing/btest/scripts/policy/protocols/ssl/validate-ocsp.zeek @@ -1,9 +1,9 @@ -# @TEST-EXEC: bro $SCRIPTS/external-ca-list.bro -C -r $TRACES/tls/ocsp-stapling.trace %INPUT +# @TEST-EXEC: bro $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling.trace %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl.log -# @TEST-EXEC: bro $SCRIPTS/external-ca-list.bro -C -r $TRACES/tls/ocsp-stapling-twimg.trace %INPUT +# @TEST-EXEC: bro $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling-twimg.trace %INPUT # @TEST-EXEC: mv ssl.log ssl-twimg.log # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-twimg.log -# @TEST-EXEC: bro $SCRIPTS/external-ca-list.bro -C -r $TRACES/tls/ocsp-stapling-digicert.trace %INPUT +# @TEST-EXEC: bro $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling-digicert.trace %INPUT # @TEST-EXEC: mv ssl.log ssl-digicert.log # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-digicert.log diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-sct.bro b/testing/btest/scripts/policy/protocols/ssl/validate-sct.zeek similarity index 88% rename from testing/btest/scripts/policy/protocols/ssl/validate-sct.bro rename to testing/btest/scripts/policy/protocols/ssl/validate-sct.zeek index 8dbd358e17..c21dc18094 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-sct.bro +++ b/testing/btest/scripts/policy/protocols/ssl/validate-sct.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: bro -r $TRACES/tls/signed_certificate_timestamp.pcap $SCRIPTS/external-ca-list.bro %INPUT +# @TEST-EXEC: bro -r $TRACES/tls/signed_certificate_timestamp.pcap $SCRIPTS/external-ca-list.zeek %INPUT # @TEST-EXEC: cat ssl.log > ssl-all.log -# @TEST-EXEC: bro -r $TRACES/tls/signed_certificate_timestamp-2.pcap $SCRIPTS/external-ca-list.bro %INPUT +# @TEST-EXEC: bro -r $TRACES/tls/signed_certificate_timestamp-2.pcap $SCRIPTS/external-ca-list.zeek %INPUT # @TEST-EXEC: cat ssl.log >> ssl-all.log # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-all.log diff --git a/testing/btest/scripts/policy/protocols/ssl/weak-keys.bro b/testing/btest/scripts/policy/protocols/ssl/weak-keys.zeek similarity index 100% rename from testing/btest/scripts/policy/protocols/ssl/weak-keys.bro rename to testing/btest/scripts/policy/protocols/ssl/weak-keys.zeek diff --git a/testing/btest/signatures/bad-eval-condition.bro b/testing/btest/signatures/bad-eval-condition.zeek similarity index 100% rename from testing/btest/signatures/bad-eval-condition.bro rename to testing/btest/signatures/bad-eval-condition.zeek diff --git a/testing/btest/signatures/dpd.bro b/testing/btest/signatures/dpd.zeek similarity index 100% rename from testing/btest/signatures/dpd.bro rename to testing/btest/signatures/dpd.zeek diff --git a/testing/btest/signatures/dst-ip-cidr-v4.bro b/testing/btest/signatures/dst-ip-cidr-v4.zeek similarity index 100% rename from testing/btest/signatures/dst-ip-cidr-v4.bro rename to testing/btest/signatures/dst-ip-cidr-v4.zeek diff --git a/testing/btest/signatures/dst-ip-header-condition-v4-masks.bro b/testing/btest/signatures/dst-ip-header-condition-v4-masks.zeek similarity index 100% rename from testing/btest/signatures/dst-ip-header-condition-v4-masks.bro rename to testing/btest/signatures/dst-ip-header-condition-v4-masks.zeek diff --git a/testing/btest/signatures/dst-ip-header-condition-v4.bro b/testing/btest/signatures/dst-ip-header-condition-v4.zeek similarity index 100% rename from testing/btest/signatures/dst-ip-header-condition-v4.bro rename to testing/btest/signatures/dst-ip-header-condition-v4.zeek diff --git a/testing/btest/signatures/dst-ip-header-condition-v6-masks.bro b/testing/btest/signatures/dst-ip-header-condition-v6-masks.zeek similarity index 100% rename from testing/btest/signatures/dst-ip-header-condition-v6-masks.bro rename to testing/btest/signatures/dst-ip-header-condition-v6-masks.zeek diff --git a/testing/btest/signatures/dst-ip-header-condition-v6.bro b/testing/btest/signatures/dst-ip-header-condition-v6.zeek similarity index 100% rename from testing/btest/signatures/dst-ip-header-condition-v6.bro rename to testing/btest/signatures/dst-ip-header-condition-v6.zeek diff --git a/testing/btest/signatures/dst-port-header-condition.bro b/testing/btest/signatures/dst-port-header-condition.zeek similarity index 100% rename from testing/btest/signatures/dst-port-header-condition.bro rename to testing/btest/signatures/dst-port-header-condition.zeek diff --git a/testing/btest/signatures/eval-condition-no-return-value.bro b/testing/btest/signatures/eval-condition-no-return-value.zeek similarity index 100% rename from testing/btest/signatures/eval-condition-no-return-value.bro rename to testing/btest/signatures/eval-condition-no-return-value.zeek diff --git a/testing/btest/signatures/eval-condition.bro b/testing/btest/signatures/eval-condition.zeek similarity index 100% rename from testing/btest/signatures/eval-condition.bro rename to testing/btest/signatures/eval-condition.zeek diff --git a/testing/btest/signatures/header-header-condition.bro b/testing/btest/signatures/header-header-condition.zeek similarity index 100% rename from testing/btest/signatures/header-header-condition.bro rename to testing/btest/signatures/header-header-condition.zeek diff --git a/testing/btest/signatures/id-lookup.bro b/testing/btest/signatures/id-lookup.zeek similarity index 100% rename from testing/btest/signatures/id-lookup.bro rename to testing/btest/signatures/id-lookup.zeek diff --git a/testing/btest/signatures/ip-proto-header-condition.bro b/testing/btest/signatures/ip-proto-header-condition.zeek similarity index 100% rename from testing/btest/signatures/ip-proto-header-condition.bro rename to testing/btest/signatures/ip-proto-header-condition.zeek diff --git a/testing/btest/signatures/load-sigs.bro b/testing/btest/signatures/load-sigs.zeek similarity index 100% rename from testing/btest/signatures/load-sigs.bro rename to testing/btest/signatures/load-sigs.zeek diff --git a/testing/btest/signatures/src-ip-header-condition-v4-masks.bro b/testing/btest/signatures/src-ip-header-condition-v4-masks.zeek similarity index 100% rename from testing/btest/signatures/src-ip-header-condition-v4-masks.bro rename to testing/btest/signatures/src-ip-header-condition-v4-masks.zeek diff --git a/testing/btest/signatures/src-ip-header-condition-v4.bro b/testing/btest/signatures/src-ip-header-condition-v4.zeek similarity index 100% rename from testing/btest/signatures/src-ip-header-condition-v4.bro rename to testing/btest/signatures/src-ip-header-condition-v4.zeek diff --git a/testing/btest/signatures/src-ip-header-condition-v6-masks.bro b/testing/btest/signatures/src-ip-header-condition-v6-masks.zeek similarity index 100% rename from testing/btest/signatures/src-ip-header-condition-v6-masks.bro rename to testing/btest/signatures/src-ip-header-condition-v6-masks.zeek diff --git a/testing/btest/signatures/src-ip-header-condition-v6.bro b/testing/btest/signatures/src-ip-header-condition-v6.zeek similarity index 100% rename from testing/btest/signatures/src-ip-header-condition-v6.bro rename to testing/btest/signatures/src-ip-header-condition-v6.zeek diff --git a/testing/btest/signatures/src-port-header-condition.bro b/testing/btest/signatures/src-port-header-condition.zeek similarity index 100% rename from testing/btest/signatures/src-port-header-condition.bro rename to testing/btest/signatures/src-port-header-condition.zeek diff --git a/testing/btest/signatures/udp-packetwise-match.bro b/testing/btest/signatures/udp-packetwise-match.zeek similarity index 100% rename from testing/btest/signatures/udp-packetwise-match.bro rename to testing/btest/signatures/udp-packetwise-match.zeek diff --git a/testing/btest/signatures/udp-payload-size.bro b/testing/btest/signatures/udp-payload-size.zeek similarity index 100% rename from testing/btest/signatures/udp-payload-size.bro rename to testing/btest/signatures/udp-payload-size.zeek diff --git a/testing/external/commit-hash.zeek-testing b/testing/external/commit-hash.zeek-testing index 029d39391b..758d688ec2 100644 --- a/testing/external/commit-hash.zeek-testing +++ b/testing/external/commit-hash.zeek-testing @@ -1 +1 @@ -37f541404be417d5b092b8b36c7c1c84d2f307e9 +96f9f7976b98447831fcfa2146007ea9ddb98f74 diff --git a/testing/external/commit-hash.zeek-testing-private b/testing/external/commit-hash.zeek-testing-private index a99b5e8d7b..04034e2be2 100644 --- a/testing/external/commit-hash.zeek-testing-private +++ b/testing/external/commit-hash.zeek-testing-private @@ -1 +1 @@ -de8e378210cacc599d8e59e1204286f7fe9cbc1b +fb5be2e139ab5c9840eb6b50e691eacc66f62165 diff --git a/testing/external/scripts/external-ca-list.bro b/testing/external/scripts/external-ca-list.bro deleted file mode 120000 index a52a9be196..0000000000 --- a/testing/external/scripts/external-ca-list.bro +++ /dev/null @@ -1 +0,0 @@ -../../scripts/external-ca-list.bro \ No newline at end of file diff --git a/testing/external/scripts/external-ca-list.zeek b/testing/external/scripts/external-ca-list.zeek new file mode 120000 index 0000000000..a50808a16d --- /dev/null +++ b/testing/external/scripts/external-ca-list.zeek @@ -0,0 +1 @@ +../../scripts/external-ca-list.zeek \ No newline at end of file diff --git a/testing/external/scripts/testing-setup.bro b/testing/external/scripts/testing-setup.zeek similarity index 91% rename from testing/external/scripts/testing-setup.bro rename to testing/external/scripts/testing-setup.zeek index a56a72aee5..d24813e1fc 100644 --- a/testing/external/scripts/testing-setup.bro +++ b/testing/external/scripts/testing-setup.zeek @@ -1,6 +1,6 @@ # Sets some testing specific options. -@load external-ca-list.bro +@load external-ca-list @ifdef ( SMTP::never_calc_md5 ) # MDD5s can depend on libmagic output. diff --git a/testing/scripts/external-ca-list.bro b/testing/scripts/external-ca-list.zeek similarity index 100% rename from testing/scripts/external-ca-list.bro rename to testing/scripts/external-ca-list.zeek diff --git a/testing/scripts/file-analysis-test.bro b/testing/scripts/file-analysis-test.zeek similarity index 100% rename from testing/scripts/file-analysis-test.bro rename to testing/scripts/file-analysis-test.zeek diff --git a/testing/scripts/snmp-test.bro b/testing/scripts/snmp-test.zeek similarity index 100% rename from testing/scripts/snmp-test.bro rename to testing/scripts/snmp-test.zeek From 8f82ecc66d3b5c96db4f1ddb4e0f14091d72dd60 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 16 Apr 2019 16:37:12 -0700 Subject: [PATCH 025/247] Updating submodule(s). [nomail] --- doc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc b/doc index 5af14fffad..9b556e5e71 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit 5af14fffad53d2c43541a0169494c8fb9b5b2e46 +Subproject commit 9b556e5e71d0d8a5c2e7a1d4be4b308d887310f1 From f21e11d8114db0ef757d1a6c7f92256d829bc271 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 16 Apr 2019 17:44:31 -0700 Subject: [PATCH 026/247] GH-237: add `@load foo.bro` -> foo.zeek fallback When failing to locate a script with explicit .bro suffix, check for whether one with a .zeek suffix exists and use it instead. --- CHANGES | 7 +++++++ NEWS | 10 ++++++---- VERSION | 2 +- src/util.cc | 16 ++++++++++++++++ .../core.load-explicit-bro-suffix-fallback/out | 1 + .../core/load-explicit-bro-suffix-fallback.zeek | 12 ++++++++++++ 6 files changed, 43 insertions(+), 5 deletions(-) create mode 100644 testing/btest/Baseline/core.load-explicit-bro-suffix-fallback/out create mode 100644 testing/btest/core/load-explicit-bro-suffix-fallback.zeek diff --git a/CHANGES b/CHANGES index d9146fbb9b..1779902ddd 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,11 @@ +2.6-227 | 2019-04-16 17:44:31 -0700 + + * GH-237: add `@load foo.bro` -> foo.zeek fallback (Jon Siwek, Corelight) + + When failing to locate a script with explicit .bro suffix, check for + whether one with a .zeek suffix exists and use it instead. + 2.6-225 | 2019-04-16 16:07:49 -0700 * Use .zeek file suffix in unit tests (Jon Siwek, Corelight) diff --git a/NEWS b/NEWS index 36b9556b3e..a1e04773ff 100644 --- a/NEWS +++ b/NEWS @@ -81,10 +81,12 @@ Changed Functionality been renamed to ``.zeek``. - The search logic for the ``@load`` script directive now prefers files - ending in ``.zeek``, but will fallback to loading a ``.bro`` file if it - exists. E.g. ``@load foo`` will check for ``foo.zeek`` and then ``foo.bro``. - Note that ``@load foo.bro`` will not automatically check for - ``@load foo.zeek``. + ending in ``.zeek``, but will fallback to loading a ``.bro`` file if + it exists. E.g. ``@load foo`` will first check for a ``foo.zeek`` + file to load and then otherwise ``foo.bro``. Note that + ``@load foo.bro`` (with the explicit ``.bro`` file suffix) prefers + in the opposite order: it first checks for ``foo.bro`` and then + falls back to a ``foo.zeek``, if it exists. - The for-loop index variable for vectors has been changed from 'int' to 'count' type. It's unlikely this would alter/break any diff --git a/VERSION b/VERSION index 23ad9f21a7..168f57bc28 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-225 +2.6-227 diff --git a/src/util.cc b/src/util.cc index 8b4bd0a88b..0367700ffb 100644 --- a/src/util.cc +++ b/src/util.cc @@ -1298,6 +1298,14 @@ string find_file(const string& filename, const string& path_set, return string(); } +static bool ends_with(const std::string& s, const std::string& ending) + { + if ( ending.size() > s.size() ) + return false; + + return std::equal(ending.rbegin(), ending.rend(), s.rbegin()); + } + string find_script_file(const string& filename, const string& path_set) { vector paths; @@ -1313,6 +1321,14 @@ string find_script_file(const string& filename, const string& path_set) return f; } + if ( ends_with(filename, ".bro") ) + { + // We were looking for a file explicitly ending in .bro and didn't + // find it, so fall back to one ending in .zeek, if it exists. + auto fallback = string(filename.data(), filename.size() - 4) + ".zeek"; + return find_script_file(fallback, path_set); + } + return string(); } diff --git a/testing/btest/Baseline/core.load-explicit-bro-suffix-fallback/out b/testing/btest/Baseline/core.load-explicit-bro-suffix-fallback/out new file mode 100644 index 0000000000..c67eefbfc1 --- /dev/null +++ b/testing/btest/Baseline/core.load-explicit-bro-suffix-fallback/out @@ -0,0 +1 @@ +loaded foo.zeek diff --git a/testing/btest/core/load-explicit-bro-suffix-fallback.zeek b/testing/btest/core/load-explicit-bro-suffix-fallback.zeek new file mode 100644 index 0000000000..28f770ca48 --- /dev/null +++ b/testing/btest/core/load-explicit-bro-suffix-fallback.zeek @@ -0,0 +1,12 @@ +# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: btest-diff out + +# We don't have a foo.bro, but we'll accept foo.zeek. +@load foo.bro + +@TEST-START-FILE foo.zeek +event bro_init() + { + print "loaded foo.zeek"; + } +@TEST-END-FILE From ae4129d2b6d562916dbba23972e1265c6a066f10 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 16 Apr 2019 18:06:55 -0700 Subject: [PATCH 027/247] Updating submodule(s). [nomail] --- aux/broctl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/broctl b/aux/broctl index 2844f70062..3d15efdd8b 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 2844f70062c778094c6baf3864177161843517ac +Subproject commit 3d15efdd8b732c27e903c2d34f70fa4fa09bdcc1 From 915189a06aa0b5a50dcd330089f81355c09947bc Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Wed, 17 Apr 2019 14:20:48 -0700 Subject: [PATCH 028/247] added 'g' $history character for content gaps --- scripts/base/protocols/conn/main.zeek | 3 ++- src/analyzer/protocol/tcp/TCP.cc | 18 +++++++++--------- src/analyzer/protocol/tcp/TCP_Endpoint.cc | 12 ++++++++++-- src/analyzer/protocol/tcp/TCP_Endpoint.h | 4 ++++ src/analyzer/protocol/tcp/TCP_Reassembler.cc | 3 +++ src/analyzer/protocol/tcp/events.bif | 18 +++++++++++++++--- .../core.tcp.large-file-reassembly/conn.log | 6 +++--- .../core.tcp.large-file-reassembly/files.log | 4 ++-- .../Baseline/core.tcp.rxmit-history/conn-1.log | 6 +++--- .../Baseline/core.tcp.rxmit-history/conn-2.log | 4 ++-- .../conn.log | 6 +++--- .../conn.log | 6 +++--- .../ftp.log | 4 ++-- 13 files changed, 61 insertions(+), 33 deletions(-) diff --git a/scripts/base/protocols/conn/main.zeek b/scripts/base/protocols/conn/main.zeek index e2209b6e22..ed28bd6104 100644 --- a/scripts/base/protocols/conn/main.zeek +++ b/scripts/base/protocols/conn/main.zeek @@ -107,6 +107,7 @@ export { ## f packet with FIN bit set ## r packet with RST bit set ## c packet with a bad checksum (applies to UDP too) + ## g a content gap ## t packet with retransmitted payload ## w packet with a zero window advertisement ## i inconsistent packet (e.g. FIN+RST bits set) @@ -122,7 +123,7 @@ export { ## 's' can be recorded multiple times for either direction ## if the associated sequence number differs from the ## last-seen packet of the same flag type. - ## 'c', 't' and 'w' are recorded in a logarithmic fashion: + ## 'c', 'g', 't' and 'w' are recorded in a logarithmic fashion: ## the second instance represents that the event was seen ## (at least) 10 times; the third instance, 100 times; etc. history: string &log &optional; diff --git a/src/analyzer/protocol/tcp/TCP.cc b/src/analyzer/protocol/tcp/TCP.cc index 9329b103ed..595fe8e6b6 100644 --- a/src/analyzer/protocol/tcp/TCP.cc +++ b/src/analyzer/protocol/tcp/TCP.cc @@ -1321,6 +1321,14 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, PacketWithRST(); } + int32 delta_last = update_last_seq(endpoint, seq_one_past_segment, flags, len); + endpoint->last_time = current_timestamp; + + int do_close; + int gen_event; + UpdateStateMachine(current_timestamp, endpoint, peer, base_seq, ack_seq, + len, delta_last, is_orig, flags, do_close, gen_event); + uint64 rel_ack = 0; if ( flags.ACK() ) @@ -1350,21 +1358,13 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, Weird("TCP_ack_underflow_or_misorder"); } else if ( ! flags.RST() ) - // Don't trust ack's in RSt packets. + // Don't trust ack's in RST packets. update_ack_seq(peer, ack_seq); } peer->AckReceived(rel_ack); } - int32 delta_last = update_last_seq(endpoint, seq_one_past_segment, flags, len); - endpoint->last_time = current_timestamp; - - int do_close; - int gen_event; - UpdateStateMachine(current_timestamp, endpoint, peer, base_seq, ack_seq, - len, delta_last, is_orig, flags, do_close, gen_event); - if ( tcp_packet ) GeneratePacketEvent(rel_seq, rel_ack, data, len, caplen, is_orig, flags); diff --git a/src/analyzer/protocol/tcp/TCP_Endpoint.cc b/src/analyzer/protocol/tcp/TCP_Endpoint.cc index 7e7b316e10..99551cd211 100644 --- a/src/analyzer/protocol/tcp/TCP_Endpoint.cc +++ b/src/analyzer/protocol/tcp/TCP_Endpoint.cc @@ -32,8 +32,8 @@ TCP_Endpoint::TCP_Endpoint(TCP_Analyzer* arg_analyzer, int arg_is_orig) tcp_analyzer = arg_analyzer; is_orig = arg_is_orig; - chk_cnt = rxmt_cnt = win0_cnt = 0; - chk_thresh = rxmt_thresh = win0_thresh = 1; + gap_cnt = chk_cnt = rxmt_cnt = win0_cnt = 0; + gap_thresh = chk_thresh = rxmt_thresh = win0_thresh = 1; hist_last_SYN = hist_last_FIN = hist_last_RST = 0; @@ -313,3 +313,11 @@ void TCP_Endpoint::ZeroWindow() Conn()->HistoryThresholdEvent(tcp_multiple_zero_windows, IsOrig(), t); } + +void TCP_Endpoint::Gap(uint64 seq, uint64 len) + { + uint32 t = gap_thresh; + if ( Conn()->ScaledHistoryEntry(IsOrig() ? 'G' : 'g', + gap_cnt, gap_thresh) ) + Conn()->HistoryThresholdEvent(tcp_multiple_gap, IsOrig(), t); + } diff --git a/src/analyzer/protocol/tcp/TCP_Endpoint.h b/src/analyzer/protocol/tcp/TCP_Endpoint.h index 4c38aadd93..4c1cf64d6c 100644 --- a/src/analyzer/protocol/tcp/TCP_Endpoint.h +++ b/src/analyzer/protocol/tcp/TCP_Endpoint.h @@ -175,6 +175,9 @@ public: // Called to inform endpoint that it has offered a zero window. void ZeroWindow(); + // Called to inform endpoint that it a gap occurred. + void Gap(uint64 seq, uint64 len); + // Returns true if the data was used (and hence should be recorded // in the save file), false otherwise. int DataSent(double t, uint64 seq, int len, int caplen, const u_char* data, @@ -240,6 +243,7 @@ protected: uint32 chk_cnt, chk_thresh; uint32 rxmt_cnt, rxmt_thresh; uint32 win0_cnt, win0_thresh; + uint32 gap_cnt, gap_thresh; }; #define ENDIAN_UNKNOWN 0 diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.cc b/src/analyzer/protocol/tcp/TCP_Reassembler.cc index ef68f621b5..5a82197054 100644 --- a/src/analyzer/protocol/tcp/TCP_Reassembler.cc +++ b/src/analyzer/protocol/tcp/TCP_Reassembler.cc @@ -134,6 +134,9 @@ void TCP_Reassembler::Gap(uint64 seq, uint64 len) // The one opportunity we lose here is on clean FIN // handshakes, but Oh Well. + if ( established(endp, endp->peer) ) + endp->Gap(seq, len); + if ( report_gap(endp, endp->peer) ) { val_list* vl = new val_list; diff --git a/src/analyzer/protocol/tcp/events.bif b/src/analyzer/protocol/tcp/events.bif index d93ebe4819..390dadec0f 100644 --- a/src/analyzer/protocol/tcp/events.bif +++ b/src/analyzer/protocol/tcp/events.bif @@ -300,7 +300,7 @@ event tcp_rexmit%(c: connection, is_orig: bool, seq: count, len: count, data_in_ ## threshold: the threshold that was crossed ## ## .. bro:see:: udp_multiple_checksum_errors -## tcp_multiple_zero_windows tcp_multiple_retransmissions +## tcp_multiple_zero_windows tcp_multiple_retransmissions tcp_multiple_gap event tcp_multiple_checksum_errors%(c: connection, is_orig: bool, threshold: count%); ## Generated if a TCP flow crosses a zero-window threshold, per @@ -312,7 +312,7 @@ event tcp_multiple_checksum_errors%(c: connection, is_orig: bool, threshold: cou ## ## threshold: the threshold that was crossed ## -## .. bro:see:: tcp_multiple_checksum_errors tcp_multiple_retransmissions +## .. bro:see:: tcp_multiple_checksum_errors tcp_multiple_retransmissions tcp_multiple_gap event tcp_multiple_zero_windows%(c: connection, is_orig: bool, threshold: count%); ## Generated if a TCP flow crosses a retransmission threshold, per @@ -324,9 +324,21 @@ event tcp_multiple_zero_windows%(c: connection, is_orig: bool, threshold: count% ## ## threshold: the threshold that was crossed ## -## .. bro:see:: tcp_multiple_checksum_errors tcp_multiple_zero_windows +## .. bro:see:: tcp_multiple_checksum_errors tcp_multiple_zero_windows tcp_multiple_gap event tcp_multiple_retransmissions%(c: connection, is_orig: bool, threshold: count%); +## Generated if a TCP flow crosses a gap threshold, per 'G'/'g' history +## reporting. +## +## c: The connection record for the TCP connection. +## +## is_orig: True if the event is raised for the originator side. +## +## threshold: the threshold that was crossed +## +## .. bro:see:: tcp_multiple_checksum_errors tcp_multiple_zero_windows tcp_multiple_retransmissions +event tcp_multiple_gap%(c: connection, is_orig: bool, threshold: count%); + ## Generated when failing to write contents of a TCP stream to a file. ## ## c: The connection whose contents are being recorded. diff --git a/testing/btest/Baseline/core.tcp.large-file-reassembly/conn.log b/testing/btest/Baseline/core.tcp.large-file-reassembly/conn.log index 8da44df913..3a997687d1 100644 --- a/testing/btest/Baseline/core.tcp.large-file-reassembly/conn.log +++ b/testing/btest/Baseline/core.tcp.large-file-reassembly/conn.log @@ -3,10 +3,10 @@ #empty_field (empty) #unset_field - #path conn -#open 2016-07-13-16-13-01 +#open 2019-04-17-20-41-29 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] 1395939406.175845 ClEkJM2Vm5giqnMf4h 192.168.56.1 59763 192.168.56.101 63988 tcp ftp-data 0.001676 0 270 SF - - 0 ShAdfFa 5 272 4 486 - -1395939411.361078 C4J4Th3PJpwUYZZ6gc 192.168.56.1 59764 192.168.56.101 37150 tcp ftp-data 150.496065 0 5416666670 SF - - 4675708816 ShAdfFa 13 688 12 24454 - +1395939411.361078 C4J4Th3PJpwUYZZ6gc 192.168.56.1 59764 192.168.56.101 37150 tcp ftp-data 150.496065 0 5416666670 SF - - 4675708816 ShAdgfFa 13 688 12 24454 - 1395939399.984671 CHhAvVGS1DHFjwGM9 192.168.56.1 59762 192.168.56.101 21 tcp ftp 169.634297 104 1041 SF - - 0 ShAdDaFf 31 1728 18 1985 - -#close 2016-07-13-16-13-01 +#close 2019-04-17-20-41-29 diff --git a/testing/btest/Baseline/core.tcp.large-file-reassembly/files.log b/testing/btest/Baseline/core.tcp.large-file-reassembly/files.log index 31087d58cc..15de6047b6 100644 --- a/testing/btest/Baseline/core.tcp.large-file-reassembly/files.log +++ b/testing/btest/Baseline/core.tcp.large-file-reassembly/files.log @@ -3,9 +3,9 @@ #empty_field (empty) #unset_field - #path files -#open 2017-01-25-07-03-11 +#open 2019-04-17-20-41-29 #fields ts fuid tx_hosts rx_hosts conn_uids source depth analyzers mime_type filename duration local_orig is_orig seen_bytes total_bytes missing_bytes overflow_bytes timedout parent_fuid md5 sha1 sha256 extracted extracted_cutoff extracted_size #types time string set[addr] set[addr] set[string] string count set[string] string string interval bool bool count count count count bool string string string string string bool count 1395939406.177079 FAb5m22Dhe2Zi95anf 192.168.56.101 192.168.56.1 ClEkJM2Vm5giqnMf4h FTP_DATA 0 DATA_EVENT text/plain - 0.000000 - F 270 - 0 0 F - - - - - - - 1395939411.364462 FhI0ao2FNTjabdfSBd 192.168.56.101 192.168.56.1 C4J4Th3PJpwUYZZ6gc FTP_DATA 0 DATA_EVENT text/plain - 150.490904 - F 23822 - 5416642848 0 F - - - - - - - -#close 2017-01-25-07-03-11 +#close 2019-04-17-20-41-29 diff --git a/testing/btest/Baseline/core.tcp.rxmit-history/conn-1.log b/testing/btest/Baseline/core.tcp.rxmit-history/conn-1.log index 43daf101a3..466f882257 100644 --- a/testing/btest/Baseline/core.tcp.rxmit-history/conn-1.log +++ b/testing/btest/Baseline/core.tcp.rxmit-history/conn-1.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path conn -#open 2018-01-12-21-43-34 +#open 2019-04-17-20-42-43 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] -1285862902.700271 CHhAvVGS1DHFjwGM9 10.0.88.85 50368 192.168.0.27 80 tcp - 60.991770 474 23783 RSTO - - 24257 ShADadtR 17 1250 22 28961 - -#close 2018-01-12-21-43-34 +1285862902.700271 CHhAvVGS1DHFjwGM9 10.0.88.85 50368 192.168.0.27 80 tcp - 60.991770 474 23783 RSTO - - 24257 ShADaGdgtR 17 1250 22 28961 - +#close 2019-04-17-20-42-43 diff --git a/testing/btest/Baseline/core.tcp.rxmit-history/conn-2.log b/testing/btest/Baseline/core.tcp.rxmit-history/conn-2.log index 22d4ec3ab9..e75d9487d0 100644 --- a/testing/btest/Baseline/core.tcp.rxmit-history/conn-2.log +++ b/testing/btest/Baseline/core.tcp.rxmit-history/conn-2.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path conn -#open 2018-01-12-21-43-35 +#open 2019-04-17-20-42-44 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] 1300475167.096535 CHhAvVGS1DHFjwGM9 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 73 0 0 - @@ -40,4 +40,4 @@ 1300475168.859163 Ck51lg1bScffFj34Ri 141.142.220.118 49998 208.80.152.3 80 tcp http 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 - 1300475168.892936 CtxTCR2Yer0FR1tIBg 141.142.220.118 50000 208.80.152.3 80 tcp http 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 - 1300475168.895267 CLNN1k2QMum1aexUK7 141.142.220.118 50001 208.80.152.3 80 tcp http 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 - -#close 2018-01-12-21-43-35 +#close 2019-04-17-20-42-44 diff --git a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.packetfilter/conn.log b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.packetfilter/conn.log index 9a673f80e2..614a90a0f7 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.packetfilter/conn.log +++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.packetfilter/conn.log @@ -3,13 +3,13 @@ #empty_field (empty) #unset_field - #path conn -#open 2016-07-13-16-15-38 +#open 2019-04-17-21-00-04 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] 1254722767.492060 CHhAvVGS1DHFjwGM9 10.10.1.4 56166 10.10.1.1 53 udp dns 0.034025 34 100 SF - - 0 Dd 1 62 1 128 - 1254722776.690444 C4J4Th3PJpwUYZZ6gc 10.10.1.20 138 10.10.1.255 138 udp - - - - S0 - - 0 D 1 229 0 0 - 1254722767.529046 ClEkJM2Vm5giqnMf4h 10.10.1.4 1470 74.53.140.153 25 tcp - 0.346950 0 0 S1 - - 0 Sh 1 48 1 48 - 1437831776.764391 CtPZjS20MLrsMUOJi2 192.168.133.100 49285 66.196.121.26 5050 tcp - 0.343008 41 0 OTH - - 0 Da 1 93 1 52 - -1437831787.856895 CUM0KZ3MLUfNB0cl11 192.168.133.100 49648 192.168.133.102 25 tcp - 0.048043 162 154 S1 - - 154 ShDA 3 192 1 60 - +1437831787.856895 CUM0KZ3MLUfNB0cl11 192.168.133.100 49648 192.168.133.102 25 tcp - 0.048043 162 154 S1 - - 154 ShDgA 3 192 1 60 - 1437831798.533765 CmES5u32sYpV7JYN 192.168.133.100 49336 74.125.71.189 443 tcp - - - - OTH - - 0 A 1 52 0 0 - -#close 2016-07-13-16-15-38 +#close 2019-04-17-21-00-04 diff --git a/testing/btest/Baseline/scripts.base.protocols.ftp.cwd-navigation/conn.log b/testing/btest/Baseline/scripts.base.protocols.ftp.cwd-navigation/conn.log index 8990518008..2559f88db2 100644 --- a/testing/btest/Baseline/scripts.base.protocols.ftp.cwd-navigation/conn.log +++ b/testing/btest/Baseline/scripts.base.protocols.ftp.cwd-navigation/conn.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path conn -#open 2016-07-13-16-16-15 +#open 2019-04-17-21-00-49 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] -1464385864.999633 CHhAvVGS1DHFjwGM9 10.3.22.91 58218 10.167.25.101 21 tcp ftp 600.931043 41420 159830 S1 - - 233 ShAdDa 4139 206914 4178 326799 - -#close 2016-07-13-16-16-15 +1464385864.999633 CHhAvVGS1DHFjwGM9 10.3.22.91 58218 10.167.25.101 21 tcp ftp 600.931043 41420 159830 S1 - - 233 ShAdDaGg 4139 206914 4178 326799 - +#close 2019-04-17-21-00-50 diff --git a/testing/btest/Baseline/scripts.base.protocols.ftp.cwd-navigation/ftp.log b/testing/btest/Baseline/scripts.base.protocols.ftp.cwd-navigation/ftp.log index 4516886e52..8a2d00a6c7 100644 --- a/testing/btest/Baseline/scripts.base.protocols.ftp.cwd-navigation/ftp.log +++ b/testing/btest/Baseline/scripts.base.protocols.ftp.cwd-navigation/ftp.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path ftp -#open 2016-07-13-16-16-15 +#open 2019-04-17-21-00-48 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p user password command arg mime_type file_size reply_code reply_msg data_channel.passive data_channel.orig_h data_channel.resp_h data_channel.resp_p fuid #types time string addr port addr port string string string string string count count string bool addr addr port string 1464385865.669674 CHhAvVGS1DHFjwGM9 10.3.22.91 58218 10.167.25.101 21 anonymous anonymous@ PASV - - - 227 Entering Passive Mode (205,167,25,101,243,251). T 10.3.22.91 205.167.25.101 62459 - @@ -1381,4 +1381,4 @@ 1464386464.737901 CHhAvVGS1DHFjwGM9 10.3.22.91 58218 10.167.25.101 21 anonymous anonymous@ RETR ftp://10.167.25.101/./pub/data/1993/722024-99999-1993.gz - 30171 226 Transfer complete - - - - - 1464386465.294490 CHhAvVGS1DHFjwGM9 10.3.22.91 58218 10.167.25.101 21 anonymous anonymous@ PASV - - - 227 Entering Passive Mode (205,167,25,101,251,88). T 10.3.22.91 205.167.25.101 64344 - 1464386465.471708 CHhAvVGS1DHFjwGM9 10.3.22.91 58218 10.167.25.101 21 anonymous anonymous@ RETR ftp://10.167.25.101/./pub/data/1994/722024-99999-1994.gz - 29736 226 Transfer complete - - - - - -#close 2016-07-13-16-16-15 +#close 2019-04-17-21-00-50 From 31e9ae0fed9ffc7973debcd6fb9692d10ad0b5d1 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 17 Apr 2019 16:02:38 -0700 Subject: [PATCH 029/247] Updating submodule(s). [nomail] --- aux/bifcl | 2 +- aux/binpac | 2 +- aux/broccoli | 2 +- aux/broctl | 2 +- aux/broker | 2 +- aux/zeek-aux | 2 +- cmake | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/aux/bifcl b/aux/bifcl index d787c301ce..1dea95dd78 160000 --- a/aux/bifcl +++ b/aux/bifcl @@ -1 +1 @@ -Subproject commit d787c301ce1183765773a0a7fd29bf142dc11f0d +Subproject commit 1dea95dd7819cb6b80291d5830e2b7d04b14abd0 diff --git a/aux/binpac b/aux/binpac index 9ee2eab599..f648419d79 160000 --- a/aux/binpac +++ b/aux/binpac @@ -1 +1 @@ -Subproject commit 9ee2eab59925f3b846be6531a0569df3c8580591 +Subproject commit f648419d796f8ab9f36991062ae790174e084aee diff --git a/aux/broccoli b/aux/broccoli index 5d568e69a2..0ec42e5f54 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit 5d568e69a2f59edf6b026c2e4d591a6c415f51d0 +Subproject commit 0ec42e5f54b7f0a65e35213d709ae19499526647 diff --git a/aux/broctl b/aux/broctl index 3d15efdd8b..65f213ff35 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 3d15efdd8b732c27e903c2d34f70fa4fa09bdcc1 +Subproject commit 65f213ff3573314ac8f7b33ff4b121d93fc883dc diff --git a/aux/broker b/aux/broker index 12a22c295c..e8f6d7fa95 160000 --- a/aux/broker +++ b/aux/broker @@ -1 +1 @@ -Subproject commit 12a22c295c31ec58009680b2babb111daf8b8e3c +Subproject commit e8f6d7fa952c7d0bb9cb5f54e82806a17a9b85f3 diff --git a/aux/zeek-aux b/aux/zeek-aux index b232d84996..0ec8103a69 160000 --- a/aux/zeek-aux +++ b/aux/zeek-aux @@ -1 +1 @@ -Subproject commit b232d84996b3da69e1ca08dfc7777b5d24c369e9 +Subproject commit 0ec8103a698ae71ff23d4dfa9e38b624c22ae718 diff --git a/cmake b/cmake index 1c527236d0..8554b602ee 160000 --- a/cmake +++ b/cmake @@ -1 +1 @@ -Subproject commit 1c527236d083af129cf130b205d61b336c475ae8 +Subproject commit 8554b602eed13076484fdac18fbdd934b061bed7 From 5f3e608b601d930896f8f9a30ea386bd891cbd12 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 17 Apr 2019 16:44:16 -0700 Subject: [PATCH 030/247] Fix unit test failures on case-insensitive file systems The original casing mistake in the test only pops up now due to the new .zeek over .bro file loading preference --- CHANGES | 4 ++++ VERSION | 2 +- .../btest/plugins/bifs-and-scripts-install.sh | 16 ++++++------- testing/btest/plugins/bifs-and-scripts.sh | 24 +++++++++---------- 4 files changed, 25 insertions(+), 21 deletions(-) diff --git a/CHANGES b/CHANGES index 1779902ddd..dbaf61c9c8 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.6-230 | 2019-04-17 16:44:16 -0700 + + * Fix unit test failures on case-insensitive file systems (Jon Siwek, Corelight) + 2.6-227 | 2019-04-16 17:44:31 -0700 * GH-237: add `@load foo.bro` -> foo.zeek fallback (Jon Siwek, Corelight) diff --git a/VERSION b/VERSION index 168f57bc28..7f4be0e904 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-227 +2.6-230 diff --git a/testing/btest/plugins/bifs-and-scripts-install.sh b/testing/btest/plugins/bifs-and-scripts-install.sh index 5498e515ca..dac1eeb3c2 100644 --- a/testing/btest/plugins/bifs-and-scripts-install.sh +++ b/testing/btest/plugins/bifs-and-scripts-install.sh @@ -4,20 +4,20 @@ # @TEST-EXEC: make # @TEST-EXEC: make install # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd`/test-install bro -NN Demo::Foo >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd`/test-install bro demo/foo -r $TRACES/empty.trace >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd`/test-install bro Demo/Foo -r $TRACES/empty.trace >>output # @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff output -mkdir -p scripts/demo/foo/base/ +mkdir -p scripts/Demo/Foo/base/ cat >scripts/__load__.zeek <scripts/demo/foo/__load__.bro <scripts/Demo/Foo/__load__.zeek <scripts/demo/foo/manually.bro <scripts/Demo/Foo/manually.zeek <scripts/demo/foo/base/at-startup.bro <scripts/Demo/Foo/base/at-startup.zeek <activate.bro <activate.zeek <>output # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -r $TRACES/empty.trace >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro demo/foo -r $TRACES/empty.trace >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro Demo/Foo -r $TRACES/empty.trace >>output # @TEST-EXEC: echo =-= >>output # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -b -r $TRACES/empty.trace >>output # @TEST-EXEC: echo =-= >>output -# @TEST-EXEC-FAIL: BRO_PLUGIN_PATH=`pwd` bro -b demo/foo -r $TRACES/empty.trace >>output +# @TEST-EXEC-FAIL: BRO_PLUGIN_PATH=`pwd` bro -b Demo/Foo -r $TRACES/empty.trace >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -b ./activate.bro -r $TRACES/empty.trace >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -b ./activate.zeek -r $TRACES/empty.trace >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -b ./activate.bro demo/foo -r $TRACES/empty.trace >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -b ./activate.zeek Demo/Foo -r $TRACES/empty.trace >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -b Demo::Foo demo/foo -r $TRACES/empty.trace >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -b Demo::Foo Demo/Foo -r $TRACES/empty.trace >>output # @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff output -mkdir -p scripts/demo/foo/base/ +mkdir -p scripts/Demo/Foo/base/ cat >scripts/__load__.zeek <scripts/demo/foo/__load__.bro <scripts/Demo/Foo/__load__.zeek <scripts/demo/foo/manually.bro <scripts/Demo/Foo/manually.zeek <scripts/demo/foo/base/at-startup.bro <scripts/Demo/Foo/base/at-startup.zeek <activate.bro <activate.zeek < Date: Thu, 18 Apr 2019 19:04:39 -0700 Subject: [PATCH 031/247] GH-340: Improve IPv4/IPv6 regexes, extraction, and validity functions * is_valid_ip() is now implemented as a BIF instead of in base/utils/addrs * The IPv4 and IPv6 regular expressions provided by base/utils/addrs have been improved/corrected (previously they could possibly match some invalid IPv4 decimals, or various "zero compressed" IPv6 strings with too many hextets) * extract_ip_addresses() should give better results as a result of the above two points --- doc | 2 +- scripts/base/utils/addrs.zeek | 123 +++++++++--------- src/IPAddr.cc | 66 +++++----- src/IPAddr.h | 29 ++++- src/bro.bif | 13 ++ src/util.cc | 6 +- .../Baseline/scripts.base.utils.addrs/output | 20 ++- testing/btest/scripts/base/utils/addrs.test | 47 ++++++- 8 files changed, 200 insertions(+), 106 deletions(-) diff --git a/doc b/doc index 9b556e5e71..34e9f9add9 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit 9b556e5e71d0d8a5c2e7a1d4be4b308d887310f1 +Subproject commit 34e9f9add97e67c9768540433cdccf221b592a4e diff --git a/scripts/base/utils/addrs.zeek b/scripts/base/utils/addrs.zeek index 9d165936ef..070b60ed04 100644 --- a/scripts/base/utils/addrs.zeek +++ b/scripts/base/utils/addrs.zeek @@ -1,31 +1,67 @@ ##! Functions for parsing and manipulating IP and MAC addresses. # Regular expressions for matching IP addresses in strings. -const ipv4_addr_regex = /[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}/; -const ipv6_8hex_regex = /([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4}/; -const ipv6_compressed_hex_regex = /(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4})*)?)::(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4})*)?)/; -const ipv6_hex4dec_regex = /(([0-9A-Fa-f]{1,4}:){6,6})([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/; -const ipv6_compressed_hex4dec_regex = /(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4})*)?)::(([0-9A-Fa-f]{1,4}:)*)([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/; -# These are commented out until patterns can be constructed this way at init time. -#const ipv6_addr_regex = ipv6_8hex_regex | -# ipv6_compressed_hex_regex | -# ipv6_hex4dec_regex | -# ipv6_compressed_hex4dec_regex; -#const ip_addr_regex = ipv4_addr_regex | ipv6_addr_regex; +const ipv4_decim = /[0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5]/; -const ipv6_addr_regex = - /([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4}/ | - /(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4})*)?)::(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4})*)?)/ | # IPv6 Compressed Hex - /(([0-9A-Fa-f]{1,4}:){6,6})([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/ | # 6Hex4Dec - /(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4})*)?)::(([0-9A-Fa-f]{1,4}:)*)([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/; # CompressedHex4Dec +const ipv4_addr_regex = ipv4_decim & /\./ & ipv4_decim & /\./ & ipv4_decim & /\./ & ipv4_decim; -const ip_addr_regex = - /[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}/ | - /([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4}/ | - /(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4})*)?)::(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4})*)?)/ | # IPv6 Compressed Hex - /(([0-9A-Fa-f]{1,4}:){6,6})([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/ | # 6Hex4Dec - /(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4})*)?)::(([0-9A-Fa-f]{1,4}:)*)([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/; # CompressedHex4Dec +const ipv6_hextet = /[0-9A-Fa-f]{1,4}/; + +const ipv6_8hex_regex = /([0-9A-Fa-f]{1,4}:){7}/ & ipv6_hextet; + +const ipv6_hex4dec_regex = /([0-9A-Fa-f]{1,4}:){6}/ & ipv4_addr_regex; + +const ipv6_compressed_lead_hextets0 = /::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,6})?/; + +const ipv6_compressed_lead_hextets1 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,5})?/; + +const ipv6_compressed_lead_hextets2 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){1}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,4})?/; + +const ipv6_compressed_lead_hextets3 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){2}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,3})?/; + +const ipv6_compressed_lead_hextets4 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){3}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,2})?/; + +const ipv6_compressed_lead_hextets5 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){4}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,1})?/; + +const ipv6_compressed_lead_hextets6 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){5}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,0})?/; + +const ipv6_compressed_lead_hextets7 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){6}::/; + +const ipv6_compressed_hex_regex = ipv6_compressed_lead_hextets0 | + ipv6_compressed_lead_hextets1 | + ipv6_compressed_lead_hextets2 | + ipv6_compressed_lead_hextets3 | + ipv6_compressed_lead_hextets4 | + ipv6_compressed_lead_hextets5 | + ipv6_compressed_lead_hextets6 | + ipv6_compressed_lead_hextets7; + +const ipv6_compressed_hext4dec_lead_hextets0 = /::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,4})?/ & ipv4_addr_regex; + +const ipv6_compressed_hext4dec_lead_hextets1 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,3})?/ & ipv4_addr_regex; + +const ipv6_compressed_hext4dec_lead_hextets2 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){1}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,2})?/ & ipv4_addr_regex; + +const ipv6_compressed_hext4dec_lead_hextets3 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){2}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,1})?/ & ipv4_addr_regex; + +const ipv6_compressed_hext4dec_lead_hextets4 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){3}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,0})?/ & ipv4_addr_regex; + +const ipv6_compressed_hext4dec_lead_hextets5 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){4}::/ & ipv4_addr_regex; + +const ipv6_compressed_hex4dec_regex = ipv6_compressed_hext4dec_lead_hextets0 | + ipv6_compressed_hext4dec_lead_hextets1 | + ipv6_compressed_hext4dec_lead_hextets2 | + ipv6_compressed_hext4dec_lead_hextets3 | + ipv6_compressed_hext4dec_lead_hextets4 | + ipv6_compressed_hext4dec_lead_hextets5; + +const ipv6_addr_regex = ipv6_8hex_regex | + ipv6_compressed_hex_regex | + ipv6_hex4dec_regex | + ipv6_compressed_hex4dec_regex; + +const ip_addr_regex = ipv4_addr_regex | ipv6_addr_regex; ## Checks if all elements of a string array are a valid octet value. ## @@ -44,49 +80,6 @@ function has_valid_octets(octets: string_vec): bool return T; } -## Checks if a string appears to be a valid IPv4 or IPv6 address. -## -## ip_str: the string to check for valid IP formatting. -## -## Returns: T if the string is a valid IPv4 or IPv6 address format. -function is_valid_ip(ip_str: string): bool - { - local octets: string_vec; - if ( ip_str == ipv4_addr_regex ) - { - octets = split_string(ip_str, /\./); - if ( |octets| != 4 ) - return F; - - return has_valid_octets(octets); - } - else if ( ip_str == ipv6_addr_regex ) - { - if ( ip_str == ipv6_hex4dec_regex || - ip_str == ipv6_compressed_hex4dec_regex ) - { - # the regexes for hybrid IPv6-IPv4 address formats don't for valid - # octets within the IPv4 part, so do that now - octets = split_string(ip_str, /\./); - if ( |octets| != 4 ) - return F; - - # get rid of remaining IPv6 stuff in first octet - local tmp = split_string(octets[0], /:/); - octets[0] = tmp[|tmp| - 1]; - - return has_valid_octets(octets); - } - else - { - # pure IPv6 address formats that only use hex digits don't need - # any additional checks -- the regexes should be complete - return T; - } - } - return F; - } - ## Extracts all IP (v4 or v6) address strings from a given string. ## ## input: a string that may contain an IP address anywhere within it. diff --git a/src/IPAddr.cc b/src/IPAddr.cc index 7917e82c29..c215b463b9 100644 --- a/src/IPAddr.cc +++ b/src/IPAddr.cc @@ -101,38 +101,44 @@ void IPAddr::ReverseMask(int top_bits_to_chop) p[i] &= mask_bits[i]; } -void IPAddr::Init(const std::string& s) +bool IPAddr::ConvertString(const char* s, in6_addr* result) { - if ( s.find(':') == std::string::npos ) // IPv4. + for ( auto p = s; *p; ++p ) + if ( *p == ':' ) + // IPv6 + return (inet_pton(AF_INET6, s, result->s6_addr) == 1); + + // IPv4 + // Parse the address directly instead of using inet_pton since + // some platforms have more sensitive implementations than others + // that can't e.g. handle leading zeroes. + int a[4]; + int n = 0; + int match_count = sscanf(s, "%d.%d.%d.%d%n", a+0, a+1, a+2, a+3, &n); + + if ( match_count != 4 ) + return false; + + if ( s[n] != '\0' ) + return false; + + for ( auto i = 0; i < 4; ++i ) + if ( a[i] < 0 || a[i] > 255 ) + return false; + + uint32_t addr = (a[0] << 24) | (a[1] << 16) | (a[2] << 8) | a[3]; + addr = htonl(addr); + memcpy(result->s6_addr, v4_mapped_prefix, sizeof(v4_mapped_prefix)); + memcpy(&result->s6_addr[12], &addr, sizeof(uint32_t)); + return true; + } + +void IPAddr::Init(const char* s) + { + if ( ! ConvertString(s, &in6) ) { - memcpy(in6.s6_addr, v4_mapped_prefix, sizeof(v4_mapped_prefix)); - - // Parse the address directly instead of using inet_pton since - // some platforms have more sensitive implementations than others - // that can't e.g. handle leading zeroes. - int a[4]; - int n = sscanf(s.c_str(), "%d.%d.%d.%d", a+0, a+1, a+2, a+3); - - if ( n != 4 || a[0] < 0 || a[1] < 0 || a[2] < 0 || a[3] < 0 || - a[0] > 255 || a[1] > 255 || a[2] > 255 || a[3] > 255 ) - { - reporter->Error("Bad IP address: %s", s.c_str()); - memset(in6.s6_addr, 0, sizeof(in6.s6_addr)); - return; - } - - uint32_t addr = (a[0] << 24) | (a[1] << 16) | (a[2] << 8) | a[3]; - addr = htonl(addr); - memcpy(&in6.s6_addr[12], &addr, sizeof(uint32_t)); - } - - else - { - if ( inet_pton(AF_INET6, s.c_str(), in6.s6_addr) <=0 ) - { - reporter->Error("Bad IP address: %s", s.c_str()); - memset(in6.s6_addr, 0, sizeof(in6.s6_addr)); - } + reporter->Error("Bad IP address: %s", s); + memset(in6.s6_addr, 0, sizeof(in6.s6_addr)); } } diff --git a/src/IPAddr.h b/src/IPAddr.h index 8ff258a860..1fdff9d979 100644 --- a/src/IPAddr.h +++ b/src/IPAddr.h @@ -68,7 +68,7 @@ public: */ IPAddr(const std::string& s) { - Init(s); + Init(s.data()); } /** @@ -366,6 +366,29 @@ public: unsigned int MemoryAllocation() const { return padded_sizeof(*this); } + /** + * Converts an IPv4 or IPv6 string into a network address structure + * (IPv6 or v4-to-v6-mapping in network bytes order). + * + * @param s the IPv4 or IPv6 string to convert (ASCII, NUL-terminated). + * + * @param result buffer that the caller supplies to store the result. + * + * @return whether the conversion was successful. + */ + static bool ConvertString(const char* s, in6_addr* result); + + /** + * @param s the IPv4 or IPv6 string to convert (ASCII, NUL-terminated). + * + * @return whether the string is a valid IP address + */ + static bool IsValid(const char* s) + { + in6_addr tmp; + return ConvertString(s, &tmp); + } + private: friend class IPPrefix; @@ -373,9 +396,9 @@ private: * Initializes an address instance from a string representation. * * @param s String containing an IP address as either a dotted IPv4 - * address or a hex IPv6 address. + * address or a hex IPv6 address (ASCII, NUL-terminated). */ - void Init(const std::string& s); + void Init(const char* s); in6_addr in6; // IPv6 or v4-to-v6-mapped address diff --git a/src/bro.bif b/src/bro.bif index 96419ab83d..7ecb688841 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -2409,6 +2409,19 @@ function to_addr%(ip: string%): addr return ret; %} +## Checks if a string is a valid IPv4 or IPv6 address. +## +## ip: the string to check for valid IP formatting. +## +## Returns: T if the string is a valid IPv4 or IPv6 address format. +function is_valid_ip%(ip: string%): bool + %{ + char* s = ip->AsString()->Render(); + auto rval = IPAddr::IsValid(s); + delete [] s; + return val_mgr->GetBool(rval); + %} + ## Converts a :bro:type:`string` to a :bro:type:`subnet`. ## ## sn: The subnet to convert. diff --git a/src/util.cc b/src/util.cc index 0367700ffb..8a8f733223 100644 --- a/src/util.cc +++ b/src/util.cc @@ -53,11 +53,13 @@ #include "iosource/Manager.h" /** - * Return IP address without enclosing brackets and any leading 0x. + * Return IP address without enclosing brackets and any leading 0x. Also + * trims leading/trailing whitespace. */ std::string extract_ip(const std::string& i) { - std::string s(skip_whitespace(i.c_str())); + std::string s(strstrip(i)); + if ( s.size() > 0 && s[0] == '[' ) s.erase(0, 1); diff --git a/testing/btest/Baseline/scripts.base.utils.addrs/output b/testing/btest/Baseline/scripts.base.utils.addrs/output index 37afcb4719..37cd37bbb2 100644 --- a/testing/btest/Baseline/scripts.base.utils.addrs/output +++ b/testing/btest/Baseline/scripts.base.utils.addrs/output @@ -1,4 +1,4 @@ -============ test ipv4 regex +============ test ipv4 regex (good strings) T T T @@ -6,9 +6,24 @@ T T T T +T +T +T +T +T +T +T +============ bad ipv4 decimals F F F +F +F +F +============ too many ipv4 decimals +F +F +============ typical looking ipv4 T T ============ test ipv6 regex @@ -30,6 +45,9 @@ T F F F +F +F ============ test extract_ip_addresses() [1.1.1.1, 2.2.2.2, 3.3.3.3] [1.1.1.1, 0:0:0:0:0:0:0:0, 3.3.3.3] +[6:1:2::3:4:5:6] diff --git a/testing/btest/scripts/base/utils/addrs.test b/testing/btest/scripts/base/utils/addrs.test index 224fd9dc62..869d27aab5 100644 --- a/testing/btest/scripts/base/utils/addrs.test +++ b/testing/btest/scripts/base/utils/addrs.test @@ -5,23 +5,54 @@ event bro_init() { + print "============ test ipv4 regex (good strings)"; local ip = "0.0.0.0"; - - print "============ test ipv4 regex"; print ip == ipv4_addr_regex; print is_valid_ip(ip); + ip = "1.1.1.1"; print ip == ipv4_addr_regex; print is_valid_ip(ip); + + ip = "9.9.9.9"; + print ip == ipv4_addr_regex; + print is_valid_ip(ip); + + ip = "99.99.99.99"; + print ip == ipv4_addr_regex; + print is_valid_ip(ip); + + ip = "09.99.99.99"; + print ip == ipv4_addr_regex; + print is_valid_ip(ip); + + ip = "009.99.99.99"; + print ip == ipv4_addr_regex; + print is_valid_ip(ip); + ip = "255.255.255.255"; print ip == ipv4_addr_regex; print is_valid_ip(ip); + + print "============ bad ipv4 decimals"; ip = "255.255.255.256"; - print ip == ipv4_addr_regex; # the regex doesn't check for 0-255 - print is_valid_ip(ip); # but is_valid_ip() will + print ip == ipv4_addr_regex; + print is_valid_ip(ip); + + ip = "255.255.255.295"; + print ip == ipv4_addr_regex; + print is_valid_ip(ip); + + ip = "255.255.255.300"; + print ip == ipv4_addr_regex; + print is_valid_ip(ip); + + print "============ too many ipv4 decimals"; ip = "255.255.255.255.255"; print ip == ipv4_addr_regex; print is_valid_ip(ip); + + print "============ typical looking ipv4"; ip = "192.168.1.100"; print ip == ipv4_addr_regex; print is_valid_ip(ip); @@ -97,8 +128,16 @@ event bro_init() ip = "2001:db8:0:0:0:FFFF:192.168.0.256"; print is_valid_ip(ip); + # These have too many hextets ("::" must expand to at least one hextet) + print is_valid_ip("6:1:2::3:4:5:6:7"); + print is_valid_ip("6:1:2::3:4:5:6:7:8"); + print "============ test extract_ip_addresses()"; print extract_ip_addresses("this is 1.1.1.1 a test 2.2.2.2 string with ip addresses 3.3.3.3"); print extract_ip_addresses("this is 1.1.1.1 a test 0:0:0:0:0:0:0:0 string with ip addresses 3.3.3.3"); + # This will use the leading 6 from "IPv6" (maybe that's not intended + # by a person trying to parse such a string, but that's just what's going + # to happen; it's on them to deal). + print extract_ip_addresses("IPv6:1:2::3:4:5:6:7"); } From 3ea34d6ea3af878875bd7f627b1fa2cb2992cbe5 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 19 Apr 2019 12:00:37 -0700 Subject: [PATCH 032/247] GH-236: Add zeek_script_loaded event, deprecate bro_script_loaded --- CHANGES | 7 +++++ NEWS | 11 ++++---- VERSION | 2 +- doc | 2 +- scripts/policy/misc/loaded-scripts.zeek | 2 +- src/event.bif | 9 +++++-- src/main.cc | 2 +- src/parse.y | 5 +++- .../Baseline/language.zeek_script_loaded/out | 4 +++ .../{zeek_init.bro => zeek_init.zeek} | 0 .../btest/language/zeek_script_loaded.zeek | 26 +++++++++++++++++++ 11 files changed, 58 insertions(+), 12 deletions(-) create mode 100644 testing/btest/Baseline/language.zeek_script_loaded/out rename testing/btest/language/{zeek_init.bro => zeek_init.zeek} (100%) create mode 100644 testing/btest/language/zeek_script_loaded.zeek diff --git a/CHANGES b/CHANGES index b773789f55..c04a412d99 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,11 @@ +2.6-237 | 2019-04-19 12:00:37 -0700 + + * GH-236: Add zeek_script_loaded event, deprecate bro_script_loaded (Jon Siwek, Corelight) + + Existing handlers for bro_script_loaded automatically alias to the new + zeek_script_loaded event, but emit a deprecation warning. + 2.6-236 | 2019-04-19 11:16:35 -0700 * Add zeek_init/zeek_done events and deprecate bro_init/bro_done (Seth Hall, Corelight) diff --git a/NEWS b/NEWS index df9dca2229..7671919e36 100644 --- a/NEWS +++ b/NEWS @@ -176,11 +176,12 @@ Deprecated Functionality instead. The later will automatically return a value that is enclosed in double-quotes. -- The ``bro_init`` and ``bro_done`` events are now deprecated, use - ``zeek_init`` and ``zeek_done`` instead. Any existing handlers for - ``bro_init`` and ``bro_done`` will automatically alias to the new - ``zeek_init`` and ``zeek_done`` events such that existing code will - not break, but will emit a deprecation warning. +- The ``bro_init``, ``bro_done``, and ``bro_script_loaded`` events are now + deprecated, use ``zeek_init``, ``zeek_done``, and + ``zeek_script_loaded`` instead. Any existing event handlers for + the deprecated versions will automatically alias to the new events + such that existing code will not break, but will emit a deprecation + warning. Bro 2.6 ======= diff --git a/VERSION b/VERSION index d732c2900b..dd25d12142 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-236 +2.6-237 diff --git a/doc b/doc index 5e02a297ee..ef39a55ef0 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit 5e02a297eefe8740e8b84f7610fbf126af5c3475 +Subproject commit ef39a55ef00382d49459783aa0144ef672b4de97 diff --git a/scripts/policy/misc/loaded-scripts.zeek b/scripts/policy/misc/loaded-scripts.zeek index fd616bba19..0bd986e01a 100644 --- a/scripts/policy/misc/loaded-scripts.zeek +++ b/scripts/policy/misc/loaded-scripts.zeek @@ -32,7 +32,7 @@ event zeek_init() &priority=5 Log::create_stream(LoadedScripts::LOG, [$columns=Info, $path="loaded_scripts"]); } -event bro_script_loaded(path: string, level: count) +event zeek_script_loaded(path: string, level: count) { Log::write(LoadedScripts::LOG, [$name=cat(get_indent(level), compress_path(path))]); } diff --git a/src/event.bif b/src/event.bif index 4585003090..2cab61752c 100644 --- a/src/event.bif +++ b/src/event.bif @@ -872,9 +872,14 @@ event reporter_error%(t: time, msg: string, location: string%) &error_handler; ## ## path: The full path to the script loaded. ## -## level: The "nesting level": zero for a top-level Bro script and incremented +## level: The "nesting level": zero for a top-level Zeek script and incremented ## recursively for each ``@load``. -event bro_script_loaded%(path: string, level: count%); +event zeek_script_loaded%(path: string, level: count%); + +## Deprecated synonym for ``zeek_script_loaded``. +## +## .. bro:see: zeek_script_loaded +event bro_script_loaded%(path: string, level: count%) &deprecated; ## Generated each time Bro's script interpreter opens a file. This event is ## triggered only for files opened via :bro:id:`open`, and in particular not for diff --git a/src/main.cc b/src/main.cc index 1d2b89cc0c..1dddc99681 100644 --- a/src/main.cc +++ b/src/main.cc @@ -1193,7 +1193,7 @@ int main(int argc, char** argv) val_list* vl = new val_list; vl->append(new StringVal(i->name.c_str())); vl->append(val_mgr->GetCount(i->include_level)); - mgr.QueueEvent(bro_script_loaded, vl); + mgr.QueueEvent(zeek_script_loaded, vl); } reporter->ReportViaEvents(true); diff --git a/src/parse.y b/src/parse.y index 338436da9e..3b5d2cab14 100644 --- a/src/parse.y +++ b/src/parse.y @@ -1171,11 +1171,14 @@ func_hdr: } | TOK_EVENT event_id func_params opt_attr { - // Gracefully handle the deprecation of bro_init and bro_done + // Gracefully handle the deprecation of bro_init, bro_done, + // and bro_script_loaded if ( streq("bro_init", $2->Name()) ) $2 = global_scope()->Lookup("zeek_init"); else if ( streq("bro_done", $2->Name()) ) $2 = global_scope()->Lookup("zeek_done"); + else if ( streq("bro_script_loaded", $2->Name()) ) + $2 = global_scope()->Lookup("zeek_script_loaded"); begin_func($2, current_module.c_str(), FUNC_FLAVOR_EVENT, 0, $3, $4); diff --git a/testing/btest/Baseline/language.zeek_script_loaded/out b/testing/btest/Baseline/language.zeek_script_loaded/out new file mode 100644 index 0000000000..cddf509308 --- /dev/null +++ b/testing/btest/Baseline/language.zeek_script_loaded/out @@ -0,0 +1,4 @@ +zeek_script_loaded priority 10 +bro_script_loaded priority 5 +zeek_script_loaded priority 0 +bro_script_loaded priority -10 diff --git a/testing/btest/language/zeek_init.bro b/testing/btest/language/zeek_init.zeek similarity index 100% rename from testing/btest/language/zeek_init.bro rename to testing/btest/language/zeek_init.zeek diff --git a/testing/btest/language/zeek_script_loaded.zeek b/testing/btest/language/zeek_script_loaded.zeek new file mode 100644 index 0000000000..41f43409e6 --- /dev/null +++ b/testing/btest/language/zeek_script_loaded.zeek @@ -0,0 +1,26 @@ +# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: btest-diff out + +event zeek_script_loaded(path: string, level: count) &priority=10 + { + if ( /zeek_script_loaded.zeek/ in path ) + print "zeek_script_loaded priority 10"; + } + +event bro_script_loaded(path: string, level: count) &priority=5 + { + if ( /zeek_script_loaded.zeek/ in path ) + print "bro_script_loaded priority 5"; + } + +event zeek_script_loaded(path: string, level: count) &priority=0 + { + if ( /zeek_script_loaded.zeek/ in path ) + print "zeek_script_loaded priority 0"; + } + +event bro_script_loaded(path: string, level: count) &priority=-10 + { + if ( /zeek_script_loaded.zeek/ in path ) + print "bro_script_loaded priority -10"; + } From 9c8ad11d92fcc7ea907c80c823a47e53e04683a6 Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Mon, 22 Apr 2019 09:13:23 -0700 Subject: [PATCH 033/247] Refined state machine update placement to (1) properly deal with gaps capped by clean FIN handshakes, and (1) fix failure to detect split routing. Fixed typo flagged by Pierre Lalet. --- src/analyzer/protocol/tcp/TCP.cc | 27 ++++++++++++------- src/analyzer/protocol/tcp/TCP_Endpoint.h | 2 +- src/analyzer/protocol/tcp/TCP_Reassembler.cc | 24 ++++++++++------- .../core.tcp.large-file-reassembly/conn.log | 6 ++--- .../Baseline/core.tcp.miss-end-data/conn.log | 6 ++--- .../core.tunnels.gtp.outer_ip_frag/conn.log | 6 ++--- 6 files changed, 42 insertions(+), 29 deletions(-) diff --git a/src/analyzer/protocol/tcp/TCP.cc b/src/analyzer/protocol/tcp/TCP.cc index 595fe8e6b6..1f5309a1b9 100644 --- a/src/analyzer/protocol/tcp/TCP.cc +++ b/src/analyzer/protocol/tcp/TCP.cc @@ -1321,14 +1321,6 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, PacketWithRST(); } - int32 delta_last = update_last_seq(endpoint, seq_one_past_segment, flags, len); - endpoint->last_time = current_timestamp; - - int do_close; - int gen_event; - UpdateStateMachine(current_timestamp, endpoint, peer, base_seq, ack_seq, - len, delta_last, is_orig, flags, do_close, gen_event); - uint64 rel_ack = 0; if ( flags.ACK() ) @@ -1361,10 +1353,25 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, // Don't trust ack's in RST packets. update_ack_seq(peer, ack_seq); } - - peer->AckReceived(rel_ack); } + int32 delta_last = update_last_seq(endpoint, seq_one_past_segment, flags, len); + endpoint->last_time = current_timestamp; + + int do_close; + int gen_event; + UpdateStateMachine(current_timestamp, endpoint, peer, base_seq, ack_seq, + len, delta_last, is_orig, flags, do_close, gen_event); + + if ( flags.ACK() ) + // We wait on doing this until we've updated the state + // machine so that if the ack reveals a content gap, + // we can tell whether it came at the very end of the + // connection (in a FIN or RST). Those gaps aren't + // reliable - especially those for RSTs - and we refrain + // from flagging them in the connection history. + peer->AckReceived(rel_ack); + if ( tcp_packet ) GeneratePacketEvent(rel_seq, rel_ack, data, len, caplen, is_orig, flags); diff --git a/src/analyzer/protocol/tcp/TCP_Endpoint.h b/src/analyzer/protocol/tcp/TCP_Endpoint.h index 4c1cf64d6c..b17cfef700 100644 --- a/src/analyzer/protocol/tcp/TCP_Endpoint.h +++ b/src/analyzer/protocol/tcp/TCP_Endpoint.h @@ -175,7 +175,7 @@ public: // Called to inform endpoint that it has offered a zero window. void ZeroWindow(); - // Called to inform endpoint that it a gap occurred. + // Called to inform endpoint that a gap occurred. void Gap(uint64 seq, uint64 len); // Returns true if the data was used (and hence should be recorded diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.cc b/src/analyzer/protocol/tcp/TCP_Reassembler.cc index 5a82197054..e91f400d76 100644 --- a/src/analyzer/protocol/tcp/TCP_Reassembler.cc +++ b/src/analyzer/protocol/tcp/TCP_Reassembler.cc @@ -112,29 +112,35 @@ void TCP_Reassembler::SetContentsFile(BroFile* f) record_contents_file = f; } -static inline bool established(const TCP_Endpoint* a, const TCP_Endpoint* b) +static inline bool is_clean(const TCP_Endpoint* a) { - return a->state == TCP_ENDPOINT_ESTABLISHED && - b->state == TCP_ENDPOINT_ESTABLISHED; + return a->state == TCP_ENDPOINT_ESTABLISHED || + (a->state == TCP_ENDPOINT_CLOSED && + a->prev_state == TCP_ENDPOINT_ESTABLISHED); + } + +static inline bool established_or_cleanly_closing(const TCP_Endpoint* a, + const TCP_Endpoint* b) + { + return is_clean(a) && is_clean(b); } static inline bool report_gap(const TCP_Endpoint* a, const TCP_Endpoint* b) { return content_gap && - ( BifConst::report_gaps_for_partial || established(a, b) ); + ( BifConst::report_gaps_for_partial || + established_or_cleanly_closing(a, b) ); } void TCP_Reassembler::Gap(uint64 seq, uint64 len) { // Only report on content gaps for connections that - // are in a cleanly established state. In other - // states, these can arise falsely due to things + // are in a cleanly established or closing state. In + // other states, these can arise falsely due to things // like sequence number mismatches in RSTs, or // unseen previous packets in partial connections. - // The one opportunity we lose here is on clean FIN - // handshakes, but Oh Well. - if ( established(endp, endp->peer) ) + if ( established_or_cleanly_closing(endp, endp->peer) ) endp->Gap(seq, len); if ( report_gap(endp, endp->peer) ) diff --git a/testing/btest/Baseline/core.tcp.large-file-reassembly/conn.log b/testing/btest/Baseline/core.tcp.large-file-reassembly/conn.log index 3a997687d1..fbb4a71369 100644 --- a/testing/btest/Baseline/core.tcp.large-file-reassembly/conn.log +++ b/testing/btest/Baseline/core.tcp.large-file-reassembly/conn.log @@ -3,10 +3,10 @@ #empty_field (empty) #unset_field - #path conn -#open 2019-04-17-20-41-29 +#open 2019-04-19-18-10-57 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] 1395939406.175845 ClEkJM2Vm5giqnMf4h 192.168.56.1 59763 192.168.56.101 63988 tcp ftp-data 0.001676 0 270 SF - - 0 ShAdfFa 5 272 4 486 - -1395939411.361078 C4J4Th3PJpwUYZZ6gc 192.168.56.1 59764 192.168.56.101 37150 tcp ftp-data 150.496065 0 5416666670 SF - - 4675708816 ShAdgfFa 13 688 12 24454 - +1395939411.361078 C4J4Th3PJpwUYZZ6gc 192.168.56.1 59764 192.168.56.101 37150 tcp ftp-data 150.496065 0 5416666670 SF - - 5416642848 ShAdgfFa 13 688 12 24454 - 1395939399.984671 CHhAvVGS1DHFjwGM9 192.168.56.1 59762 192.168.56.101 21 tcp ftp 169.634297 104 1041 SF - - 0 ShAdDaFf 31 1728 18 1985 - -#close 2019-04-17-20-41-29 +#close 2019-04-19-18-10-57 diff --git a/testing/btest/Baseline/core.tcp.miss-end-data/conn.log b/testing/btest/Baseline/core.tcp.miss-end-data/conn.log index b33aec3366..e8d6102398 100644 --- a/testing/btest/Baseline/core.tcp.miss-end-data/conn.log +++ b/testing/btest/Baseline/core.tcp.miss-end-data/conn.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path conn -#open 2016-07-13-16-13-02 +#open 2019-04-19-18-11-06 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] -1331764471.664131 CHhAvVGS1DHFjwGM9 192.168.122.230 60648 77.238.160.184 80 tcp http 10.048360 538 2902 SF - - 2902 ShADafF 5 750 4 172 - -#close 2016-07-13-16-13-02 +1331764471.664131 CHhAvVGS1DHFjwGM9 192.168.122.230 60648 77.238.160.184 80 tcp http 10.048360 538 2902 SF - - 2902 ShADafgF 5 750 4 172 - +#close 2019-04-19-18-11-07 diff --git a/testing/btest/Baseline/core.tunnels.gtp.outer_ip_frag/conn.log b/testing/btest/Baseline/core.tunnels.gtp.outer_ip_frag/conn.log index 4c598b386d..dfa705f258 100644 --- a/testing/btest/Baseline/core.tunnels.gtp.outer_ip_frag/conn.log +++ b/testing/btest/Baseline/core.tunnels.gtp.outer_ip_frag/conn.log @@ -3,9 +3,9 @@ #empty_field (empty) #unset_field - #path conn -#open 2016-07-13-16-13-10 +#open 2019-04-19-18-10-49 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] -1333458850.364667 ClEkJM2Vm5giqnMf4h 10.131.47.185 1923 79.101.110.141 80 tcp http 0.069783 2100 56702 SF - - 0 ShADadfF 27 3204 41 52594 CHhAvVGS1DHFjwGM9 +1333458850.364667 ClEkJM2Vm5giqnMf4h 10.131.47.185 1923 79.101.110.141 80 tcp http 0.069783 2100 56702 SF - - 5760 ShADadfgF 27 3204 41 52594 CHhAvVGS1DHFjwGM9 1333458850.364667 CHhAvVGS1DHFjwGM9 239.114.155.111 2152 63.94.149.181 2152 udp gtpv1 0.069813 3420 52922 SF - - 0 Dd 27 4176 41 54070 - -#close 2016-07-13-16-13-10 +#close 2019-04-19-18-10-49 From f15c99c82ea11b8050f578e03b7597b9e891940a Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 22 Apr 2019 11:19:52 -0700 Subject: [PATCH 034/247] Updating submodule(s). [nomail] --- doc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc b/doc index ef39a55ef0..6857222c8c 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit ef39a55ef00382d49459783aa0144ef672b4de97 +Subproject commit 6857222c8c7050c96906757b468cbc1bffb7a807 From 5ba46eaa71fbd065316b7de19595bd8e2ba0b7a8 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Mon, 22 Apr 2019 22:43:09 +0200 Subject: [PATCH 035/247] update SSL consts from TLS 1.3 --- CHANGES | 4 ++++ VERSION | 2 +- doc | 2 +- scripts/base/protocols/ssl/consts.zeek | 11 +++++++++++ .../.stdout | 12 ++++++------ 5 files changed, 23 insertions(+), 8 deletions(-) diff --git a/CHANGES b/CHANGES index 98f3034437..add558f878 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.6-242 | 2019-04-22 22:43:09 +0200 + + * update SSL consts from TLS 1.3 (Johanna Amann) + 2.6-241 | 2019-04-22 12:38:06 -0700 * Add 'g' character to conn.log history field to flag content gaps (Vern Paxson, Corelight) diff --git a/VERSION b/VERSION index cc71b4548f..39cb43fbe0 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-241 +2.6-242 diff --git a/doc b/doc index 8e741019c2..38f6edaf27 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit 8e741019c26015066b1e59c224de3ae6b20ff76f +Subproject commit 38f6edaf273401eef51cf754010f144be6398066 diff --git a/scripts/base/protocols/ssl/consts.zeek b/scripts/base/protocols/ssl/consts.zeek index aaac5aab84..dc4f72674b 100644 --- a/scripts/base/protocols/ssl/consts.zeek +++ b/scripts/base/protocols/ssl/consts.zeek @@ -78,6 +78,7 @@ export { [4] = "sha256", [5] = "sha384", [6] = "sha512", + [8] = "Intrinsic", } &default=function(i: count):string { return fmt("unknown-%d", i); }; ## Mapping between numeric codes and human readable strings for signature @@ -87,6 +88,16 @@ export { [1] = "rsa", [2] = "dsa", [3] = "ecdsa", + [4] = "rsa_pss_sha256", + [5] = "rsa_pss_sha384", + [6] = "rsa_pss_sha512", + [7] = "ed25519", + [8] = "ed448", + [9] = "rsa_pss_sha256", + [10] = "rsa_pss_sha384", + [11] = "rsa_pss_sha512", + [64] = "gostr34102012_256", + [65] = "gostr34102012_256", } &default=function(i: count):string { return fmt("unknown-%d", i); }; ## Mapping between numeric codes and human readable strings for alert diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.tls-extension-events/.stdout b/testing/btest/Baseline/scripts.base.protocols.ssl.tls-extension-events/.stdout index d5ab2cf618..7347ea650f 100644 --- a/testing/btest/Baseline/scripts.base.protocols.ssl.tls-extension-events/.stdout +++ b/testing/btest/Baseline/scripts.base.protocols.ssl.tls-extension-events/.stdout @@ -33,9 +33,9 @@ signature_algorithm, 192.168.6.240, 139.162.123.134 sha256, ecdsa sha384, ecdsa sha512, ecdsa -unknown-8, unknown-4 -unknown-8, unknown-5 -unknown-8, unknown-6 +Intrinsic, rsa_pss_sha256 +Intrinsic, rsa_pss_sha384 +Intrinsic, rsa_pss_sha512 sha256, rsa sha384, rsa sha512, rsa @@ -66,9 +66,9 @@ signature_algorithm, 192.168.6.240, 139.162.123.134 sha256, ecdsa sha384, ecdsa sha512, ecdsa -unknown-8, unknown-4 -unknown-8, unknown-5 -unknown-8, unknown-6 +Intrinsic, rsa_pss_sha256 +Intrinsic, rsa_pss_sha384 +Intrinsic, rsa_pss_sha512 sha256, rsa sha384, rsa sha512, rsa From e85a016521cf2daf613671cd6d03ec380f94810f Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Mon, 22 Apr 2019 23:02:08 +0200 Subject: [PATCH 036/247] Parse pre-shared-key extension. No documentation yet... --- scripts/base/init-bare.zeek | 6 ++ src/analyzer/protocol/ssl/events.bif | 3 + .../protocol/ssl/tls-handshake-analyzer.pac | 52 ++++++++++++++++++ .../protocol/ssl/tls-handshake-protocol.pac | 38 +++++++++++++ src/analyzer/protocol/ssl/types.bif | 1 + .../.stdout | 51 ++++++++++++++++- .../Traces/tls/tls13_psk_succesfull.pcap | Bin 0 -> 4088 bytes .../protocols/ssl/tls-extension-events.test | 14 ++++- 8 files changed, 162 insertions(+), 3 deletions(-) create mode 100644 testing/btest/Traces/tls/tls13_psk_succesfull.pcap diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek index 4575b3a694..cc328cd9aa 100644 --- a/scripts/base/init-bare.zeek +++ b/scripts/base/init-bare.zeek @@ -4170,6 +4170,10 @@ export { SignatureAlgorithm: count; ##< Signature algorithm number }; + type PSKIdentity: record { + identity: string; ##< PSK identity + obfuscated_ticket_age: count; + }; ## Number of non-DTLS frames that can occur in a DTLS connection before ## parsing of the connection is suspended. @@ -4191,6 +4195,8 @@ module GLOBAL; ## directly and then remove this alias. type signature_and_hashalgorithm_vec: vector of SSL::SignatureAndHashAlgorithm; +type psk_identity_vec: vector of SSL::PSKIdentity; + module X509; export { type Certificate: record { diff --git a/src/analyzer/protocol/ssl/events.bif b/src/analyzer/protocol/ssl/events.bif index 2ef675554f..774017eb9f 100644 --- a/src/analyzer/protocol/ssl/events.bif +++ b/src/analyzer/protocol/ssl/events.bif @@ -182,6 +182,9 @@ event ssl_extension_signature_algorithm%(c: connection, is_orig: bool, signature ## ssl_rsa_client_pms ssl_server_signature event ssl_extension_key_share%(c: connection, is_orig: bool, curves: index_vec%); +event ssl_extension_pre_shared_key_client_hello%(c: connection, is_orig: bool, identities: psk_identity_vec, binders: string_vec%); +event ssl_extension_pre_shared_key_server_hello%(c: connection, is_orig: bool, selected_identity: count%); + ## Generated if a named curve is chosen by the server for an SSL/TLS connection. ## The curve is sent by the server in the ServerKeyExchange message as defined ## in :rfc:`4492`, in case an ECDH or ECDHE cipher suite is chosen. diff --git a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac index 5cf250c366..8e0ae84455 100644 --- a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac +++ b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac @@ -411,6 +411,50 @@ refine connection Handshake_Conn += { return true; %} + function proc_pre_shared_key_server_hello(rec: HandshakeRecord, identities: PSKIdentitiesList, binders: PSKBindersList) : bool + %{ + if ( ! ssl_extension_pre_shared_key_server_hello ) + return true; + + VectorVal* slist = new VectorVal(internal_type("psk_identity_vec")->AsVectorType()); + + if ( identities && identities->identities() ) + { + uint32 i = 0; + for ( auto&& identity : *(identities->identities()) ) + { + RecordVal* el = new RecordVal(BifType::Record::SSL::PSKIdentity); + el->Assign(0, new StringVal(identity->identity().length(), (const char*) identity->identity().data())); + el->Assign(1, val_mgr->GetCount(identity->obfuscated_ticket_age())); + slist->Assign(i++, el); + } + } + + VectorVal* blist = new VectorVal(internal_type("string_vec")->AsVectorType()); + if ( binders && binders->binders() ) + { + uint32 i = 0; + for ( auto&& binder : *(binders->binders()) ) + blist->Assign(i++, new StringVal(binder->binder().length(), (const char*) binder->binder().data())); + } + + BifEvent::generate_ssl_extension_pre_shared_key_client_hello(bro_analyzer(), bro_analyzer()->Conn(), + ${rec.is_orig}, slist, blist); + + return true; + %} + + function proc_pre_shared_key_client_hello(rec: HandshakeRecord, selected_identity: uint16) : bool + %{ + if ( ! ssl_extension_pre_shared_key_client_hello ) + return true; + + BifEvent::generate_ssl_extension_pre_shared_key_server_hello(bro_analyzer(), + bro_analyzer()->Conn(), ${rec.is_orig}, selected_identity); + + return true; + %} + }; refine typeattr ClientHello += &let { @@ -520,6 +564,14 @@ refine typeattr PSKKeyExchangeModes += &let { proc : bool = $context.connection.proc_psk_key_exchange_modes(rec, modes); }; +refine typeattr OfferedPsks += &let { + proc : bool = $context.connection.proc_pre_shared_key_server_hello(rec, identities, binders); +}; + +refine typeattr SelectedPreSharedKeyIdentity += &let { + proc : bool = $context.connection.proc_pre_shared_key_client_hello(rec, selected_identity); +}; + refine typeattr Handshake += &let { proc : bool = $context.connection.proc_handshake(rec.is_orig, rec.msg_type, rec.msg_length); }; diff --git a/src/analyzer/protocol/ssl/tls-handshake-protocol.pac b/src/analyzer/protocol/ssl/tls-handshake-protocol.pac index f141a6e9b0..e3b2b88aeb 100644 --- a/src/analyzer/protocol/ssl/tls-handshake-protocol.pac +++ b/src/analyzer/protocol/ssl/tls-handshake-protocol.pac @@ -778,6 +778,7 @@ type SSLExtension(rec: HandshakeRecord) = record { EXT_KEY_SHARE -> key_share: KeyShare(rec)[] &until($element == 0 || $element != 0); EXT_SUPPORTED_VERSIONS -> supported_versions_selector: SupportedVersionsSelector(rec, data_len)[] &until($element == 0 || $element != 0); EXT_PSK_KEY_EXCHANGE_MODES -> psk_key_exchange_modes: PSKKeyExchangeModes(rec)[] &until($element == 0 || $element != 0); + EXT_PRE_SHARED_KEY -> pre_shared_key: PreSharedKey(rec)[] &until($element == 0 || $element != 0); default -> data: bytestring &restofdata; }; } &length=data_len+4 &exportsourcedata; @@ -864,6 +865,43 @@ type KeyShare(rec: HandshakeRecord) = case rec.msg_type of { default -> other : bytestring &restofdata &transient; }; +type SelectedPreSharedKeyIdentity(rec: HandshakeRecord) = record { + selected_identity: uint16; +}; + +type PSKIdentity() = record { + length: uint16; + identity: bytestring &length=length; + obfuscated_ticket_age: uint32; +}; + +type PSKIdentitiesList() = record { + length: uint16; + identities: PSKIdentity[] &until($input.length() == 0); +} &length=length+2; + +type PSKBinder() = record { + length: uint8; + binder: bytestring &length=length; +}; + +type PSKBindersList() = record { + length: uint16; + binders: PSKBinder[] &until($input.length() == 0); +} &length=length+2; + +type OfferedPsks(rec: HandshakeRecord) = record { + identities: PSKIdentitiesList; + binders: PSKBindersList; +}; + +type PreSharedKey(rec: HandshakeRecord) = case rec.msg_type of { + CLIENT_HELLO -> offered_psks : OfferedPsks(rec); + SERVER_HELLO -> selected_identity : SelectedPreSharedKeyIdentity(rec); + # ... well, we don't parse hello retry requests yet, because I don't have an example of them on the wire. + default -> other : bytestring &restofdata &transient; +}; + type SignatureAlgorithm(rec: HandshakeRecord) = record { length: uint16; supported_signature_algorithms: SignatureAndHashAlgorithm[] &until($input.length() == 0); diff --git a/src/analyzer/protocol/ssl/types.bif b/src/analyzer/protocol/ssl/types.bif index a6f7f069cf..c2bce5a44f 100644 --- a/src/analyzer/protocol/ssl/types.bif +++ b/src/analyzer/protocol/ssl/types.bif @@ -1,5 +1,6 @@ module SSL; type SignatureAndHashAlgorithm: record; +type PSKIdentity: record; module GLOBAL; diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.tls-extension-events/.stdout b/testing/btest/Baseline/scripts.base.protocols.ssl.tls-extension-events/.stdout index 7347ea650f..a840e43bf4 100644 --- a/testing/btest/Baseline/scripts.base.protocols.ssl.tls-extension-events/.stdout +++ b/testing/btest/Baseline/scripts.base.protocols.ssl.tls-extension-events/.stdout @@ -45,7 +45,7 @@ sha1, dsa sha256, dsa sha384, dsa sha512, dsa -supported_versions(, 192.168.6.240, 139.162.123.134 +supported_versions, 192.168.6.240, 139.162.123.134 TLSv13-draft19 TLSv12 TLSv11 @@ -78,7 +78,7 @@ sha1, dsa sha256, dsa sha384, dsa sha512, dsa -supported_versions(, 192.168.6.240, 139.162.123.134 +supported_versions, 192.168.6.240, 139.162.123.134 TLSv13-draft19 TLSv12 TLSv11 @@ -86,3 +86,50 @@ TLSv10 psk_key_exchange_modes, 192.168.6.240, 139.162.123.134 1 0 +pre_shared_key client hello, 192.168.6.240, 139.162.123.134, [[identity=\x01\xf3\x88\x12\xae\xeb\x13\x01\xed]\xcf\x0b\x8f\xad\xf2\xc1I\x9f-\xfa\xe1\x98\x9f\xb7\x82@\x81Or\x0e\xbe\xfc\xa3\xbc\x8f\x03\x86\xf1\x8e\xae\xd7\xe5\xa2\xee\xf3\xde\xb7\xa5\xf6\\xeb\x18^ICPm!|\x09\xe0NE\xe8\x0f\xda\xf8\xf2\xa8s\x84\x17>\xe5\xd9!\x19\x09\xfe\xdb\xa87\x05\xd7\xd06JG\xeb\xad\xf9\xf8\x13?#\xdc\xe7J\xad\x14\xbfS.\x98\xd8\xd2r\x01\xef\xc5\x0c_\xdf\xc9[7\xa7l\xa7\xa0\xb5\xda\x83\x16\x10\xa1\xdb\xe2$q^enkJEj1}6HAlQOBP)3sP5~B7VWq!cf}aln z2UajEDQ88xTjIbwxyjind70T__l)$V*~v-S;B7j{fF^M26J5|1Xc?Qn1 zf%V~%J#ndl4eOs2^uefRSNb2CE5z7N2RK^ZGl9oHm#d?2pQ5DUAMQaO8*XZH!)JNLjZEAIi z%0R9OWur73);-cPRSQ^=d1A!qhs1<@rkC0>6Rvxj1{!ja#zS!t4{>e4pg~+}&55iQQf9UG?~KDdgC)wwx`)PvNIQ zX;WoWMbjbPgZG5J{6yXzmhlqa4gSQN^P?evH{)$#Ivj?orkbY1P1UdmDx0dH8V;fP zDGcV_8@Q1;3>_icRZ*JnOBzeVn)Z>T&s*z$A9$7 zgvrYfM z9!)dkvFA8Y;8U;WxZ|JaYZ@m0q-<||P;ug%`$hhAL&~ItOT7tO-L0%G3)cLuUu`++ ziXOmn0?ey6t0voh^7y-lSNx)CKQ`xJ{NysXZSO>{{q9}Kb9b5zVBRJz0u_5Gk=CJr51L_ZWoT<8M~m@ z-sP2^HO+UwzjgZlOR6>HVEt|BejDF7)BU%D9oa{X8x8V4oX(`LaevB3okLJ_3gf;& z&0jV|f9kAjb%~C`{xnMUN1e`?a}DL*FyHvhL*~1`Kb^trG$`M$a6p}p`xJvXa`haO z4EvLw!%;M95q_KL`=plR|5E#Q{cz-=>}~HGi|al<|8sqT&w^Rbk2VG@9cfk)&^#vL zY;Q+lzH;}<+6!s-`d+oP{jc=imGBYB@GNyi{G_LX1jj+ou~>0H9e~FagM2F~o~QNg z3x>Xpj>0;+uR!0fQ|g`rwG1Xr$q?OsZ82e$N}u|I!nr9`eC5i>8k@A_ndkm3t3BJ} zCN`b!&nZ+ZEaVp!rCeRM$7z3S(QLE!u$H{9_Z_bYcV*14t=c?k%SUtM<9A2DF1OpP zNcTQn`@sI2o`SuuwQ&I>!Z#^zCXRjga^aS$n$TYZyB79d%^!7l3E#kTCU?HLmmGJZ z)PJ+GzSVwq%p=*M-kJ>?HCJ3`rO#dvcbl)RxLEp~IQUlR?)LVZTP2;%X39^~*wLO7 zUpTq`XjpF7f_T}*_G{k@lBTS<-j;XwLU6Wg=!BQW4ua!5?m6vUct>zH{F|1z-ny3k z|8!U=l(f{}3~3(so(qp!4%DCI9qN0IbT{_%C#Zi2&ZijUqv8B~zttrs82xOuzq{W@ zzc^D43^~|gIQsouhSzD34?0(!R4>MTia{KadOt@R`B}%|D6;y?ync?pDa1iO7@akv zsAoy@`Zr&Bcs*$$ze^sWw13k;r{Va@kb!g>*ze^QTSK451WP))tf}9Z z;5#kVTVll6N^j_!GJft(w=bJZP8#YpT;BToeKj)CAibJ0+SG60K811JKuqzg+Pb+v zBoEe2WqUu5OFr>vn{4FmJ#7Uak?)$;BsH@|%UxR*3Jo(zLul{~_{0BOI zZLVSXclI)5FxD{;`JP)xH?58%MOFnD4EdgoqrX-M*20dcTTiQn1=?B|Y2>{)tOYl! zh4om?x>|4>=gkPq`%W)8>>`W*Nymea4fI<^tB*qW+h*Wznf_WB$n#>%Q+Z;wJk~}$ z@yO$@<(X^9b70)1OOat&q?UgD=jAD$_f(#RS{@rC9-TfTQ6F^LKz$aSa%`I&-DCND oJd`&Y Date: Mon, 22 Apr 2019 19:42:52 -0700 Subject: [PATCH 037/247] GH-234: rename Broxygen to Zeexygen along with roles/directives * All "Broxygen" usages have been replaced in code, documentation, filenames, etc. * Sphinx roles/directives like ":bro:see" are now ":zeek:see" * The "--broxygen" command-line option is now "--zeexygen" --- CHANGES | 11 + NEWS | 8 + VERSION | 2 +- doc | 2 +- man/bro.8 | 4 +- scripts/base/files/extract/main.zeek | 6 +- scripts/base/frameworks/analyzer/main.zeek | 6 +- scripts/base/frameworks/broker/main.zeek | 38 +- scripts/base/frameworks/broker/store.zeek | 2 +- scripts/base/frameworks/cluster/__load__.zeek | 2 +- scripts/base/frameworks/cluster/main.zeek | 36 +- scripts/base/frameworks/cluster/pools.zeek | 16 +- .../frameworks/cluster/setup-connections.zeek | 2 +- scripts/base/frameworks/config/main.zeek | 6 +- scripts/base/frameworks/control/main.zeek | 8 +- scripts/base/frameworks/files/main.zeek | 26 +- scripts/base/frameworks/input/main.zeek | 2 +- scripts/base/frameworks/intel/main.zeek | 6 +- scripts/base/frameworks/logging/main.zeek | 58 +- .../logging/postprocessors/scp.zeek | 16 +- .../logging/postprocessors/sftp.zeek | 16 +- .../netcontrol/catch-and-release.zeek | 12 +- scripts/base/frameworks/netcontrol/drop.zeek | 2 +- scripts/base/frameworks/netcontrol/main.zeek | 8 +- .../frameworks/netcontrol/plugins/broker.zeek | 2 +- .../netcontrol/plugins/openflow.zeek | 2 +- scripts/base/frameworks/netcontrol/shunt.zeek | 2 +- scripts/base/frameworks/netcontrol/types.zeek | 24 +- .../notice/actions/add-geodata.zeek | 2 +- .../base/frameworks/notice/actions/drop.zeek | 2 +- .../notice/actions/email_admin.zeek | 4 +- .../base/frameworks/notice/actions/page.zeek | 4 +- .../frameworks/notice/actions/pp-alarms.zeek | 2 +- scripts/base/frameworks/notice/main.zeek | 48 +- .../base/frameworks/openflow/plugins/log.zeek | 2 +- .../base/frameworks/packet-filter/main.zeek | 6 +- .../base/frameworks/packet-filter/utils.zeek | 2 +- scripts/base/frameworks/reporter/main.zeek | 6 +- scripts/base/frameworks/signatures/main.zeek | 20 +- scripts/base/frameworks/software/main.zeek | 14 +- scripts/base/frameworks/sumstats/cluster.zeek | 4 +- scripts/base/frameworks/sumstats/main.zeek | 6 +- .../frameworks/sumstats/plugins/last.zeek | 2 +- scripts/base/frameworks/tunnels/main.zeek | 24 +- scripts/base/init-bare.zeek | 588 ++++++++--------- scripts/base/misc/find-filtered-trace.zeek | 2 +- scripts/base/protocols/conn/contents.zeek | 2 +- scripts/base/protocols/conn/main.zeek | 14 +- scripts/base/protocols/dhcp/main.zeek | 6 +- scripts/base/protocols/dns/main.zeek | 6 +- scripts/base/protocols/ftp/gridftp.zeek | 10 +- scripts/base/protocols/ftp/main.zeek | 2 +- scripts/base/protocols/ftp/utils.zeek | 8 +- scripts/base/protocols/http/entities.zeek | 20 +- scripts/base/protocols/http/utils.zeek | 8 +- scripts/base/protocols/ssh/main.zeek | 10 +- scripts/base/utils/active-http.zeek | 2 +- scripts/base/utils/conn-ids.zeek | 2 +- scripts/base/utils/dir.zeek | 2 +- scripts/base/utils/exec.zeek | 2 +- scripts/base/utils/geoip-distance.zeek | 2 +- scripts/base/utils/paths.zeek | 2 +- scripts/base/utils/patterns.zeek | 2 +- scripts/base/utils/site.zeek | 16 +- scripts/base/utils/thresholds.zeek | 12 +- scripts/base/utils/urls.zeek | 2 +- scripts/broxygen/README | 4 - .../dpd/packet-segment-logging.zeek | 2 +- .../notice/extend-email/hostnames.zeek | 4 +- .../frameworks/packet-filter/shunt.zeek | 4 +- .../frameworks/software/version-changes.zeek | 2 +- .../policy/integration/barnyard2/main.zeek | 4 +- scripts/policy/misc/capture-loss.zeek | 2 +- .../policy/misc/detect-traceroute/main.zeek | 2 +- scripts/policy/misc/profiling.zeek | 2 +- scripts/policy/misc/scan.zeek | 8 +- scripts/policy/misc/trim-trace-file.zeek | 2 +- .../policy/protocols/conn/known-hosts.zeek | 10 +- .../policy/protocols/conn/known-services.zeek | 12 +- .../protocols/dhcp/deprecated_events.zeek | 24 +- .../protocols/dns/detect-external-names.zeek | 4 +- .../policy/protocols/http/detect-sqli.zeek | 2 +- .../protocols/smtp/entities-excerpt.zeek | 2 +- .../protocols/ssh/detect-bruteforcing.zeek | 2 +- scripts/policy/protocols/ssh/geo-data.zeek | 2 +- .../protocols/ssh/interesting-hostnames.zeek | 2 +- .../policy/protocols/ssl/expiring-certs.zeek | 4 +- scripts/policy/protocols/ssl/known-certs.zeek | 8 +- scripts/zeexygen/README | 4 + scripts/{broxygen => zeexygen}/__load__.zeek | 0 scripts/{broxygen => zeexygen}/example.zeek | 32 +- src/Attr.cc | 6 +- src/CMakeLists.txt | 2 +- src/DebugLogger.cc | 2 +- src/DebugLogger.h | 2 +- src/ID.cc | 20 +- src/Type.cc | 50 +- src/analyzer/protocol/arp/events.bif | 6 +- src/analyzer/protocol/bittorrent/events.bif | 36 +- src/analyzer/protocol/conn-size/events.bif | 4 +- src/analyzer/protocol/conn-size/functions.bif | 8 +- src/analyzer/protocol/dce-rpc/events.bif | 14 +- src/analyzer/protocol/dns/events.bif | 40 +- src/analyzer/protocol/finger/events.bif | 4 +- src/analyzer/protocol/ftp/events.bif | 4 +- src/analyzer/protocol/ftp/functions.bif | 18 +- src/analyzer/protocol/gnutella/events.bif | 12 +- src/analyzer/protocol/http/events.bif | 30 +- src/analyzer/protocol/http/functions.bif | 2 +- src/analyzer/protocol/icmp/events.bif | 30 +- src/analyzer/protocol/ident/events.bif | 6 +- src/analyzer/protocol/irc/events.bif | 70 +- src/analyzer/protocol/krb/events.bif | 20 +- src/analyzer/protocol/login/events.bif | 70 +- src/analyzer/protocol/login/functions.bif | 6 +- src/analyzer/protocol/mime/events.bif | 34 +- src/analyzer/protocol/mysql/events.bif | 12 +- src/analyzer/protocol/ncp/events.bif | 4 +- src/analyzer/protocol/netbios/events.bif | 14 +- src/analyzer/protocol/netbios/functions.bif | 4 +- src/analyzer/protocol/ntlm/events.bif | 6 +- src/analyzer/protocol/ntp/events.bif | 2 +- src/analyzer/protocol/pop3/events.bif | 14 +- src/analyzer/protocol/rpc/events.bif | 102 +-- src/analyzer/protocol/sip/events.bif | 12 +- src/analyzer/protocol/smb/events.bif | 2 +- .../protocol/smb/smb1_com_check_directory.bif | 4 +- src/analyzer/protocol/smb/smb1_com_close.bif | 2 +- .../smb/smb1_com_create_directory.bif | 4 +- src/analyzer/protocol/smb/smb1_com_echo.bif | 4 +- .../protocol/smb/smb1_com_logoff_andx.bif | 2 +- .../protocol/smb/smb1_com_negotiate.bif | 4 +- .../protocol/smb/smb1_com_nt_cancel.bif | 2 +- .../protocol/smb/smb1_com_nt_create_andx.bif | 4 +- .../smb/smb1_com_query_information.bif | 2 +- .../protocol/smb/smb1_com_read_andx.bif | 4 +- .../smb/smb1_com_session_setup_andx.bif | 4 +- .../protocol/smb/smb1_com_transaction.bif | 2 +- .../protocol/smb/smb1_com_transaction2.bif | 8 +- .../smb/smb1_com_tree_connect_andx.bif | 4 +- .../protocol/smb/smb1_com_tree_disconnect.bif | 2 +- .../protocol/smb/smb1_com_write_andx.bif | 4 +- src/analyzer/protocol/smb/smb1_events.bif | 6 +- src/analyzer/protocol/smb/smb2_com_close.bif | 4 +- src/analyzer/protocol/smb/smb2_com_create.bif | 4 +- .../protocol/smb/smb2_com_negotiate.bif | 4 +- src/analyzer/protocol/smb/smb2_com_read.bif | 2 +- .../protocol/smb/smb2_com_session_setup.bif | 4 +- .../protocol/smb/smb2_com_set_info.bif | 8 +- .../smb/smb2_com_transform_header.bif | 2 +- .../protocol/smb/smb2_com_tree_connect.bif | 4 +- .../protocol/smb/smb2_com_tree_disconnect.bif | 4 +- src/analyzer/protocol/smb/smb2_com_write.bif | 4 +- src/analyzer/protocol/smb/smb2_events.bif | 2 +- src/analyzer/protocol/smtp/events.bif | 8 +- src/analyzer/protocol/smtp/functions.bif | 2 +- src/analyzer/protocol/ssh/events.bif | 24 +- src/analyzer/protocol/ssl/events.bif | 66 +- src/analyzer/protocol/tcp/events.bif | 66 +- src/analyzer/protocol/tcp/functions.bif | 14 +- src/analyzer/protocol/teredo/events.bif | 10 +- src/analyzer/protocol/udp/events.bif | 16 +- src/bro.bif | 610 +++++++++--------- src/broker/data.bif | 2 +- src/broker/messaging.bif | 8 +- src/event.bif | 212 +++--- src/file_analysis/analyzer/extract/events.bif | 6 +- .../analyzer/extract/functions.bif | 2 +- src/file_analysis/analyzer/hash/events.bif | 2 +- src/file_analysis/analyzer/pe/events.bif | 10 +- src/file_analysis/analyzer/x509/events.bif | 10 +- src/file_analysis/analyzer/x509/functions.bif | 16 +- .../analyzer/x509/ocsp_events.bif | 12 +- src/file_analysis/file_analysis.bif | 24 +- src/iosource/pcap/pcap.bif | 8 +- src/main.cc | 24 +- src/option.bif | 10 +- src/parse.y | 26 +- src/plugin/ComponentManager.h | 4 +- src/probabilistic/bloom-filter.bif | 28 +- src/probabilistic/cardinality-counter.bif | 12 +- src/probabilistic/top-k.bif | 24 +- src/reporter.bif | 6 +- src/scan.l | 12 +- src/stats.bif | 26 +- src/strings.bif | 110 ++-- src/{broxygen => zeexygen}/CMakeLists.txt | 8 +- src/{broxygen => zeexygen}/Configuration.cc | 12 +- src/{broxygen => zeexygen}/Configuration.h | 14 +- src/{broxygen => zeexygen}/IdentifierInfo.cc | 4 +- src/{broxygen => zeexygen}/IdentifierInfo.h | 16 +- src/{broxygen => zeexygen}/Info.h | 10 +- src/{broxygen => zeexygen}/Manager.cc | 48 +- src/{broxygen => zeexygen}/Manager.h | 34 +- src/{broxygen => zeexygen}/PackageInfo.cc | 8 +- src/{broxygen => zeexygen}/PackageInfo.h | 8 +- .../ReStructuredTextTable.cc | 2 +- .../ReStructuredTextTable.h | 8 +- src/{broxygen => zeexygen}/ScriptInfo.cc | 48 +- src/{broxygen => zeexygen}/ScriptInfo.h | 12 +- src/{broxygen => zeexygen}/Target.cc | 54 +- src/{broxygen => zeexygen}/Target.h | 14 +- src/{broxygen => zeexygen}/utils.cc | 18 +- src/{broxygen => zeexygen}/utils.h | 12 +- .../broxygen.bif => zeexygen/zeexygen.bif} | 24 +- .../btest/Baseline/core.plugins.hooks/output | 6 +- .../canonified_loaded_scripts.log | 2 +- .../Baseline/coverage.bare-mode-errors/errors | 2 +- .../canonified_loaded_scripts.log | 2 +- .../Baseline/doc.broxygen.example/example.rst | 248 ------- .../autogen-reST-func-params.rst | 30 - .../Baseline/doc.broxygen.identifier/test.rst | 230 ------- .../doc.broxygen.package_index/test.rst | 7 - .../autogen-reST-records.rst | 28 - .../doc.broxygen.script_index/test.rst | 5 - .../autogen-reST-type-aliases.rst | 44 -- .../.stderr | 0 .../.stdout | 0 .../output | 0 .../out | 0 .../autogen-reST-enums.rst | 30 +- .../Baseline/doc.zeexygen.example/example.rst | 248 +++++++ .../autogen-reST-func-params.rst | 30 + .../Baseline/doc.zeexygen.identifier/test.rst | 230 +++++++ .../test.rst | 20 +- .../doc.zeexygen.package_index/test.rst | 7 + .../autogen-reST-records.rst | 28 + .../doc.zeexygen.script_index/test.rst | 5 + .../test.rst | 12 +- .../autogen-reST-type-aliases.rst | 44 ++ .../autogen-reST-vectors.rst | 12 +- testing/btest/Baseline/plugins.hooks/output | 20 +- testing/btest/coverage/broxygen.sh | 14 +- .../btest/coverage/sphinx-broxygen-docs.sh | 8 +- testing/btest/doc/broxygen/example.zeek | 8 - testing/btest/doc/broxygen/identifier.zeek | 9 - testing/btest/doc/broxygen/package.zeek | 9 - testing/btest/doc/broxygen/package_index.zeek | 9 - testing/btest/doc/broxygen/script_index.zeek | 9 - .../btest/doc/broxygen/script_summary.zeek | 9 - .../{broxygen => zeexygen}/command_line.zeek | 0 .../comment_retrieval_bifs.zeek | 0 .../doc/{broxygen => zeexygen}/enums.zeek | 4 +- testing/btest/doc/zeexygen/example.zeek | 8 + .../{broxygen => zeexygen}/func-params.zeek | 4 +- testing/btest/doc/zeexygen/identifier.zeek | 9 + testing/btest/doc/zeexygen/package.zeek | 9 + testing/btest/doc/zeexygen/package_index.zeek | 9 + .../doc/{broxygen => zeexygen}/records.zeek | 4 +- testing/btest/doc/zeexygen/script_index.zeek | 9 + .../btest/doc/zeexygen/script_summary.zeek | 9 + .../{broxygen => zeexygen}/type-aliases.zeek | 8 +- .../doc/{broxygen => zeexygen}/vectors.zeek | 4 +- ...-broxygen-docs.sh => gen-zeexygen-docs.sh} | 16 +- 254 files changed, 2675 insertions(+), 2656 deletions(-) delete mode 100644 scripts/broxygen/README create mode 100644 scripts/zeexygen/README rename scripts/{broxygen => zeexygen}/__load__.zeek (100%) rename scripts/{broxygen => zeexygen}/example.zeek (88%) rename src/{broxygen => zeexygen}/CMakeLists.txt (73%) rename src/{broxygen => zeexygen}/Configuration.cc (87%) rename src/{broxygen => zeexygen}/Configuration.h (80%) rename src/{broxygen => zeexygen}/IdentifierInfo.cc (97%) rename src/{broxygen => zeexygen}/IdentifierInfo.h (92%) rename src/{broxygen => zeexygen}/Info.h (89%) rename src/{broxygen => zeexygen}/Manager.cc (87%) rename src/{broxygen => zeexygen}/Manager.h (89%) rename src/{broxygen => zeexygen}/PackageInfo.cc (85%) rename src/{broxygen => zeexygen}/PackageInfo.h (89%) rename src/{broxygen => zeexygen}/ReStructuredTextTable.cc (98%) rename src/{broxygen => zeexygen}/ReStructuredTextTable.h (92%) rename src/{broxygen => zeexygen}/ScriptInfo.cc (86%) rename src/{broxygen => zeexygen}/ScriptInfo.h (92%) rename src/{broxygen => zeexygen}/Target.cc (89%) rename src/{broxygen => zeexygen}/Target.h (96%) rename src/{broxygen => zeexygen}/utils.cc (83%) rename src/{broxygen => zeexygen}/utils.h (88%) rename src/{broxygen/broxygen.bif => zeexygen/zeexygen.bif} (81%) delete mode 100644 testing/btest/Baseline/doc.broxygen.example/example.rst delete mode 100644 testing/btest/Baseline/doc.broxygen.func-params/autogen-reST-func-params.rst delete mode 100644 testing/btest/Baseline/doc.broxygen.identifier/test.rst delete mode 100644 testing/btest/Baseline/doc.broxygen.package_index/test.rst delete mode 100644 testing/btest/Baseline/doc.broxygen.records/autogen-reST-records.rst delete mode 100644 testing/btest/Baseline/doc.broxygen.script_index/test.rst delete mode 100644 testing/btest/Baseline/doc.broxygen.type-aliases/autogen-reST-type-aliases.rst rename testing/btest/Baseline/{doc.broxygen.all_scripts => doc.zeexygen.all_scripts}/.stderr (100%) rename testing/btest/Baseline/{doc.broxygen.all_scripts => doc.zeexygen.all_scripts}/.stdout (100%) rename testing/btest/Baseline/{doc.broxygen.command_line => doc.zeexygen.command_line}/output (100%) rename testing/btest/Baseline/{doc.broxygen.comment_retrieval_bifs => doc.zeexygen.comment_retrieval_bifs}/out (100%) rename testing/btest/Baseline/{doc.broxygen.enums => doc.zeexygen.enums}/autogen-reST-enums.rst (51%) create mode 100644 testing/btest/Baseline/doc.zeexygen.example/example.rst create mode 100644 testing/btest/Baseline/doc.zeexygen.func-params/autogen-reST-func-params.rst create mode 100644 testing/btest/Baseline/doc.zeexygen.identifier/test.rst rename testing/btest/Baseline/{doc.broxygen.package => doc.zeexygen.package}/test.rst (58%) create mode 100644 testing/btest/Baseline/doc.zeexygen.package_index/test.rst create mode 100644 testing/btest/Baseline/doc.zeexygen.records/autogen-reST-records.rst create mode 100644 testing/btest/Baseline/doc.zeexygen.script_index/test.rst rename testing/btest/Baseline/{doc.broxygen.script_summary => doc.zeexygen.script_summary}/test.rst (64%) create mode 100644 testing/btest/Baseline/doc.zeexygen.type-aliases/autogen-reST-type-aliases.rst rename testing/btest/Baseline/{doc.broxygen.vectors => doc.zeexygen.vectors}/autogen-reST-vectors.rst (50%) delete mode 100644 testing/btest/doc/broxygen/example.zeek delete mode 100644 testing/btest/doc/broxygen/identifier.zeek delete mode 100644 testing/btest/doc/broxygen/package.zeek delete mode 100644 testing/btest/doc/broxygen/package_index.zeek delete mode 100644 testing/btest/doc/broxygen/script_index.zeek delete mode 100644 testing/btest/doc/broxygen/script_summary.zeek rename testing/btest/doc/{broxygen => zeexygen}/command_line.zeek (100%) rename testing/btest/doc/{broxygen => zeexygen}/comment_retrieval_bifs.zeek (100%) rename testing/btest/doc/{broxygen => zeexygen}/enums.zeek (89%) create mode 100644 testing/btest/doc/zeexygen/example.zeek rename testing/btest/doc/{broxygen => zeexygen}/func-params.zeek (83%) create mode 100644 testing/btest/doc/zeexygen/identifier.zeek create mode 100644 testing/btest/doc/zeexygen/package.zeek create mode 100644 testing/btest/doc/zeexygen/package_index.zeek rename testing/btest/doc/{broxygen => zeexygen}/records.zeek (84%) create mode 100644 testing/btest/doc/zeexygen/script_index.zeek create mode 100644 testing/btest/doc/zeexygen/script_summary.zeek rename testing/btest/doc/{broxygen => zeexygen}/type-aliases.zeek (81%) rename testing/btest/doc/{broxygen => zeexygen}/vectors.zeek (83%) rename testing/scripts/{gen-broxygen-docs.sh => gen-zeexygen-docs.sh} (81%) diff --git a/CHANGES b/CHANGES index add558f878..a65621f999 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,15 @@ +2.6-243 | 2019-04-22 19:42:52 -0700 + + * GH-234: rename Broxygen to Zeexygen along with roles/directives (Jon Siwek, Corelight) + + * All "Broxygen" usages have been replaced in + code, documentation, filenames, etc. + + * Sphinx roles/directives like ":bro:see" are now ":zeek:see" + + * The "--broxygen" command-line option is now "--zeexygen" + 2.6-242 | 2019-04-22 22:43:09 +0200 * update SSL consts from TLS 1.3 (Johanna Amann) diff --git a/NEWS b/NEWS index 55f1330c9a..b93aa2300b 100644 --- a/NEWS +++ b/NEWS @@ -175,6 +175,14 @@ Changed Functionality the end of a connection (in a FIN or RST) are considered unreliable and aren't counted as true gaps. +- The Broxygen component, which is used to generate our Doxygen-like + scripting API documentation has been renamed to Zeexygen. This likely has + no breaking or visible changes for most users, except in the case one + used it to generate their own documentation via the ``--broxygen`` flag, + which is now named ``--zeexygen``. Besides that, the various documentation + in scripts has also been updated to replace Sphinx cross-referencing roles + and directives like ":bro:see:" with ":zeek:zee:". + Removed Functionality --------------------- diff --git a/VERSION b/VERSION index 39cb43fbe0..f3ae812fb9 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-242 +2.6-243 diff --git a/doc b/doc index 38f6edaf27..dc37959938 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit 38f6edaf273401eef51cf754010f144be6398066 +Subproject commit dc37959938b9a70a642e7be48693d5c5fd3d5e80 diff --git a/man/bro.8 b/man/bro.8 index 66d0fc4f20..a4c54d48f6 100644 --- a/man/bro.8 +++ b/man/bro.8 @@ -99,7 +99,7 @@ Record process status in file \fB\-W\fR,\ \-\-watchdog activate watchdog timer .TP -\fB\-X\fR,\ \-\-broxygen +\fB\-X\fR,\ \-\-zeexygen generate documentation based on config file .TP \fB\-\-pseudo\-realtime[=\fR] @@ -150,7 +150,7 @@ ASCII log file extension Output file for script execution statistics .TP .B BRO_DISABLE_BROXYGEN -Disable Broxygen documentation support +Disable Zeexygen (Broxygen) documentation support .SH AUTHOR .B bro was written by The Bro Project . diff --git a/scripts/base/files/extract/main.zeek b/scripts/base/files/extract/main.zeek index eaae44a089..93288c5127 100644 --- a/scripts/base/files/extract/main.zeek +++ b/scripts/base/files/extract/main.zeek @@ -29,12 +29,12 @@ export { ## to know where to write the file to. If not specified, then ## a filename in the format "extract--" is ## automatically assigned (using the *source* and *id* - ## fields of :bro:see:`fa_file`). + ## fields of :zeek:see:`fa_file`). extract_filename: string &optional; ## The maximum allowed file size in bytes of *extract_filename*. - ## Once reached, a :bro:see:`file_extraction_limit` event is + ## Once reached, a :zeek:see:`file_extraction_limit` event is ## raised and the analyzer will be removed unless - ## :bro:see:`FileExtract::set_limit` is called to increase the + ## :zeek:see:`FileExtract::set_limit` is called to increase the ## limit. A value of zero means "no limit". extract_limit: count &default=default_limit; }; diff --git a/scripts/base/frameworks/analyzer/main.zeek b/scripts/base/frameworks/analyzer/main.zeek index 57a602f308..0775768dca 100644 --- a/scripts/base/frameworks/analyzer/main.zeek +++ b/scripts/base/frameworks/analyzer/main.zeek @@ -5,7 +5,7 @@ ##! particular analyzer for new connections. ##! ##! Protocol analyzers are identified by unique tags of type -##! :bro:type:`Analyzer::Tag`, such as :bro:enum:`Analyzer::ANALYZER_HTTP`. +##! :zeek:type:`Analyzer::Tag`, such as :zeek:enum:`Analyzer::ANALYZER_HTTP`. ##! These tags are defined internally by ##! the analyzers themselves, and documented in their analyzer-specific ##! description along with the events that they generate. @@ -17,7 +17,7 @@ module Analyzer; export { ## If true, all available analyzers are initially disabled at startup. ## One can then selectively enable them with - ## :bro:id:`Analyzer::enable_analyzer`. + ## :zeek:id:`Analyzer::enable_analyzer`. global disable_all = F &redef; ## Enables an analyzer. Once enabled, the analyzer may be used for analysis @@ -109,7 +109,7 @@ export { ## Automatically creates a BPF filter for the specified protocol based ## on the data supplied for the protocol through the - ## :bro:see:`Analyzer::register_for_ports` function. + ## :zeek:see:`Analyzer::register_for_ports` function. ## ## tag: The analyzer tag. ## diff --git a/scripts/base/frameworks/broker/main.zeek b/scripts/base/frameworks/broker/main.zeek index 93ed69c3c5..f64ff0ce14 100644 --- a/scripts/base/frameworks/broker/main.zeek +++ b/scripts/base/frameworks/broker/main.zeek @@ -10,19 +10,19 @@ export { ## Default interval to retry listening on a port if it's currently in ## use already. Use of the BRO_DEFAULT_LISTEN_RETRY environment variable ## (set as a number of seconds) will override this option and also - ## any values given to :bro:see:`Broker::listen`. + ## any values given to :zeek:see:`Broker::listen`. const default_listen_retry = 30sec &redef; ## Default address on which to listen. ## - ## .. bro:see:: Broker::listen + ## .. zeek:see:: Broker::listen const default_listen_address = getenv("BRO_DEFAULT_LISTEN_ADDRESS") &redef; ## Default interval to retry connecting to a peer if it cannot be made to ## work initially, or if it ever becomes disconnected. Use of the ## BRO_DEFAULT_CONNECT_RETRY environment variable (set as number of ## seconds) will override this option and also any values given to - ## :bro:see:`Broker::peer`. + ## :zeek:see:`Broker::peer`. const default_connect_retry = 30sec &redef; ## If true, do not use SSL for network connections. By default, SSL will @@ -47,7 +47,7 @@ export { const ssl_certificate = "" &redef; ## Passphrase to decrypt the private key specified by - ## :bro:see:`Broker::ssl_keyfile`. If set, Bro will require valid + ## :zeek:see:`Broker::ssl_keyfile`. If set, Bro will require valid ## certificates for all peers. const ssl_passphrase = "" &redef; @@ -96,7 +96,7 @@ export { ## Forward all received messages to subscribing peers. const forward_messages = F &redef; - ## Whether calling :bro:see:`Broker::peer` will register the Broker + ## Whether calling :zeek:see:`Broker::peer` will register the Broker ## system as an I/O source that will block the process from shutting ## down. For example, set this to false when you are reading pcaps, ## but also want to initaiate a Broker peering and still shutdown after @@ -107,7 +107,7 @@ export { ## id is appended when writing to a particular stream. const default_log_topic_prefix = "bro/logs/" &redef; - ## The default implementation for :bro:see:`Broker::log_topic`. + ## The default implementation for :zeek:see:`Broker::log_topic`. function default_log_topic(id: Log::ID, path: string): string { return default_log_topic_prefix + cat(id); @@ -116,7 +116,7 @@ export { ## A function that will be called for each log entry to determine what ## broker topic string will be used for sending it to peers. The ## default implementation will return a value based on - ## :bro:see:`Broker::default_log_topic_prefix`. + ## :zeek:see:`Broker::default_log_topic_prefix`. ## ## id: the ID associated with the log stream entry that will be sent. ## @@ -232,7 +232,7 @@ export { ## ## Returns: the bound port or 0/? on failure. ## - ## .. bro:see:: Broker::status + ## .. zeek:see:: Broker::status global listen: function(a: string &default = default_listen_address, p: port &default = default_port, retry: interval &default = default_listen_retry): port; @@ -252,7 +252,7 @@ export { ## it's a new peer. The actual connection may not be established ## until a later point in time. ## - ## .. bro:see:: Broker::status + ## .. zeek:see:: Broker::status global peer: function(a: string, p: port &default=default_port, retry: interval &default=default_connect_retry): bool; @@ -262,12 +262,12 @@ export { ## just means that we won't exchange any further information with it ## unless peering resumes later. ## - ## a: the address used in previous successful call to :bro:see:`Broker::peer`. + ## a: the address used in previous successful call to :zeek:see:`Broker::peer`. ## - ## p: the port used in previous successful call to :bro:see:`Broker::peer`. + ## p: the port used in previous successful call to :zeek:see:`Broker::peer`. ## ## Returns: true if the arguments match a previously successful call to - ## :bro:see:`Broker::peer`. + ## :zeek:see:`Broker::peer`. ## ## TODO: We do not have a function yet to terminate a connection. global unpeer: function(a: string, p: port): bool; @@ -298,7 +298,7 @@ export { ## Register interest in all peer event messages that use a certain topic ## prefix. Note that subscriptions may not be altered immediately after - ## calling (except during :bro:see:`zeek_init`). + ## calling (except during :zeek:see:`zeek_init`). ## ## topic_prefix: a prefix to match against remote message topics. ## e.g. an empty prefix matches everything and "a" matches @@ -309,10 +309,10 @@ export { ## Unregister interest in all peer event messages that use a topic prefix. ## Note that subscriptions may not be altered immediately after calling - ## (except during :bro:see:`zeek_init`). + ## (except during :zeek:see:`zeek_init`). ## ## topic_prefix: a prefix previously supplied to a successful call to - ## :bro:see:`Broker::subscribe` or :bro:see:`Broker::forward`. + ## :zeek:see:`Broker::subscribe` or :zeek:see:`Broker::forward`. ## ## Returns: true if interest in the topic prefix is no longer advertised. global unsubscribe: function(topic_prefix: string): bool; @@ -320,8 +320,8 @@ export { ## Register a topic prefix subscription for events that should only be ## forwarded to any subscribing peers and not raise any event handlers ## on the receiving/forwarding node. i.e. it's the same as - ## :bro:see:`Broker::subscribe` except matching events are not raised - ## on the receiver, just forwarded. Use :bro:see:`Broker::unsubscribe` + ## :zeek:see:`Broker::subscribe` except matching events are not raised + ## on the receiver, just forwarded. Use :zeek:see:`Broker::unsubscribe` ## with the same argument to undo this operation. ## ## topic_prefix: a prefix to match against remote message topics. @@ -346,9 +346,9 @@ export { ## Stop automatically sending an event to peers upon local dispatch. ## - ## topic: a topic originally given to :bro:see:`Broker::auto_publish`. + ## topic: a topic originally given to :zeek:see:`Broker::auto_publish`. ## - ## ev: an event originally given to :bro:see:`Broker::auto_publish`. + ## ev: an event originally given to :zeek:see:`Broker::auto_publish`. ## ## Returns: true if automatic events will not occur for the topic/event ## pair. diff --git a/scripts/base/frameworks/broker/store.zeek b/scripts/base/frameworks/broker/store.zeek index 2e216afa93..dace2032c9 100644 --- a/scripts/base/frameworks/broker/store.zeek +++ b/scripts/base/frameworks/broker/store.zeek @@ -353,7 +353,7 @@ export { ## ## Returns: a set with the keys. If you expect the keys to be of ## non-uniform type, consider using - ## :bro:see:`Broker::set_iterator` to iterate over the result. + ## :zeek:see:`Broker::set_iterator` to iterate over the result. global keys: function(h: opaque of Broker::Store): QueryResult; ## Deletes all of a store's content, it will be empty afterwards. diff --git a/scripts/base/frameworks/cluster/__load__.zeek b/scripts/base/frameworks/cluster/__load__.zeek index 20060357a4..e3b318c1d5 100644 --- a/scripts/base/frameworks/cluster/__load__.zeek +++ b/scripts/base/frameworks/cluster/__load__.zeek @@ -17,7 +17,7 @@ redef Broker::log_topic = Cluster::rr_log_topic; # If this script isn't found anywhere, the cluster bombs out. # Loading the cluster framework requires that a script by this name exists # somewhere in the BROPATH. The only thing in the file should be the -# cluster definition in the :bro:id:`Cluster::nodes` variable. +# cluster definition in the :zeek:id:`Cluster::nodes` variable. @load cluster-layout @if ( Cluster::node in Cluster::nodes ) diff --git a/scripts/base/frameworks/cluster/main.zeek b/scripts/base/frameworks/cluster/main.zeek index 08d48ac858..02c063c346 100644 --- a/scripts/base/frameworks/cluster/main.zeek +++ b/scripts/base/frameworks/cluster/main.zeek @@ -1,8 +1,8 @@ ##! A framework for establishing and controlling a cluster of Bro instances. ##! In order to use the cluster framework, a script named ##! ``cluster-layout.zeek`` must exist somewhere in Bro's script search path -##! which has a cluster definition of the :bro:id:`Cluster::nodes` variable. -##! The ``CLUSTER_NODE`` environment variable or :bro:id:`Cluster::node` +##! which has a cluster definition of the :zeek:id:`Cluster::nodes` variable. +##! The ``CLUSTER_NODE`` environment variable or :zeek:id:`Cluster::node` ##! must also be sent and the cluster framework loaded as a package like ##! ``@load base/frameworks/cluster``. @@ -44,23 +44,23 @@ export { const nodeid_topic_prefix = "bro/cluster/nodeid/" &redef; ## Name of the node on which master data stores will be created if no other - ## has already been specified by the user in :bro:see:`Cluster::stores`. + ## has already been specified by the user in :zeek:see:`Cluster::stores`. ## An empty value means "use whatever name corresponds to the manager ## node". const default_master_node = "" &redef; ## The type of data store backend that will be used for all data stores if - ## no other has already been specified by the user in :bro:see:`Cluster::stores`. + ## no other has already been specified by the user in :zeek:see:`Cluster::stores`. const default_backend = Broker::MEMORY &redef; ## The type of persistent data store backend that will be used for all data ## stores if no other has already been specified by the user in - ## :bro:see:`Cluster::stores`. This will be used when script authors call - ## :bro:see:`Cluster::create_store` with the *persistent* argument set true. + ## :zeek:see:`Cluster::stores`. This will be used when script authors call + ## :zeek:see:`Cluster::create_store` with the *persistent* argument set true. const default_persistent_backend = Broker::SQLITE &redef; ## Setting a default dir will, for persistent backends that have not - ## been given an explicit file path via :bro:see:`Cluster::stores`, + ## been given an explicit file path via :zeek:see:`Cluster::stores`, ## automatically create a path within this dir that is based on the name of ## the data store. const default_store_dir = "" &redef; @@ -81,21 +81,21 @@ export { ## Parameters used for configuring the backend. options: Broker::BackendOptions &default=Broker::BackendOptions(); ## A resync/reconnect interval to pass through to - ## :bro:see:`Broker::create_clone`. + ## :zeek:see:`Broker::create_clone`. clone_resync_interval: interval &default=Broker::default_clone_resync_interval; ## A staleness duration to pass through to - ## :bro:see:`Broker::create_clone`. + ## :zeek:see:`Broker::create_clone`. clone_stale_interval: interval &default=Broker::default_clone_stale_interval; ## A mutation buffer interval to pass through to - ## :bro:see:`Broker::create_clone`. + ## :zeek:see:`Broker::create_clone`. clone_mutation_buffer_interval: interval &default=Broker::default_clone_mutation_buffer_interval; }; ## A table of cluster-enabled data stores that have been created, indexed ## by their name. This table will be populated automatically by - ## :bro:see:`Cluster::create_store`, but if you need to customize + ## :zeek:see:`Cluster::create_store`, but if you need to customize ## the options related to a particular data store, you may redef this - ## table. Calls to :bro:see:`Cluster::create_store` will first check + ## table. Calls to :zeek:see:`Cluster::create_store` will first check ## the table for an entry of the same name and, if found, will use the ## predefined options there when setting up the store. global stores: table[string] of StoreInfo &default=StoreInfo() &redef; @@ -174,15 +174,15 @@ export { ## This function can be called at any time to determine if the cluster ## framework is being enabled for this run. ## - ## Returns: True if :bro:id:`Cluster::node` has been set. + ## Returns: True if :zeek:id:`Cluster::node` has been set. global is_enabled: function(): bool; ## This function can be called at any time to determine what type of ## cluster node the current Bro instance is going to be acting as. - ## If :bro:id:`Cluster::is_enabled` returns false, then - ## :bro:enum:`Cluster::NONE` is returned. + ## If :zeek:id:`Cluster::is_enabled` returns false, then + ## :zeek:enum:`Cluster::NONE` is returned. ## - ## Returns: The :bro:type:`Cluster::NodeType` the calling node acts as. + ## Returns: The :zeek:type:`Cluster::NodeType` the calling node acts as. global local_node_type: function(): NodeType; ## This gives the value for the number of workers currently connected to, @@ -241,8 +241,8 @@ export { ## Retrieve the topic associated with a specific node in the cluster. ## - ## id: the id of the cluster node (from :bro:see:`Broker::EndpointInfo` - ## or :bro:see:`Broker::node_id`. + ## id: the id of the cluster node (from :zeek:see:`Broker::EndpointInfo` + ## or :zeek:see:`Broker::node_id`. ## ## Returns: a topic string that may used to send a message exclusively to ## a given cluster node. diff --git a/scripts/base/frameworks/cluster/pools.zeek b/scripts/base/frameworks/cluster/pools.zeek index 40f9a9cbf1..ae14a09527 100644 --- a/scripts/base/frameworks/cluster/pools.zeek +++ b/scripts/base/frameworks/cluster/pools.zeek @@ -58,17 +58,17 @@ export { alive_count: count &default = 0; }; - ## The specification for :bro:see:`Cluster::proxy_pool`. + ## The specification for :zeek:see:`Cluster::proxy_pool`. global proxy_pool_spec: PoolSpec = PoolSpec($topic = "bro/cluster/pool/proxy", $node_type = Cluster::PROXY) &redef; - ## The specification for :bro:see:`Cluster::worker_pool`. + ## The specification for :zeek:see:`Cluster::worker_pool`. global worker_pool_spec: PoolSpec = PoolSpec($topic = "bro/cluster/pool/worker", $node_type = Cluster::WORKER) &redef; - ## The specification for :bro:see:`Cluster::logger_pool`. + ## The specification for :zeek:see:`Cluster::logger_pool`. global logger_pool_spec: PoolSpec = PoolSpec($topic = "bro/cluster/pool/logger", $node_type = Cluster::LOGGER) &redef; @@ -120,10 +120,10 @@ export { global rr_topic: function(pool: Pool, key: string &default=""): string; ## Distributes log message topics among logger nodes via round-robin. - ## This will be automatically assigned to :bro:see:`Broker::log_topic` - ## if :bro:see:`Cluster::enable_round_robin_logging` is enabled. + ## This will be automatically assigned to :zeek:see:`Broker::log_topic` + ## if :zeek:see:`Cluster::enable_round_robin_logging` is enabled. ## If no logger nodes are active, then this will return the value - ## of :bro:see:`Broker::default_log_topic`. + ## of :zeek:see:`Broker::default_log_topic`. global rr_log_topic: function(id: Log::ID, path: string): string; } @@ -136,7 +136,7 @@ export { ## Returns: F if a node of the same name already exists in the pool, else T. global init_pool_node: function(pool: Pool, name: string): bool; -## Mark a pool node as alive/online/available. :bro:see:`Cluster::hrw_topic` +## Mark a pool node as alive/online/available. :zeek:see:`Cluster::hrw_topic` ## will distribute keys to nodes marked as alive. ## ## pool: the pool to which the node belongs. @@ -146,7 +146,7 @@ global init_pool_node: function(pool: Pool, name: string): bool; ## Returns: F if the node does not exist in the pool, else T. global mark_pool_node_alive: function(pool: Pool, name: string): bool; -## Mark a pool node as dead/offline/unavailable. :bro:see:`Cluster::hrw_topic` +## Mark a pool node as dead/offline/unavailable. :zeek:see:`Cluster::hrw_topic` ## will not distribute keys to nodes marked as dead. ## ## pool: the pool to which the node belongs. diff --git a/scripts/base/frameworks/cluster/setup-connections.zeek b/scripts/base/frameworks/cluster/setup-connections.zeek index 004dd22f2a..4903f62c0a 100644 --- a/scripts/base/frameworks/cluster/setup-connections.zeek +++ b/scripts/base/frameworks/cluster/setup-connections.zeek @@ -1,5 +1,5 @@ ##! This script establishes communication among all nodes in a cluster -##! as defined by :bro:id:`Cluster::nodes`. +##! as defined by :zeek:id:`Cluster::nodes`. @load ./main @load ./pools diff --git a/scripts/base/frameworks/config/main.zeek b/scripts/base/frameworks/config/main.zeek index aacebbc530..b801c82267 100644 --- a/scripts/base/frameworks/config/main.zeek +++ b/scripts/base/frameworks/config/main.zeek @@ -24,14 +24,14 @@ export { location: string &optional &log; }; - ## Event that can be handled to access the :bro:type:`Config::Info` + ## Event that can be handled to access the :zeek:type:`Config::Info` ## record as it is sent on to the logging framework. global log_config: event(rec: Info); ## This function is the config framework layer around the lower-level - ## :bro:see:`Option::set` call. Config::set_value will set the configuration + ## :zeek:see:`Option::set` call. Config::set_value will set the configuration ## value for all nodes in the cluster, no matter where it was called. Note - ## that :bro:see:`Option::set` does not distribute configuration changes + ## that :zeek:see:`Option::set` does not distribute configuration changes ## to other nodes. ## ## ID: The ID of the option to update. diff --git a/scripts/base/frameworks/control/main.zeek b/scripts/base/frameworks/control/main.zeek index e374806b55..ad1bf3bcce 100644 --- a/scripts/base/frameworks/control/main.zeek +++ b/scripts/base/frameworks/control/main.zeek @@ -8,7 +8,7 @@ export { ## The topic prefix used for exchanging control messages via Broker. const topic_prefix = "bro/control"; - ## Whether the controllee should call :bro:see:`Broker::listen`. + ## Whether the controllee should call :zeek:see:`Broker::listen`. ## In a cluster, this isn't needed since the setup process calls it. const controllee_listen = T &redef; @@ -18,7 +18,7 @@ export { ## The port of the host that will be controlled. const host_port = 0/tcp &redef; - ## If :bro:id:`Control::host` is a non-global IPv6 address and + ## If :zeek:id:`Control::host` is a non-global IPv6 address and ## requires a specific :rfc:`4007` ``zone_id``, it can be set here. const zone_id = "" &redef; @@ -45,7 +45,7 @@ export { ## Event for requesting the value of an ID (a variable). global id_value_request: event(id: string); ## Event for returning the value of an ID after an - ## :bro:id:`Control::id_value_request` event. + ## :zeek:id:`Control::id_value_request` event. global id_value_response: event(id: string, val: string); ## Requests the current communication status. @@ -62,7 +62,7 @@ export { ## updated. global configuration_update_request: event(); ## This event is a wrapper and alias for the - ## :bro:id:`Control::configuration_update_request` event. + ## :zeek:id:`Control::configuration_update_request` event. ## This event is also a primary hooking point for the control framework. global configuration_update: event(); ## Message in response to a configuration update request. diff --git a/scripts/base/frameworks/files/main.zeek b/scripts/base/frameworks/files/main.zeek index fc75d68e8e..591d6724e6 100644 --- a/scripts/base/frameworks/files/main.zeek +++ b/scripts/base/frameworks/files/main.zeek @@ -18,19 +18,19 @@ export { type AnalyzerArgs: record { ## An event which will be generated for all new file contents, ## chunk-wise. Used when *tag* (in the - ## :bro:see:`Files::add_analyzer` function) is - ## :bro:see:`Files::ANALYZER_DATA_EVENT`. + ## :zeek:see:`Files::add_analyzer` function) is + ## :zeek:see:`Files::ANALYZER_DATA_EVENT`. chunk_event: event(f: fa_file, data: string, off: count) &optional; ## An event which will be generated for all new file contents, ## stream-wise. Used when *tag* is - ## :bro:see:`Files::ANALYZER_DATA_EVENT`. + ## :zeek:see:`Files::ANALYZER_DATA_EVENT`. stream_event: event(f: fa_file, data: string) &optional; } &redef; ## Contains all metadata related to the analysis of a given file. ## For the most part, fields here are derived from ones of the same name - ## in :bro:see:`fa_file`. + ## in :zeek:see:`fa_file`. type Info: record { ## The time when the file was first seen. ts: time &log; @@ -66,7 +66,7 @@ export { analyzers: set[string] &default=string_set() &log; ## A mime type provided by the strongest file magic signature - ## match against the *bof_buffer* field of :bro:see:`fa_file`, + ## match against the *bof_buffer* field of :zeek:see:`fa_file`, ## or in the cases where no buffering of the beginning of file ## occurs, an initial guess of the mime type based on the first ## data seen. @@ -82,7 +82,7 @@ export { ## If the source of this file is a network connection, this field ## indicates if the data originated from the local network or not as - ## determined by the configured :bro:see:`Site::local_nets`. + ## determined by the configured :zeek:see:`Site::local_nets`. local_orig: bool &log &optional; ## If the source of this file is a network connection, this field @@ -118,8 +118,8 @@ export { const disable: table[Files::Tag] of bool = table() &redef; ## The salt concatenated to unique file handle strings generated by - ## :bro:see:`get_file_handle` before hashing them in to a file id - ## (the *id* field of :bro:see:`fa_file`). + ## :zeek:see:`get_file_handle` before hashing them in to a file id + ## (the *id* field of :zeek:see:`fa_file`). ## Provided to help mitigate the possibility of manipulating parts of ## network connections that factor in to the file handle in order to ## generate two handles that would hash to the same file id. @@ -142,11 +142,11 @@ export { ## Returns: T if the file uid is known. global file_exists: function(fuid: string): bool; - ## Lookup an :bro:see:`fa_file` record with the file id. + ## Lookup an :zeek:see:`fa_file` record with the file id. ## ## fuid: the file id. ## - ## Returns: the associated :bro:see:`fa_file` record. + ## Returns: the associated :zeek:see:`fa_file` record. global lookup_file: function(fuid: string): fa_file; ## Allows the file reassembler to be used if it's necessary because the @@ -169,10 +169,10 @@ export { ## max: Maximum allowed size of the reassembly buffer. global set_reassembly_buffer_size: function(f: fa_file, max: count); - ## Sets the *timeout_interval* field of :bro:see:`fa_file`, which is + ## Sets the *timeout_interval* field of :zeek:see:`fa_file`, which is ## used to determine the length of inactivity that is allowed for a file ## before internal state related to it is cleaned up. When used within - ## a :bro:see:`file_timeout` handler, the analysis will delay timing out + ## a :zeek:see:`file_timeout` handler, the analysis will delay timing out ## again for the period specified by *t*. ## ## f: the file. @@ -255,7 +255,7 @@ export { ## ## tag: Tag for the protocol analyzer having a callback being registered. ## - ## reg: A :bro:see:`Files::ProtoRegistration` record. + ## reg: A :zeek:see:`Files::ProtoRegistration` record. ## ## Returns: true if the protocol being registered was not previously registered. global register_protocol: function(tag: Analyzer::Tag, reg: ProtoRegistration): bool; diff --git a/scripts/base/frameworks/input/main.zeek b/scripts/base/frameworks/input/main.zeek index 0839602a7a..84488f130c 100644 --- a/scripts/base/frameworks/input/main.zeek +++ b/scripts/base/frameworks/input/main.zeek @@ -193,7 +193,7 @@ export { ## Descriptive name that uniquely identifies the input source. ## Can be used to remove a stream at a later time. ## This will also be used for the unique *source* field of - ## :bro:see:`fa_file`. Most of the time, the best choice for this + ## :zeek:see:`fa_file`. Most of the time, the best choice for this ## field will be the same value as the *source* field. name: string; diff --git a/scripts/base/frameworks/intel/main.zeek b/scripts/base/frameworks/intel/main.zeek index f59323369d..380cb39eaa 100644 --- a/scripts/base/frameworks/intel/main.zeek +++ b/scripts/base/frameworks/intel/main.zeek @@ -35,7 +35,7 @@ export { ## Set of intelligence data types. type TypeSet: set[Type]; - ## Data about an :bro:type:`Intel::Item`. + ## Data about an :zeek:type:`Intel::Item`. type MetaData: record { ## An arbitrary string value representing the data source. This ## value is used as unique key to identify a metadata record in @@ -75,7 +75,7 @@ export { ## The type of data that the indicator represents. indicator_type: Type &log &optional; - ## If the indicator type was :bro:enum:`Intel::ADDR`, then this + ## If the indicator type was :zeek:enum:`Intel::ADDR`, then this ## field will be present. host: addr &optional; @@ -155,7 +155,7 @@ export { global extend_match: hook(info: Info, s: Seen, items: set[Item]); ## The expiration timeout for intelligence items. Once an item expires, the - ## :bro:id:`Intel::item_expired` hook is called. Reinsertion of an item + ## :zeek:id:`Intel::item_expired` hook is called. Reinsertion of an item ## resets the timeout. A negative value disables expiration of intelligence ## items. const item_expiration = -1 min &redef; diff --git a/scripts/base/frameworks/logging/main.zeek b/scripts/base/frameworks/logging/main.zeek index 798b54839e..8746ee3654 100644 --- a/scripts/base/frameworks/logging/main.zeek +++ b/scripts/base/frameworks/logging/main.zeek @@ -176,7 +176,7 @@ export { ## easy to flood the disk by returning a new string for each ## connection. Upon adding a filter to a stream, if neither ## ``path`` nor ``path_func`` is explicitly set by them, then - ## :bro:see:`Log::default_path_func` is used. + ## :zeek:see:`Log::default_path_func` is used. ## ## id: The ID associated with the log stream. ## @@ -191,7 +191,7 @@ export { ## ## Returns: The path to be used for the filter, which will be ## subject to the same automatic correction rules as - ## the *path* field of :bro:type:`Log::Filter` in the + ## the *path* field of :zeek:type:`Log::Filter` in the ## case of conflicts with other filters trying to use ## the same writer/path pair. path_func: function(id: ID, path: string, rec: any): string &optional; @@ -232,7 +232,7 @@ export { interv: interval &default=default_rotation_interval; ## Callback function to trigger for rotated files. If not set, the - ## default comes out of :bro:id:`Log::default_rotation_postprocessors`. + ## default comes out of :zeek:id:`Log::default_rotation_postprocessors`. postprocessor: function(info: RotationInfo) : bool &optional; ## A key/value table that will be passed on to the writer. @@ -253,7 +253,7 @@ export { ## Returns: True if a new logging stream was successfully created and ## a default filter added to it. ## - ## .. bro:see:: Log::add_default_filter Log::remove_default_filter + ## .. zeek:see:: Log::add_default_filter Log::remove_default_filter global create_stream: function(id: ID, stream: Stream) : bool; ## Removes a logging stream completely, stopping all the threads. @@ -262,7 +262,7 @@ export { ## ## Returns: True if the stream was successfully removed. ## - ## .. bro:see:: Log::create_stream + ## .. zeek:see:: Log::create_stream global remove_stream: function(id: ID) : bool; ## Enables a previously disabled logging stream. Disabled streams @@ -273,7 +273,7 @@ export { ## ## Returns: True if the stream is re-enabled or was not previously disabled. ## - ## .. bro:see:: Log::disable_stream + ## .. zeek:see:: Log::disable_stream global enable_stream: function(id: ID) : bool; ## Disables a currently enabled logging stream. Disabled streams @@ -284,7 +284,7 @@ export { ## ## Returns: True if the stream is now disabled or was already disabled. ## - ## .. bro:see:: Log::enable_stream + ## .. zeek:see:: Log::enable_stream global disable_stream: function(id: ID) : bool; ## Adds a custom filter to an existing logging stream. If a filter @@ -299,7 +299,7 @@ export { ## the filter was not added or the *filter* argument was not ## the correct type. ## - ## .. bro:see:: Log::remove_filter Log::add_default_filter + ## .. zeek:see:: Log::remove_filter Log::add_default_filter ## Log::remove_default_filter Log::get_filter Log::get_filter_names global add_filter: function(id: ID, filter: Filter) : bool; @@ -309,12 +309,12 @@ export { ## remove a filter. ## ## name: A string to match against the ``name`` field of a - ## :bro:type:`Log::Filter` for identification purposes. + ## :zeek:type:`Log::Filter` for identification purposes. ## ## Returns: True if the logging stream's filter was removed or ## if no filter associated with *name* was found. ## - ## .. bro:see:: Log::remove_filter Log::add_default_filter + ## .. zeek:see:: Log::remove_filter Log::add_default_filter ## Log::remove_default_filter Log::get_filter Log::get_filter_names global remove_filter: function(id: ID, name: string) : bool; @@ -326,7 +326,7 @@ export { ## ## Returns: The set of filter names associated with the stream. ## - ## ..bro:see:: Log::remove_filter Log::add_default_filter + ## ..zeek:see:: Log::remove_filter Log::add_default_filter ## Log::remove_default_filter Log::get_filter global get_filter_names: function(id: ID) : set[string]; @@ -336,13 +336,13 @@ export { ## obtain one of its filters. ## ## name: A string to match against the ``name`` field of a - ## :bro:type:`Log::Filter` for identification purposes. + ## :zeek:type:`Log::Filter` for identification purposes. ## ## Returns: A filter attached to the logging stream *id* matching ## *name* or, if no matches are found returns the - ## :bro:id:`Log::no_filter` sentinel value. + ## :zeek:id:`Log::no_filter` sentinel value. ## - ## .. bro:see:: Log::add_filter Log::remove_filter Log::add_default_filter + ## .. zeek:see:: Log::add_filter Log::remove_filter Log::add_default_filter ## Log::remove_default_filter Log::get_filter_names global get_filter: function(id: ID, name: string) : Filter; @@ -360,7 +360,7 @@ export { ## to handle, or one of the stream's filters has an invalid ## ``path_func``. ## - ## .. bro:see:: Log::enable_stream Log::disable_stream + ## .. zeek:see:: Log::enable_stream Log::disable_stream global write: function(id: ID, columns: any) : bool; ## Sets the buffering status for all the writers of a given logging stream. @@ -375,7 +375,7 @@ export { ## Returns: True if buffering status was set, false if the logging stream ## does not exist. ## - ## .. bro:see:: Log::flush + ## .. zeek:see:: Log::flush global set_buf: function(id: ID, buffered: bool): bool; ## Flushes any currently buffered output for all the writers of a given @@ -388,50 +388,50 @@ export { ## buffered data or if the logging stream is disabled, ## false if the logging stream does not exist. ## - ## .. bro:see:: Log::set_buf Log::enable_stream Log::disable_stream + ## .. zeek:see:: Log::set_buf Log::enable_stream Log::disable_stream global flush: function(id: ID): bool; - ## Adds a default :bro:type:`Log::Filter` record with ``name`` field + ## Adds a default :zeek:type:`Log::Filter` record with ``name`` field ## set as "default" to a given logging stream. ## ## id: The ID associated with a logging stream for which to add a default ## filter. ## - ## Returns: The status of a call to :bro:id:`Log::add_filter` using a - ## default :bro:type:`Log::Filter` argument with ``name`` field + ## Returns: The status of a call to :zeek:id:`Log::add_filter` using a + ## default :zeek:type:`Log::Filter` argument with ``name`` field ## set to "default". ## - ## .. bro:see:: Log::add_filter Log::remove_filter + ## .. zeek:see:: Log::add_filter Log::remove_filter ## Log::remove_default_filter global add_default_filter: function(id: ID) : bool; - ## Removes the :bro:type:`Log::Filter` with ``name`` field equal to + ## Removes the :zeek:type:`Log::Filter` with ``name`` field equal to ## "default". ## ## id: The ID associated with a logging stream from which to remove the ## default filter. ## - ## Returns: The status of a call to :bro:id:`Log::remove_filter` using + ## Returns: The status of a call to :zeek:id:`Log::remove_filter` using ## "default" as the argument. ## - ## .. bro:see:: Log::add_filter Log::remove_filter Log::add_default_filter + ## .. zeek:see:: Log::add_filter Log::remove_filter Log::add_default_filter global remove_default_filter: function(id: ID) : bool; - ## Runs a command given by :bro:id:`Log::default_rotation_postprocessor_cmd` + ## Runs a command given by :zeek:id:`Log::default_rotation_postprocessor_cmd` ## on a rotated file. Meant to be called from postprocessor functions - ## that are added to :bro:id:`Log::default_rotation_postprocessors`. + ## that are added to :zeek:id:`Log::default_rotation_postprocessors`. ## ## info: A record holding meta-information about the log being rotated. ## ## npath: The new path of the file (after already being rotated/processed ## by writer-specific postprocessor as defined in - ## :bro:id:`Log::default_rotation_postprocessors`). + ## :zeek:id:`Log::default_rotation_postprocessors`). ## - ## Returns: True when :bro:id:`Log::default_rotation_postprocessor_cmd` + ## Returns: True when :zeek:id:`Log::default_rotation_postprocessor_cmd` ## is empty or the system command given by it has been invoked ## to postprocess a rotated log file. ## - ## .. bro:see:: Log::default_rotation_date_format + ## .. zeek:see:: Log::default_rotation_date_format ## Log::default_rotation_postprocessor_cmd ## Log::default_rotation_postprocessors global run_rotation_postprocessor_cmd: function(info: RotationInfo, npath: string) : bool; diff --git a/scripts/base/frameworks/logging/postprocessors/scp.zeek b/scripts/base/frameworks/logging/postprocessors/scp.zeek index 462cb86b20..22adc29e47 100644 --- a/scripts/base/frameworks/logging/postprocessors/scp.zeek +++ b/scripts/base/frameworks/logging/postprocessors/scp.zeek @@ -2,22 +2,22 @@ ##! to a logging filter in order to automatically SCP (secure copy) ##! a log stream (or a subset of it) to a remote host at configurable ##! rotation time intervals. Generally, to use this functionality -##! you must handle the :bro:id:`zeek_init` event and do the following +##! you must handle the :zeek:id:`zeek_init` event and do the following ##! in your handler: ##! -##! 1) Create a new :bro:type:`Log::Filter` record that defines a name/path, +##! 1) Create a new :zeek:type:`Log::Filter` record that defines a name/path, ##! rotation interval, and set the ``postprocessor`` to -##! :bro:id:`Log::scp_postprocessor`. -##! 2) Add the filter to a logging stream using :bro:id:`Log::add_filter`. -##! 3) Add a table entry to :bro:id:`Log::scp_destinations` for the filter's -##! writer/path pair which defines a set of :bro:type:`Log::SCPDestination` +##! :zeek:id:`Log::scp_postprocessor`. +##! 2) Add the filter to a logging stream using :zeek:id:`Log::add_filter`. +##! 3) Add a table entry to :zeek:id:`Log::scp_destinations` for the filter's +##! writer/path pair which defines a set of :zeek:type:`Log::SCPDestination` ##! records. module Log; export { ## Secure-copies the rotated log to all the remote hosts - ## defined in :bro:id:`Log::scp_destinations` and then deletes + ## defined in :zeek:id:`Log::scp_destinations` and then deletes ## the local copy of the rotated log. It's not active when ## reading from trace files. ## @@ -42,7 +42,7 @@ export { }; ## A table indexed by a particular log writer and filter path, that yields - ## a set of remote destinations. The :bro:id:`Log::scp_postprocessor` + ## a set of remote destinations. The :zeek:id:`Log::scp_postprocessor` ## function queries this table upon log rotation and performs a secure ## copy of the rotated log to each destination in the set. This ## table can be modified at run-time. diff --git a/scripts/base/frameworks/logging/postprocessors/sftp.zeek b/scripts/base/frameworks/logging/postprocessors/sftp.zeek index 803851261f..75ab438809 100644 --- a/scripts/base/frameworks/logging/postprocessors/sftp.zeek +++ b/scripts/base/frameworks/logging/postprocessors/sftp.zeek @@ -2,22 +2,22 @@ ##! to a logging filter in order to automatically SFTP ##! a log stream (or a subset of it) to a remote host at configurable ##! rotation time intervals. Generally, to use this functionality -##! you must handle the :bro:id:`zeek_init` event and do the following +##! you must handle the :zeek:id:`zeek_init` event and do the following ##! in your handler: ##! -##! 1) Create a new :bro:type:`Log::Filter` record that defines a name/path, +##! 1) Create a new :zeek:type:`Log::Filter` record that defines a name/path, ##! rotation interval, and set the ``postprocessor`` to -##! :bro:id:`Log::sftp_postprocessor`. -##! 2) Add the filter to a logging stream using :bro:id:`Log::add_filter`. -##! 3) Add a table entry to :bro:id:`Log::sftp_destinations` for the filter's -##! writer/path pair which defines a set of :bro:type:`Log::SFTPDestination` +##! :zeek:id:`Log::sftp_postprocessor`. +##! 2) Add the filter to a logging stream using :zeek:id:`Log::add_filter`. +##! 3) Add a table entry to :zeek:id:`Log::sftp_destinations` for the filter's +##! writer/path pair which defines a set of :zeek:type:`Log::SFTPDestination` ##! records. module Log; export { ## Securely transfers the rotated log to all the remote hosts - ## defined in :bro:id:`Log::sftp_destinations` and then deletes + ## defined in :zeek:id:`Log::sftp_destinations` and then deletes ## the local copy of the rotated log. It's not active when ## reading from trace files. ## @@ -44,7 +44,7 @@ export { }; ## A table indexed by a particular log writer and filter path, that yields - ## a set of remote destinations. The :bro:id:`Log::sftp_postprocessor` + ## a set of remote destinations. The :zeek:id:`Log::sftp_postprocessor` ## function queries this table upon log rotation and performs a secure ## transfer of the rotated log to each destination in the set. This ## table can be modified at run-time. diff --git a/scripts/base/frameworks/netcontrol/catch-and-release.zeek b/scripts/base/frameworks/netcontrol/catch-and-release.zeek index 83d9e1d7af..1a8ba88574 100644 --- a/scripts/base/frameworks/netcontrol/catch-and-release.zeek +++ b/scripts/base/frameworks/netcontrol/catch-and-release.zeek @@ -80,7 +80,7 @@ export { ## again. ## ## In cluster mode, this function works on workers as well as the manager. On managers, - ## the returned :bro:see:`NetControl::BlockInfo` record will not contain the block ID, + ## the returned :zeek:see:`NetControl::BlockInfo` record will not contain the block ID, ## which will be assigned on the manager. ## ## a: The address to be dropped. @@ -89,7 +89,7 @@ export { ## ## location: An optional string describing where the drop was triggered. ## - ## Returns: The :bro:see:`NetControl::BlockInfo` record containing information about + ## Returns: The :zeek:see:`NetControl::BlockInfo` record containing information about ## the inserted block. global drop_address_catch_release: function(a: addr, location: string &default="") : BlockInfo; @@ -114,7 +114,7 @@ export { ## a: The address that was seen and should be re-dropped if it is being watched. global catch_release_seen: function(a: addr); - ## Get the :bro:see:`NetControl::BlockInfo` record for an address currently blocked by catch and release. + ## Get the :zeek:see:`NetControl::BlockInfo` record for an address currently blocked by catch and release. ## If the address is unknown to catch and release, the watch_until time will be set to 0. ## ## In cluster mode, this function works on the manager and workers. On workers, the data will @@ -123,7 +123,7 @@ export { ## ## a: The address to get information about. ## - ## Returns: The :bro:see:`NetControl::BlockInfo` record containing information about + ## Returns: The :zeek:see:`NetControl::BlockInfo` record containing information about ## the inserted block. global get_catch_release_info: function(a: addr) : BlockInfo; @@ -132,7 +132,7 @@ export { ## ## a: The address that is no longer being managed. ## - ## bi: The :bro:see:`NetControl::BlockInfo` record containing information about the block. + ## bi: The :zeek:see:`NetControl::BlockInfo` record containing information about the block. global catch_release_forgotten: event(a: addr, bi: BlockInfo); ## If true, catch_release_seen is called on the connection originator in new_connection, @@ -148,7 +148,7 @@ export { ## effect. const catch_release_intervals: vector of interval = vector(10min, 1hr, 24hrs, 7days) &redef; - ## Event that can be handled to access the :bro:type:`NetControl::CatchReleaseInfo` + ## Event that can be handled to access the :zeek:type:`NetControl::CatchReleaseInfo` ## record as it is sent on to the logging framework. global log_netcontrol_catch_release: event(rec: CatchReleaseInfo); diff --git a/scripts/base/frameworks/netcontrol/drop.zeek b/scripts/base/frameworks/netcontrol/drop.zeek index 40304e1187..9c1adc73d2 100644 --- a/scripts/base/frameworks/netcontrol/drop.zeek +++ b/scripts/base/frameworks/netcontrol/drop.zeek @@ -50,7 +50,7 @@ export { ## r: The rule to be added. global NetControl::drop_rule_policy: hook(r: Rule); - ## Event that can be handled to access the :bro:type:`NetControl::ShuntInfo` + ## Event that can be handled to access the :zeek:type:`NetControl::ShuntInfo` ## record as it is sent on to the logging framework. global log_netcontrol_drop: event(rec: DropInfo); } diff --git a/scripts/base/frameworks/netcontrol/main.zeek b/scripts/base/frameworks/netcontrol/main.zeek index ee5f6a276c..97b6e27459 100644 --- a/scripts/base/frameworks/netcontrol/main.zeek +++ b/scripts/base/frameworks/netcontrol/main.zeek @@ -98,7 +98,7 @@ export { ## Returns: Vector of inserted rules on success, empty list on failure. global quarantine_host: function(infected: addr, dns: addr, quarantine: addr, t: interval, location: string &default="") : vector of string; - ## Flushes all state by calling :bro:see:`NetControl::remove_rule` on all currently active rules. + ## Flushes all state by calling :zeek:see:`NetControl::remove_rule` on all currently active rules. global clear: function(); # ### @@ -122,7 +122,7 @@ export { ## Removes a rule. ## - ## id: The rule to remove, specified as the ID returned by :bro:see:`NetControl::add_rule`. + ## id: The rule to remove, specified as the ID returned by :zeek:see:`NetControl::add_rule`. ## ## reason: Optional string argument giving information on why the rule was removed. ## @@ -138,7 +138,7 @@ export { ## the rule has been added; if it is not removed from them by a separate mechanism, ## it will stay installed and not be removed later. ## - ## id: The rule to delete, specified as the ID returned by :bro:see:`NetControl::add_rule`. + ## id: The rule to delete, specified as the ID returned by :zeek:see:`NetControl::add_rule`. ## ## reason: Optional string argument giving information on why the rule was deleted. ## @@ -321,7 +321,7 @@ export { plugin: string &log &optional; }; - ## Event that can be handled to access the :bro:type:`NetControl::Info` + ## Event that can be handled to access the :zeek:type:`NetControl::Info` ## record as it is sent on to the logging framework. global log_netcontrol: event(rec: Info); } diff --git a/scripts/base/frameworks/netcontrol/plugins/broker.zeek b/scripts/base/frameworks/netcontrol/plugins/broker.zeek index 4bfb231c94..599613d06d 100644 --- a/scripts/base/frameworks/netcontrol/plugins/broker.zeek +++ b/scripts/base/frameworks/netcontrol/plugins/broker.zeek @@ -9,7 +9,7 @@ module NetControl; @load base/frameworks/broker export { - ## This record specifies the configuration that is passed to :bro:see:`NetControl::create_broker`. + ## This record specifies the configuration that is passed to :zeek:see:`NetControl::create_broker`. type BrokerConfig: record { ## The broker topic to send events to. topic: string &optional; diff --git a/scripts/base/frameworks/netcontrol/plugins/openflow.zeek b/scripts/base/frameworks/netcontrol/plugins/openflow.zeek index f1403a70a8..d80d7c4a41 100644 --- a/scripts/base/frameworks/netcontrol/plugins/openflow.zeek +++ b/scripts/base/frameworks/netcontrol/plugins/openflow.zeek @@ -7,7 +7,7 @@ module NetControl; export { - ## This record specifies the configuration that is passed to :bro:see:`NetControl::create_openflow`. + ## This record specifies the configuration that is passed to :zeek:see:`NetControl::create_openflow`. type OfConfig: record { monitor: bool &default=T; ##< Accept rules that target the monitor path. forward: bool &default=T; ##< Accept rules that target the forward path. diff --git a/scripts/base/frameworks/netcontrol/shunt.zeek b/scripts/base/frameworks/netcontrol/shunt.zeek index 58923a0cb3..7cbd8512e2 100644 --- a/scripts/base/frameworks/netcontrol/shunt.zeek +++ b/scripts/base/frameworks/netcontrol/shunt.zeek @@ -31,7 +31,7 @@ export { location: string &log &optional; }; - ## Event that can be handled to access the :bro:type:`NetControl::ShuntInfo` + ## Event that can be handled to access the :zeek:type:`NetControl::ShuntInfo` ## record as it is sent on to the logging framework. global log_netcontrol_shunt: event(rec: ShuntInfo); } diff --git a/scripts/base/frameworks/netcontrol/types.zeek b/scripts/base/frameworks/netcontrol/types.zeek index 7fda65ea6b..2be65ce3e6 100644 --- a/scripts/base/frameworks/netcontrol/types.zeek +++ b/scripts/base/frameworks/netcontrol/types.zeek @@ -1,6 +1,6 @@ ##! This file defines the types that are used by the NetControl framework. ##! -##! The most important type defined in this file is :bro:see:`NetControl::Rule`, +##! The most important type defined in this file is :zeek:see:`NetControl::Rule`, ##! which is used to describe all rules that can be expressed by the NetControl framework. module NetControl; @@ -10,11 +10,11 @@ export { option default_priority: int = +0; ## The default priority that is used when using the high-level functions to - ## push whitelist entries to the backends (:bro:see:`NetControl::whitelist_address` and - ## :bro:see:`NetControl::whitelist_subnet`). + ## push whitelist entries to the backends (:zeek:see:`NetControl::whitelist_address` and + ## :zeek:see:`NetControl::whitelist_subnet`). ## ## Note that this priority is not automatically used when manually creating rules - ## that have a :bro:see:`NetControl::RuleType` of :bro:enum:`NetControl::WHITELIST`. + ## that have a :zeek:see:`NetControl::RuleType` of :zeek:enum:`NetControl::WHITELIST`. const whitelist_priority: int = +5 &redef; ## Type defining the entity that a rule applies to. @@ -25,7 +25,7 @@ export { MAC, ##< Activity involving a MAC address. }; - ## Flow is used in :bro:type:`NetControl::Entity` together with :bro:enum:`NetControl::FLOW` to specify + ## Flow is used in :zeek:type:`NetControl::Entity` together with :zeek:enum:`NetControl::FLOW` to specify ## a uni-directional flow that a rule applies to. ## ## If optional fields are not set, they are interpreted as wildcarded. @@ -41,10 +41,10 @@ export { ## Type defining the entity a rule is operating on. type Entity: record { ty: EntityType; ##< Type of entity. - conn: conn_id &optional; ##< Used with :bro:enum:`NetControl::CONNECTION`. - flow: Flow &optional; ##< Used with :bro:enum:`NetControl::FLOW`. - ip: subnet &optional; ##< Used with :bro:enum:`NetControl::ADDRESS` to specifiy a CIDR subnet. - mac: string &optional; ##< Used with :bro:enum:`NetControl::MAC`. + conn: conn_id &optional; ##< Used with :zeek:enum:`NetControl::CONNECTION`. + flow: Flow &optional; ##< Used with :zeek:enum:`NetControl::FLOW`. + ip: subnet &optional; ##< Used with :zeek:enum:`NetControl::ADDRESS` to specifiy a CIDR subnet. + mac: string &optional; ##< Used with :zeek:enum:`NetControl::MAC`. }; ## Type defining the target of a rule. @@ -59,7 +59,7 @@ export { }; ## Type of rules that the framework supports. Each type lists the extra - ## :bro:type:`NetControl::Rule` fields it uses, if any. + ## :zeek:type:`NetControl::Rule` fields it uses, if any. ## ## Plugins may extend this type to define their own. type RuleType: enum { @@ -108,8 +108,8 @@ export { priority: int &default=default_priority; ##< Priority if multiple rules match an entity (larger value is higher priority). location: string &optional; ##< Optional string describing where/what installed the rule. - out_port: count &optional; ##< Argument for :bro:enum:`NetControl::REDIRECT` rules. - mod: FlowMod &optional; ##< Argument for :bro:enum:`NetControl::MODIFY` rules. + out_port: count &optional; ##< Argument for :zeek:enum:`NetControl::REDIRECT` rules. + mod: FlowMod &optional; ##< Argument for :zeek:enum:`NetControl::MODIFY` rules. id: string &default=""; ##< Internally determined unique ID for this rule. Will be set when added. cid: count &default=0; ##< Internally determined unique numeric ID for this rule. Set when added. diff --git a/scripts/base/frameworks/notice/actions/add-geodata.zeek b/scripts/base/frameworks/notice/actions/add-geodata.zeek index 7d097f5eb6..04cc10209d 100644 --- a/scripts/base/frameworks/notice/actions/add-geodata.zeek +++ b/scripts/base/frameworks/notice/actions/add-geodata.zeek @@ -13,7 +13,7 @@ module Notice; export { redef enum Action += { ## Indicates that the notice should have geodata added for the - ## "remote" host. :bro:id:`Site::local_nets` must be defined + ## "remote" host. :zeek:id:`Site::local_nets` must be defined ## in order for this to work. ACTION_ADD_GEODATA }; diff --git a/scripts/base/frameworks/notice/actions/drop.zeek b/scripts/base/frameworks/notice/actions/drop.zeek index a189faaeda..024c3b5b92 100644 --- a/scripts/base/frameworks/notice/actions/drop.zeek +++ b/scripts/base/frameworks/notice/actions/drop.zeek @@ -8,7 +8,7 @@ module Notice; export { redef enum Action += { - ## Drops the address via :bro:see:`NetControl::drop_address_catch_release`. + ## Drops the address via :zeek:see:`NetControl::drop_address_catch_release`. ACTION_DROP }; diff --git a/scripts/base/frameworks/notice/actions/email_admin.zeek b/scripts/base/frameworks/notice/actions/email_admin.zeek index fb82f2b960..1b02e5ff0c 100644 --- a/scripts/base/frameworks/notice/actions/email_admin.zeek +++ b/scripts/base/frameworks/notice/actions/email_admin.zeek @@ -1,6 +1,6 @@ ##! Adds a new notice action type which can be used to email notices ##! to the administrators of a particular address space as set by -##! :bro:id:`Site::local_admins` if the notice contains a source +##! :zeek:id:`Site::local_admins` if the notice contains a source ##! or destination address that lies within their space. @load ../main @@ -12,7 +12,7 @@ export { redef enum Action += { ## Indicate that the generated email should be addressed to the ## appropriate email addresses as found by the - ## :bro:id:`Site::get_emails` function based on the relevant + ## :zeek:id:`Site::get_emails` function based on the relevant ## address or addresses indicated in the notice. ACTION_EMAIL_ADMIN }; diff --git a/scripts/base/frameworks/notice/actions/page.zeek b/scripts/base/frameworks/notice/actions/page.zeek index 73432337d1..99ca44537b 100644 --- a/scripts/base/frameworks/notice/actions/page.zeek +++ b/scripts/base/frameworks/notice/actions/page.zeek @@ -7,12 +7,12 @@ module Notice; export { redef enum Action += { ## Indicates that the notice should be sent to the pager email - ## address configured in the :bro:id:`Notice::mail_page_dest` + ## address configured in the :zeek:id:`Notice::mail_page_dest` ## variable. ACTION_PAGE }; - ## Email address to send notices with the :bro:enum:`Notice::ACTION_PAGE` + ## Email address to send notices with the :zeek:enum:`Notice::ACTION_PAGE` ## action. option mail_page_dest = ""; } diff --git a/scripts/base/frameworks/notice/actions/pp-alarms.zeek b/scripts/base/frameworks/notice/actions/pp-alarms.zeek index 02fe65e163..a327f3f9d6 100644 --- a/scripts/base/frameworks/notice/actions/pp-alarms.zeek +++ b/scripts/base/frameworks/notice/actions/pp-alarms.zeek @@ -12,7 +12,7 @@ export { const pretty_print_alarms = T &redef; ## Address to send the pretty-printed reports to. Default if not set is - ## :bro:id:`Notice::mail_dest`. + ## :zeek:id:`Notice::mail_dest`. ## ## Note that this is overridden by the BroControl MailAlarmsTo option. const mail_dest_pretty_printed = "" &redef; diff --git a/scripts/base/frameworks/notice/main.zeek b/scripts/base/frameworks/notice/main.zeek index 5b2625e0db..f4a7796495 100644 --- a/scripts/base/frameworks/notice/main.zeek +++ b/scripts/base/frameworks/notice/main.zeek @@ -18,7 +18,7 @@ export { ## Scripts creating new notices need to redef this enum to add their ## own specific notice types which would then get used when they call - ## the :bro:id:`NOTICE` function. The convention is to give a general + ## the :zeek:id:`NOTICE` function. The convention is to give a general ## category along with the specific notice separating words with ## underscores and using leading capitals on each word except for ## abbreviations which are kept in all capitals. For example, @@ -37,12 +37,12 @@ export { ## logging stream. ACTION_LOG, ## Indicates that the notice should be sent to the email - ## address(es) configured in the :bro:id:`Notice::mail_dest` + ## address(es) configured in the :zeek:id:`Notice::mail_dest` ## variable. ACTION_EMAIL, ## Indicates that the notice should be alarmed. A readable ## ASCII version of the alarm log is emailed in bulk to the - ## address(es) configured in :bro:id:`Notice::mail_dest`. + ## address(es) configured in :zeek:id:`Notice::mail_dest`. ACTION_ALARM, }; @@ -50,7 +50,7 @@ export { type ActionSet: set[Notice::Action]; ## The notice framework is able to do automatic notice suppression by - ## utilizing the *identifier* field in :bro:type:`Notice::Info` records. + ## utilizing the *identifier* field in :zeek:type:`Notice::Info` records. ## Set this to "0secs" to completely disable automated notice ## suppression. option default_suppression_interval = 1hrs; @@ -103,18 +103,18 @@ export { ## *conn*, *iconn* or *p* is specified. proto: transport_proto &log &optional; - ## The :bro:type:`Notice::Type` of the notice. + ## The :zeek:type:`Notice::Type` of the notice. note: Type &log; ## The human readable message for the notice. msg: string &log &optional; ## The human readable sub-message. sub: string &log &optional; - ## Source address, if we don't have a :bro:type:`conn_id`. + ## Source address, if we don't have a :zeek:type:`conn_id`. src: addr &log &optional; ## Destination address. dst: addr &log &optional; - ## Associated port, if we don't have a :bro:type:`conn_id`. + ## Associated port, if we don't have a :zeek:type:`conn_id`. p: port &log &optional; ## Associated count, or perhaps a status code. n: count &log &optional; @@ -131,14 +131,14 @@ export { ## By adding chunks of text into this element, other scripts ## can expand on notices that are being emailed. The normal ## way to add text is to extend the vector by handling the - ## :bro:id:`Notice::notice` event and modifying the notice in + ## :zeek:id:`Notice::notice` event and modifying the notice in ## place. email_body_sections: vector of string &optional; ## Adding a string "token" to this set will cause the notice ## framework's built-in emailing functionality to delay sending ## the email until either the token has been removed or the - ## email has been delayed for :bro:id:`Notice::max_email_delay`. + ## email has been delayed for :zeek:id:`Notice::max_email_delay`. email_delay_tokens: set[string] &optional; ## This field is to be provided when a notice is generated for @@ -192,8 +192,8 @@ export { ## Note that this is overridden by the BroControl SendMail option. option sendmail = "/usr/sbin/sendmail"; ## Email address to send notices with the - ## :bro:enum:`Notice::ACTION_EMAIL` action or to send bulk alarm logs - ## on rotation with :bro:enum:`Notice::ACTION_ALARM`. + ## :zeek:enum:`Notice::ACTION_EMAIL` action or to send bulk alarm logs + ## on rotation with :zeek:enum:`Notice::ACTION_ALARM`. ## ## Note that this is overridden by the BroControl MailTo option. const mail_dest = "" &redef; @@ -212,18 +212,18 @@ export { ## The maximum amount of time a plugin can delay email from being sent. const max_email_delay = 15secs &redef; - ## Contains a portion of :bro:see:`fa_file` that's also contained in - ## :bro:see:`Notice::Info`. + ## Contains a portion of :zeek:see:`fa_file` that's also contained in + ## :zeek:see:`Notice::Info`. type FileInfo: record { fuid: string; ##< File UID. desc: string; ##< File description from e.g. - ##< :bro:see:`Files::describe`. + ##< :zeek:see:`Files::describe`. mime: string &optional; ##< Strongest mime type match for file. cid: conn_id &optional; ##< Connection tuple over which file is sent. cuid: string &optional; ##< Connection UID over which file is sent. }; - ## Creates a record containing a subset of a full :bro:see:`fa_file` record. + ## Creates a record containing a subset of a full :zeek:see:`fa_file` record. ## ## f: record containing metadata about a file. ## @@ -245,7 +245,7 @@ export { global populate_file_info2: function(fi: Notice::FileInfo, n: Notice::Info); ## A log postprocessing function that implements emailing the contents - ## of a log upon rotation to any configured :bro:id:`Notice::mail_dest`. + ## of a log upon rotation to any configured :zeek:id:`Notice::mail_dest`. ## The rotated log is removed upon being sent. ## ## info: A record containing the rotated log file information. @@ -254,9 +254,9 @@ export { global log_mailing_postprocessor: function(info: Log::RotationInfo): bool; ## This is the event that is called as the entry point to the - ## notice framework by the global :bro:id:`NOTICE` function. By the + ## notice framework by the global :zeek:id:`NOTICE` function. By the ## time this event is generated, default values have already been - ## filled out in the :bro:type:`Notice::Info` record and the notice + ## filled out in the :zeek:type:`Notice::Info` record and the notice ## policy has also been applied. ## ## n: The record containing notice data. @@ -268,7 +268,7 @@ export { ## ## suppress_for: length of time that this notice should be suppressed. ## - ## note: The :bro:type:`Notice::Type` of the notice. + ## note: The :zeek:type:`Notice::Type` of the notice. ## ## identifier: The identifier string of the notice that should be suppressed. global begin_suppression: event(ts: time, suppress_for: interval, note: Type, identifier: string); @@ -286,8 +286,8 @@ export { global suppressed: event(n: Notice::Info); ## Call this function to send a notice in an email. It is already used - ## by default with the built in :bro:enum:`Notice::ACTION_EMAIL` and - ## :bro:enum:`Notice::ACTION_PAGE` actions. + ## by default with the built in :zeek:enum:`Notice::ACTION_EMAIL` and + ## :zeek:enum:`Notice::ACTION_PAGE` actions. ## ## n: The record of notice data to email. ## @@ -308,13 +308,13 @@ export { ## appended. global email_headers: function(subject_desc: string, dest: string): string; - ## This event can be handled to access the :bro:type:`Notice::Info` + ## This event can be handled to access the :zeek:type:`Notice::Info` ## record as it is sent on to the logging framework. ## ## rec: The record containing notice data before it is logged. global log_notice: event(rec: Info); - ## This is an internal wrapper for the global :bro:id:`NOTICE` + ## This is an internal wrapper for the global :zeek:id:`NOTICE` ## function; disregard. ## ## n: The record of notice data. @@ -598,7 +598,7 @@ function populate_file_info2(fi: Notice::FileInfo, n: Notice::Info) # This is run synchronously as a function before all of the other # notice related functions and events. It also modifies the -# :bro:type:`Notice::Info` record in place. +# :zeek:type:`Notice::Info` record in place. function apply_policy(n: Notice::Info) { # Fill in some defaults. diff --git a/scripts/base/frameworks/openflow/plugins/log.zeek b/scripts/base/frameworks/openflow/plugins/log.zeek index 7f1ecf86ea..23a16c3186 100644 --- a/scripts/base/frameworks/openflow/plugins/log.zeek +++ b/scripts/base/frameworks/openflow/plugins/log.zeek @@ -41,7 +41,7 @@ export { flow_mod: ofp_flow_mod &log; }; - ## Event that can be handled to access the :bro:type:`OpenFlow::Info` + ## Event that can be handled to access the :zeek:type:`OpenFlow::Info` ## record as it is sent on to the logging framework. global log_openflow: event(rec: Info); } diff --git a/scripts/base/frameworks/packet-filter/main.zeek b/scripts/base/frameworks/packet-filter/main.zeek index c06e801710..160139b1db 100644 --- a/scripts/base/frameworks/packet-filter/main.zeek +++ b/scripts/base/frameworks/packet-filter/main.zeek @@ -2,7 +2,7 @@ ##! Bro sets a capture filter that allows all traffic. If a filter ##! is set on the command line, that filter takes precedence over the default ##! open filter and all filters defined in Bro scripts with the -##! :bro:id:`capture_filters` and :bro:id:`restrict_filters` variables. +##! :zeek:id:`capture_filters` and :zeek:id:`restrict_filters` variables. @load base/frameworks/notice @load base/frameworks/analyzer @@ -48,7 +48,7 @@ export { }; ## The BPF filter that is used by default to define what traffic should - ## be captured. Filters defined in :bro:id:`restrict_filters` will + ## be captured. Filters defined in :zeek:id:`restrict_filters` will ## still be applied to reduce the captured traffic. const default_capture_filter = "ip or not ip" &redef; @@ -64,7 +64,7 @@ export { ## The maximum amount of time that you'd like to allow for BPF filters to compile. ## If this time is exceeded, compensation measures may be taken by the framework ## to reduce the filter size. This threshold being crossed also results - ## in the :bro:see:`PacketFilter::Too_Long_To_Compile_Filter` notice. + ## in the :zeek:see:`PacketFilter::Too_Long_To_Compile_Filter` notice. const max_filter_compile_time = 100msec &redef; ## Install a BPF filter to exclude some traffic. The filter should diff --git a/scripts/base/frameworks/packet-filter/utils.zeek b/scripts/base/frameworks/packet-filter/utils.zeek index 29b54229af..cbf07f64ad 100644 --- a/scripts/base/frameworks/packet-filter/utils.zeek +++ b/scripts/base/frameworks/packet-filter/utils.zeek @@ -1,7 +1,7 @@ module PacketFilter; export { - ## Takes a :bro:type:`port` and returns a BPF expression which will + ## Takes a :zeek:type:`port` and returns a BPF expression which will ## match the port. ## ## p: The port. diff --git a/scripts/base/frameworks/reporter/main.zeek b/scripts/base/frameworks/reporter/main.zeek index 39f0755325..54e4123407 100644 --- a/scripts/base/frameworks/reporter/main.zeek +++ b/scripts/base/frameworks/reporter/main.zeek @@ -2,9 +2,9 @@ ##! internal messages/warnings/errors. It should typically be loaded to ##! log such messages to a file in a standard way. For the options to ##! toggle whether messages are additionally written to STDERR, see -##! :bro:see:`Reporter::info_to_stderr`, -##! :bro:see:`Reporter::warnings_to_stderr`, and -##! :bro:see:`Reporter::errors_to_stderr`. +##! :zeek:see:`Reporter::info_to_stderr`, +##! :zeek:see:`Reporter::warnings_to_stderr`, and +##! :zeek:see:`Reporter::errors_to_stderr`. ##! ##! Note that this framework deals with the handling of internally generated ##! reporter messages, for the interface diff --git a/scripts/base/frameworks/signatures/main.zeek b/scripts/base/frameworks/signatures/main.zeek index da19416871..910f3b461c 100644 --- a/scripts/base/frameworks/signatures/main.zeek +++ b/scripts/base/frameworks/signatures/main.zeek @@ -13,22 +13,22 @@ export { Sensitive_Signature, ## Host has triggered many signatures on the same host. The ## number of signatures is defined by the - ## :bro:id:`Signatures::vert_scan_thresholds` variable. + ## :zeek:id:`Signatures::vert_scan_thresholds` variable. Multiple_Signatures, ## Host has triggered the same signature on multiple hosts as - ## defined by the :bro:id:`Signatures::horiz_scan_thresholds` + ## defined by the :zeek:id:`Signatures::horiz_scan_thresholds` ## variable. Multiple_Sig_Responders, ## The same signature has triggered multiple times for a host. ## The number of times the signature has been triggered is - ## defined by the :bro:id:`Signatures::count_thresholds` + ## defined by the :zeek:id:`Signatures::count_thresholds` ## variable. To generate this notice, the - ## :bro:enum:`Signatures::SIG_COUNT_PER_RESP` action must be + ## :zeek:enum:`Signatures::SIG_COUNT_PER_RESP` action must be ## set for the signature. Count_Signature, ## Summarize the number of times a host triggered a signature. ## The interval between summaries is defined by the - ## :bro:id:`Signatures::summary_interval` variable. + ## :zeek:id:`Signatures::summary_interval` variable. Signature_Summary, }; @@ -48,7 +48,7 @@ export { SIG_QUIET, ## Generate a notice. SIG_LOG, - ## The same as :bro:enum:`Signatures::SIG_LOG`, but ignore for + ## The same as :zeek:enum:`Signatures::SIG_LOG`, but ignore for ## aggregate/scan processing. SIG_FILE_BUT_NO_SCAN, ## Generate a notice and set it to be alarmed upon. @@ -58,8 +58,8 @@ export { ## Alarm once and then never again. SIG_ALARM_ONCE, ## Count signatures per responder host and alarm with the - ## :bro:enum:`Signatures::Count_Signature` notice if a threshold - ## defined by :bro:id:`Signatures::count_thresholds` is reached. + ## :zeek:enum:`Signatures::Count_Signature` notice if a threshold + ## defined by :zeek:id:`Signatures::count_thresholds` is reached. SIG_COUNT_PER_RESP, ## Don't alarm, but generate per-orig summary. SIG_SUMMARY, @@ -114,11 +114,11 @@ export { ## different signature matches has reached one of the thresholds. const vert_scan_thresholds = { 5, 10, 50, 100, 500, 1000 } &redef; - ## Generate a notice if a :bro:enum:`Signatures::SIG_COUNT_PER_RESP` + ## Generate a notice if a :zeek:enum:`Signatures::SIG_COUNT_PER_RESP` ## signature is triggered as often as given by one of these thresholds. const count_thresholds = { 5, 10, 50, 100, 500, 1000, 10000, 1000000, } &redef; - ## The interval between when :bro:enum:`Signatures::Signature_Summary` + ## The interval between when :zeek:enum:`Signatures::Signature_Summary` ## notices are generated. option summary_interval = 1 day; diff --git a/scripts/base/frameworks/software/main.zeek b/scripts/base/frameworks/software/main.zeek index 291ca539a1..83669cbc82 100644 --- a/scripts/base/frameworks/software/main.zeek +++ b/scripts/base/frameworks/software/main.zeek @@ -2,7 +2,7 @@ ##! parsing but doesn't actually do any detection on it's own. It relies on ##! other protocol specific scripts to parse out software from the protocols ##! that they analyze. The entry point for providing new software detections -##! to this framework is through the :bro:id:`Software::found` function. +##! to this framework is through the :zeek:id:`Software::found` function. @load base/utils/directions-and-hosts @load base/utils/numbers @@ -16,7 +16,7 @@ export { ## Scripts detecting new types of software need to redef this enum to add ## their own specific software types which would then be used when they - ## create :bro:type:`Software::Info` records. + ## create :zeek:type:`Software::Info` records. type Type: enum { ## A placeholder type for when the type of software is not known. UNKNOWN, @@ -45,7 +45,7 @@ export { ## The port on which the software is running. Only sensible for ## server software. host_p: port &log &optional; - ## The type of software detected (e.g. :bro:enum:`HTTP::SERVER`). + ## The type of software detected (e.g. :zeek:enum:`HTTP::SERVER`). software_type: Type &log &default=UNKNOWN; ## Name of the software (e.g. Apache). name: string &log &optional; @@ -96,9 +96,9 @@ export { ["Flash Player"] = "Flash", } &default=function(a: string): string { return a; }; - ## Type to represent a collection of :bro:type:`Software::Info` records. + ## Type to represent a collection of :zeek:type:`Software::Info` records. ## It's indexed with the name of a piece of software such as "Firefox" - ## and it yields a :bro:type:`Software::Info` record with more + ## and it yields a :zeek:type:`Software::Info` record with more ## information about the software. type SoftwareSet: table[string] of Info; @@ -108,7 +108,7 @@ export { ## uniformly distributed among proxy nodes. global tracked: table[addr] of SoftwareSet &create_expire=1day; - ## This event can be handled to access the :bro:type:`Software::Info` + ## This event can be handled to access the :zeek:type:`Software::Info` ## record as it is sent on to the logging framework. global log_software: event(rec: Info); @@ -117,7 +117,7 @@ export { global version_change: event(old: Info, new: Info); ## This event is raised when software is about to be registered for - ## tracking in :bro:see:`Software::tracked`. + ## tracking in :zeek:see:`Software::tracked`. global register: event(info: Info); } diff --git a/scripts/base/frameworks/sumstats/cluster.zeek b/scripts/base/frameworks/sumstats/cluster.zeek index 670ad86fe1..d2633afd87 100644 --- a/scripts/base/frameworks/sumstats/cluster.zeek +++ b/scripts/base/frameworks/sumstats/cluster.zeek @@ -35,12 +35,12 @@ export { global cluster_get_result: event(uid: string, ss_name: string, key: Key, cleanup: bool); ## This event is sent by nodes in response to a - ## :bro:id:`SumStats::cluster_get_result` event. + ## :zeek:id:`SumStats::cluster_get_result` event. global cluster_send_result: event(uid: string, ss_name: string, key: Key, result: Result, cleanup: bool); ## This is sent by workers to indicate that they crossed the percent ## of the current threshold by the percentage defined globally in - ## :bro:id:`SumStats::cluster_request_global_view_percent`. + ## :zeek:id:`SumStats::cluster_request_global_view_percent`. global cluster_key_intermediate_response: event(ss_name: string, key: SumStats::Key); ## This event is scheduled internally on workers to send result chunks. diff --git a/scripts/base/frameworks/sumstats/main.zeek b/scripts/base/frameworks/sumstats/main.zeek index a312377111..3f73d278e5 100644 --- a/scripts/base/frameworks/sumstats/main.zeek +++ b/scripts/base/frameworks/sumstats/main.zeek @@ -105,7 +105,7 @@ export { reducers: set[Reducer]; ## A function that will be called once for each observation in order - ## to calculate a value from the :bro:see:`SumStats::Result` structure + ## to calculate a value from the :zeek:see:`SumStats::Result` structure ## which will be used for thresholding. ## This function is required if a *threshold* value or ## a *threshold_series* is given. @@ -157,7 +157,7 @@ export { ## Dynamically request a sumstat key. This function should be ## used sparingly and not as a replacement for the callbacks - ## from the :bro:see:`SumStats::SumStat` record. The function is only + ## from the :zeek:see:`SumStats::SumStat` record. The function is only ## available for use within "when" statements as an asynchronous ## function. ## @@ -168,7 +168,7 @@ export { ## Returns: The result for the requested sumstat key. global request_key: function(ss_name: string, key: Key): Result; - ## Helper function to represent a :bro:type:`SumStats::Key` value as + ## Helper function to represent a :zeek:type:`SumStats::Key` value as ## a simple string. ## ## key: The metric key that is to be converted into a string. diff --git a/scripts/base/frameworks/sumstats/plugins/last.zeek b/scripts/base/frameworks/sumstats/plugins/last.zeek index b12d854bbb..a2c19f3f51 100644 --- a/scripts/base/frameworks/sumstats/plugins/last.zeek +++ b/scripts/base/frameworks/sumstats/plugins/last.zeek @@ -19,7 +19,7 @@ export { redef record ResultVal += { ## This is the queue where elements are maintained. ## Don't access this value directly, instead use the - ## :bro:see:`SumStats::get_last` function to get a vector of + ## :zeek:see:`SumStats::get_last` function to get a vector of ## the current element values. last_elements: Queue::Queue &optional; }; diff --git a/scripts/base/frameworks/tunnels/main.zeek b/scripts/base/frameworks/tunnels/main.zeek index f72a7d3445..09441c177c 100644 --- a/scripts/base/frameworks/tunnels/main.zeek +++ b/scripts/base/frameworks/tunnels/main.zeek @@ -3,7 +3,7 @@ ##! ##! For any connection that occurs over a tunnel, information about its ##! encapsulating tunnels is also found in the *tunnel* field of -##! :bro:type:`connection`. +##! :zeek:type:`connection`. module Tunnel; @@ -18,7 +18,7 @@ export { ## A tunnel connection has closed. CLOSE, ## No new connections over a tunnel happened in the amount of - ## time indicated by :bro:see:`Tunnel::expiration_interval`. + ## time indicated by :zeek:see:`Tunnel::expiration_interval`. EXPIRE, }; @@ -27,7 +27,7 @@ export { ## Time at which some tunnel activity occurred. ts: time &log; ## The unique identifier for the tunnel, which may correspond - ## to a :bro:type:`connection`'s *uid* field for non-IP-in-IP tunnels. + ## to a :zeek:type:`connection`'s *uid* field for non-IP-in-IP tunnels. ## This is optional because there could be numerous connections ## for payload proxies like SOCKS but we should treat it as a ## single tunnel. @@ -42,29 +42,29 @@ export { }; ## Logs all tunnels in an encapsulation chain with action - ## :bro:see:`Tunnel::DISCOVER` that aren't already in the - ## :bro:id:`Tunnel::active` table and adds them if not. + ## :zeek:see:`Tunnel::DISCOVER` that aren't already in the + ## :zeek:id:`Tunnel::active` table and adds them if not. global register_all: function(ecv: EncapsulatingConnVector); ## Logs a single tunnel "connection" with action - ## :bro:see:`Tunnel::DISCOVER` if it's not already in the - ## :bro:id:`Tunnel::active` table and adds it if not. + ## :zeek:see:`Tunnel::DISCOVER` if it's not already in the + ## :zeek:id:`Tunnel::active` table and adds it if not. global register: function(ec: EncapsulatingConn); ## Logs a single tunnel "connection" with action - ## :bro:see:`Tunnel::EXPIRE` and removes it from the - ## :bro:id:`Tunnel::active` table. + ## :zeek:see:`Tunnel::EXPIRE` and removes it from the + ## :zeek:id:`Tunnel::active` table. ## ## t: A table of tunnels. ## ## idx: The index of the tunnel table corresponding to the tunnel to expire. ## ## Returns: 0secs, which when this function is used as an - ## :bro:attr:`&expire_func`, indicates to remove the element at + ## :zeek:attr:`&expire_func`, indicates to remove the element at ## *idx* immediately. global expire: function(t: table[conn_id] of Info, idx: conn_id): interval; - ## Removes a single tunnel from the :bro:id:`Tunnel::active` table + ## Removes a single tunnel from the :zeek:id:`Tunnel::active` table ## and logs the closing/expiration of the tunnel. ## ## tunnel: The tunnel which has closed or expired. @@ -78,7 +78,7 @@ export { ## Currently active tunnels. That is, tunnels for which new, ## encapsulated connections have been seen in the interval indicated by - ## :bro:see:`Tunnel::expiration_interval`. + ## :zeek:see:`Tunnel::expiration_interval`. global active: table[conn_id] of Info = table() &read_expire=expiration_interval &expire_func=expire; } diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek index 4575b3a694..86e3317931 100644 --- a/scripts/base/init-bare.zeek +++ b/scripts/base/init-bare.zeek @@ -99,7 +99,7 @@ type files_tag_set: set[Files::Tag]; ## A structure indicating a MIME type and strength of a match against ## file magic signatures. ## -## :bro:see:`file_magic` +## :zeek:see:`file_magic` type mime_match: record { strength: int; ##< How strongly the signature matched. Used for ##< prioritization when multiple file magic signatures @@ -110,7 +110,7 @@ type mime_match: record { ## A vector of file magic signature matches, ordered by strength of ## the signature, strongest first. ## -## :bro:see:`file_magic` +## :zeek:see:`file_magic` type mime_matches: vector of mime_match; ## A connection's transport-layer protocol. Note that Bro uses the term @@ -126,7 +126,7 @@ type transport_proto: enum { ## ## .. note:: It's actually a 5-tuple: the transport-layer protocol is stored as ## part of the port values, `orig_p` and `resp_p`, and can be extracted from -## them with :bro:id:`get_port_transport_proto`. +## them with :zeek:id:`get_port_transport_proto`. type conn_id: record { orig_h: addr; ##< The originator's IP address. orig_p: port; ##< The originator's port number. @@ -138,7 +138,7 @@ type conn_id: record { ## ## .. note:: It's actually a 5-tuple: the transport-layer protocol is stored as ## part of the port values, `src_p` and `dst_p`, and can be extracted from -## them with :bro:id:`get_port_transport_proto`. +## them with :zeek:id:`get_port_transport_proto`. type flow_id : record { src_h: addr; ##< The source IP address. src_p: port; ##< The source port number. @@ -147,9 +147,9 @@ type flow_id : record { } &log; ## Specifics about an ICMP conversation. ICMP events typically pass this in -## addition to :bro:type:`conn_id`. +## addition to :zeek:type:`conn_id`. ## -## .. bro:see:: icmp_echo_reply icmp_echo_request icmp_redirect icmp_sent +## .. zeek:see:: icmp_echo_reply icmp_echo_request icmp_redirect icmp_sent ## icmp_time_exceeded icmp_unreachable type icmp_conn: record { orig_h: addr; ##< The originator's IP address. @@ -164,7 +164,7 @@ type icmp_conn: record { ## Packet context part of an ICMP message. The fields of this record reflect the ## packet that is described by the context. ## -## .. bro:see:: icmp_time_exceeded icmp_unreachable +## .. zeek:see:: icmp_time_exceeded icmp_unreachable type icmp_context: record { id: conn_id; ##< The packet's 4-tuple. len: count; ##< The length of the IP packet (headers + payload). @@ -183,7 +183,7 @@ type icmp_context: record { ## Values extracted from a Prefix Information option in an ICMPv6 neighbor ## discovery message as specified by :rfc:`4861`. ## -## .. bro:see:: icmp6_nd_option +## .. zeek:see:: icmp6_nd_option type icmp6_nd_prefix_info: record { ## Number of leading bits of the *prefix* that are valid. prefix_len: count; @@ -199,14 +199,14 @@ type icmp6_nd_prefix_info: record { ## (0xffffffff represents infinity). preferred_lifetime: interval; ## An IP address or prefix of an IP address. Use the *prefix_len* field - ## to convert this into a :bro:type:`subnet`. + ## to convert this into a :zeek:type:`subnet`. prefix: addr; }; ## Options extracted from ICMPv6 neighbor discovery messages as specified ## by :rfc:`4861`. ## -## .. bro:see:: icmp_router_solicitation icmp_router_advertisement +## .. zeek:see:: icmp_router_solicitation icmp_router_advertisement ## icmp_neighbor_advertisement icmp_neighbor_solicitation icmp_redirect ## icmp6_nd_options type icmp6_nd_option: record { @@ -238,7 +238,7 @@ type icmp6_nd_options: vector of icmp6_nd_option; # A DNS mapping between IP address and hostname resolved by Bro's internal # resolver. # -# .. bro:see:: dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name +# .. zeek:see:: dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name # dns_mapping_unverified dns_mapping_valid type dns_mapping: record { ## The time when the mapping was created, which corresponds to when @@ -264,7 +264,7 @@ type dns_mapping: record { ## A parsed host/port combination describing server endpoint for an upcoming ## data transfer. ## -## .. bro:see:: fmt_ftp_port parse_eftp_port parse_ftp_epsv parse_ftp_pasv +## .. zeek:see:: fmt_ftp_port parse_eftp_port parse_ftp_epsv parse_ftp_pasv ## parse_ftp_port type ftp_port: record { h: addr; ##< The host's address. @@ -274,7 +274,7 @@ type ftp_port: record { ## Statistics about what a TCP endpoint sent. ## -## .. bro:see:: conn_stats +## .. zeek:see:: conn_stats type endpoint_stats: record { num_pkts: count; ##< Number of packets. num_rxmit: count; ##< Number of retransmissions. @@ -283,9 +283,9 @@ type endpoint_stats: record { num_OO: count; ##< Number of out-of-order packets. num_repl: count; ##< Number of replicated packets (last packet was sent again). ## Endian type used by the endpoint, if it could be determined from - ## the sequence numbers used. This is one of :bro:see:`ENDIAN_UNKNOWN`, - ## :bro:see:`ENDIAN_BIG`, :bro:see:`ENDIAN_LITTLE`, and - ## :bro:see:`ENDIAN_CONFUSED`. + ## the sequence numbers used. This is one of :zeek:see:`ENDIAN_UNKNOWN`, + ## :zeek:see:`ENDIAN_BIG`, :zeek:see:`ENDIAN_LITTLE`, and + ## :zeek:see:`ENDIAN_CONFUSED`. endian_type: count; }; @@ -302,7 +302,7 @@ export { ## The type of tunnel. tunnel_type: Tunnel::Type; ## A globally unique identifier that, for non-IP-in-IP tunnels, - ## cross-references the *uid* field of :bro:type:`connection`. + ## cross-references the *uid* field of :zeek:type:`connection`. uid: string &optional; } &log; } # end export @@ -316,22 +316,22 @@ module GLOBAL; ## directly and then remove this alias. type EncapsulatingConnVector: vector of Tunnel::EncapsulatingConn; -## Statistics about a :bro:type:`connection` endpoint. +## Statistics about a :zeek:type:`connection` endpoint. ## -## .. bro:see:: connection +## .. zeek:see:: connection type endpoint: record { size: count; ##< Logical size of data sent (for TCP: derived from sequence numbers). ## Endpoint state. For a TCP connection, one of the constants: - ## :bro:see:`TCP_INACTIVE` :bro:see:`TCP_SYN_SENT` - ## :bro:see:`TCP_SYN_ACK_SENT` :bro:see:`TCP_PARTIAL` - ## :bro:see:`TCP_ESTABLISHED` :bro:see:`TCP_CLOSED` :bro:see:`TCP_RESET`. - ## For UDP, one of :bro:see:`UDP_ACTIVE` and :bro:see:`UDP_INACTIVE`. + ## :zeek:see:`TCP_INACTIVE` :zeek:see:`TCP_SYN_SENT` + ## :zeek:see:`TCP_SYN_ACK_SENT` :zeek:see:`TCP_PARTIAL` + ## :zeek:see:`TCP_ESTABLISHED` :zeek:see:`TCP_CLOSED` :zeek:see:`TCP_RESET`. + ## For UDP, one of :zeek:see:`UDP_ACTIVE` and :zeek:see:`UDP_INACTIVE`. state: count; - ## Number of packets sent. Only set if :bro:id:`use_conn_size_analyzer` + ## Number of packets sent. Only set if :zeek:id:`use_conn_size_analyzer` ## is true. num_pkts: count &optional; ## Number of IP-level bytes sent. Only set if - ## :bro:id:`use_conn_size_analyzer` is true. + ## :zeek:id:`use_conn_size_analyzer` is true. num_bytes_ip: count &optional; ## The current IPv6 flow label that the connection endpoint is using. ## Always 0 if the connection is over IPv4. @@ -361,7 +361,7 @@ type connection: record { ## to parse the same data. If so, all will be recorded. Also note that ## the recorded services are independent of any transport-level protocols. service: set[string]; - history: string; ##< State history of connections. See *history* in :bro:see:`Conn::Info`. + history: string; ##< State history of connections. See *history* in :zeek:see:`Conn::Info`. ## A globally unique connection identifier. For each connection, Bro ## creates an ID that is very likely unique across independent Bro runs. ## These IDs can thus be used to tag and locate information associated @@ -370,7 +370,7 @@ type connection: record { ## If the connection is tunneled, this field contains information about ## the encapsulating "connection(s)" with the outermost one starting ## at index zero. It's also always the first such encapsulation seen - ## for the connection unless the :bro:id:`tunnel_changed` event is + ## for the connection unless the :zeek:id:`tunnel_changed` event is ## handled and reassigns this field to the new encapsulation. tunnel: EncapsulatingConnVector &optional; @@ -460,7 +460,7 @@ type fa_metadata: record { ## Fields of a SYN packet. ## -## .. bro:see:: connection_SYN_packet +## .. zeek:see:: connection_SYN_packet type SYN_packet: record { is_orig: bool; ##< True if the packet was sent the connection's originator. DF: bool; ##< True if the *don't fragment* is set in the IP header. @@ -474,7 +474,7 @@ type SYN_packet: record { ## Packet capture statistics. All counts are cumulative. ## -## .. bro:see:: get_net_stats +## .. zeek:see:: get_net_stats type NetStats: record { pkts_recvd: count &default=0; ##< Packets received by Bro. pkts_dropped: count &default=0; ##< Packets reported dropped by the system. @@ -514,7 +514,7 @@ type ConnStats: record { ## Statistics about Bro's process. ## -## .. bro:see:: get_proc_stats +## .. zeek:see:: get_proc_stats ## ## .. note:: All process-level values refer to Bro's main process only, not to ## the child process it spawns for doing communication. @@ -540,7 +540,7 @@ type EventStats: record { ## Holds statistics for all types of reassembly. ## -## .. bro:see:: get_reassembler_stats +## .. zeek:see:: get_reassembler_stats type ReassemblerStats: record { file_size: count; ##< Byte size of File reassembly tracking. frag_size: count; ##< Byte size of Fragment reassembly tracking. @@ -550,7 +550,7 @@ type ReassemblerStats: record { ## Statistics of all regular expression matchers. ## -## .. bro:see:: get_matcher_stats +## .. zeek:see:: get_matcher_stats type MatcherStats: record { matchers: count; ##< Number of distinct RE matchers. nfa_states: count; ##< Number of NFA states across all matchers. @@ -563,7 +563,7 @@ type MatcherStats: record { ## Statistics of timers. ## -## .. bro:see:: get_timer_stats +## .. zeek:see:: get_timer_stats type TimerStats: record { current: count; ##< Current number of pending timers. max: count; ##< Maximum number of concurrent timers pending so far. @@ -572,7 +572,7 @@ type TimerStats: record { ## Statistics of file analysis. ## -## .. bro:see:: get_file_analysis_stats +## .. zeek:see:: get_file_analysis_stats type FileAnalysisStats: record { current: count; ##< Current number of files being analyzed. max: count; ##< Maximum number of concurrent files so far. @@ -583,7 +583,7 @@ type FileAnalysisStats: record { ## about Bro performing DNS queries on it's own, not traffic ## being seen. ## -## .. bro:see:: get_dns_stats +## .. zeek:see:: get_dns_stats type DNSStats: record { requests: count; ##< Number of DNS requests made successful: count; ##< Number of successful DNS replies. @@ -595,7 +595,7 @@ type DNSStats: record { ## Statistics about number of gaps in TCP connections. ## -## .. bro:see:: get_gap_stats +## .. zeek:see:: get_gap_stats type GapStats: record { ack_events: count; ##< How many ack events *could* have had gaps. ack_bytes: count; ##< How many bytes those covered. @@ -605,14 +605,14 @@ type GapStats: record { ## Statistics about threads. ## -## .. bro:see:: get_thread_stats +## .. zeek:see:: get_thread_stats type ThreadStats: record { num_threads: count; }; ## Statistics about Broker communication. ## -## .. bro:see:: get_broker_stats +## .. zeek:see:: get_broker_stats type BrokerStats: record { num_peers: count; ## Number of active data stores. @@ -635,7 +635,7 @@ type BrokerStats: record { ## Statistics about reporter messages and weirds. ## -## .. bro:see:: get_reporter_stats +## .. zeek:see:: get_reporter_stats type ReporterStats: record { ## Number of total weirds encountered, before any rate-limiting. weirds: count; @@ -657,7 +657,7 @@ type packet: record { ## Table type used to map variable names to their memory allocation. ## -## .. bro:see:: global_sizes +## .. zeek:see:: global_sizes ## ## .. todo:: We need this type definition only for declaring builtin functions ## via ``bifcl``. We should extend ``bifcl`` to understand composite types @@ -666,21 +666,21 @@ type var_sizes: table[string] of count; ## Meta-information about a script-level identifier. ## -## .. bro:see:: global_ids id_table +## .. zeek:see:: global_ids id_table type script_id: record { type_name: string; ##< The name of the identifier's type. exported: bool; ##< True if the identifier is exported. constant: bool; ##< True if the identifier is a constant. enum_constant: bool; ##< True if the identifier is an enum value. option_value: bool; ##< True if the identifier is an option. - redefinable: bool; ##< True if the identifier is declared with the :bro:attr:`&redef` attribute. + redefinable: bool; ##< True if the identifier is declared with the :zeek:attr:`&redef` attribute. value: any &optional; ##< The current value of the identifier. }; ## Table type used to map script-level identifiers to meta-information ## describing them. ## -## .. bro:see:: global_ids script_id +## .. zeek:see:: global_ids script_id ## ## .. todo:: We need this type definition only for declaring builtin functions ## via ``bifcl``. We should extend ``bifcl`` to understand composite types @@ -689,20 +689,20 @@ type id_table: table[string] of script_id; ## Meta-information about a record field. ## -## .. bro:see:: record_fields record_field_table +## .. zeek:see:: record_fields record_field_table type record_field: record { type_name: string; ##< The name of the field's type. - log: bool; ##< True if the field is declared with :bro:attr:`&log` attribute. + log: bool; ##< True if the field is declared with :zeek:attr:`&log` attribute. ## The current value of the field in the record instance passed into - ## :bro:see:`record_fields` (if it has one). + ## :zeek:see:`record_fields` (if it has one). value: any &optional; - default_val: any &optional; ##< The value of the :bro:attr:`&default` attribute if defined. + default_val: any &optional; ##< The value of the :zeek:attr:`&default` attribute if defined. }; ## Table type used to map record field declarations to meta-information ## describing them. ## -## .. bro:see:: record_fields record_field +## .. zeek:see:: record_fields record_field ## ## .. todo:: We need this type definition only for declaring builtin functions ## via ``bifcl``. We should extend ``bifcl`` to understand composite types @@ -711,21 +711,21 @@ type record_field_table: table[string] of record_field; ## Meta-information about a parameter to a function/event. ## -## .. bro:see:: call_argument_vector new_event +## .. zeek:see:: call_argument_vector new_event type call_argument: record { name: string; ##< The name of the parameter. type_name: string; ##< The name of the parameters's type. - default_val: any &optional; ##< The value of the :bro:attr:`&default` attribute if defined. + default_val: any &optional; ##< The value of the :zeek:attr:`&default` attribute if defined. ## The value of the parameter as passed into a given call instance. - ## Might be unset in the case a :bro:attr:`&default` attribute is + ## Might be unset in the case a :zeek:attr:`&default` attribute is ## defined. value: any &optional; }; ## Vector type used to capture parameters of a function/event call. ## -## .. bro:see:: call_argument new_event +## .. zeek:see:: call_argument new_event type call_argument_vector: vector of call_argument; # todo:: Do we still need these here? Can they move into the packet filter @@ -736,28 +736,28 @@ type call_argument_vector: vector of call_argument; ## Set of BPF capture filters to use for capturing, indexed by a user-definable ## ID (which must be unique). If Bro is *not* configured with -## :bro:id:`PacketFilter::enable_auto_protocol_capture_filters`, +## :zeek:id:`PacketFilter::enable_auto_protocol_capture_filters`, ## all packets matching at least one of the filters in this table (and all in -## :bro:id:`restrict_filters`) will be analyzed. +## :zeek:id:`restrict_filters`) will be analyzed. ## -## .. bro:see:: PacketFilter PacketFilter::enable_auto_protocol_capture_filters +## .. zeek:see:: PacketFilter PacketFilter::enable_auto_protocol_capture_filters ## PacketFilter::unrestricted_filter restrict_filters global capture_filters: table[string] of string &redef; ## Set of BPF filters to restrict capturing, indexed by a user-definable ID ## (which must be unique). ## -## .. bro:see:: PacketFilter PacketFilter::enable_auto_protocol_capture_filters +## .. zeek:see:: PacketFilter PacketFilter::enable_auto_protocol_capture_filters ## PacketFilter::unrestricted_filter capture_filters global restrict_filters: table[string] of string &redef; ## Enum type identifying dynamic BPF filters. These are used by -## :bro:see:`Pcap::precompile_pcap_filter` and :bro:see:`Pcap::precompile_pcap_filter`. +## :zeek:see:`Pcap::precompile_pcap_filter` and :zeek:see:`Pcap::precompile_pcap_filter`. type PcapFilterID: enum { None }; ## Deprecated. ## -## .. bro:see:: anonymize_addr +## .. zeek:see:: anonymize_addr type IPAddrAnonymization: enum { KEEP_ORIG_ADDR, SEQUENTIALLY_NUMBERED, @@ -768,7 +768,7 @@ type IPAddrAnonymization: enum { ## Deprecated. ## -## .. bro:see:: anonymize_addr +## .. zeek:see:: anonymize_addr type IPAddrAnonymizationClass: enum { ORIG_ADDR, RESP_ADDR, @@ -776,14 +776,14 @@ type IPAddrAnonymizationClass: enum { }; ## A locally unique ID identifying a communication peer. The ID is returned by -## :bro:id:`connect`. +## :zeek:id:`connect`. ## -## .. bro:see:: connect +## .. zeek:see:: connect type peer_id: count; ## A communication peer. ## -## .. bro:see:: complete_handshake disconnect finished_send_state +## .. zeek:see:: complete_handshake disconnect finished_send_state ## get_event_peer get_local_event_peer remote_capture_filter ## remote_connection_closed remote_connection_error ## remote_connection_established remote_connection_handshake_done @@ -794,19 +794,19 @@ type peer_id: count; ## ## .. todo::The type's name is too narrow these days, should rename. type event_peer: record { - id: peer_id; ##< Locally unique ID of peer (returned by :bro:id:`connect`). + id: peer_id; ##< Locally unique ID of peer (returned by :zeek:id:`connect`). host: addr; ##< The IP address of the peer. ## Either the port we connected to at the peer; or our port the peer ## connected to if the session is remotely initiated. p: port; is_local: bool; ##< True if this record describes the local process. - descr: string; ##< The peer's :bro:see:`peer_description`. + descr: string; ##< The peer's :zeek:see:`peer_description`. class: string &optional; ##< The self-assigned *class* of the peer. }; ## Deprecated. ## -## .. bro:see:: rotate_file rotate_file_by_name rotate_interval +## .. zeek:see:: rotate_file rotate_file_by_name rotate_interval type rotate_info: record { old_name: string; ##< Original filename. new_name: string; ##< File name after rotation. @@ -824,7 +824,7 @@ type rotate_info: record { ## Parameters for the Smith-Waterman algorithm. ## -## .. bro:see:: str_smith_waterman +## .. zeek:see:: str_smith_waterman type sw_params: record { ## Minimum size of a substring, minimum "granularity". min_strlen: count &default = 3; @@ -835,7 +835,7 @@ type sw_params: record { ## Helper type for return value of Smith-Waterman algorithm. ## -## .. bro:see:: str_smith_waterman sw_substring_vec sw_substring sw_align_vec sw_params +## .. zeek:see:: str_smith_waterman sw_substring_vec sw_substring sw_align_vec sw_params type sw_align: record { str: string; ##< String a substring is part of. index: count; ##< Offset substring is located. @@ -843,12 +843,12 @@ type sw_align: record { ## Helper type for return value of Smith-Waterman algorithm. ## -## .. bro:see:: str_smith_waterman sw_substring_vec sw_substring sw_align sw_params +## .. zeek:see:: str_smith_waterman sw_substring_vec sw_substring sw_align sw_params type sw_align_vec: vector of sw_align; ## Helper type for return value of Smith-Waterman algorithm. ## -## .. bro:see:: str_smith_waterman sw_substring_vec sw_align_vec sw_align sw_params +## .. zeek:see:: str_smith_waterman sw_substring_vec sw_align_vec sw_align sw_params ## type sw_substring: record { str: string; ##< A substring. @@ -858,7 +858,7 @@ type sw_substring: record { ## Return type for Smith-Waterman algorithm. ## -## .. bro:see:: str_smith_waterman sw_substring sw_align_vec sw_align sw_params +## .. zeek:see:: str_smith_waterman sw_substring sw_align_vec sw_align sw_params ## ## .. todo:: We need this type definition only for declaring builtin functions ## via ``bifcl``. We should extend ``bifcl`` to understand composite types @@ -869,7 +869,7 @@ type sw_substring_vec: vector of sw_substring; ## includes the complete packet as returned by libpcap, including the link-layer ## header. ## -## .. bro:see:: dump_packet get_current_packet +## .. zeek:see:: dump_packet get_current_packet type pcap_packet: record { ts_sec: count; ##< The non-fractional part of the packet's timestamp (i.e., full seconds since the epoch). ts_usec: count; ##< The fractional part of the packet's timestamp. @@ -881,7 +881,7 @@ type pcap_packet: record { ## GeoIP location information. ## -## .. bro:see:: lookup_location +## .. zeek:see:: lookup_location type geo_location: record { country_code: string &optional; ##< The country code. region: string &optional; ##< The region. @@ -898,7 +898,7 @@ const mmdb_dir: string = "" &redef; ## `_ for more information, Bro uses the same ## code. ## -## .. bro:see:: entropy_test_add entropy_test_finish entropy_test_init find_entropy +## .. zeek:see:: entropy_test_add entropy_test_finish entropy_test_init find_entropy type entropy_test_result: record { entropy: double; ##< Information density. chi_square: double; ##< Chi-Square value. @@ -907,7 +907,7 @@ type entropy_test_result: record { serial_correlation: double; ##< Serial correlation coefficient. }; -# TCP values for :bro:see:`endpoint` *state* field. +# TCP values for :zeek:see:`endpoint` *state* field. # todo:: these should go into an enum to make them autodoc'able. const TCP_INACTIVE = 0; ##< Endpoint is still inactive. const TCP_SYN_SENT = 1; ##< Endpoint has sent SYN. @@ -917,7 +917,7 @@ const TCP_ESTABLISHED = 4; ##< Endpoint has finished initial handshake regularly const TCP_CLOSED = 5; ##< Endpoint has closed connection. const TCP_RESET = 6; ##< Endpoint has sent RST. -# UDP values for :bro:see:`endpoint` *state* field. +# UDP values for :zeek:see:`endpoint` *state* field. # todo:: these should go into an enum to make them autodoc'able. const UDP_INACTIVE = 0; ##< Endpoint is still inactive. const UDP_ACTIVE = 1; ##< Endpoint has sent something. @@ -933,7 +933,7 @@ const ignore_checksums = F &redef; const partial_connection_ok = T &redef; ## If true, instantiate connection state when a SYN/ACK is seen but not the -## initial SYN (even if :bro:see:`partial_connection_ok` is false). +## initial SYN (even if :zeek:see:`partial_connection_ok` is false). const tcp_SYN_ack_ok = T &redef; ## If true, pass any undelivered to the signature engine before flushing the state. @@ -963,53 +963,53 @@ const tcp_close_delay = 5 secs &redef; ## Upon seeing a RST, flush state after this much time. const tcp_reset_delay = 5 secs &redef; -## Generate a :bro:id:`connection_partial_close` event this much time after one +## Generate a :zeek:id:`connection_partial_close` event this much time after one ## half of a partial connection closes, assuming there has been no subsequent ## activity. const tcp_partial_close_delay = 3 secs &redef; ## If a connection belongs to an application that we don't analyze, ## time it out after this interval. If 0 secs, then don't time it out (but -## :bro:see:`tcp_inactivity_timeout`, :bro:see:`udp_inactivity_timeout`, and -## :bro:see:`icmp_inactivity_timeout` still apply). +## :zeek:see:`tcp_inactivity_timeout`, :zeek:see:`udp_inactivity_timeout`, and +## :zeek:see:`icmp_inactivity_timeout` still apply). const non_analyzed_lifetime = 0 secs &redef; ## If a TCP connection is inactive, time it out after this interval. If 0 secs, ## then don't time it out. ## -## .. bro:see:: udp_inactivity_timeout icmp_inactivity_timeout set_inactivity_timeout +## .. zeek:see:: udp_inactivity_timeout icmp_inactivity_timeout set_inactivity_timeout const tcp_inactivity_timeout = 5 min &redef; ## If a UDP flow is inactive, time it out after this interval. If 0 secs, then ## don't time it out. ## -## .. bro:see:: tcp_inactivity_timeout icmp_inactivity_timeout set_inactivity_timeout +## .. zeek:see:: tcp_inactivity_timeout icmp_inactivity_timeout set_inactivity_timeout const udp_inactivity_timeout = 1 min &redef; ## If an ICMP flow is inactive, time it out after this interval. If 0 secs, then ## don't time it out. ## -## .. bro:see:: tcp_inactivity_timeout udp_inactivity_timeout set_inactivity_timeout +## .. zeek:see:: tcp_inactivity_timeout udp_inactivity_timeout set_inactivity_timeout const icmp_inactivity_timeout = 1 min &redef; ## Number of FINs/RSTs in a row that constitute a "storm". Storms are reported ## as ``weird`` via the notice framework, and they must also come within -## intervals of at most :bro:see:`tcp_storm_interarrival_thresh`. +## intervals of at most :zeek:see:`tcp_storm_interarrival_thresh`. ## -## .. bro:see:: tcp_storm_interarrival_thresh +## .. zeek:see:: tcp_storm_interarrival_thresh const tcp_storm_thresh = 1000 &redef; ## FINs/RSTs must come with this much time or less between them to be ## considered a "storm". ## -## .. bro:see:: tcp_storm_thresh +## .. zeek:see:: tcp_storm_thresh const tcp_storm_interarrival_thresh = 1 sec &redef; ## Maximum amount of data that might plausibly be sent in an initial flight ## (prior to receiving any acks). Used to determine whether we must not be ## seeing our peer's ACKs. Set to zero to turn off this determination. ## -## .. bro:see:: tcp_max_above_hole_without_any_acks tcp_excessive_data_without_further_acks +## .. zeek:see:: tcp_max_above_hole_without_any_acks tcp_excessive_data_without_further_acks const tcp_max_initial_window = 16384 &redef; ## If we're not seeing our peer's ACKs, the maximum volume of data above a @@ -1017,7 +1017,7 @@ const tcp_max_initial_window = 16384 &redef; ## drop and we should give up on tracking a connection. If set to zero, then we ## don't ever give up. ## -## .. bro:see:: tcp_max_initial_window tcp_excessive_data_without_further_acks +## .. zeek:see:: tcp_max_initial_window tcp_excessive_data_without_further_acks const tcp_max_above_hole_without_any_acks = 16384 &redef; ## If we've seen this much data without any of it being acked, we give up @@ -1026,7 +1026,7 @@ const tcp_max_above_hole_without_any_acks = 16384 &redef; ## track the current window on a connection and use it to infer that data ## has in fact gone too far, but for now we just make this quite beefy. ## -## .. bro:see:: tcp_max_initial_window tcp_max_above_hole_without_any_acks +## .. zeek:see:: tcp_max_initial_window tcp_max_above_hole_without_any_acks const tcp_excessive_data_without_further_acks = 10 * 1024 * 1024 &redef; ## Number of TCP segments to buffer beyond what's been acknowledged already @@ -1037,46 +1037,46 @@ const tcp_max_old_segments = 0 &redef; ## For services without a handler, these sets define originator-side ports ## that still trigger reassembly. ## -## .. bro:see:: tcp_reassembler_ports_resp +## .. zeek:see:: tcp_reassembler_ports_resp const tcp_reassembler_ports_orig: set[port] = {} &redef; ## For services without a handler, these sets define responder-side ports ## that still trigger reassembly. ## -## .. bro:see:: tcp_reassembler_ports_orig +## .. zeek:see:: tcp_reassembler_ports_orig const tcp_reassembler_ports_resp: set[port] = {} &redef; ## Defines destination TCP ports for which the contents of the originator stream -## should be delivered via :bro:see:`tcp_contents`. +## should be delivered via :zeek:see:`tcp_contents`. ## -## .. bro:see:: tcp_content_delivery_ports_resp tcp_content_deliver_all_orig +## .. zeek:see:: tcp_content_delivery_ports_resp tcp_content_deliver_all_orig ## tcp_content_deliver_all_resp udp_content_delivery_ports_orig ## udp_content_delivery_ports_resp udp_content_deliver_all_orig ## udp_content_deliver_all_resp tcp_contents const tcp_content_delivery_ports_orig: table[port] of bool = {} &redef; ## Defines destination TCP ports for which the contents of the responder stream -## should be delivered via :bro:see:`tcp_contents`. +## should be delivered via :zeek:see:`tcp_contents`. ## -## .. bro:see:: tcp_content_delivery_ports_orig tcp_content_deliver_all_orig +## .. zeek:see:: tcp_content_delivery_ports_orig tcp_content_deliver_all_orig ## tcp_content_deliver_all_resp udp_content_delivery_ports_orig ## udp_content_delivery_ports_resp udp_content_deliver_all_orig ## udp_content_deliver_all_resp tcp_contents const tcp_content_delivery_ports_resp: table[port] of bool = {} &redef; ## If true, all TCP originator-side traffic is reported via -## :bro:see:`tcp_contents`. +## :zeek:see:`tcp_contents`. ## -## .. bro:see:: tcp_content_delivery_ports_orig tcp_content_delivery_ports_resp +## .. zeek:see:: tcp_content_delivery_ports_orig tcp_content_delivery_ports_resp ## tcp_content_deliver_all_resp udp_content_delivery_ports_orig ## udp_content_delivery_ports_resp udp_content_deliver_all_orig ## udp_content_deliver_all_resp tcp_contents const tcp_content_deliver_all_orig = F &redef; ## If true, all TCP responder-side traffic is reported via -## :bro:see:`tcp_contents`. +## :zeek:see:`tcp_contents`. ## -## .. bro:see:: tcp_content_delivery_ports_orig +## .. zeek:see:: tcp_content_delivery_ports_orig ## tcp_content_delivery_ports_resp ## tcp_content_deliver_all_orig udp_content_delivery_ports_orig ## udp_content_delivery_ports_resp udp_content_deliver_all_orig @@ -1084,9 +1084,9 @@ const tcp_content_deliver_all_orig = F &redef; const tcp_content_deliver_all_resp = F &redef; ## Defines UDP destination ports for which the contents of the originator stream -## should be delivered via :bro:see:`udp_contents`. +## should be delivered via :zeek:see:`udp_contents`. ## -## .. bro:see:: tcp_content_delivery_ports_orig +## .. zeek:see:: tcp_content_delivery_ports_orig ## tcp_content_delivery_ports_resp ## tcp_content_deliver_all_orig tcp_content_deliver_all_resp ## udp_content_delivery_ports_resp udp_content_deliver_all_orig @@ -1094,18 +1094,18 @@ const tcp_content_deliver_all_resp = F &redef; const udp_content_delivery_ports_orig: table[port] of bool = {} &redef; ## Defines UDP destination ports for which the contents of the responder stream -## should be delivered via :bro:see:`udp_contents`. +## should be delivered via :zeek:see:`udp_contents`. ## -## .. bro:see:: tcp_content_delivery_ports_orig +## .. zeek:see:: tcp_content_delivery_ports_orig ## tcp_content_delivery_ports_resp tcp_content_deliver_all_orig ## tcp_content_deliver_all_resp udp_content_delivery_ports_orig ## udp_content_deliver_all_orig udp_content_deliver_all_resp udp_contents const udp_content_delivery_ports_resp: table[port] of bool = {} &redef; ## If true, all UDP originator-side traffic is reported via -## :bro:see:`udp_contents`. +## :zeek:see:`udp_contents`. ## -## .. bro:see:: tcp_content_delivery_ports_orig +## .. zeek:see:: tcp_content_delivery_ports_orig ## tcp_content_delivery_ports_resp tcp_content_deliver_all_resp ## tcp_content_delivery_ports_orig udp_content_delivery_ports_orig ## udp_content_delivery_ports_resp udp_content_deliver_all_resp @@ -1113,9 +1113,9 @@ const udp_content_delivery_ports_resp: table[port] of bool = {} &redef; const udp_content_deliver_all_orig = F &redef; ## If true, all UDP responder-side traffic is reported via -## :bro:see:`udp_contents`. +## :zeek:see:`udp_contents`. ## -## .. bro:see:: tcp_content_delivery_ports_orig +## .. zeek:see:: tcp_content_delivery_ports_orig ## tcp_content_delivery_ports_resp tcp_content_deliver_all_resp ## tcp_content_delivery_ports_orig udp_content_delivery_ports_orig ## udp_content_delivery_ports_resp udp_content_deliver_all_orig @@ -1124,19 +1124,19 @@ const udp_content_deliver_all_resp = F &redef; ## Check for expired table entries after this amount of time. ## -## .. bro:see:: table_incremental_step table_expire_delay +## .. zeek:see:: table_incremental_step table_expire_delay const table_expire_interval = 10 secs &redef; ## When expiring/serializing table entries, don't work on more than this many ## table entries at a time. ## -## .. bro:see:: table_expire_interval table_expire_delay +## .. zeek:see:: table_expire_interval table_expire_delay const table_incremental_step = 5000 &redef; ## When expiring table entries, wait this amount of time before checking the ## next chunk of entries. ## -## .. bro:see:: table_expire_interval table_incremental_step +## .. zeek:see:: table_expire_interval table_incremental_step const table_expire_delay = 0.01 secs &redef; ## Time to wait before timing out a DNS request. @@ -1158,7 +1158,7 @@ const encap_hdr_size = 0 &redef; ## Whether to use the ``ConnSize`` analyzer to count the number of packets and ## IP-level bytes transferred by each endpoint. If true, these values are -## returned in the connection's :bro:see:`endpoint` record value. +## returned in the connection's :zeek:see:`endpoint` record value. const use_conn_size_analyzer = T &redef; # todo:: these should go into an enum to make them autodoc'able. @@ -1167,7 +1167,7 @@ const ENDIAN_LITTLE = 1; ##< Little endian. const ENDIAN_BIG = 2; ##< Big endian. const ENDIAN_CONFUSED = 3; ##< Tried to determine endian, but failed. -# Values for :bro:see:`set_contents_file` *direction* argument. +# Values for :zeek:see:`set_contents_file` *direction* argument. # todo:: these should go into an enum to make them autodoc'able const CONTENTS_NONE = 0; ##< Turn off recording of contents. const CONTENTS_ORIG = 1; ##< Record originator contents. @@ -1177,7 +1177,7 @@ const CONTENTS_BOTH = 3; ##< Record both originator and responder contents. # Values for code of ICMP *unreachable* messages. The list is not exhaustive. # todo:: these should go into an enum to make them autodoc'able # -# .. bro:see:: icmp_unreachable +# .. zeek:see:: icmp_unreachable const ICMP_UNREACH_NET = 0; ##< Network unreachable. const ICMP_UNREACH_HOST = 1; ##< Host unreachable. const ICMP_UNREACH_PROTOCOL = 2; ##< Protocol unreachable. @@ -1211,7 +1211,7 @@ const IPPROTO_MOBILITY = 135; ##< IPv6 mobility header. ## Values extracted from an IPv6 extension header's (e.g. hop-by-hop or ## destination option headers) option field. ## -## .. bro:see:: ip6_hdr ip6_ext_hdr ip6_hopopts ip6_dstopts +## .. zeek:see:: ip6_hdr ip6_ext_hdr ip6_hopopts ip6_dstopts type ip6_option: record { otype: count; ##< Option type. len: count; ##< Option data length. @@ -1223,10 +1223,10 @@ type ip6_options: vector of ip6_option; ## Values extracted from an IPv6 Hop-by-Hop options extension header. ## -## .. bro:see:: pkt_hdr ip4_hdr ip6_hdr ip6_ext_hdr ip6_option +## .. zeek:see:: pkt_hdr ip4_hdr ip6_hdr ip6_ext_hdr ip6_option type ip6_hopopts: record { ## Protocol number of the next header (RFC 1700 et seq., IANA assigned - ## number), e.g. :bro:id:`IPPROTO_ICMP`. + ## number), e.g. :zeek:id:`IPPROTO_ICMP`. nxt: count; ## Length of header in 8-octet units, excluding first unit. len: count; @@ -1236,10 +1236,10 @@ type ip6_hopopts: record { ## Values extracted from an IPv6 Destination options extension header. ## -## .. bro:see:: pkt_hdr ip4_hdr ip6_hdr ip6_ext_hdr ip6_option +## .. zeek:see:: pkt_hdr ip4_hdr ip6_hdr ip6_ext_hdr ip6_option type ip6_dstopts: record { ## Protocol number of the next header (RFC 1700 et seq., IANA assigned - ## number), e.g. :bro:id:`IPPROTO_ICMP`. + ## number), e.g. :zeek:id:`IPPROTO_ICMP`. nxt: count; ## Length of header in 8-octet units, excluding first unit. len: count; @@ -1249,10 +1249,10 @@ type ip6_dstopts: record { ## Values extracted from an IPv6 Routing extension header. ## -## .. bro:see:: pkt_hdr ip4_hdr ip6_hdr ip6_ext_hdr +## .. zeek:see:: pkt_hdr ip4_hdr ip6_hdr ip6_ext_hdr type ip6_routing: record { ## Protocol number of the next header (RFC 1700 et seq., IANA assigned - ## number), e.g. :bro:id:`IPPROTO_ICMP`. + ## number), e.g. :zeek:id:`IPPROTO_ICMP`. nxt: count; ## Length of header in 8-octet units, excluding first unit. len: count; @@ -1266,10 +1266,10 @@ type ip6_routing: record { ## Values extracted from an IPv6 Fragment extension header. ## -## .. bro:see:: pkt_hdr ip4_hdr ip6_hdr ip6_ext_hdr +## .. zeek:see:: pkt_hdr ip4_hdr ip6_hdr ip6_ext_hdr type ip6_fragment: record { ## Protocol number of the next header (RFC 1700 et seq., IANA assigned - ## number), e.g. :bro:id:`IPPROTO_ICMP`. + ## number), e.g. :zeek:id:`IPPROTO_ICMP`. nxt: count; ## 8-bit reserved field. rsv1: count; @@ -1285,10 +1285,10 @@ type ip6_fragment: record { ## Values extracted from an IPv6 Authentication extension header. ## -## .. bro:see:: pkt_hdr ip4_hdr ip6_hdr ip6_ext_hdr +## .. zeek:see:: pkt_hdr ip4_hdr ip6_hdr ip6_ext_hdr type ip6_ah: record { ## Protocol number of the next header (RFC 1700 et seq., IANA assigned - ## number), e.g. :bro:id:`IPPROTO_ICMP`. + ## number), e.g. :zeek:id:`IPPROTO_ICMP`. nxt: count; ## Length of header in 4-octet units, excluding first two units. len: count; @@ -1304,7 +1304,7 @@ type ip6_ah: record { ## Values extracted from an IPv6 ESP extension header. ## -## .. bro:see:: pkt_hdr ip4_hdr ip6_hdr ip6_ext_hdr +## .. zeek:see:: pkt_hdr ip4_hdr ip6_hdr ip6_ext_hdr type ip6_esp: record { ## Security Parameters Index. spi: count; @@ -1314,7 +1314,7 @@ type ip6_esp: record { ## Values extracted from an IPv6 Mobility Binding Refresh Request message. ## -## .. bro:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg +## .. zeek:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg type ip6_mobility_brr: record { ## Reserved. rsv: count; @@ -1324,7 +1324,7 @@ type ip6_mobility_brr: record { ## Values extracted from an IPv6 Mobility Home Test Init message. ## -## .. bro:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg +## .. zeek:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg type ip6_mobility_hoti: record { ## Reserved. rsv: count; @@ -1336,7 +1336,7 @@ type ip6_mobility_hoti: record { ## Values extracted from an IPv6 Mobility Care-of Test Init message. ## -## .. bro:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg +## .. zeek:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg type ip6_mobility_coti: record { ## Reserved. rsv: count; @@ -1348,7 +1348,7 @@ type ip6_mobility_coti: record { ## Values extracted from an IPv6 Mobility Home Test message. ## -## .. bro:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg +## .. zeek:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg type ip6_mobility_hot: record { ## Home Nonce Index. nonce_idx: count; @@ -1362,7 +1362,7 @@ type ip6_mobility_hot: record { ## Values extracted from an IPv6 Mobility Care-of Test message. ## -## .. bro:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg +## .. zeek:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg type ip6_mobility_cot: record { ## Care-of Nonce Index. nonce_idx: count; @@ -1376,7 +1376,7 @@ type ip6_mobility_cot: record { ## Values extracted from an IPv6 Mobility Binding Update message. ## -## .. bro:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg +## .. zeek:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg type ip6_mobility_bu: record { ## Sequence number. seq: count; @@ -1396,7 +1396,7 @@ type ip6_mobility_bu: record { ## Values extracted from an IPv6 Mobility Binding Acknowledgement message. ## -## .. bro:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg +## .. zeek:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg type ip6_mobility_back: record { ## Status. status: count; @@ -1412,7 +1412,7 @@ type ip6_mobility_back: record { ## Values extracted from an IPv6 Mobility Binding Error message. ## -## .. bro:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg +## .. zeek:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg type ip6_mobility_be: record { ## Status. status: count; @@ -1424,7 +1424,7 @@ type ip6_mobility_be: record { ## Values extracted from an IPv6 Mobility header's message data. ## -## .. bro:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr +## .. zeek:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr type ip6_mobility_msg: record { ## The type of message from the header's MH Type field. id: count; @@ -1448,10 +1448,10 @@ type ip6_mobility_msg: record { ## Values extracted from an IPv6 Mobility header. ## -## .. bro:see:: pkt_hdr ip4_hdr ip6_hdr ip6_ext_hdr +## .. zeek:see:: pkt_hdr ip4_hdr ip6_hdr ip6_ext_hdr type ip6_mobility_hdr: record { ## Protocol number of the next header (RFC 1700 et seq., IANA assigned - ## number), e.g. :bro:id:`IPPROTO_ICMP`. + ## number), e.g. :zeek:id:`IPPROTO_ICMP`. nxt: count; ## Length of header in 8-octet units, excluding first unit. len: count; @@ -1467,7 +1467,7 @@ type ip6_mobility_hdr: record { ## A general container for a more specific IPv6 extension header. ## -## .. bro:see:: pkt_hdr ip4_hdr ip6_hopopts ip6_dstopts ip6_routing ip6_fragment +## .. zeek:see:: pkt_hdr ip4_hdr ip6_hopopts ip6_dstopts ip6_routing ip6_fragment ## ip6_ah ip6_esp type ip6_ext_hdr: record { ## The RFC 1700 et seq. IANA assigned number identifying the type of @@ -1494,7 +1494,7 @@ type ip6_ext_hdr_chain: vector of ip6_ext_hdr; ## Values extracted from an IPv6 header. ## -## .. bro:see:: pkt_hdr ip4_hdr ip6_ext_hdr ip6_hopopts ip6_dstopts +## .. zeek:see:: pkt_hdr ip4_hdr ip6_ext_hdr ip6_hopopts ip6_dstopts ## ip6_routing ip6_fragment ip6_ah ip6_esp type ip6_hdr: record { class: count; ##< Traffic class. @@ -1502,7 +1502,7 @@ type ip6_hdr: record { len: count; ##< Payload length. nxt: count; ##< Protocol number of the next header ##< (RFC 1700 et seq., IANA assigned number) - ##< e.g. :bro:id:`IPPROTO_ICMP`. + ##< e.g. :zeek:id:`IPPROTO_ICMP`. hlim: count; ##< Hop limit. src: addr; ##< Source address. dst: addr; ##< Destination address. @@ -1511,7 +1511,7 @@ type ip6_hdr: record { ## Values extracted from an IPv4 header. ## -## .. bro:see:: pkt_hdr ip6_hdr discarder_check_ip +## .. zeek:see:: pkt_hdr ip6_hdr discarder_check_ip type ip4_hdr: record { hl: count; ##< Header length in bytes. tos: count; ##< Type of service. @@ -1536,7 +1536,7 @@ const TH_FLAGS = 63; ##< Mask combining all flags. ## Values extracted from a TCP header. ## -## .. bro:see:: pkt_hdr discarder_check_tcp +## .. zeek:see:: pkt_hdr discarder_check_tcp type tcp_hdr: record { sport: port; ##< source port. dport: port; ##< destination port @@ -1550,7 +1550,7 @@ type tcp_hdr: record { ## Values extracted from a UDP header. ## -## .. bro:see:: pkt_hdr discarder_check_udp +## .. zeek:see:: pkt_hdr discarder_check_udp type udp_hdr: record { sport: port; ##< source port dport: port; ##< destination port @@ -1559,14 +1559,14 @@ type udp_hdr: record { ## Values extracted from an ICMP header. ## -## .. bro:see:: pkt_hdr discarder_check_icmp +## .. zeek:see:: pkt_hdr discarder_check_icmp type icmp_hdr: record { icmp_type: count; ##< type of message }; ## A packet header, consisting of an IP header and transport-layer header. ## -## .. bro:see:: new_packet +## .. zeek:see:: new_packet type pkt_hdr: record { ip: ip4_hdr &optional; ##< The IPv4 header if an IPv4 packet. ip6: ip6_hdr &optional; ##< The IPv6 header if an IPv6 packet. @@ -1577,7 +1577,7 @@ type pkt_hdr: record { ## Values extracted from the layer 2 header. ## -## .. bro:see:: pkt_hdr +## .. zeek:see:: pkt_hdr type l2_hdr: record { encap: link_encap; ##< L2 link encapsulation. len: count; ##< Total frame length on wire. @@ -1591,9 +1591,9 @@ type l2_hdr: record { }; ## A raw packet header, consisting of L2 header and everything in -## :bro:see:`pkt_hdr`. . +## :zeek:see:`pkt_hdr`. . ## -## .. bro:see:: raw_packet pkt_hdr +## .. zeek:see:: raw_packet pkt_hdr type raw_pkt_hdr: record { l2: l2_hdr; ##< The layer 2 header. ip: ip4_hdr &optional; ##< The IPv4 header if an IPv4 packet. @@ -1606,7 +1606,7 @@ type raw_pkt_hdr: record { ## A Teredo origin indication header. See :rfc:`4380` for more information ## about the Teredo protocol. ## -## .. bro:see:: teredo_bubble teredo_origin_indication teredo_authentication +## .. zeek:see:: teredo_bubble teredo_origin_indication teredo_authentication ## teredo_hdr type teredo_auth: record { id: string; ##< Teredo client identifier. @@ -1622,7 +1622,7 @@ type teredo_auth: record { ## A Teredo authentication header. See :rfc:`4380` for more information ## about the Teredo protocol. ## -## .. bro:see:: teredo_bubble teredo_origin_indication teredo_authentication +## .. zeek:see:: teredo_bubble teredo_origin_indication teredo_authentication ## teredo_hdr type teredo_origin: record { p: port; ##< Unobfuscated UDP port of Teredo client. @@ -1632,7 +1632,7 @@ type teredo_origin: record { ## A Teredo packet header. See :rfc:`4380` for more information about the ## Teredo protocol. ## -## .. bro:see:: teredo_bubble teredo_origin_indication teredo_authentication +## .. zeek:see:: teredo_bubble teredo_origin_indication teredo_authentication type teredo_hdr: record { auth: teredo_auth &optional; ##< Teredo authentication header. origin: teredo_origin &optional; ##< Teredo origin indication header. @@ -1831,7 +1831,7 @@ global log_file_name: function(tag: string): string &redef; global open_log_file: function(tag: string): file &redef; ## Specifies a directory for Bro to store its persistent state. All globals can -## be declared persistent via the :bro:attr:`&persistent` attribute. +## be declared persistent via the :zeek:attr:`&persistent` attribute. const state_dir = ".state" &redef; ## Length of the delays inserted when storing state incrementally. To avoid @@ -1892,7 +1892,7 @@ global secondary_filters: table[string] of event(filter: string, pkt: pkt_hdr) ## Maximum length of payload passed to discarder functions. ## -## .. bro:see:: discarder_check_tcp discarder_check_udp discarder_check_icmp +## .. zeek:see:: discarder_check_tcp discarder_check_udp discarder_check_icmp ## discarder_check_ip global discarder_maxlen = 128 &redef; @@ -1905,7 +1905,7 @@ global discarder_maxlen = 128 &redef; ## ## Returns: True if the packet should not be analyzed any further. ## -## .. bro:see:: discarder_check_tcp discarder_check_udp discarder_check_icmp +## .. zeek:see:: discarder_check_tcp discarder_check_udp discarder_check_icmp ## discarder_maxlen ## ## .. note:: This is very low-level functionality and potentially expensive. @@ -1919,11 +1919,11 @@ global discarder_check_ip: function(p: pkt_hdr): bool; ## ## p: The IP and TCP headers of the considered packet. ## -## d: Up to :bro:see:`discarder_maxlen` bytes of the TCP payload. +## d: Up to :zeek:see:`discarder_maxlen` bytes of the TCP payload. ## ## Returns: True if the packet should not be analyzed any further. ## -## .. bro:see:: discarder_check_ip discarder_check_udp discarder_check_icmp +## .. zeek:see:: discarder_check_ip discarder_check_udp discarder_check_icmp ## discarder_maxlen ## ## .. note:: This is very low-level functionality and potentially expensive. @@ -1937,11 +1937,11 @@ global discarder_check_tcp: function(p: pkt_hdr, d: string): bool; ## ## p: The IP and UDP headers of the considered packet. ## -## d: Up to :bro:see:`discarder_maxlen` bytes of the UDP payload. +## d: Up to :zeek:see:`discarder_maxlen` bytes of the UDP payload. ## ## Returns: True if the packet should not be analyzed any further. ## -## .. bro:see:: discarder_check_ip discarder_check_tcp discarder_check_icmp +## .. zeek:see:: discarder_check_ip discarder_check_tcp discarder_check_icmp ## discarder_maxlen ## ## .. note:: This is very low-level functionality and potentially expensive. @@ -1957,7 +1957,7 @@ global discarder_check_udp: function(p: pkt_hdr, d: string): bool; ## ## Returns: True if the packet should not be analyzed any further. ## -## .. bro:see:: discarder_check_ip discarder_check_tcp discarder_check_udp +## .. zeek:see:: discarder_check_ip discarder_check_tcp discarder_check_udp ## discarder_maxlen ## ## .. note:: This is very low-level functionality and potentially expensive. @@ -1979,7 +1979,7 @@ const max_remote_events_processed = 10 &redef; # These need to match the definitions in Login.h. # -# .. bro:see:: get_login_state +# .. zeek:see:: get_login_state # # todo:: use enum to make them autodoc'able const LOGIN_STATE_AUTHENTICATE = 0; # Trying to authenticate. @@ -2061,7 +2061,7 @@ global login_timeouts: set[string] &redef; ## A MIME header key/value pair. ## -## .. bro:see:: mime_header_list http_all_headers mime_all_headers mime_one_header +## .. zeek:see:: mime_header_list http_all_headers mime_all_headers mime_one_header type mime_header_rec: record { name: string; ##< The header name. value: string; ##< The header value. @@ -2069,22 +2069,22 @@ type mime_header_rec: record { ## A list of MIME headers. ## -## .. bro:see:: mime_header_rec http_all_headers mime_all_headers +## .. zeek:see:: mime_header_rec http_all_headers mime_all_headers type mime_header_list: table[count] of mime_header_rec; ## The length of MIME data segments delivered to handlers of -## :bro:see:`mime_segment_data`. +## :zeek:see:`mime_segment_data`. ## -## .. bro:see:: mime_segment_data mime_segment_overlap_length +## .. zeek:see:: mime_segment_data mime_segment_overlap_length global mime_segment_length = 1024 &redef; ## The number of bytes of overlap between successive segments passed to -## :bro:see:`mime_segment_data`. +## :zeek:see:`mime_segment_data`. global mime_segment_overlap_length = 0 &redef; ## An RPC portmapper mapping. ## -## .. bro:see:: pm_mappings +## .. zeek:see:: pm_mappings type pm_mapping: record { program: count; ##< The RPC program. version: count; ##< The program version. @@ -2093,12 +2093,12 @@ type pm_mapping: record { ## Table of RPC portmapper mappings. ## -## .. bro:see:: pm_request_dump +## .. zeek:see:: pm_request_dump type pm_mappings: table[count] of pm_mapping; ## An RPC portmapper request. ## -## .. bro:see:: pm_attempt_getport pm_request_getport +## .. zeek:see:: pm_attempt_getport pm_request_getport type pm_port_request: record { program: count; ##< The RPC program. version: count; ##< The program version. @@ -2107,7 +2107,7 @@ type pm_port_request: record { ## An RPC portmapper *callit* request. ## -## .. bro:see:: pm_attempt_callit pm_request_callit +## .. zeek:see:: pm_attempt_callit pm_request_callit type pm_callit_request: record { program: count; ##< The RPC program. version: count; ##< The program version. @@ -2128,7 +2128,7 @@ type pm_callit_request: record { ## Mapping of numerical RPC status codes to readable messages. ## -## .. bro:see:: pm_attempt_callit pm_attempt_dump pm_attempt_getport +## .. zeek:see:: pm_attempt_callit pm_attempt_dump pm_attempt_getport ## pm_attempt_null pm_attempt_set pm_attempt_unset rpc_dialogue rpc_reply const RPC_status = { [RPC_SUCCESS] = "ok", @@ -2145,17 +2145,17 @@ const RPC_status = { module NFS3; export { - ## If true, :bro:see:`nfs_proc_read` and :bro:see:`nfs_proc_write` + ## If true, :zeek:see:`nfs_proc_read` and :zeek:see:`nfs_proc_write` ## events return the file data that has been read/written. ## - ## .. bro:see:: NFS3::return_data_max NFS3::return_data_first_only + ## .. zeek:see:: NFS3::return_data_max NFS3::return_data_first_only const return_data = F &redef; - ## If :bro:id:`NFS3::return_data` is true, how much data should be + ## If :zeek:id:`NFS3::return_data` is true, how much data should be ## returned at most. const return_data_max = 512 &redef; - ## If :bro:id:`NFS3::return_data` is true, whether to *only* return data + ## If :zeek:id:`NFS3::return_data` is true, whether to *only* return data ## if the read or write offset is 0, i.e., only return data for the ## beginning of the file. const return_data_first_only = T &redef; @@ -2171,7 +2171,7 @@ export { ## analyzer. Depending on the reassembler, this might be well after the ## first packet of the request was received. ## - ## .. bro:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup + ## .. zeek:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup ## nfs_proc_mkdir nfs_proc_not_implemented nfs_proc_null ## nfs_proc_read nfs_proc_readdir nfs_proc_readlink nfs_proc_remove ## nfs_proc_rmdir nfs_proc_write nfs_reply_status @@ -2206,7 +2206,7 @@ export { ## NFS file attributes. Field names are based on RFC 1813. ## - ## .. bro:see:: nfs_proc_sattr + ## .. zeek:see:: nfs_proc_sattr type sattr_t: record { mode: count &optional; ##< Mode uid: count &optional; ##< User ID. @@ -2218,7 +2218,7 @@ export { ## NFS file attributes. Field names are based on RFC 1813. ## - ## .. bro:see:: nfs_proc_getattr + ## .. zeek:see:: nfs_proc_getattr type fattr_t: record { ftype: file_type_t; ##< File type. mode: count; ##< Mode @@ -2238,7 +2238,7 @@ export { ## NFS symlinkdata attributes. Field names are based on RFC 1813 ## - ## .. bro:see:: nfs_proc_symlink + ## .. zeek:see:: nfs_proc_symlink type symlinkdata_t: record { symlink_attributes: sattr_t; ##< The initial attributes for the symbolic link nfspath: string &optional; ##< The string containing the symbolic link data. @@ -2246,7 +2246,7 @@ export { ## NFS *readdir* arguments. ## - ## .. bro:see:: nfs_proc_readdir + ## .. zeek:see:: nfs_proc_readdir type diropargs_t : record { dirfh: string; ##< The file handle of the directory. fname: string; ##< The name of the file we are interested in. @@ -2254,7 +2254,7 @@ export { ## NFS *rename* arguments. ## - ## .. bro:see:: nfs_proc_rename + ## .. zeek:see:: nfs_proc_rename type renameopargs_t : record { src_dirfh : string; src_fname : string; @@ -2264,7 +2264,7 @@ export { ## NFS *symlink* arguments. ## - ## .. bro:see:: nfs_proc_symlink + ## .. zeek:see:: nfs_proc_symlink type symlinkargs_t: record { link : diropargs_t; ##< The location of the link to be created. symlinkdata: symlinkdata_t; ##< The symbolic link to be created. @@ -2272,7 +2272,7 @@ export { ## NFS *link* arguments. ## - ## .. bro:see:: nfs_proc_link + ## .. zeek:see:: nfs_proc_link type linkargs_t: record { fh : string; ##< The file handle for the existing file system object. link : diropargs_t; ##< The location of the link to be created. @@ -2280,7 +2280,7 @@ export { ## NFS *sattr* arguments. ## - ## .. bro:see:: nfs_proc_sattr + ## .. zeek:see:: nfs_proc_sattr type sattrargs_t: record { fh : string; ##< The file handle for the existing file system object. new_attributes: sattr_t; ##< The new attributes for the file. @@ -2290,7 +2290,7 @@ export { ## lookup succeeded, *fh* is always set and *obj_attr* and *dir_attr* ## may be set. ## - ## .. bro:see:: nfs_proc_lookup + ## .. zeek:see:: nfs_proc_lookup type lookup_reply_t: record { fh: string &optional; ##< File handle of object looked up. obj_attr: fattr_t &optional; ##< Optional attributes associated w/ file @@ -2299,7 +2299,7 @@ export { ## NFS *read* arguments. ## - ## .. bro:see:: nfs_proc_read + ## .. zeek:see:: nfs_proc_read type readargs_t: record { fh: string; ##< File handle to read from. offset: count; ##< Offset in file. @@ -2318,7 +2318,7 @@ export { ## NFS *readline* reply. If the request fails, *attr* may be set. If the ## request succeeds, *attr* may be set and all other fields are set. ## - ## .. bro:see:: nfs_proc_readlink + ## .. zeek:see:: nfs_proc_readlink type readlink_reply_t: record { attr: fattr_t &optional; ##< Attributes. nfspath: string &optional; ##< Contents of the symlink; in general a pathname as text. @@ -2326,7 +2326,7 @@ export { ## NFS *write* arguments. ## - ## .. bro:see:: nfs_proc_write + ## .. zeek:see:: nfs_proc_write type writeargs_t: record { fh: string; ##< File handle to write to. offset: count; ##< Offset in file. @@ -2337,7 +2337,7 @@ export { ## NFS *wcc* attributes. ## - ## .. bro:see:: NFS3::write_reply_t + ## .. zeek:see:: NFS3::write_reply_t type wcc_attr_t: record { size: count; ##< The size. atime: time; ##< Access time. @@ -2346,7 +2346,7 @@ export { ## NFS *link* reply. ## - ## .. bro:see:: nfs_proc_link + ## .. zeek:see:: nfs_proc_link type link_reply_t: record { post_attr: fattr_t &optional; ##< Optional post-operation attributes of the file system object identified by file preattr: wcc_attr_t &optional; ##< Optional attributes associated w/ file. @@ -2365,7 +2365,7 @@ export { ## If the request succeeds, *pre|post* attr may be set and all other ## fields are set. ## - ## .. bro:see:: nfs_proc_write + ## .. zeek:see:: nfs_proc_write type write_reply_t: record { preattr: wcc_attr_t &optional; ##< Pre operation attributes. postattr: fattr_t &optional; ##< Post operation attributes. @@ -2379,7 +2379,7 @@ export { ## *attr*'s may be set. Note: no guarantee that *fh* is set after ## success. ## - ## .. bro:see:: nfs_proc_create nfs_proc_mkdir + ## .. zeek:see:: nfs_proc_create nfs_proc_mkdir type newobj_reply_t: record { fh: string &optional; ##< File handle of object created. obj_attr: fattr_t &optional; ##< Optional attributes associated w/ new object. @@ -2389,7 +2389,7 @@ export { ## NFS reply for *remove*, *rmdir*. Corresponds to *wcc_data* in the spec. ## - ## .. bro:see:: nfs_proc_remove nfs_proc_rmdir + ## .. zeek:see:: nfs_proc_remove nfs_proc_rmdir type delobj_reply_t: record { dir_pre_attr: wcc_attr_t &optional; ##< Optional attributes associated w/ dir. dir_post_attr: fattr_t &optional; ##< Optional attributes associated w/ dir. @@ -2397,7 +2397,7 @@ export { ## NFS reply for *rename*. Corresponds to *wcc_data* in the spec. ## - ## .. bro:see:: nfs_proc_rename + ## .. zeek:see:: nfs_proc_rename type renameobj_reply_t: record { src_dir_pre_attr: wcc_attr_t; src_dir_post_attr: fattr_t; @@ -2407,7 +2407,7 @@ export { ## NFS *readdir* arguments. Used for both *readdir* and *readdirplus*. ## - ## .. bro:see:: nfs_proc_readdir + ## .. zeek:see:: nfs_proc_readdir type readdirargs_t: record { isplus: bool; ##< Is this a readdirplus request? dirfh: string; ##< The directory filehandle. @@ -2420,7 +2420,7 @@ export { ## NFS *direntry*. *fh* and *attr* are used for *readdirplus*. However, ## even for *readdirplus* they may not be filled out. ## - ## .. bro:see:: NFS3::direntry_vec_t NFS3::readdir_reply_t + ## .. zeek:see:: NFS3::direntry_vec_t NFS3::readdir_reply_t type direntry_t: record { fileid: count; ##< E.g., inode number. fname: string; ##< Filename. @@ -2431,7 +2431,7 @@ export { ## Vector of NFS *direntry*. ## - ## .. bro:see:: NFS3::readdir_reply_t + ## .. zeek:see:: NFS3::readdir_reply_t type direntry_vec_t: vector of direntry_t; ## NFS *readdir* reply. Used for *readdir* and *readdirplus*. If an is @@ -2473,7 +2473,7 @@ export { # analyzer. Depending on the reassembler, this might be well after the # first packet of the request was received. # - # .. bro:see:: mount_proc_mnt mount_proc_dump mount_proc_umnt + # .. zeek:see:: mount_proc_mnt mount_proc_dump mount_proc_umnt # mount_proc_umntall mount_proc_export mount_proc_not_implemented type info_t: record { ## The RPC status. @@ -2506,7 +2506,7 @@ export { ## MOUNT *mnt* arguments. ## - ## .. bro:see:: mount_proc_mnt + ## .. zeek:see:: mount_proc_mnt type dirmntargs_t : record { dirname: string; ##< Name of directory to mount }; @@ -2514,7 +2514,7 @@ export { ## MOUNT lookup reply. If the mount failed, *dir_attr* may be set. If the ## mount succeeded, *fh* is always set. ## - ## .. bro:see:: mount_proc_mnt + ## .. zeek:see:: mount_proc_mnt type mnt_reply_t: record { dirfh: string &optional; ##< Dir handle auth_flavors: vector of auth_flavor_t &optional; ##< Returned authentication flavors @@ -2571,7 +2571,7 @@ module GLOBAL; ## An NTP message. ## -## .. bro:see:: ntp_message +## .. zeek:see:: ntp_message type ntp_msg: record { id: count; ##< Message ID. code: count; ##< Message code. @@ -2730,7 +2730,7 @@ export { ## ## For more information, see MS-SMB2:2.2.16 ## - ## .. bro:see:: smb1_nt_create_andx_response smb2_create_response + ## .. zeek:see:: smb1_nt_create_andx_response smb2_create_response type SMB::MACTimes: record { ## The time when data was last written to the file. modified : time &log; @@ -2746,7 +2746,7 @@ export { ## only comes into play as a heuristic to identify named ## pipes when the drive mapping wasn't seen by Bro. ## - ## .. bro:see:: smb_pipe_connect_heuristic + ## .. zeek:see:: smb_pipe_connect_heuristic const SMB::pipe_filenames: set[string] &redef; } @@ -2755,7 +2755,7 @@ module SMB1; export { ## An SMB1 header. ## - ## .. bro:see:: smb1_message smb1_empty_response smb1_error + ## .. zeek:see:: smb1_message smb1_empty_response smb1_error ## smb1_check_directory_request smb1_check_directory_response ## smb1_close_request smb1_create_directory_request ## smb1_create_directory_response smb1_echo_request @@ -3112,7 +3112,7 @@ export { ## ## For more information, see MS-SMB2:2.2.1.1 and MS-SMB2:2.2.1.2 ## - ## .. bro:see:: smb2_message smb2_close_request smb2_close_response + ## .. zeek:see:: smb2_message smb2_close_request smb2_close_response ## smb2_create_request smb2_create_response smb2_negotiate_request ## smb2_negotiate_response smb2_read_request ## smb2_session_setup_request smb2_session_setup_response @@ -3150,7 +3150,7 @@ export { ## ## For more information, see MS-SMB2:2.2.14.1 ## - ## .. bro:see:: smb2_close_request smb2_create_response smb2_read_request + ## .. zeek:see:: smb2_close_request smb2_create_response smb2_read_request ## smb2_file_rename smb2_file_delete smb2_write_request type SMB2::GUID: record { ## A file handle that remains persistent when reconnected after a disconnect @@ -3163,7 +3163,7 @@ export { ## ## For more information, see MS-CIFS:2.2.1.2.3 and MS-FSCC:2.6 ## - ## .. bro:see:: smb2_create_response + ## .. zeek:see:: smb2_create_response type SMB2::FileAttrs: record { ## The file is read only. Applications can read the file but cannot ## write to it or delete it. @@ -3214,7 +3214,7 @@ export { ## ## For more information, see MS-SMB2:2.2.16 ## - ## .. bro:see:: smb2_close_response + ## .. zeek:see:: smb2_close_response type SMB2::CloseResponse: record { ## The size, in bytes of the data that is allocated to the file. alloc_size : count; @@ -3289,7 +3289,7 @@ export { ## ## For more information, see MS-SMB2:2.2.4 ## - ## .. bro:see:: smb2_negotiate_response + ## .. zeek:see:: smb2_negotiate_response type SMB2::NegotiateResponse: record { ## The preferred common SMB2 Protocol dialect number from the array that was sent in the SMB2 ## NEGOTIATE Request. @@ -3314,7 +3314,7 @@ export { ## ## For more information, see MS-SMB2:2.2.5 ## - ## .. bro:see:: smb2_session_setup_request + ## .. zeek:see:: smb2_session_setup_request type SMB2::SessionSetupRequest: record { ## The security mode field specifies whether SMB signing is enabled or required at the client. security_mode: count; @@ -3325,7 +3325,7 @@ export { ## ## For more information, see MS-SMB2:2.2.6 ## - ## .. bro:see:: smb2_session_setup_response + ## .. zeek:see:: smb2_session_setup_response type SMB2::SessionSetupFlags: record { ## If set, the client has been authenticated as a guest user. guest: bool; @@ -3341,7 +3341,7 @@ export { ## ## For more information, see MS-SMB2:2.2.6 ## - ## .. bro:see:: smb2_session_setup_response + ## .. zeek:see:: smb2_session_setup_response type SMB2::SessionSetupResponse: record { ## Additional information about the session flags: SMB2::SessionSetupFlags; @@ -3352,7 +3352,7 @@ export { ## ## For more information, see MS-SMB2:2.2.9 ## - ## .. bro:see:: smb2_tree_connect_response + ## .. zeek:see:: smb2_tree_connect_response type SMB2::TreeConnectResponse: record { ## The type of share being accessed. Physical disk, named pipe, or printer. share_type: count; @@ -3362,7 +3362,7 @@ export { ## ## For more information, see MS-SMB2:2.2.13 ## - ## .. bro:see:: smb2_create_request + ## .. zeek:see:: smb2_create_request type SMB2::CreateRequest: record { ## Name of the file filename : string; @@ -3377,7 +3377,7 @@ export { ## ## For more information, see MS-SMB2:2.2.14 ## - ## .. bro:see:: smb2_create_response + ## .. zeek:see:: smb2_create_response type SMB2::CreateResponse: record { ## The SMB2 GUID for the file. file_id : SMB2::GUID; @@ -3395,7 +3395,7 @@ export { ## ## For more information, see MS-SMB2:2.2.41 ## - ## .. bro:see:: smb2_transform_header smb2_message smb2_close_request smb2_close_response + ## .. zeek:see:: smb2_transform_header smb2_message smb2_close_request smb2_close_response ## smb2_create_request smb2_create_response smb2_negotiate_request ## smb2_negotiate_response smb2_read_request ## smb2_session_setup_request smb2_session_setup_response @@ -3424,11 +3424,11 @@ export { ## A list of addresses offered by a DHCP server. Could be routers, ## DNS servers, or other. ## - ## .. bro:see:: dhcp_message + ## .. zeek:see:: dhcp_message type DHCP::Addrs: vector of addr; ## A DHCP message. - ## .. bro:see:: dhcp_message + ## .. zeek:see:: dhcp_message type DHCP::Msg: record { op: count; ##< Message OP code. 1 = BOOTREQUEST, 2 = BOOTREPLY m_type: count; ##< The type of DHCP message. @@ -3447,7 +3447,7 @@ export { }; ## DHCP Client Identifier (Option 61) - ## .. bro:see:: dhcp_message + ## .. zeek:see:: dhcp_message type DHCP::ClientID: record { hwtype: count; hwaddr: string; @@ -3467,7 +3467,7 @@ export { }; ## DHCP Relay Agent Information Option (Option 82) - ## .. bro:see:: dhcp_message + ## .. zeek:see:: dhcp_message type DHCP::SubOpt: record { code: count; value: string; @@ -3565,7 +3565,7 @@ export { module GLOBAL; ## A DNS message. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl ## dns_HINFO_reply dns_MX_reply dns_NS_reply dns_PTR_reply dns_SOA_reply ## dns_SRV_reply dns_TSIG_addl dns_TXT_reply dns_WKS_reply dns_end ## dns_message dns_query_reply dns_rejected dns_request @@ -3590,7 +3590,7 @@ type dns_msg: record { ## A DNS SOA record. ## -## .. bro:see:: dns_SOA_reply +## .. zeek:see:: dns_SOA_reply type dns_soa: record { mname: string; ##< Primary source of data for zone. rname: string; ##< Mailbox for responsible person. @@ -3603,7 +3603,7 @@ type dns_soa: record { ## An additional DNS EDNS record. ## -## .. bro:see:: dns_EDNS_addl +## .. zeek:see:: dns_EDNS_addl type dns_edns_additional: record { query: string; ##< Query. qtype: count; ##< Query type. @@ -3618,7 +3618,7 @@ type dns_edns_additional: record { ## An additional DNS TSIG record. ## -## .. bro:see:: dns_TSIG_addl +## .. zeek:see:: dns_TSIG_addl type dns_tsig_additional: record { query: string; ##< Query. qtype: count; ##< Query type. @@ -3633,7 +3633,7 @@ type dns_tsig_additional: record { ## A DNSSEC RRSIG record. ## -## .. bro:see:: dns_RRSIG +## .. zeek:see:: dns_RRSIG type dns_rrsig_rr: record { query: string; ##< Query. answer_type: count; ##< Ans type. @@ -3651,7 +3651,7 @@ type dns_rrsig_rr: record { ## A DNSSEC DNSKEY record. ## -## .. bro:see:: dns_DNSKEY +## .. zeek:see:: dns_DNSKEY type dns_dnskey_rr: record { query: string; ##< Query. answer_type: count; ##< Ans type. @@ -3664,7 +3664,7 @@ type dns_dnskey_rr: record { ## A DNSSEC NSEC3 record. ## -## .. bro:see:: dns_NSEC3 +## .. zeek:see:: dns_NSEC3 type dns_nsec3_rr: record { query: string; ##< Query. answer_type: count; ##< Ans type. @@ -3681,7 +3681,7 @@ type dns_nsec3_rr: record { ## A DNSSEC DS record. ## -## .. bro:see:: dns_DS +## .. zeek:see:: dns_DS type dns_ds_rr: record { query: string; ##< Query. answer_type: count; ##< Ans type. @@ -3694,7 +3694,7 @@ type dns_ds_rr: record { # DNS answer types. # -# .. bro:see:: dns_answerr +# .. zeek:see:: dns_answerr # # todo:: use enum to make them autodoc'able const DNS_QUERY = 0; ##< A query. This shouldn't occur, just for completeness. @@ -3704,12 +3704,12 @@ const DNS_ADDL = 3; ##< An additional record. ## The general part of a DNS reply. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_HINFO_reply +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_HINFO_reply ## dns_MX_reply dns_NS_reply dns_PTR_reply dns_SOA_reply dns_SRV_reply ## dns_TXT_reply dns_WKS_reply type dns_answer: record { - ## Answer type. One of :bro:see:`DNS_QUERY`, :bro:see:`DNS_ANS`, - ## :bro:see:`DNS_AUTH` and :bro:see:`DNS_ADDL`. + ## Answer type. One of :zeek:see:`DNS_QUERY`, :zeek:see:`DNS_ANS`, + ## :zeek:see:`DNS_AUTH` and :zeek:see:`DNS_ADDL`. answer_type: count; query: string; ##< Query. qtype: count; ##< Query type. @@ -3720,23 +3720,23 @@ type dns_answer: record { ## For DNS servers in these sets, omit processing the AUTH records they include ## in their replies. ## -## .. bro:see:: dns_skip_all_auth dns_skip_addl +## .. zeek:see:: dns_skip_all_auth dns_skip_addl global dns_skip_auth: set[addr] &redef; ## For DNS servers in these sets, omit processing the ADDL records they include ## in their replies. ## -## .. bro:see:: dns_skip_all_addl dns_skip_auth +## .. zeek:see:: dns_skip_all_addl dns_skip_auth global dns_skip_addl: set[addr] &redef; ## If true, all DNS AUTH records are skipped. ## -## .. bro:see:: dns_skip_all_addl dns_skip_auth +## .. zeek:see:: dns_skip_all_addl dns_skip_auth global dns_skip_all_auth = T &redef; ## If true, all DNS ADDL records are skipped. ## -## .. bro:see:: dns_skip_all_auth dns_skip_addl +## .. zeek:see:: dns_skip_all_auth dns_skip_addl global dns_skip_all_addl = T &redef; ## If a DNS request includes more than this many queries, assume it's non-DNS @@ -3751,7 +3751,7 @@ const dns_resolver = [::] &redef; ## HTTP session statistics. ## -## .. bro:see:: http_stats +## .. zeek:see:: http_stats type http_stats_rec: record { num_requests: count; ##< Number of requests. num_replies: count; ##< Number of replies. @@ -3761,7 +3761,7 @@ type http_stats_rec: record { ## HTTP message statistics. ## -## .. bro:see:: http_message_done +## .. zeek:see:: http_message_done type http_message_stat: record { ## When the request/reply line was complete. start: time; @@ -3779,25 +3779,25 @@ type http_message_stat: record { ## Maximum number of HTTP entity data delivered to events. ## -## .. bro:see:: http_entity_data skip_http_entity_data skip_http_data +## .. zeek:see:: http_entity_data skip_http_entity_data skip_http_data global http_entity_data_delivery_size = 1500 &redef; ## Skip HTTP data for performance considerations. The skipped ## portion will not go through TCP reassembly. ## -## .. bro:see:: http_entity_data skip_http_entity_data http_entity_data_delivery_size +## .. zeek:see:: http_entity_data skip_http_entity_data http_entity_data_delivery_size const skip_http_data = F &redef; ## Maximum length of HTTP URIs passed to events. Longer ones will be truncated ## to prevent over-long URIs (usually sent by worms) from slowing down event ## processing. A value of -1 means "do not truncate". ## -## .. bro:see:: http_request +## .. zeek:see:: http_request const truncate_http_URI = -1 &redef; ## IRC join information. ## -## .. bro:see:: irc_join_list +## .. zeek:see:: irc_join_list type irc_join_info: record { nick: string; channel: string; @@ -3807,7 +3807,7 @@ type irc_join_info: record { ## Set of IRC join information. ## -## .. bro:see:: irc_join_message +## .. zeek:see:: irc_join_message type irc_join_list: set[irc_join_info]; module PE; @@ -4016,7 +4016,7 @@ type backdoor_endp_stats: record { ## Description of a signature match. ## -## .. bro:see:: signature_match +## .. zeek:see:: signature_match type signature_state: record { sig_id: string; ##< ID of the matching signature. conn: connection; ##< Matching connection. @@ -4046,7 +4046,7 @@ type software: record { ## Quality of passive fingerprinting matches. ## -## .. bro:see:: OS_version +## .. zeek:see:: OS_version type OS_version_inference: enum { direct_inference, ##< TODO. generic_inference, ##< TODO. @@ -4055,7 +4055,7 @@ type OS_version_inference: enum { ## Passive fingerprinting match. ## -## .. bro:see:: OS_version_found +## .. zeek:see:: OS_version_found type OS_version: record { genre: string; ##< Linux, Windows, AIX, ... detail: string; ##< Kernel version or such. @@ -4065,17 +4065,17 @@ type OS_version: record { ## Defines for which subnets we should do passive fingerprinting. ## -## .. bro:see:: OS_version_found +## .. zeek:see:: OS_version_found global generate_OS_version_event: set[subnet] &redef; -# Type used to report load samples via :bro:see:`load_sample`. For now, it's a +# Type used to report load samples via :zeek:see:`load_sample`. For now, it's a # set of names (event names, source file names, and perhaps ````), which were seen during the sample. type load_sample_info: set[string]; ## A BitTorrent peer. ## -## .. bro:see:: bittorrent_peer_set +## .. zeek:see:: bittorrent_peer_set type bittorrent_peer: record { h: addr; ##< The peer's address. p: port; ##< The peer's port. @@ -4083,13 +4083,13 @@ type bittorrent_peer: record { ## A set of BitTorrent peers. ## -## .. bro:see:: bt_tracker_response +## .. zeek:see:: bt_tracker_response type bittorrent_peer_set: set[bittorrent_peer]; ## BitTorrent "benc" value. Note that "benc" = Bencode ("Bee-Encode"), per ## http://en.wikipedia.org/wiki/Bencode. ## -## .. bro:see:: bittorrent_benc_dir +## .. zeek:see:: bittorrent_benc_dir type bittorrent_benc_value: record { i: int &optional; ##< TODO. s: string &optional; ##< TODO. @@ -4099,12 +4099,12 @@ type bittorrent_benc_value: record { ## A table of BitTorrent "benc" values. ## -## .. bro:see:: bt_tracker_response +## .. zeek:see:: bt_tracker_response type bittorrent_benc_dir: table[string] of bittorrent_benc_value; ## Header table type used by BitTorrent analyzer. ## -## .. bro:see:: bt_tracker_request bt_tracker_response +## .. zeek:see:: bt_tracker_request bt_tracker_response ## bt_tracker_response_not_ok type bt_tracker_headers: table[string] of string; @@ -4399,7 +4399,7 @@ export { }; ## A ``VarBindList`` data structure from either :rfc:`1157` or :rfc:`3416`. - ## A sequences of :bro:see:`SNMP::Binding`, which maps an OIDs to values. + ## A sequences of :zeek:see:`SNMP::Binding`, which maps an OIDs to values. type SNMP::Bindings: vector of SNMP::Binding; ## A ``PDU`` data structure from either :rfc:`1157` or :rfc:`3416`. @@ -4642,77 +4642,77 @@ const log_encryption_key = "" &redef; ## Write profiling info into this file in regular intervals. The easiest way to ## activate profiling is loading :doc:`/scripts/policy/misc/profiling.zeek`. ## -## .. bro:see:: profiling_interval expensive_profiling_multiple segment_profiling +## .. zeek:see:: profiling_interval expensive_profiling_multiple segment_profiling global profiling_file: file &redef; ## Update interval for profiling (0 disables). The easiest way to activate ## profiling is loading :doc:`/scripts/policy/misc/profiling.zeek`. ## -## .. bro:see:: profiling_file expensive_profiling_multiple segment_profiling +## .. zeek:see:: profiling_file expensive_profiling_multiple segment_profiling const profiling_interval = 0 secs &redef; -## Multiples of :bro:see:`profiling_interval` at which (more expensive) memory +## Multiples of :zeek:see:`profiling_interval` at which (more expensive) memory ## profiling is done (0 disables). ## -## .. bro:see:: profiling_interval profiling_file segment_profiling +## .. zeek:see:: profiling_interval profiling_file segment_profiling const expensive_profiling_multiple = 0 &redef; ## If true, then write segment profiling information (very high volume!) ## in addition to profiling statistics. ## -## .. bro:see:: profiling_interval expensive_profiling_multiple profiling_file +## .. zeek:see:: profiling_interval expensive_profiling_multiple profiling_file const segment_profiling = F &redef; ## Output modes for packet profiling information. ## -## .. bro:see:: pkt_profile_mode pkt_profile_freq pkt_profile_file +## .. zeek:see:: pkt_profile_mode pkt_profile_freq pkt_profile_file type pkt_profile_modes: enum { PKT_PROFILE_MODE_NONE, ##< No output. - PKT_PROFILE_MODE_SECS, ##< Output every :bro:see:`pkt_profile_freq` seconds. - PKT_PROFILE_MODE_PKTS, ##< Output every :bro:see:`pkt_profile_freq` packets. - PKT_PROFILE_MODE_BYTES, ##< Output every :bro:see:`pkt_profile_freq` bytes. + PKT_PROFILE_MODE_SECS, ##< Output every :zeek:see:`pkt_profile_freq` seconds. + PKT_PROFILE_MODE_PKTS, ##< Output every :zeek:see:`pkt_profile_freq` packets. + PKT_PROFILE_MODE_BYTES, ##< Output every :zeek:see:`pkt_profile_freq` bytes. }; ## Output mode for packet profiling information. ## -## .. bro:see:: pkt_profile_modes pkt_profile_freq pkt_profile_file +## .. zeek:see:: pkt_profile_modes pkt_profile_freq pkt_profile_file const pkt_profile_mode = PKT_PROFILE_MODE_NONE &redef; ## Frequency associated with packet profiling. ## -## .. bro:see:: pkt_profile_modes pkt_profile_mode pkt_profile_file +## .. zeek:see:: pkt_profile_modes pkt_profile_mode pkt_profile_file const pkt_profile_freq = 0.0 &redef; ## File where packet profiles are logged. ## -## .. bro:see:: pkt_profile_modes pkt_profile_freq pkt_profile_mode +## .. zeek:see:: pkt_profile_modes pkt_profile_freq pkt_profile_mode global pkt_profile_file: file &redef; -## Rate at which to generate :bro:see:`load_sample` events. As all +## Rate at which to generate :zeek:see:`load_sample` events. As all ## events, the event is only generated if you've also defined a -## :bro:see:`load_sample` handler. Units are inverse number of packets; e.g., +## :zeek:see:`load_sample` handler. Units are inverse number of packets; e.g., ## a value of 20 means "roughly one in every 20 packets". ## -## .. bro:see:: load_sample +## .. zeek:see:: load_sample global load_sample_freq = 20 &redef; ## Whether to attempt to automatically detect SYN/FIN/RST-filtered trace ## and not report missing segments for such connections. ## If this is enabled, then missing data at the end of connections may not -## be reported via :bro:see:`content_gap`. +## be reported via :zeek:see:`content_gap`. const detect_filtered_trace = F &redef; -## Whether we want :bro:see:`content_gap` for partial +## Whether we want :zeek:see:`content_gap` for partial ## connections. A connection is partial if it is missing a full handshake. Note ## that gap reports for partial connections might not be reliable. ## -## .. bro:see:: content_gap partial_connection +## .. zeek:see:: content_gap partial_connection const report_gaps_for_partial = F &redef; ## Flag to prevent Bro from exiting automatically when input is exhausted. ## Normally Bro terminates when all packet sources have gone dry ## and communication isn't enabled. If this flag is set, Bro's main loop will -## instead keep idling until :bro:see:`terminate` is explicitly called. +## instead keep idling until :zeek:see:`terminate` is explicitly called. ## ## This is mainly for testing purposes when termination behaviour needs to be ## controlled for reproducing results. @@ -4720,18 +4720,18 @@ const exit_only_after_terminate = F &redef; ## The CA certificate file to authorize remote Bros/Broccolis. ## -## .. bro:see:: ssl_private_key ssl_passphrase +## .. zeek:see:: ssl_private_key ssl_passphrase const ssl_ca_certificate = "" &redef; ## File containing our private key and our certificate. ## -## .. bro:see:: ssl_ca_certificate ssl_passphrase +## .. zeek:see:: ssl_ca_certificate ssl_passphrase const ssl_private_key = "" &redef; ## The passphrase for our private key. Keeping this undefined ## causes Bro to prompt for the passphrase. ## -## .. bro:see:: ssl_private_key ssl_ca_certificate +## .. zeek:see:: ssl_private_key ssl_ca_certificate const ssl_passphrase = "" &redef; ## Default mode for Bro's user-space dynamic packet filter. If true, packets @@ -4741,7 +4741,7 @@ const ssl_passphrase = "" &redef; ## .. note:: This is not the BPF packet filter but an additional dynamic filter ## that Bro optionally applies just before normal processing starts. ## -## .. bro:see:: install_dst_addr_filter install_dst_net_filter +## .. zeek:see:: install_dst_addr_filter install_dst_net_filter ## install_src_addr_filter install_src_net_filter uninstall_dst_addr_filter ## uninstall_dst_net_filter uninstall_src_addr_filter uninstall_src_net_filter const packet_filter_default = F &redef; @@ -4757,7 +4757,7 @@ const peer_description = "bro" &redef; ## If true, broadcast events received from one peer to all other peers. ## -## .. bro:see:: forward_remote_state_changes +## .. zeek:see:: forward_remote_state_changes ## ## .. note:: This option is only temporary and will disappear once we get a ## more sophisticated script-level communication framework. @@ -4765,7 +4765,7 @@ const forward_remote_events = F &redef; ## If true, broadcast state updates received from one peer to all other peers. ## -## .. bro:see:: forward_remote_events +## .. zeek:see:: forward_remote_events ## ## .. note:: This option is only temporary and will disappear once we get a ## more sophisticated script-level communication framework. @@ -4800,16 +4800,16 @@ const REMOTE_SRC_SCRIPT = 3; ##< Message from a policy script. ## Synchronize trace processing at a regular basis in pseudo-realtime mode. ## -## .. bro:see:: remote_trace_sync_peers +## .. zeek:see:: remote_trace_sync_peers const remote_trace_sync_interval = 0 secs &redef; ## Number of peers across which to synchronize trace processing in ## pseudo-realtime mode. ## -## .. bro:see:: remote_trace_sync_interval +## .. zeek:see:: remote_trace_sync_interval const remote_trace_sync_peers = 0 &redef; -## Whether for :bro:attr:`&synchronized` state to send the old value as a +## Whether for :zeek:attr:`&synchronized` state to send the old value as a ## consistency check. const remote_check_sync_consistency = F &redef; @@ -4817,7 +4817,7 @@ const remote_check_sync_consistency = F &redef; ## signature matching. Enabling this provides more accurate matching at the ## expense of CPU cycles. ## -## .. bro:see:: dpd_buffer_size +## .. zeek:see:: dpd_buffer_size ## dpd_match_only_beginning dpd_ignore_ports ## ## .. note:: Despite the name, this option affects *all* signature matching, not @@ -4832,14 +4832,14 @@ const dpd_reassemble_first_packets = T &redef; ## are activated afterwards. Then only analyzers that can deal with partial ## connections will be able to analyze the session. ## -## .. bro:see:: dpd_reassemble_first_packets dpd_match_only_beginning +## .. zeek:see:: dpd_reassemble_first_packets dpd_match_only_beginning ## dpd_ignore_ports const dpd_buffer_size = 1024 &redef; -## If true, stops signature matching if :bro:see:`dpd_buffer_size` has been +## If true, stops signature matching if :zeek:see:`dpd_buffer_size` has been ## reached. ## -## .. bro:see:: dpd_reassemble_first_packets dpd_buffer_size +## .. zeek:see:: dpd_reassemble_first_packets dpd_buffer_size ## dpd_ignore_ports ## ## .. note:: Despite the name, this option affects *all* signature matching, not @@ -4849,7 +4849,7 @@ const dpd_match_only_beginning = T &redef; ## If true, don't consider any ports for deciding which protocol analyzer to ## use. ## -## .. bro:see:: dpd_reassemble_first_packets dpd_buffer_size +## .. zeek:see:: dpd_reassemble_first_packets dpd_buffer_size ## dpd_match_only_beginning const dpd_ignore_ports = F &redef; @@ -4876,7 +4876,7 @@ const suppress_local_output = F &redef; ## Holds the filename of the trace file given with ``-w`` (empty if none). ## -## .. bro:see:: record_all_packets +## .. zeek:see:: record_all_packets const trace_output_file = ""; ## If a trace file is given with ``-w``, dump *all* packets seen by Bro into it. @@ -4885,16 +4885,16 @@ const trace_output_file = ""; ## actually process them, which can be helpful for debugging in case the ## analysis triggers a crash. ## -## .. bro:see:: trace_output_file +## .. zeek:see:: trace_output_file const record_all_packets = F &redef; -## Ignore certain TCP retransmissions for :bro:see:`conn_stats`. Some +## Ignore certain TCP retransmissions for :zeek:see:`conn_stats`. Some ## connections (e.g., SSH) retransmit the acknowledged last byte to keep the ## connection alive. If *ignore_keep_alive_rexmit* is set to true, such ## retransmissions will be excluded in the rexmit counter in -## :bro:see:`conn_stats`. +## :zeek:see:`conn_stats`. ## -## .. bro:see:: conn_stats +## .. zeek:see:: conn_stats const ignore_keep_alive_rexmit = F &redef; module JSON; @@ -4938,14 +4938,14 @@ export { ## With this set, the Teredo analyzer waits until it sees both sides ## of a connection using a valid Teredo encapsulation before issuing - ## a :bro:see:`protocol_confirmation`. If it's false, the first + ## a :zeek:see:`protocol_confirmation`. If it's false, the first ## occurrence of a packet with valid Teredo encapsulation causes a ## confirmation. const delay_teredo_confirmation = T &redef; ## With this set, the GTP analyzer waits until the most-recent upflow ## and downflow packets are a valid GTPv1 encapsulation before - ## issuing :bro:see:`protocol_confirmation`. If it's false, the + ## issuing :zeek:see:`protocol_confirmation`. If it's false, the ## first occurrence of a packet with valid GTPv1 encapsulation causes ## confirmation. Since the same inner connection can be carried ## differing outer upflow/downflow connections, setting to false @@ -4965,7 +4965,7 @@ export { ## The set of UDP ports used for VXLAN traffic. Traffic using this ## UDP destination port will attempt to be decapsulated. Note that if ## if you customize this, you may still want to manually ensure that - ## :bro:see:`likely_server_ports` also gets populated accordingly. + ## :zeek:see:`likely_server_ports` also gets populated accordingly. const vxlan_ports: set[port] = { 4789/udp } &redef; } # end export @@ -5044,7 +5044,7 @@ export { ## "conn" weirds, counters and expiration timers are kept for the duration ## of the connection for each named weird and reset when necessary. E.g. ## if a "conn" weird by the name of "foo" is seen more than - ## :bro:see:`Weird::sampling_threshold` times, then an expiration timer + ## :zeek:see:`Weird::sampling_threshold` times, then an expiration timer ## begins for "foo" and upon triggering will reset the counter for "foo" ## and unthrottle its rate-limiting until it once again exceeds the ## threshold. @@ -5064,7 +5064,7 @@ export { ## The threshold, in bytes, at which the BinPAC flowbuffer of a given ## connection/analyzer will have its capacity contracted to - ## :bro:see:`BinPAC::flowbuffer_capacity_min` after parsing a full unit. + ## :zeek:see:`BinPAC::flowbuffer_capacity_min` after parsing a full unit. ## I.e. this is the maximum capacity to reserve in between the parsing of ## units. If, after parsing a unit, the flowbuffer capacity is greater ## than this value, it will be contracted. diff --git a/scripts/base/misc/find-filtered-trace.zeek b/scripts/base/misc/find-filtered-trace.zeek index a756f78551..f7bdbb9e91 100644 --- a/scripts/base/misc/find-filtered-trace.zeek +++ b/scripts/base/misc/find-filtered-trace.zeek @@ -1,7 +1,7 @@ ##! Discovers trace files that contain TCP traffic consisting only of ##! control packets (e.g. it's been filtered to contain only SYN/FIN/RST ##! packets and no content). On finding such a trace, a warning is -##! emitted that suggests toggling the :bro:see:`detect_filtered_trace` +##! emitted that suggests toggling the :zeek:see:`detect_filtered_trace` ##! option may be desired if the user does not want Bro to report ##! missing TCP segments. diff --git a/scripts/base/protocols/conn/contents.zeek b/scripts/base/protocols/conn/contents.zeek index dbfbbd0dc1..ea689c6350 100644 --- a/scripts/base/protocols/conn/contents.zeek +++ b/scripts/base/protocols/conn/contents.zeek @@ -2,7 +2,7 @@ ##! responders data or both. By default nothing is extracted, and in order ##! to actually extract data the ``c$extract_orig`` and/or the ##! ``c$extract_resp`` variable must be set to ``T``. One way to achieve this -##! would be to handle the :bro:id:`connection_established` event elsewhere +##! would be to handle the :zeek:id:`connection_established` event elsewhere ##! and set the ``extract_orig`` and ``extract_resp`` options there. ##! However, there may be trouble with the timing due to event queue delay. ##! diff --git a/scripts/base/protocols/conn/main.zeek b/scripts/base/protocols/conn/main.zeek index cb391a8bf4..ecc9e436ac 100644 --- a/scripts/base/protocols/conn/main.zeek +++ b/scripts/base/protocols/conn/main.zeek @@ -78,13 +78,13 @@ export { ## If the connection is originated locally, this value will be T. ## If it was originated remotely it will be F. In the case that - ## the :bro:id:`Site::local_nets` variable is undefined, this + ## the :zeek:id:`Site::local_nets` variable is undefined, this ## field will be left empty at all times. local_orig: bool &log &optional; ## If the connection is responded to locally, this value will be T. ## If it was responded to remotely it will be F. In the case that - ## the :bro:id:`Site::local_nets` variable is undefined, this + ## the :zeek:id:`Site::local_nets` variable is undefined, this ## field will be left empty at all times. local_resp: bool &log &optional; @@ -128,18 +128,18 @@ export { ## (at least) 10 times; the third instance, 100 times; etc. history: string &log &optional; ## Number of packets that the originator sent. - ## Only set if :bro:id:`use_conn_size_analyzer` = T. + ## Only set if :zeek:id:`use_conn_size_analyzer` = T. orig_pkts: count &log &optional; ## Number of IP level bytes that the originator sent (as seen on ## the wire, taken from the IP total_length header field). - ## Only set if :bro:id:`use_conn_size_analyzer` = T. + ## Only set if :zeek:id:`use_conn_size_analyzer` = T. orig_ip_bytes: count &log &optional; ## Number of packets that the responder sent. - ## Only set if :bro:id:`use_conn_size_analyzer` = T. + ## Only set if :zeek:id:`use_conn_size_analyzer` = T. resp_pkts: count &log &optional; ## Number of IP level bytes that the responder sent (as seen on ## the wire, taken from the IP total_length header field). - ## Only set if :bro:id:`use_conn_size_analyzer` = T. + ## Only set if :zeek:id:`use_conn_size_analyzer` = T. resp_ip_bytes: count &log &optional; ## If this connection was over a tunnel, indicate the ## *uid* values for any encapsulating parent connections @@ -147,7 +147,7 @@ export { tunnel_parents: set[string] &log &optional; }; - ## Event that can be handled to access the :bro:type:`Conn::Info` + ## Event that can be handled to access the :zeek:type:`Conn::Info` ## record as it is sent on to the logging framework. global log_conn: event(rec: Info); } diff --git a/scripts/base/protocols/dhcp/main.zeek b/scripts/base/protocols/dhcp/main.zeek index 20998c082c..1f98cd0583 100644 --- a/scripts/base/protocols/dhcp/main.zeek +++ b/scripts/base/protocols/dhcp/main.zeek @@ -89,13 +89,13 @@ export { ## This event is used internally to distribute data around clusters ## since DHCP doesn't follow the normal "connection" model used by ## most protocols. It can also be handled to extend the DHCP log. - ## bro:see::`DHCP::log_info`. + ## :zeek:see:`DHCP::log_info`. global DHCP::aggregate_msgs: event(ts: time, id: conn_id, uid: string, is_orig: bool, msg: DHCP::Msg, options: DHCP::Options); ## This is a global variable that is only to be used in the - ## :bro::see::`DHCP::aggregate_msgs` event. It can be used to avoid + ## :zeek:see:`DHCP::aggregate_msgs` event. It can be used to avoid ## looking up the info record for a transaction ID in every event handler - ## for :bro:see::`DHCP::aggregate_msgs`. + ## for :zeek:see:`DHCP::aggregate_msgs`. global DHCP::log_info: Info; ## Event that can be handled to access the DHCP diff --git a/scripts/base/protocols/dns/main.zeek b/scripts/base/protocols/dns/main.zeek index 8504d614f6..f91a94b0cb 100644 --- a/scripts/base/protocols/dns/main.zeek +++ b/scripts/base/protocols/dns/main.zeek @@ -80,7 +80,7 @@ export { saw_reply: bool &default=F; }; - ## An event that can be handled to access the :bro:type:`DNS::Info` + ## An event that can be handled to access the :zeek:type:`DNS::Info` ## record as it is sent to the logging framework. global log_dns: event(rec: Info); @@ -109,7 +109,7 @@ export { ## is_query: Indicator for if this is being called for a query or a response. global set_session: hook(c: connection, msg: dns_msg, is_query: bool); - ## Yields a queue of :bro:see:`DNS::Info` objects for a given + ## Yields a queue of :zeek:see:`DNS::Info` objects for a given ## DNS message query/transaction ID. type PendingMessages: table[count] of Queue::Queue; @@ -126,7 +126,7 @@ export { option max_pending_query_ids = 50; ## A record type which tracks the status of DNS queries for a given - ## :bro:type:`connection`. + ## :zeek:type:`connection`. type State: record { ## A single query that hasn't been matched with a response yet. ## Note this is maintained separate from the *pending_queries* diff --git a/scripts/base/protocols/ftp/gridftp.zeek b/scripts/base/protocols/ftp/gridftp.zeek index cdbe354a08..ef6965d3ca 100644 --- a/scripts/base/protocols/ftp/gridftp.zeek +++ b/scripts/base/protocols/ftp/gridftp.zeek @@ -6,7 +6,7 @@ ##! indicating the GSI mechanism for GSSAPI was used. This analysis ##! is all supported internally, this script simply adds the "gridftp" ##! label to the *service* field of the control channel's -##! :bro:type:`connection` record. +##! :zeek:type:`connection` record. ##! ##! GridFTP data channels are identified by a heuristic that relies on ##! the fact that default settings for GridFTP clients typically @@ -33,7 +33,7 @@ export { option size_threshold = 1073741824; ## Time during which we check whether a connection's size exceeds the - ## :bro:see:`GridFTP::size_threshold`. + ## :zeek:see:`GridFTP::size_threshold`. option max_time = 2 min; ## Whether to skip further processing of the GridFTP data channel once @@ -46,8 +46,8 @@ export { global data_channel_detected: event(c: connection); ## The initial criteria used to determine whether to start polling - ## the connection for the :bro:see:`GridFTP::size_threshold` to have - ## been exceeded. This is called in a :bro:see:`ssl_established` event + ## the connection for the :zeek:see:`GridFTP::size_threshold` to have + ## been exceeded. This is called in a :zeek:see:`ssl_established` event ## handler and by default looks for both a client and server certificate ## and for a NULL bulk cipher. One way in which this function could be ## redefined is to make it also consider client/server certificate @@ -56,7 +56,7 @@ export { ## c: The connection which may possibly be a GridFTP data channel. ## ## Returns: true if the connection should be further polled for an - ## exceeded :bro:see:`GridFTP::size_threshold`, else false. + ## exceeded :zeek:see:`GridFTP::size_threshold`, else false. const data_channel_initial_criteria: function(c: connection): bool &redef; } diff --git a/scripts/base/protocols/ftp/main.zeek b/scripts/base/protocols/ftp/main.zeek index 78a4dbabff..1c2dce17f8 100644 --- a/scripts/base/protocols/ftp/main.zeek +++ b/scripts/base/protocols/ftp/main.zeek @@ -36,7 +36,7 @@ export { ## Parse FTP reply codes into the three constituent single digit values. global parse_ftp_reply_code: function(code: count): ReplyCode; - ## Event that can be handled to access the :bro:type:`FTP::Info` + ## Event that can be handled to access the :zeek:type:`FTP::Info` ## record as it is sent on to the logging framework. global log_ftp: event(rec: Info); } diff --git a/scripts/base/protocols/ftp/utils.zeek b/scripts/base/protocols/ftp/utils.zeek index 74aeaa1e03..44c621b361 100644 --- a/scripts/base/protocols/ftp/utils.zeek +++ b/scripts/base/protocols/ftp/utils.zeek @@ -7,16 +7,16 @@ module FTP; export { - ## Creates a URL from an :bro:type:`FTP::Info` record. + ## Creates a URL from an :zeek:type:`FTP::Info` record. ## - ## rec: An :bro:type:`FTP::Info` record. + ## rec: An :zeek:type:`FTP::Info` record. ## ## Returns: A URL, not prefixed by ``"ftp://"``. global build_url: function(rec: Info): string; - ## Creates a URL from an :bro:type:`FTP::Info` record. + ## Creates a URL from an :zeek:type:`FTP::Info` record. ## - ## rec: An :bro:type:`FTP::Info` record. + ## rec: An :zeek:type:`FTP::Info` record. ## ## Returns: A URL prefixed with ``"ftp://"``. global build_url_ftp: function(rec: Info): string; diff --git a/scripts/base/protocols/http/entities.zeek b/scripts/base/protocols/http/entities.zeek index c16bb3f630..0a72c6b76e 100644 --- a/scripts/base/protocols/http/entities.zeek +++ b/scripts/base/protocols/http/entities.zeek @@ -14,44 +14,44 @@ export { }; ## Maximum number of originator files to log. - ## :bro:see:`HTTP::max_files_policy` even is called once this + ## :zeek:see:`HTTP::max_files_policy` even is called once this ## limit is reached to determine if it's enforced. option max_files_orig = 15; ## Maximum number of responder files to log. - ## :bro:see:`HTTP::max_files_policy` even is called once this + ## :zeek:see:`HTTP::max_files_policy` even is called once this ## limit is reached to determine if it's enforced. option max_files_resp = 15; ## Called when reaching the max number of files across a given HTTP - ## connection according to :bro:see:`HTTP::max_files_orig` - ## or :bro:see:`HTTP::max_files_resp`. Break from the hook + ## connection according to :zeek:see:`HTTP::max_files_orig` + ## or :zeek:see:`HTTP::max_files_resp`. Break from the hook ## early to signal that the file limit should not be applied. global max_files_policy: hook(f: fa_file, is_orig: bool); redef record Info += { ## An ordered vector of file unique IDs. - ## Limited to :bro:see:`HTTP::max_files_orig` entries. + ## Limited to :zeek:see:`HTTP::max_files_orig` entries. orig_fuids: vector of string &log &optional; ## An ordered vector of filenames from the client. - ## Limited to :bro:see:`HTTP::max_files_orig` entries. + ## Limited to :zeek:see:`HTTP::max_files_orig` entries. orig_filenames: vector of string &log &optional; ## An ordered vector of mime types. - ## Limited to :bro:see:`HTTP::max_files_orig` entries. + ## Limited to :zeek:see:`HTTP::max_files_orig` entries. orig_mime_types: vector of string &log &optional; ## An ordered vector of file unique IDs. - ## Limited to :bro:see:`HTTP::max_files_resp` entries. + ## Limited to :zeek:see:`HTTP::max_files_resp` entries. resp_fuids: vector of string &log &optional; ## An ordered vector of filenames from the server. - ## Limited to :bro:see:`HTTP::max_files_resp` entries. + ## Limited to :zeek:see:`HTTP::max_files_resp` entries. resp_filenames: vector of string &log &optional; ## An ordered vector of mime types. - ## Limited to :bro:see:`HTTP::max_files_resp` entries. + ## Limited to :zeek:see:`HTTP::max_files_resp` entries. resp_mime_types: vector of string &log &optional; ## The current entity. diff --git a/scripts/base/protocols/http/utils.zeek b/scripts/base/protocols/http/utils.zeek index 67f13f2640..a48841cef5 100644 --- a/scripts/base/protocols/http/utils.zeek +++ b/scripts/base/protocols/http/utils.zeek @@ -17,18 +17,18 @@ export { ## Returns: A vector of strings containing the keys. global extract_keys: function(data: string, kv_splitter: pattern): string_vec; - ## Creates a URL from an :bro:type:`HTTP::Info` record. This should + ## Creates a URL from an :zeek:type:`HTTP::Info` record. This should ## handle edge cases such as proxied requests appropriately. ## - ## rec: An :bro:type:`HTTP::Info` record. + ## rec: An :zeek:type:`HTTP::Info` record. ## ## Returns: A URL, not prefixed by ``"http://"``. global build_url: function(rec: Info): string; - ## Creates a URL from an :bro:type:`HTTP::Info` record. This should + ## Creates a URL from an :zeek:type:`HTTP::Info` record. This should ## handle edge cases such as proxied requests appropriately. ## - ## rec: An :bro:type:`HTTP::Info` record. + ## rec: An :zeek:type:`HTTP::Info` record. ## ## Returns: A URL prefixed with ``"http://"``. global build_url_http: function(rec: Info): string; diff --git a/scripts/base/protocols/ssh/main.zeek b/scripts/base/protocols/ssh/main.zeek index 2e70bc1aba..293c529b6d 100644 --- a/scripts/base/protocols/ssh/main.zeek +++ b/scripts/base/protocols/ssh/main.zeek @@ -75,7 +75,7 @@ export { ## c: The connection over which the :abbr:`SSH (Secure Shell)` ## connection took place. ## - ## .. bro:see:: ssh_server_version ssh_client_version + ## .. zeek:see:: ssh_server_version ssh_client_version ## ssh_auth_successful ssh_auth_result ssh_auth_attempted ## ssh_capabilities ssh2_server_host_key ssh1_server_host_key ## ssh_server_host_key ssh_encrypted_packet ssh2_dh_server_params @@ -98,7 +98,7 @@ export { ## auth_attempts: The number of authentication attempts that were ## observed. ## - ## .. bro:see:: ssh_server_version ssh_client_version + ## .. zeek:see:: ssh_server_version ssh_client_version ## ssh_auth_successful ssh_auth_failed ssh_auth_attempted ## ssh_capabilities ssh2_server_host_key ssh1_server_host_key ## ssh_server_host_key ssh_encrypted_packet ssh2_dh_server_params @@ -106,10 +106,10 @@ export { global ssh_auth_result: event(c: connection, result: bool, auth_attempts: count); ## Event that can be handled when the analyzer sees an SSH server host - ## key. This abstracts :bro:id:`ssh1_server_host_key` and - ## :bro:id:`ssh2_server_host_key`. + ## key. This abstracts :zeek:id:`ssh1_server_host_key` and + ## :zeek:id:`ssh2_server_host_key`. ## - ## .. bro:see:: ssh_server_version ssh_client_version + ## .. zeek:see:: ssh_server_version ssh_client_version ## ssh_auth_successful ssh_auth_failed ssh_auth_result ## ssh_auth_attempted ssh_capabilities ssh2_server_host_key ## ssh1_server_host_key ssh_encrypted_packet ssh2_dh_server_params diff --git a/scripts/base/utils/active-http.zeek b/scripts/base/utils/active-http.zeek index 8243a7a9a9..27eb6e2bb2 100644 --- a/scripts/base/utils/active-http.zeek +++ b/scripts/base/utils/active-http.zeek @@ -46,7 +46,7 @@ export { }; ## Perform an HTTP request according to the - ## :bro:type:`ActiveHTTP::Request` record. This is an asynchronous + ## :zeek:type:`ActiveHTTP::Request` record. This is an asynchronous ## function and must be called within a "when" statement. ## ## req: A record instance representing all options for an HTTP request. diff --git a/scripts/base/utils/conn-ids.zeek b/scripts/base/utils/conn-ids.zeek index 6601b665e5..b5d7fffd77 100644 --- a/scripts/base/utils/conn-ids.zeek +++ b/scripts/base/utils/conn-ids.zeek @@ -13,7 +13,7 @@ export { ## on the right to the originator on the left. global reverse_id_string: function(id: conn_id): string; - ## Calls :bro:id:`id_string` or :bro:id:`reverse_id_string` if the + ## Calls :zeek:id:`id_string` or :zeek:id:`reverse_id_string` if the ## second argument is T or F, respectively. global directed_id_string: function(id: conn_id, is_orig: bool): string; } diff --git a/scripts/base/utils/dir.zeek b/scripts/base/utils/dir.zeek index eb5597a7b7..678e81d7ed 100644 --- a/scripts/base/utils/dir.zeek +++ b/scripts/base/utils/dir.zeek @@ -6,7 +6,7 @@ module Dir; export { ## The default interval this module checks for files in directories when - ## using the :bro:see:`Dir::monitor` function. + ## using the :zeek:see:`Dir::monitor` function. option polling_interval = 30sec; ## Register a directory to monitor with a callback that is called diff --git a/scripts/base/utils/exec.zeek b/scripts/base/utils/exec.zeek index fe44853541..85500bf9c2 100644 --- a/scripts/base/utils/exec.zeek +++ b/scripts/base/utils/exec.zeek @@ -8,7 +8,7 @@ export { type Command: record { ## The command line to execute. Use care to avoid injection ## attacks (i.e., if the command uses untrusted/variable data, - ## sanitize it with :bro:see:`safe_shell_quote`). + ## sanitize it with :zeek:see:`safe_shell_quote`). cmd: string; ## Provide standard input to the program as a string. stdin: string &default=""; diff --git a/scripts/base/utils/geoip-distance.zeek b/scripts/base/utils/geoip-distance.zeek index 8d3149cb03..8aa2601500 100644 --- a/scripts/base/utils/geoip-distance.zeek +++ b/scripts/base/utils/geoip-distance.zeek @@ -10,7 +10,7 @@ ## Returns: The distance between *a1* and *a2* in miles, or -1.0 if GeoIP data ## is not available for either of the IP addresses. ## -## .. bro:see:: haversine_distance lookup_location +## .. zeek:see:: haversine_distance lookup_location function haversine_distance_ip(a1: addr, a2: addr): double { local loc1 = lookup_location(a1); diff --git a/scripts/base/utils/paths.zeek b/scripts/base/utils/paths.zeek index 6de5b85e2e..fdc9bd5d3d 100644 --- a/scripts/base/utils/paths.zeek +++ b/scripts/base/utils/paths.zeek @@ -75,7 +75,7 @@ function build_path(dir: string, file_name: string): string } ## Returns a compressed path to a file given a directory and file name. -## See :bro:id:`build_path` and :bro:id:`compress_path`. +## See :zeek:id:`build_path` and :zeek:id:`compress_path`. function build_path_compressed(dir: string, file_name: string): string { return compress_path(build_path(dir, file_name)); diff --git a/scripts/base/utils/patterns.zeek b/scripts/base/utils/patterns.zeek index 47b8cf4e37..6d955339f8 100644 --- a/scripts/base/utils/patterns.zeek +++ b/scripts/base/utils/patterns.zeek @@ -37,7 +37,7 @@ type PatternMatchResult: record { }; ## Matches the given pattern against the given string, returning -## a :bro:type:`PatternMatchResult` record. +## a :zeek:type:`PatternMatchResult` record. ## For example: ``match_pattern("foobar", /o*[a-k]/)`` returns ## ``[matched=T, str=f, off=1]``, because the *first* match is for ## zero o's followed by an [a-k], but ``match_pattern("foobar", /o+[a-k]/)`` diff --git a/scripts/base/utils/site.zeek b/scripts/base/utils/site.zeek index 541dcb3f9a..949f340410 100644 --- a/scripts/base/utils/site.zeek +++ b/scripts/base/utils/site.zeek @@ -22,9 +22,9 @@ export { option local_nets: set[subnet] = {}; ## This is used for retrieving the subnet when using multiple entries in - ## :bro:id:`Site::local_nets`. It's populated automatically from there. + ## :zeek:id:`Site::local_nets`. It's populated automatically from there. ## A membership query can be done with an - ## :bro:type:`addr` and the table will yield the subnet it was found + ## :zeek:type:`addr` and the table will yield the subnet it was found ## within. global local_nets_table: table[subnet] of subnet = {}; @@ -45,33 +45,33 @@ export { ## Function that returns true if an address corresponds to one of ## the local networks, false if not. - ## The function inspects :bro:id:`Site::local_nets`. + ## The function inspects :zeek:id:`Site::local_nets`. global is_local_addr: function(a: addr): bool; ## Function that returns true if an address corresponds to one of ## the neighbor networks, false if not. - ## The function inspects :bro:id:`Site::neighbor_nets`. + ## The function inspects :zeek:id:`Site::neighbor_nets`. global is_neighbor_addr: function(a: addr): bool; ## Function that returns true if an address corresponds to one of ## the private/unrouted networks, false if not. - ## The function inspects :bro:id:`Site::private_address_space`. + ## The function inspects :zeek:id:`Site::private_address_space`. global is_private_addr: function(a: addr): bool; ## Function that returns true if a host name is within a local ## DNS zone. - ## The function inspects :bro:id:`Site::local_zones`. + ## The function inspects :zeek:id:`Site::local_zones`. global is_local_name: function(name: string): bool; ## Function that returns true if a host name is within a neighbor ## DNS zone. - ## The function inspects :bro:id:`Site::neighbor_zones`. + ## The function inspects :zeek:id:`Site::neighbor_zones`. global is_neighbor_name: function(name: string): bool; ## Function that returns a comma-separated list of email addresses ## that are considered administrators for the IP address provided as ## an argument. - ## The function inspects :bro:id:`Site::local_admins`. + ## The function inspects :zeek:id:`Site::local_admins`. global get_emails: function(a: addr): string; } diff --git a/scripts/base/utils/thresholds.zeek b/scripts/base/utils/thresholds.zeek index 31d1d3e84f..d30e9f2b0a 100644 --- a/scripts/base/utils/thresholds.zeek +++ b/scripts/base/utils/thresholds.zeek @@ -1,8 +1,8 @@ ##! Functions for using multiple thresholds with a counting tracker. For ##! example, you may want to generate a notice when something happens 10 times ##! and again when it happens 100 times but nothing in between. You can use -##! the :bro:id:`check_threshold` function to define your threshold points -##! and the :bro:type:`TrackCount` variable where you are keeping track of your +##! the :zeek:id:`check_threshold` function to define your threshold points +##! and the :zeek:type:`TrackCount` variable where you are keeping track of your ##! counter. module GLOBAL; @@ -18,12 +18,12 @@ export { }; ## The thresholds you would like to use as defaults with the - ## :bro:id:`default_check_threshold` function. + ## :zeek:id:`default_check_threshold` function. const default_notice_thresholds: vector of count = { 30, 100, 1000, 10000, 100000, 1000000, 10000000, } &redef; - ## This will check if a :bro:type:`TrackCount` variable has crossed any + ## This will check if a :zeek:type:`TrackCount` variable has crossed any ## thresholds in a given set. ## ## v: a vector holding counts that represent thresholds. @@ -34,8 +34,8 @@ export { ## Returns: T if a threshold has been crossed, else F. global check_threshold: function(v: vector of count, tracker: TrackCount): bool; - ## This will use the :bro:id:`default_notice_thresholds` variable to - ## check a :bro:type:`TrackCount` variable to see if it has crossed + ## This will use the :zeek:id:`default_notice_thresholds` variable to + ## check a :zeek:type:`TrackCount` variable to see if it has crossed ## another threshold. global default_check_threshold: function(tracker: TrackCount): bool; } diff --git a/scripts/base/utils/urls.zeek b/scripts/base/utils/urls.zeek index a34b6a02c1..c6ec41cbfc 100644 --- a/scripts/base/utils/urls.zeek +++ b/scripts/base/utils/urls.zeek @@ -3,7 +3,7 @@ ## A regular expression for matching and extracting URLs. const url_regex = /^([a-zA-Z\-]{3,5})(:\/\/[^\/?#"'\r\n><]*)([^?#"'\r\n><]*)([^[:blank:]\r\n"'><]*|\??[^"'\r\n><]*)/ &redef; -## A URI, as parsed by :bro:id:`decompose_uri`. +## A URI, as parsed by :zeek:id:`decompose_uri`. type URI: record { ## The URL's scheme.. scheme: string &optional; diff --git a/scripts/broxygen/README b/scripts/broxygen/README deleted file mode 100644 index ac7f522285..0000000000 --- a/scripts/broxygen/README +++ /dev/null @@ -1,4 +0,0 @@ -This package is loaded during the process which automatically generates -reference documentation for all Bro scripts (i.e. "Broxygen"). Its only -purpose is to provide an easy way to load all known Bro scripts plus any -extra scripts needed or used by the documentation process. diff --git a/scripts/policy/frameworks/dpd/packet-segment-logging.zeek b/scripts/policy/frameworks/dpd/packet-segment-logging.zeek index 35a52c3870..7dff2b07f8 100644 --- a/scripts/policy/frameworks/dpd/packet-segment-logging.zeek +++ b/scripts/policy/frameworks/dpd/packet-segment-logging.zeek @@ -1,6 +1,6 @@ ##! This script enables logging of packet segment data when a protocol ##! parsing violation is encountered. The amount of data from the -##! packet logged is set by the :bro:see:`DPD::packet_segment_size` variable. +##! packet logged is set by the :zeek:see:`DPD::packet_segment_size` variable. ##! A caveat to logging packet data is that in some cases, the packet may ##! not be the packet that actually caused the protocol violation. diff --git a/scripts/policy/frameworks/notice/extend-email/hostnames.zeek b/scripts/policy/frameworks/notice/extend-email/hostnames.zeek index 9ee58d3e0b..5be74c7913 100644 --- a/scripts/policy/frameworks/notice/extend-email/hostnames.zeek +++ b/scripts/policy/frameworks/notice/extend-email/hostnames.zeek @@ -1,6 +1,6 @@ -##! Loading this script extends the :bro:enum:`Notice::ACTION_EMAIL` action +##! Loading this script extends the :zeek:enum:`Notice::ACTION_EMAIL` action ##! by appending to the email the hostnames associated with -##! :bro:type:`Notice::Info`'s *src* and *dst* fields as determined by a +##! :zeek:type:`Notice::Info`'s *src* and *dst* fields as determined by a ##! DNS lookup. @load base/frameworks/notice/main diff --git a/scripts/policy/frameworks/packet-filter/shunt.zeek b/scripts/policy/frameworks/packet-filter/shunt.zeek index 13ff27252c..3a08dfaddd 100644 --- a/scripts/policy/frameworks/packet-filter/shunt.zeek +++ b/scripts/policy/frameworks/packet-filter/shunt.zeek @@ -23,7 +23,7 @@ export { ## update done by the `PacketFilter` framework. global unshunt_host_pair: function(id: conn_id): bool; - ## Performs the same function as the :bro:id:`PacketFilter::unshunt_host_pair` + ## Performs the same function as the :zeek:id:`PacketFilter::unshunt_host_pair` ## function, but it forces an immediate filter update. global force_unshunt_host_pair: function(id: conn_id): bool; @@ -34,7 +34,7 @@ export { global current_shunted_host_pairs: function(): set[conn_id]; redef enum Notice::Type += { - ## Indicative that :bro:id:`PacketFilter::max_bpf_shunts` + ## Indicative that :zeek:id:`PacketFilter::max_bpf_shunts` ## connections are already being shunted with BPF filters and ## no more are allowed. No_More_Conn_Shunts_Available, diff --git a/scripts/policy/frameworks/software/version-changes.zeek b/scripts/policy/frameworks/software/version-changes.zeek index 215a64d6b7..865cc20447 100644 --- a/scripts/policy/frameworks/software/version-changes.zeek +++ b/scripts/policy/frameworks/software/version-changes.zeek @@ -12,7 +12,7 @@ export { ## For certain software, a version changing may matter. In that ## case, this notice will be generated. Software that matters ## if the version changes can be configured with the - ## :bro:id:`Software::interesting_version_changes` variable. + ## :zeek:id:`Software::interesting_version_changes` variable. Software_Version_Change, }; diff --git a/scripts/policy/integration/barnyard2/main.zeek b/scripts/policy/integration/barnyard2/main.zeek index 7d0bb59d5a..876467eb8a 100644 --- a/scripts/policy/integration/barnyard2/main.zeek +++ b/scripts/policy/integration/barnyard2/main.zeek @@ -18,8 +18,8 @@ export { alert: AlertData &log; }; - ## This can convert a Barnyard :bro:type:`Barnyard2::PacketID` value to - ## a :bro:type:`conn_id` value in the case that you might need to index + ## This can convert a Barnyard :zeek:type:`Barnyard2::PacketID` value to + ## a :zeek:type:`conn_id` value in the case that you might need to index ## into an existing data structure elsewhere within Bro. global pid2cid: function(p: PacketID): conn_id; } diff --git a/scripts/policy/misc/capture-loss.zeek b/scripts/policy/misc/capture-loss.zeek index 302919597f..c6516d46eb 100644 --- a/scripts/policy/misc/capture-loss.zeek +++ b/scripts/policy/misc/capture-loss.zeek @@ -41,7 +41,7 @@ export { option watch_interval = 15mins; ## The percentage of missed data that is considered "too much" - ## when the :bro:enum:`CaptureLoss::Too_Much_Loss` notice should be + ## when the :zeek:enum:`CaptureLoss::Too_Much_Loss` notice should be ## generated. The value is expressed as a double between 0 and 1 with 1 ## being 100%. option too_much_loss: double = 0.1; diff --git a/scripts/policy/misc/detect-traceroute/main.zeek b/scripts/policy/misc/detect-traceroute/main.zeek index 8271277af6..091ceceed6 100644 --- a/scripts/policy/misc/detect-traceroute/main.zeek +++ b/scripts/policy/misc/detect-traceroute/main.zeek @@ -34,7 +34,7 @@ export { const icmp_time_exceeded_threshold: double = 3 &redef; ## Interval at which to watch for the - ## :bro:id:`Traceroute::icmp_time_exceeded_threshold` variable to be + ## :zeek:id:`Traceroute::icmp_time_exceeded_threshold` variable to be ## crossed. At the end of each interval the counter is reset. const icmp_time_exceeded_interval = 3min &redef; diff --git a/scripts/policy/misc/profiling.zeek b/scripts/policy/misc/profiling.zeek index 5a0dfe5fcf..fed8c41f54 100644 --- a/scripts/policy/misc/profiling.zeek +++ b/scripts/policy/misc/profiling.zeek @@ -9,7 +9,7 @@ redef profiling_file = open_log_file("prof"); redef profiling_interval = 15 secs; ## Set the expensive profiling interval (multiple of -## :bro:id:`profiling_interval`). +## :zeek:id:`profiling_interval`). redef expensive_profiling_multiple = 20; event zeek_init() diff --git a/scripts/policy/misc/scan.zeek b/scripts/policy/misc/scan.zeek index 6468767674..26dc54ce90 100644 --- a/scripts/policy/misc/scan.zeek +++ b/scripts/policy/misc/scan.zeek @@ -15,17 +15,17 @@ export { redef enum Notice::Type += { ## Address scans detect that a host appears to be scanning some ## number of destinations on a single port. This notice is - ## generated when more than :bro:id:`Scan::addr_scan_threshold` + ## generated when more than :zeek:id:`Scan::addr_scan_threshold` ## unique hosts are seen over the previous - ## :bro:id:`Scan::addr_scan_interval` time range. + ## :zeek:id:`Scan::addr_scan_interval` time range. Address_Scan, ## Port scans detect that an attacking host appears to be ## scanning a single victim host on several ports. This notice ## is generated when an attacking host attempts to connect to - ## :bro:id:`Scan::port_scan_threshold` + ## :zeek:id:`Scan::port_scan_threshold` ## unique ports on a single host over the previous - ## :bro:id:`Scan::port_scan_interval` time range. + ## :zeek:id:`Scan::port_scan_interval` time range. Port_Scan, }; diff --git a/scripts/policy/misc/trim-trace-file.zeek b/scripts/policy/misc/trim-trace-file.zeek index 2d78977d8c..3f50406f3b 100644 --- a/scripts/policy/misc/trim-trace-file.zeek +++ b/scripts/policy/misc/trim-trace-file.zeek @@ -11,7 +11,7 @@ export { ## tracefile rotation is required with the caveat that the script ## doesn't currently attempt to get back on schedule automatically and ## the next trim likely won't happen on the - ## :bro:id:`TrimTraceFile::trim_interval`. + ## :zeek:id:`TrimTraceFile::trim_interval`. global go: event(first_trim: bool); } diff --git a/scripts/policy/protocols/conn/known-hosts.zeek b/scripts/policy/protocols/conn/known-hosts.zeek index 493784a859..702ab59ca3 100644 --- a/scripts/policy/protocols/conn/known-hosts.zeek +++ b/scripts/policy/protocols/conn/known-hosts.zeek @@ -28,22 +28,22 @@ export { const use_host_store = T &redef; ## The hosts whose existence should be logged and tracked. - ## See :bro:type:`Host` for possible choices. + ## See :zeek:type:`Host` for possible choices. option host_tracking = LOCAL_HOSTS; ## Holds the set of all known hosts. Keys in the store are addresses ## and their associated value will always be the "true" boolean. global host_store: Cluster::StoreInfo; - ## The Broker topic name to use for :bro:see:`Known::host_store`. + ## The Broker topic name to use for :zeek:see:`Known::host_store`. const host_store_name = "bro/known/hosts" &redef; - ## The expiry interval of new entries in :bro:see:`Known::host_store`. + ## The expiry interval of new entries in :zeek:see:`Known::host_store`. ## This also changes the interval at which hosts get logged. const host_store_expiry = 1day &redef; ## The timeout interval to use for operations against - ## :bro:see:`Known::host_store`. + ## :zeek:see:`Known::host_store`. option host_store_timeout = 15sec; ## The set of all known addresses to store for preventing duplicate @@ -56,7 +56,7 @@ export { ## proxy nodes. global hosts: set[addr] &create_expire=1day &redef; - ## An event that can be handled to access the :bro:type:`Known::HostsInfo` + ## An event that can be handled to access the :zeek:type:`Known::HostsInfo` ## record as it is sent on to the logging framework. global log_known_hosts: event(rec: HostsInfo); } diff --git a/scripts/policy/protocols/conn/known-services.zeek b/scripts/policy/protocols/conn/known-services.zeek index 63d9f7fa71..767962b791 100644 --- a/scripts/policy/protocols/conn/known-services.zeek +++ b/scripts/policy/protocols/conn/known-services.zeek @@ -34,7 +34,7 @@ export { const use_service_store = T &redef; ## The hosts whose services should be tracked and logged. - ## See :bro:type:`Host` for possible choices. + ## See :zeek:type:`Host` for possible choices. option service_tracking = LOCAL_HOSTS; type AddrPortPair: record { @@ -43,19 +43,19 @@ export { }; ## Holds the set of all known services. Keys in the store are - ## :bro:type:`Known::AddrPortPair` and their associated value is + ## :zeek:type:`Known::AddrPortPair` and their associated value is ## always the boolean value of "true". global service_store: Cluster::StoreInfo; - ## The Broker topic name to use for :bro:see:`Known::service_store`. + ## The Broker topic name to use for :zeek:see:`Known::service_store`. const service_store_name = "bro/known/services" &redef; - ## The expiry interval of new entries in :bro:see:`Known::service_store`. + ## The expiry interval of new entries in :zeek:see:`Known::service_store`. ## This also changes the interval at which services get logged. const service_store_expiry = 1day &redef; ## The timeout interval to use for operations against - ## :bro:see:`Known::service_store`. + ## :zeek:see:`Known::service_store`. option service_store_timeout = 15sec; ## Tracks the set of daily-detected services for preventing the logging @@ -68,7 +68,7 @@ export { ## This set is automatically populated and shouldn't be directly modified. global services: set[addr, port] &create_expire=1day; - ## Event that can be handled to access the :bro:type:`Known::ServicesInfo` + ## Event that can be handled to access the :zeek:type:`Known::ServicesInfo` ## record as it is sent on to the logging framework. global log_known_services: event(rec: ServicesInfo); } diff --git a/scripts/policy/protocols/dhcp/deprecated_events.zeek b/scripts/policy/protocols/dhcp/deprecated_events.zeek index 941e5c72c3..553d13bc05 100644 --- a/scripts/policy/protocols/dhcp/deprecated_events.zeek +++ b/scripts/policy/protocols/dhcp/deprecated_events.zeek @@ -11,9 +11,9 @@ ## .. note:: This type is included to support the deprecated events dhcp_ack, ## dhcp_decline, dhcp_discover, dhcp_inform, dhcp_nak, dhcp_offer, ## dhcp_release and dhcp_request and is thus similarly deprecated -## itself. Use :bro:see:`dhcp_message` instead. +## itself. Use :zeek:see:`dhcp_message` instead. ## -## .. bro:see:: dhcp_message dhcp_ack dhcp_decline dhcp_discover +## .. zeek:see:: dhcp_message dhcp_ack dhcp_decline dhcp_discover ## dhcp_inform dhcp_nak dhcp_offer dhcp_release dhcp_request type dhcp_msg: record { op: count; ##< Message OP code. 1 = BOOTREQUEST, 2 = BOOTREPLY @@ -28,9 +28,9 @@ type dhcp_msg: record { ## ## .. note:: This type is included to support the deprecated events dhcp_ack ## and dhcp_offer and is thus similarly deprecated -## itself. Use :bro:see:`dhcp_message` instead. +## itself. Use :zeek:see:`dhcp_message` instead. ## -## .. bro:see:: dhcp_message dhcp_ack dhcp_offer +## .. zeek:see:: dhcp_message dhcp_ack dhcp_offer type dhcp_router_list: table[count] of addr; ## Generated for DHCP messages of type *DHCPDISCOVER* (client broadcast to locate @@ -44,7 +44,7 @@ type dhcp_router_list: table[count] of addr; ## ## host_name: The value of the host name option, if specified by the client. ## -## .. bro:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request +## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request ## dhcp_decline dhcp_ack dhcp_nak dhcp_release dhcp_inform ## ## .. note:: This event has been deprecated, and will be removed in the next version. @@ -74,7 +74,7 @@ global dhcp_discover: event(c: connection, msg: dhcp_msg, req_addr: addr, host_n ## host_name: Optional host name value. May differ from the host name requested ## from the client. ## -## .. bro:see:: dhcp_message dhcp_discover dhcp_request dhcp_decline +## .. zeek:see:: dhcp_message dhcp_discover dhcp_request dhcp_decline ## dhcp_ack dhcp_nak dhcp_release dhcp_inform ## ## .. note:: This event has been deprecated, and will be removed in the next version. @@ -101,7 +101,7 @@ global dhcp_offer: event(c: connection, msg: dhcp_msg, mask: addr, router: dhcp_ ## ## host_name: The value of the host name option, if specified by the client. ## -## .. bro:see:: dhcp_message dhcp_discover dhcp_offer dhcp_decline +## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_decline ## dhcp_ack dhcp_nak dhcp_release dhcp_inform ## ## .. note:: This event has been deprecated, and will be removed in the next version. @@ -122,7 +122,7 @@ global dhcp_request: event(c: connection, msg: dhcp_msg, req_addr: addr, serv_ad ## ## host_name: Optional host name value. ## -## .. bro:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request +## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request ## dhcp_ack dhcp_nak dhcp_release dhcp_inform ## ## .. note:: This event has been deprecated, and will be removed in the next version. @@ -152,7 +152,7 @@ global dhcp_decline: event(c: connection, msg: dhcp_msg, host_name: string) &dep ## host_name: Optional host name value. May differ from the host name requested ## from the client. ## -## .. bro:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request +## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request ## dhcp_decline dhcp_nak dhcp_release dhcp_inform ## ## .. note:: This event has been deprecated, and will be removed in the next version. @@ -170,7 +170,7 @@ global dhcp_ack: event(c: connection, msg: dhcp_msg, mask: addr, router: dhcp_ro ## ## host_name: Optional host name value. ## -## .. bro:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request +## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request ## dhcp_decline dhcp_ack dhcp_release dhcp_inform ## ## .. note:: This event has been deprecated, and will be removed in the next version. @@ -191,7 +191,7 @@ global dhcp_nak: event(c: connection, msg: dhcp_msg, host_name: string) &depreca ## ## host_name: The value of the host name option, if specified by the client. ## -## .. bro:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request +## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request ## dhcp_decline dhcp_ack dhcp_nak dhcp_inform ## ## .. note:: This event has been deprecated, and will be removed in the next version. @@ -209,7 +209,7 @@ global dhcp_release: event(c: connection, msg: dhcp_msg, host_name: string) &dep ## ## host_name: The value of the host name option, if specified by the client. ## -## .. bro:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request +## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request ## dhcp_decline dhcp_ack dhcp_nak dhcp_release ## ## .. note:: This event has been deprecated, and will be removed in the next version. diff --git a/scripts/policy/protocols/dns/detect-external-names.zeek b/scripts/policy/protocols/dns/detect-external-names.zeek index ea56e5676f..9533f396a2 100644 --- a/scripts/policy/protocols/dns/detect-external-names.zeek +++ b/scripts/policy/protocols/dns/detect-external-names.zeek @@ -1,6 +1,6 @@ ##! This script detects names which are not within zones considered to be ##! local but resolving to addresses considered local. -##! The :bro:id:`Site::local_zones` variable **must** be set appropriately for +##! The :zeek:id:`Site::local_zones` variable **must** be set appropriately for ##! this detection. @load base/frameworks/notice @@ -11,7 +11,7 @@ module DNS; export { redef enum Notice::Type += { ## Raised when a non-local name is found to be pointing at a - ## local host. The :bro:id:`Site::local_zones` variable + ## local host. The :zeek:id:`Site::local_zones` variable ## **must** be set appropriately for this detection. External_Name, }; diff --git a/scripts/policy/protocols/http/detect-sqli.zeek b/scripts/policy/protocols/http/detect-sqli.zeek index 3ad9efbfe2..5baf6b89ab 100644 --- a/scripts/policy/protocols/http/detect-sqli.zeek +++ b/scripts/policy/protocols/http/detect-sqli.zeek @@ -35,7 +35,7 @@ export { const sqli_requests_threshold: double = 50.0 &redef; ## Interval at which to watch for the - ## :bro:id:`HTTP::sqli_requests_threshold` variable to be crossed. + ## :zeek:id:`HTTP::sqli_requests_threshold` variable to be crossed. ## At the end of each interval the counter is reset. const sqli_requests_interval = 5min &redef; diff --git a/scripts/policy/protocols/smtp/entities-excerpt.zeek b/scripts/policy/protocols/smtp/entities-excerpt.zeek index f4ee2b07d5..4dad6d3e39 100644 --- a/scripts/policy/protocols/smtp/entities-excerpt.zeek +++ b/scripts/policy/protocols/smtp/entities-excerpt.zeek @@ -13,7 +13,7 @@ export { ## This is the default value for how much of the entity body should be ## included for all MIME entities. The lesser of this value and - ## :bro:see:`default_file_bof_buffer_size` will be used. + ## :zeek:see:`default_file_bof_buffer_size` will be used. option default_entity_excerpt_len = 0; } diff --git a/scripts/policy/protocols/ssh/detect-bruteforcing.zeek b/scripts/policy/protocols/ssh/detect-bruteforcing.zeek index 208f3db04c..4368258b98 100644 --- a/scripts/policy/protocols/ssh/detect-bruteforcing.zeek +++ b/scripts/policy/protocols/ssh/detect-bruteforcing.zeek @@ -11,7 +11,7 @@ module SSH; export { redef enum Notice::Type += { ## Indicates that a host has been identified as crossing the - ## :bro:id:`SSH::password_guesses_limit` threshold with + ## :zeek:id:`SSH::password_guesses_limit` threshold with ## failed logins. Password_Guessing, ## Indicates that a host previously identified as a "password diff --git a/scripts/policy/protocols/ssh/geo-data.zeek b/scripts/policy/protocols/ssh/geo-data.zeek index af9e05f011..5c98f62229 100644 --- a/scripts/policy/protocols/ssh/geo-data.zeek +++ b/scripts/policy/protocols/ssh/geo-data.zeek @@ -8,7 +8,7 @@ module SSH; export { redef enum Notice::Type += { ## If an SSH login is seen to or from a "watched" country based - ## on the :bro:id:`SSH::watched_countries` variable then this + ## on the :zeek:id:`SSH::watched_countries` variable then this ## notice will be generated. Watched_Country_Login, }; diff --git a/scripts/policy/protocols/ssh/interesting-hostnames.zeek b/scripts/policy/protocols/ssh/interesting-hostnames.zeek index 064556f9c4..92f7bfc1dd 100644 --- a/scripts/policy/protocols/ssh/interesting-hostnames.zeek +++ b/scripts/policy/protocols/ssh/interesting-hostnames.zeek @@ -12,7 +12,7 @@ export { redef enum Notice::Type += { ## Generated if a login originates or responds with a host where ## the reverse hostname lookup resolves to a name matched by the - ## :bro:id:`SSH::interesting_hostnames` regular expression. + ## :zeek:id:`SSH::interesting_hostnames` regular expression. Interesting_Hostname_Login, }; diff --git a/scripts/policy/protocols/ssl/expiring-certs.zeek b/scripts/policy/protocols/ssl/expiring-certs.zeek index 1e806942d7..630d23d145 100644 --- a/scripts/policy/protocols/ssl/expiring-certs.zeek +++ b/scripts/policy/protocols/ssl/expiring-certs.zeek @@ -15,7 +15,7 @@ export { ## and the certificate is now invalid. Certificate_Expired, ## Indicates that a certificate is going to expire within - ## :bro:id:`SSL::notify_when_cert_expiring_in`. + ## :zeek:id:`SSL::notify_when_cert_expiring_in`. Certificate_Expires_Soon, ## Indicates that a certificate's NotValidBefore date is future ## dated. @@ -30,7 +30,7 @@ export { option notify_certs_expiration = LOCAL_HOSTS; ## The time before a certificate is going to expire that you would like - ## to start receiving :bro:enum:`SSL::Certificate_Expires_Soon` notices. + ## to start receiving :zeek:enum:`SSL::Certificate_Expires_Soon` notices. option notify_when_cert_expiring_in = 30days; } diff --git a/scripts/policy/protocols/ssl/known-certs.zeek b/scripts/policy/protocols/ssl/known-certs.zeek index 3841b77d87..3a8ec75922 100644 --- a/scripts/policy/protocols/ssl/known-certs.zeek +++ b/scripts/policy/protocols/ssl/known-certs.zeek @@ -43,19 +43,19 @@ export { }; ## Holds the set of all known certificates. Keys in the store are of - ## type :bro:type:`Known::AddrCertHashPair` and their associated value is + ## type :zeek:type:`Known::AddrCertHashPair` and their associated value is ## always the boolean value of "true". global cert_store: Cluster::StoreInfo; - ## The Broker topic name to use for :bro:see:`Known::cert_store`. + ## The Broker topic name to use for :zeek:see:`Known::cert_store`. const cert_store_name = "bro/known/certs" &redef; - ## The expiry interval of new entries in :bro:see:`Known::cert_store`. + ## The expiry interval of new entries in :zeek:see:`Known::cert_store`. ## This also changes the interval at which certs get logged. option cert_store_expiry = 1day; ## The timeout interval to use for operations against - ## :bro:see:`Known::cert_store`. + ## :zeek:see:`Known::cert_store`. option cert_store_timeout = 15sec; ## The set of all known certificates to store for preventing duplicate diff --git a/scripts/zeexygen/README b/scripts/zeexygen/README new file mode 100644 index 0000000000..f099b09833 --- /dev/null +++ b/scripts/zeexygen/README @@ -0,0 +1,4 @@ +This package is loaded during the process which automatically generates +reference documentation for all Zeek scripts (i.e. "Zeexygen"). Its only +purpose is to provide an easy way to load all known Zeek scripts plus any +extra scripts needed or used by the documentation process. diff --git a/scripts/broxygen/__load__.zeek b/scripts/zeexygen/__load__.zeek similarity index 100% rename from scripts/broxygen/__load__.zeek rename to scripts/zeexygen/__load__.zeek diff --git a/scripts/broxygen/example.zeek b/scripts/zeexygen/example.zeek similarity index 88% rename from scripts/broxygen/example.zeek rename to scripts/zeexygen/example.zeek index d241051b7d..69affed96a 100644 --- a/scripts/broxygen/example.zeek +++ b/scripts/zeexygen/example.zeek @@ -1,4 +1,4 @@ -##! This is an example script that demonstrates Broxygen-style +##! This is an example script that demonstrates Zeexygen-style ##! documentation. It generally will make most sense when viewing ##! the script's raw source code and comparing to the HTML-rendered ##! version. @@ -11,14 +11,14 @@ ##! .. tip:: You can embed directives and roles within ``##``-stylized comments. ##! ##! There's also a custom role to reference any identifier node in -##! the Bro Sphinx domain that's good for "see alsos", e.g. +##! the Zeek Sphinx domain that's good for "see alsos", e.g. ##! -##! See also: :bro:see:`BroxygenExample::a_var`, -##! :bro:see:`BroxygenExample::ONE`, :bro:see:`SSH::Info` +##! See also: :zeek:see:`ZeexygenExample::a_var`, +##! :zeek:see:`ZeexygenExample::ONE`, :zeek:see:`SSH::Info` ##! ##! And a custom directive does the equivalent references: ##! -##! .. bro:see:: BroxygenExample::a_var BroxygenExample::ONE SSH::Info +##! .. zeek:see:: ZeexygenExample::a_var ZeexygenExample::ONE SSH::Info # Comments that use a single pound sign (#) are not significant to # a script's auto-generated documentation, but ones that use a @@ -30,7 +30,7 @@ # variable declarations to associate with the last-declared identifier. # # Generally, the auto-doc comments (##) are associated with the -# next declaration/identifier found in the script, but Broxygen +# next declaration/identifier found in the script, but Zeexygen # will track/render identifiers regardless of whether they have any # of these special comments associated with them. # @@ -49,19 +49,19 @@ # "module" statements are self-documenting, don't use any ``##`` style # comments with them. -module BroxygenExample; +module ZeexygenExample; # Redefinitions of "Notice::Type" are self-documenting, but # more information can be supplied in two different ways. redef enum Notice::Type += { ## Any number of this type of comment - ## will document "Broxygen_One". - Broxygen_One, - Broxygen_Two, ##< Any number of this type of comment - ##< will document "BROXYGEN_TWO". - Broxygen_Three, + ## will document "Zeexygen_One". + Zeexygen_One, + Zeexygen_Two, ##< Any number of this type of comment + ##< will document "ZEEXYGEN_TWO". + Zeexygen_Three, ## Omitting comments is fine, and so is mixing ``##`` and ``##<``, but - Broxygen_Four, ##< it's probably best to use only one style consistently. + Zeexygen_Four, ##< it's probably best to use only one style consistently. }; # All redefs are automatically tracked. Comments of the "##" form can be use @@ -110,7 +110,7 @@ export { type ComplexRecord: record { field1: count; ##< Counts something. field2: bool; ##< Toggles something. - field3: SimpleRecord; ##< Broxygen automatically tracks types + field3: SimpleRecord; ##< Zeexygen automatically tracks types ##< and cross-references are automatically ##< inserted in to generated docs. msg: string &default="blah"; ##< Attributes are self-documenting. @@ -163,9 +163,9 @@ export { ## Summarize "an_event" here. ## Give more details about "an_event" here. ## - ## BroxygenExample::a_function should not be confused as a parameter + ## ZeexygenExample::a_function should not be confused as a parameter ## in the generated docs, but it also doesn't generate a cross-reference - ## link. Use the see role instead: :bro:see:`BroxygenExample::a_function`. + ## link. Use the see role instead: :zeek:see:`ZeexygenExample::a_function`. ## ## name: Describe the argument here. global an_event: event(name: string); diff --git a/src/Attr.cc b/src/Attr.cc index 47ea7d4f06..2f9673346c 100644 --- a/src/Attr.cc +++ b/src/Attr.cc @@ -51,7 +51,7 @@ void Attr::Describe(ODesc* d) const void Attr::DescribeReST(ODesc* d) const { - d->Add(":bro:attr:`"); + d->Add(":zeek:attr:`"); AddTag(d); d->Add("`"); @@ -64,14 +64,14 @@ void Attr::DescribeReST(ODesc* d) const if ( expr->Tag() == EXPR_NAME ) { - d->Add(":bro:see:`"); + d->Add(":zeek:see:`"); expr->Describe(d); d->Add("`"); } else if ( expr->Type()->Tag() == TYPE_FUNC ) { - d->Add(":bro:type:`"); + d->Add(":zeek:type:`"); d->Add(expr->Type()->AsFuncType()->FlavorString()); d->Add("`"); } diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index da7042f956..94aca30eb9 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -143,7 +143,7 @@ set(bro_PLUGIN_LIBS CACHE INTERNAL "plugin libraries" FORCE) add_subdirectory(analyzer) add_subdirectory(broker) -add_subdirectory(broxygen) +add_subdirectory(zeexygen) add_subdirectory(file_analysis) add_subdirectory(input) add_subdirectory(iosource) diff --git a/src/DebugLogger.cc b/src/DebugLogger.cc index 07590590df..baddd2bdd8 100644 --- a/src/DebugLogger.cc +++ b/src/DebugLogger.cc @@ -18,7 +18,7 @@ DebugLogger::Stream DebugLogger::streams[NUM_DBGS] = { { "dpd", 0, false }, { "tm", 0, false }, { "logging", 0, false }, {"input", 0, false }, { "threading", 0, false }, { "file_analysis", 0, false }, - { "plugins", 0, false }, { "broxygen", 0, false }, + { "plugins", 0, false }, { "zeexygen", 0, false }, { "pktio", 0, false }, { "broker", 0, false }, { "scripts", 0, false} }; diff --git a/src/DebugLogger.h b/src/DebugLogger.h index 1eb8e30417..8026e8ba3c 100644 --- a/src/DebugLogger.h +++ b/src/DebugLogger.h @@ -30,7 +30,7 @@ enum DebugStream { DBG_THREADING, // Threading system DBG_FILE_ANALYSIS, // File analysis DBG_PLUGINS, // Plugin system - DBG_BROXYGEN, // Broxygen + DBG_ZEEXYGEN, // Zeexygen DBG_PKTIO, // Packet sources and dumpers. DBG_BROKER, // Broker communication DBG_SCRIPTS, // Script initialization diff --git a/src/ID.cc b/src/ID.cc index fd99d7c937..24c1c829ff 100644 --- a/src/ID.cc +++ b/src/ID.cc @@ -14,7 +14,7 @@ #include "PersistenceSerializer.h" #include "Scope.h" #include "Traverse.h" -#include "broxygen/Manager.h" +#include "zeexygen/Manager.h" ID::ID(const char* arg_name, IDScope arg_scope, bool arg_is_export) { @@ -651,9 +651,9 @@ void ID::DescribeExtended(ODesc* d) const void ID::DescribeReSTShort(ODesc* d) const { if ( is_type ) - d->Add(":bro:type:`"); + d->Add(":zeek:type:`"); else - d->Add(":bro:id:`"); + d->Add(":zeek:id:`"); d->Add(name); d->Add("`"); @@ -661,7 +661,7 @@ void ID::DescribeReSTShort(ODesc* d) const if ( type ) { d->Add(": "); - d->Add(":bro:type:`"); + d->Add(":zeek:type:`"); if ( ! is_type && ! type->GetName().empty() ) d->Add(type->GetName().c_str()); @@ -682,7 +682,7 @@ void ID::DescribeReSTShort(ODesc* d) const if ( is_type ) d->Add(type_name(t)); else - d->Add(broxygen_mgr->GetEnumTypeName(Name()).c_str()); + d->Add(zeexygen_mgr->GetEnumTypeName(Name()).c_str()); break; default: @@ -706,18 +706,18 @@ void ID::DescribeReST(ODesc* d, bool roles_only) const if ( roles_only ) { if ( is_type ) - d->Add(":bro:type:`"); + d->Add(":zeek:type:`"); else - d->Add(":bro:id:`"); + d->Add(":zeek:id:`"); d->Add(name); d->Add("`"); } else { if ( is_type ) - d->Add(".. bro:type:: "); + d->Add(".. zeek:type:: "); else - d->Add(".. bro:id:: "); + d->Add(".. zeek:id:: "); d->Add(name); } @@ -730,7 +730,7 @@ void ID::DescribeReST(ODesc* d, bool roles_only) const if ( ! is_type && ! type->GetName().empty() ) { - d->Add(":bro:type:`"); + d->Add(":zeek:type:`"); d->Add(type->GetName()); d->Add("`"); } diff --git a/src/Type.cc b/src/Type.cc index 741f1cfc0f..0bc7d0e3fe 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -8,8 +8,8 @@ #include "Scope.h" #include "Serializer.h" #include "Reporter.h" -#include "broxygen/Manager.h" -#include "broxygen/utils.h" +#include "zeexygen/Manager.h" +#include "zeexygen/utils.h" #include #include @@ -190,7 +190,7 @@ void BroType::Describe(ODesc* d) const void BroType::DescribeReST(ODesc* d, bool roles_only) const { - d->Add(fmt(":bro:type:`%s`", type_name(Tag()))); + d->Add(fmt(":zeek:type:`%s`", type_name(Tag()))); } void BroType::SetError() @@ -478,7 +478,7 @@ void IndexType::Describe(ODesc* d) const void IndexType::DescribeReST(ODesc* d, bool roles_only) const { - d->Add(":bro:type:`"); + d->Add(":zeek:type:`"); if ( IsSet() ) d->Add("set"); @@ -497,7 +497,7 @@ void IndexType::DescribeReST(ODesc* d, bool roles_only) const if ( ! t->GetName().empty() ) { - d->Add(":bro:type:`"); + d->Add(":zeek:type:`"); d->Add(t->GetName()); d->Add("`"); } @@ -513,7 +513,7 @@ void IndexType::DescribeReST(ODesc* d, bool roles_only) const if ( ! yield_type->GetName().empty() ) { - d->Add(":bro:type:`"); + d->Add(":zeek:type:`"); d->Add(yield_type->GetName()); d->Add("`"); } @@ -800,7 +800,7 @@ void FuncType::Describe(ODesc* d) const void FuncType::DescribeReST(ODesc* d, bool roles_only) const { - d->Add(":bro:type:`"); + d->Add(":zeek:type:`"); d->Add(FlavorString()); d->Add("`"); d->Add(" ("); @@ -813,7 +813,7 @@ void FuncType::DescribeReST(ODesc* d, bool roles_only) const if ( ! yield->GetName().empty() ) { - d->Add(":bro:type:`"); + d->Add(":zeek:type:`"); d->Add(yield->GetName()); d->Add("`"); } @@ -957,7 +957,7 @@ void TypeDecl::DescribeReST(ODesc* d, bool roles_only) const if ( ! type->GetName().empty() ) { - d->Add(":bro:type:`"); + d->Add(":zeek:type:`"); d->Add(type->GetName()); d->Add("`"); } @@ -1073,7 +1073,7 @@ void RecordType::Describe(ODesc* d) const void RecordType::DescribeReST(ODesc* d, bool roles_only) const { d->PushType(this); - d->Add(":bro:type:`record`"); + d->Add(":zeek:type:`record`"); if ( num_fields == 0 ) return; @@ -1197,8 +1197,8 @@ void RecordType::DescribeFieldsReST(ODesc* d, bool func_args) const if ( func_args ) continue; - using broxygen::IdentifierInfo; - IdentifierInfo* doc = broxygen_mgr->GetIdentifierInfo(GetName()); + using zeexygen::IdentifierInfo; + IdentifierInfo* doc = zeexygen_mgr->GetIdentifierInfo(GetName()); if ( ! doc ) { @@ -1217,7 +1217,7 @@ void RecordType::DescribeFieldsReST(ODesc* d, bool func_args) const field_from_script != type_from_script ) { d->PushIndent(); - d->Add(broxygen::redef_indication(field_from_script).c_str()); + d->Add(zeexygen::redef_indication(field_from_script).c_str()); d->PopIndent(); } @@ -1237,7 +1237,7 @@ void RecordType::DescribeFieldsReST(ODesc* d, bool func_args) const { string s = cmnts[i]; - if ( broxygen::prettify_params(s) ) + if ( zeexygen::prettify_params(s) ) d->NL(); d->Add(s.c_str()); @@ -1405,7 +1405,7 @@ void OpaqueType::Describe(ODesc* d) const void OpaqueType::DescribeReST(ODesc* d, bool roles_only) const { - d->Add(fmt(":bro:type:`%s` of %s", type_name(Tag()), name.c_str())); + d->Add(fmt(":zeek:type:`%s` of %s", type_name(Tag()), name.c_str())); } IMPLEMENT_SERIAL(OpaqueType, SER_OPAQUE_TYPE); @@ -1505,7 +1505,7 @@ void EnumType::CheckAndAddName(const string& module_name, const char* name, if ( deprecated ) id->MakeDeprecated(); - broxygen_mgr->Identifier(id); + zeexygen_mgr->Identifier(id); } else { @@ -1597,7 +1597,7 @@ EnumVal* EnumType::GetVal(bro_int_t i) void EnumType::DescribeReST(ODesc* d, bool roles_only) const { - d->Add(":bro:type:`enum`"); + d->Add(":zeek:type:`enum`"); // Create temporary, reverse name map so that enums can be documented // in ascending order of their actual integral value instead of by name. @@ -1614,12 +1614,12 @@ void EnumType::DescribeReST(ODesc* d, bool roles_only) const d->PushIndent(); if ( roles_only ) - d->Add(fmt(":bro:enum:`%s`", it->second.c_str())); + d->Add(fmt(":zeek:enum:`%s`", it->second.c_str())); else - d->Add(fmt(".. bro:enum:: %s %s", it->second.c_str(), GetName().c_str())); + d->Add(fmt(".. zeek:enum:: %s %s", it->second.c_str(), GetName().c_str())); - using broxygen::IdentifierInfo; - IdentifierInfo* doc = broxygen_mgr->GetIdentifierInfo(it->second); + using zeexygen::IdentifierInfo; + IdentifierInfo* doc = zeexygen_mgr->GetIdentifierInfo(it->second); if ( ! doc ) { @@ -1634,7 +1634,7 @@ void EnumType::DescribeReST(ODesc* d, bool roles_only) const if ( doc->GetDeclaringScript() ) enum_from_script = doc->GetDeclaringScript()->Name(); - IdentifierInfo* type_doc = broxygen_mgr->GetIdentifierInfo(GetName()); + IdentifierInfo* type_doc = zeexygen_mgr->GetIdentifierInfo(GetName()); if ( type_doc && type_doc->GetDeclaringScript() ) type_from_script = type_doc->GetDeclaringScript()->Name(); @@ -1644,7 +1644,7 @@ void EnumType::DescribeReST(ODesc* d, bool roles_only) const { d->NL(); d->PushIndent(); - d->Add(broxygen::redef_indication(enum_from_script).c_str()); + d->Add(zeexygen::redef_indication(enum_from_script).c_str()); d->PopIndent(); } @@ -1818,12 +1818,12 @@ void VectorType::Describe(ODesc* d) const void VectorType::DescribeReST(ODesc* d, bool roles_only) const { - d->Add(fmt(":bro:type:`%s` of ", type_name(Tag()))); + d->Add(fmt(":zeek:type:`%s` of ", type_name(Tag()))); if ( yield_type->GetName().empty() ) yield_type->DescribeReST(d, roles_only); else - d->Add(fmt(":bro:type:`%s`", yield_type->GetName().c_str())); + d->Add(fmt(":zeek:type:`%s`", yield_type->GetName().c_str())); } BroType* base_type_no_ref(TypeTag tag) diff --git a/src/analyzer/protocol/arp/events.bif b/src/analyzer/protocol/arp/events.bif index efee33d7f4..e12d0acd1c 100644 --- a/src/analyzer/protocol/arp/events.bif +++ b/src/analyzer/protocol/arp/events.bif @@ -15,7 +15,7 @@ ## ## THA: The target hardware address. ## -## .. bro:see:: arp_reply bad_arp +## .. zeek:see:: arp_reply bad_arp event arp_request%(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string%); @@ -36,7 +36,7 @@ event arp_request%(mac_src: string, mac_dst: string, SPA: addr, SHA: string, ## ## THA: The target hardware address. ## -## .. bro:see:: arp_request bad_arp +## .. zeek:see:: arp_request bad_arp event arp_reply%(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string%); @@ -54,7 +54,7 @@ event arp_reply%(mac_src: string, mac_dst: string, SPA: addr, SHA: string, ## ## explanation: A short description of why the ARP packet is considered "bad". ## -## .. bro:see:: arp_reply arp_request +## .. zeek:see:: arp_reply arp_request ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet diff --git a/src/analyzer/protocol/bittorrent/events.bif b/src/analyzer/protocol/bittorrent/events.bif index 8c4ddc146f..d86b497437 100644 --- a/src/analyzer/protocol/bittorrent/events.bif +++ b/src/analyzer/protocol/bittorrent/events.bif @@ -3,7 +3,7 @@ ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke ## bittorrent_peer_have bittorrent_peer_interested bittorrent_peer_keep_alive ## bittorrent_peer_not_interested bittorrent_peer_piece bittorrent_peer_port ## bittorrent_peer_request bittorrent_peer_unchoke bittorrent_peer_unknown @@ -16,7 +16,7 @@ event bittorrent_peer_handshake%(c: connection, is_orig: bool, ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke ## bittorrent_peer_handshake bittorrent_peer_have bittorrent_peer_interested ## bittorrent_peer_not_interested bittorrent_peer_piece bittorrent_peer_port ## bittorrent_peer_request bittorrent_peer_unchoke bittorrent_peer_unknown @@ -28,7 +28,7 @@ event bittorrent_peer_keep_alive%(c: connection, is_orig: bool%); ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel ## bittorrent_peer_handshake bittorrent_peer_have bittorrent_peer_interested ## bittorrent_peer_keep_alive bittorrent_peer_not_interested bittorrent_peer_piece ## bittorrent_peer_port bittorrent_peer_request bittorrent_peer_unchoke @@ -40,7 +40,7 @@ event bittorrent_peer_choke%(c: connection, is_orig: bool%); ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke ## bittorrent_peer_handshake bittorrent_peer_have bittorrent_peer_interested ## bittorrent_peer_keep_alive bittorrent_peer_not_interested bittorrent_peer_piece ## bittorrent_peer_port bittorrent_peer_request @@ -52,7 +52,7 @@ event bittorrent_peer_unchoke%(c: connection, is_orig: bool%); ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke ## bittorrent_peer_handshake bittorrent_peer_have bittorrent_peer_keep_alive ## bittorrent_peer_not_interested bittorrent_peer_piece bittorrent_peer_port ## bittorrent_peer_request bittorrent_peer_unchoke bittorrent_peer_unknown @@ -64,7 +64,7 @@ event bittorrent_peer_interested%(c: connection, is_orig: bool%); ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke ## bittorrent_peer_handshake bittorrent_peer_have bittorrent_peer_interested ## bittorrent_peer_keep_alive bittorrent_peer_piece bittorrent_peer_port ## bittorrent_peer_request bittorrent_peer_unchoke bittorrent_peer_unknown @@ -76,7 +76,7 @@ event bittorrent_peer_not_interested%(c: connection, is_orig: bool%); ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke ## bittorrent_peer_handshake bittorrent_peer_interested bittorrent_peer_keep_alive ## bittorrent_peer_not_interested bittorrent_peer_piece bittorrent_peer_port ## bittorrent_peer_request bittorrent_peer_unchoke bittorrent_peer_unknown @@ -88,7 +88,7 @@ event bittorrent_peer_have%(c: connection, is_orig: bool, piece_index: count%); ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_cancel bittorrent_peer_choke bittorrent_peer_handshake +## .. zeek:see:: bittorrent_peer_cancel bittorrent_peer_choke bittorrent_peer_handshake ## bittorrent_peer_have bittorrent_peer_interested bittorrent_peer_keep_alive ## bittorrent_peer_not_interested bittorrent_peer_piece bittorrent_peer_port ## bittorrent_peer_request bittorrent_peer_unchoke bittorrent_peer_unknown @@ -100,7 +100,7 @@ event bittorrent_peer_bitfield%(c: connection, is_orig: bool, bitfield: string%) ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke ## bittorrent_peer_handshake bittorrent_peer_have bittorrent_peer_interested ## bittorrent_peer_keep_alive bittorrent_peer_not_interested bittorrent_peer_piece ## bittorrent_peer_port bittorrent_peer_unchoke bittorrent_peer_unknown @@ -113,7 +113,7 @@ event bittorrent_peer_request%(c: connection, is_orig: bool, index: count, ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke ## bittorrent_peer_handshake bittorrent_peer_have bittorrent_peer_interested ## bittorrent_peer_keep_alive bittorrent_peer_not_interested bittorrent_peer_port ## bittorrent_peer_request bittorrent_peer_unchoke bittorrent_peer_unknown @@ -126,7 +126,7 @@ event bittorrent_peer_piece%(c: connection, is_orig: bool, index: count, ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_choke ## bittorrent_peer_handshake bittorrent_peer_have bittorrent_peer_interested ## bittorrent_peer_keep_alive bittorrent_peer_not_interested bittorrent_peer_piece ## bittorrent_peer_port bittorrent_peer_request bittorrent_peer_unchoke @@ -139,7 +139,7 @@ event bittorrent_peer_cancel%(c: connection, is_orig: bool, index: count, ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke ## bittorrent_peer_handshake bittorrent_peer_have bittorrent_peer_interested ## bittorrent_peer_keep_alive bittorrent_peer_not_interested bittorrent_peer_piece ## bittorrent_peer_request bittorrent_peer_unchoke bittorrent_peer_unknown @@ -151,7 +151,7 @@ event bittorrent_peer_port%(c: connection, is_orig: bool, listen_port: port%); ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke ## bittorrent_peer_handshake bittorrent_peer_have bittorrent_peer_interested ## bittorrent_peer_keep_alive bittorrent_peer_not_interested bittorrent_peer_piece ## bittorrent_peer_port bittorrent_peer_request bittorrent_peer_unchoke @@ -164,7 +164,7 @@ event bittorrent_peer_unknown%(c: connection, is_orig: bool, message_id: count, ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke ## bittorrent_peer_handshake bittorrent_peer_have bittorrent_peer_interested ## bittorrent_peer_keep_alive bittorrent_peer_not_interested bittorrent_peer_piece ## bittorrent_peer_port bittorrent_peer_request bittorrent_peer_unchoke @@ -176,7 +176,7 @@ event bittorrent_peer_weird%(c: connection, is_orig: bool, msg: string%); ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke ## bittorrent_peer_handshake bittorrent_peer_have bittorrent_peer_interested ## bittorrent_peer_keep_alive bittorrent_peer_not_interested bittorrent_peer_piece ## bittorrent_peer_port bittorrent_peer_request bittorrent_peer_unchoke @@ -189,7 +189,7 @@ event bt_tracker_request%(c: connection, uri: string, ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke ## bittorrent_peer_handshake bittorrent_peer_have bittorrent_peer_interested ## bittorrent_peer_keep_alive bittorrent_peer_not_interested bittorrent_peer_piece ## bittorrent_peer_port bittorrent_peer_request bittorrent_peer_unchoke @@ -204,7 +204,7 @@ event bt_tracker_response%(c: connection, status: count, ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke ## bittorrent_peer_handshake bittorrent_peer_have bittorrent_peer_interested ## bittorrent_peer_keep_alive bittorrent_peer_not_interested bittorrent_peer_piece ## bittorrent_peer_port bittorrent_peer_request bittorrent_peer_unchoke @@ -217,7 +217,7 @@ event bt_tracker_response_not_ok%(c: connection, status: count, ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke ## bittorrent_peer_handshake bittorrent_peer_have bittorrent_peer_interested ## bittorrent_peer_keep_alive bittorrent_peer_not_interested bittorrent_peer_piece ## bittorrent_peer_port bittorrent_peer_request bittorrent_peer_unchoke diff --git a/src/analyzer/protocol/conn-size/events.bif b/src/analyzer/protocol/conn-size/events.bif index 38b263db57..9b1007ec3b 100644 --- a/src/analyzer/protocol/conn-size/events.bif +++ b/src/analyzer/protocol/conn-size/events.bif @@ -8,7 +8,7 @@ ## ## is_orig: true if the threshold was crossed by the originator of the connection ## -## .. bro:see:: set_current_conn_packets_threshold set_current_conn_bytes_threshold conn_packets_threshold_crossed +## .. zeek:see:: set_current_conn_packets_threshold set_current_conn_bytes_threshold conn_packets_threshold_crossed ## get_current_conn_bytes_threshold get_current_conn_packets_threshold event conn_bytes_threshold_crossed%(c: connection, threshold: count, is_orig: bool%); @@ -22,6 +22,6 @@ event conn_bytes_threshold_crossed%(c: connection, threshold: count, is_orig: bo ## ## is_orig: true if the threshold was crossed by the originator of the connection ## -## .. bro:see:: set_current_conn_packets_threshold set_current_conn_bytes_threshold conn_bytes_threshold_crossed +## .. zeek:see:: set_current_conn_packets_threshold set_current_conn_bytes_threshold conn_bytes_threshold_crossed ## get_current_conn_bytes_threshold get_current_conn_packets_threshold event conn_packets_threshold_crossed%(c: connection, threshold: count, is_orig: bool%); diff --git a/src/analyzer/protocol/conn-size/functions.bif b/src/analyzer/protocol/conn-size/functions.bif index d4ad045da7..9dc91bb722 100644 --- a/src/analyzer/protocol/conn-size/functions.bif +++ b/src/analyzer/protocol/conn-size/functions.bif @@ -26,7 +26,7 @@ static analyzer::Analyzer* GetConnsizeAnalyzer(Val* cid) ## ## is_orig: If true, threshold is set for bytes from originator, otherwhise for bytes from responder. ## -## .. bro:see:: set_current_conn_packets_threshold conn_bytes_threshold_crossed conn_packets_threshold_crossed +## .. zeek:see:: set_current_conn_packets_threshold conn_bytes_threshold_crossed conn_packets_threshold_crossed ## get_current_conn_bytes_threshold get_current_conn_packets_threshold function set_current_conn_bytes_threshold%(cid: conn_id, threshold: count, is_orig: bool%): bool %{ @@ -49,7 +49,7 @@ function set_current_conn_bytes_threshold%(cid: conn_id, threshold: count, is_or ## ## is_orig: If true, threshold is set for packets from originator, otherwhise for packets from responder. ## -## .. bro:see:: set_current_conn_bytes_threshold conn_bytes_threshold_crossed conn_packets_threshold_crossed +## .. zeek:see:: set_current_conn_bytes_threshold conn_bytes_threshold_crossed conn_packets_threshold_crossed ## get_current_conn_bytes_threshold get_current_conn_packets_threshold function set_current_conn_packets_threshold%(cid: conn_id, threshold: count, is_orig: bool%): bool %{ @@ -70,7 +70,7 @@ function set_current_conn_packets_threshold%(cid: conn_id, threshold: count, is_ ## ## Returns: 0 if no threshold is set or the threshold in bytes ## -## .. bro:see:: set_current_conn_packets_threshold conn_bytes_threshold_crossed conn_packets_threshold_crossed +## .. zeek:see:: set_current_conn_packets_threshold conn_bytes_threshold_crossed conn_packets_threshold_crossed ## get_current_conn_packets_threshold function get_current_conn_bytes_threshold%(cid: conn_id, is_orig: bool%): count %{ @@ -89,7 +89,7 @@ function get_current_conn_bytes_threshold%(cid: conn_id, is_orig: bool%): count ## ## Returns: 0 if no threshold is set or the threshold in packets ## -## .. bro:see:: set_current_conn_packets_threshold conn_bytes_threshold_crossed conn_packets_threshold_crossed +## .. zeek:see:: set_current_conn_packets_threshold conn_bytes_threshold_crossed conn_packets_threshold_crossed ## get_current_conn_bytes_threshold function get_current_conn_packets_threshold%(cid: conn_id, is_orig: bool%): count %{ diff --git a/src/analyzer/protocol/dce-rpc/events.bif b/src/analyzer/protocol/dce-rpc/events.bif index 1e4a4e0d51..1f2b61255c 100644 --- a/src/analyzer/protocol/dce-rpc/events.bif +++ b/src/analyzer/protocol/dce-rpc/events.bif @@ -12,7 +12,7 @@ ## ## ptype: Enum representation of the prodecure type of the message. ## -## .. bro:see:: dce_rpc_bind dce_rpc_bind_ack dce_rpc_request dce_rpc_response +## .. zeek:see:: dce_rpc_bind dce_rpc_bind_ack dce_rpc_request dce_rpc_response event dce_rpc_message%(c: connection, is_orig: bool, fid: count, ptype_id: count, ptype: DCE_RPC::PType%); ## Generated for every :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` bind request message. @@ -33,7 +33,7 @@ event dce_rpc_message%(c: connection, is_orig: bool, fid: count, ptype_id: count ## ## ver_minor: The minor version of the endpoint being requested. ## -## .. bro:see:: dce_rpc_message dce_rpc_bind_ack dce_rpc_request dce_rpc_response +## .. zeek:see:: dce_rpc_message dce_rpc_bind_ack dce_rpc_request dce_rpc_response event dce_rpc_bind%(c: connection, fid: count, ctx_id: count, uuid: string, ver_major: count, ver_minor: count%); ## Generated for every :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` alter context request message. @@ -54,7 +54,7 @@ event dce_rpc_bind%(c: connection, fid: count, ctx_id: count, uuid: string, ver_ ## ## ver_minor: The minor version of the endpoint being requested. ## -## .. bro:see:: dce_rpc_message dce_rpc_bind dce_rpc_bind_ack dce_rpc_request dce_rpc_response dce_rpc_alter_context_resp +## .. zeek:see:: dce_rpc_message dce_rpc_bind dce_rpc_bind_ack dce_rpc_request dce_rpc_response dce_rpc_alter_context_resp event dce_rpc_alter_context%(c: connection, fid: count, ctx_id: count, uuid: string, ver_major: count, ver_minor: count%); ## Generated for every :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` bind request ack message. @@ -67,7 +67,7 @@ event dce_rpc_alter_context%(c: connection, fid: count, ctx_id: count, uuid: str ## ## sec_addr: Secondary address for the ack. ## -## .. bro:see:: dce_rpc_message dce_rpc_bind dce_rpc_request dce_rpc_response +## .. zeek:see:: dce_rpc_message dce_rpc_bind dce_rpc_request dce_rpc_response event dce_rpc_bind_ack%(c: connection, fid: count, sec_addr: string%); ## Generated for every :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` alter context response message. @@ -78,7 +78,7 @@ event dce_rpc_bind_ack%(c: connection, fid: count, sec_addr: string%); ## message. Zero will be used if the :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` was ## not transported over a pipe. ## -## .. bro:see:: dce_rpc_message dce_rpc_bind dce_rpc_bind_ack dce_rpc_request dce_rpc_response dce_rpc_alter_context +## .. zeek:see:: dce_rpc_message dce_rpc_bind dce_rpc_bind_ack dce_rpc_request dce_rpc_response dce_rpc_alter_context event dce_rpc_alter_context_resp%(c: connection, fid: count%); ## Generated for every :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` request message. @@ -95,7 +95,7 @@ event dce_rpc_alter_context_resp%(c: connection, fid: count%); ## ## stub_len: Length of the data for the request. ## -## .. bro:see:: dce_rpc_message dce_rpc_bind dce_rpc_bind_ack dce_rpc_response +## .. zeek:see:: dce_rpc_message dce_rpc_bind dce_rpc_bind_ack dce_rpc_response event dce_rpc_request%(c: connection, fid: count, ctx_id: count, opnum: count, stub_len: count%); ## Generated for every :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` response message. @@ -112,5 +112,5 @@ event dce_rpc_request%(c: connection, fid: count, ctx_id: count, opnum: count, s ## ## stub_len: Length of the data for the response. ## -## .. bro:see:: dce_rpc_message dce_rpc_bind dce_rpc_bind_ack dce_rpc_request +## .. zeek:see:: dce_rpc_message dce_rpc_bind dce_rpc_bind_ack dce_rpc_request event dce_rpc_response%(c: connection, fid: count, ctx_id: count, opnum: count, stub_len: count%); diff --git a/src/analyzer/protocol/dns/events.bif b/src/analyzer/protocol/dns/events.bif index 6fe741d4d9..1113ca2687 100644 --- a/src/analyzer/protocol/dns/events.bif +++ b/src/analyzer/protocol/dns/events.bif @@ -13,7 +13,7 @@ ## ## len: The length of the message's raw representation (i.e., the DNS payload). ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl ## dns_HINFO_reply dns_MX_reply dns_NS_reply dns_PTR_reply dns_SOA_reply ## dns_SRV_reply dns_TSIG_addl dns_TXT_reply dns_WKS_reply dns_end ## dns_full_request dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name @@ -40,7 +40,7 @@ event dns_message%(c: connection, is_orig: bool, msg: dns_msg, len: count%); ## ## qclass: The queried resource record class. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl ## dns_HINFO_reply dns_MX_reply dns_NS_reply dns_PTR_reply dns_SOA_reply ## dns_SRV_reply dns_TSIG_addl dns_TXT_reply dns_WKS_reply dns_end ## dns_full_request dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name @@ -69,7 +69,7 @@ event dns_request%(c: connection, msg: dns_msg, query: string, qtype: count, qcl ## ## qclass: The queried resource record class. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl ## dns_HINFO_reply dns_MX_reply dns_NS_reply dns_PTR_reply dns_SOA_reply ## dns_SRV_reply dns_TSIG_addl dns_TXT_reply dns_WKS_reply dns_end ## dns_full_request dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name @@ -95,7 +95,7 @@ event dns_rejected%(c: connection, msg: dns_msg, query: string, qtype: count, qc ## ## qclass: The queried resource record class. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl ## dns_HINFO_reply dns_MX_reply dns_NS_reply dns_PTR_reply dns_SOA_reply ## dns_SRV_reply dns_TSIG_addl dns_TXT_reply dns_WKS_reply dns_end ## dns_full_request dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name @@ -121,7 +121,7 @@ event dns_query_reply%(c: connection, msg: dns_msg, query: string, ## ## a: The address returned by the reply. ## -## .. bro:see:: dns_AAAA_reply dns_A6_reply dns_CNAME_reply dns_EDNS_addl dns_HINFO_reply +## .. zeek:see:: dns_AAAA_reply dns_A6_reply dns_CNAME_reply dns_EDNS_addl dns_HINFO_reply ## dns_MX_reply dns_NS_reply dns_PTR_reply dns_SOA_reply dns_SRV_reply ## dns_TSIG_addl dns_TXT_reply dns_WKS_reply dns_end dns_full_request ## dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name @@ -146,7 +146,7 @@ event dns_A_reply%(c: connection, msg: dns_msg, ans: dns_answer, a: addr%); ## ## a: The address returned by the reply. ## -## .. bro:see:: dns_A_reply dns_A6_reply dns_CNAME_reply dns_EDNS_addl dns_HINFO_reply dns_MX_reply +## .. zeek:see:: dns_A_reply dns_A6_reply dns_CNAME_reply dns_EDNS_addl dns_HINFO_reply dns_MX_reply ## dns_NS_reply dns_PTR_reply dns_SOA_reply dns_SRV_reply dns_TSIG_addl ## dns_TXT_reply dns_WKS_reply dns_end dns_full_request dns_mapping_altered ## dns_mapping_lost_name dns_mapping_new_name dns_mapping_unverified @@ -171,7 +171,7 @@ event dns_AAAA_reply%(c: connection, msg: dns_msg, ans: dns_answer, a: addr%); ## ## a: The address returned by the reply. ## -## .. bro:see:: dns_A_reply dns_AAAA_reply dns_CNAME_reply dns_EDNS_addl dns_HINFO_reply dns_MX_reply +## .. zeek:see:: dns_A_reply dns_AAAA_reply dns_CNAME_reply dns_EDNS_addl dns_HINFO_reply dns_MX_reply ## dns_NS_reply dns_PTR_reply dns_SOA_reply dns_SRV_reply dns_TSIG_addl ## dns_TXT_reply dns_WKS_reply dns_end dns_full_request dns_mapping_altered ## dns_mapping_lost_name dns_mapping_new_name dns_mapping_unverified @@ -196,7 +196,7 @@ event dns_A6_reply%(c: connection, msg: dns_msg, ans: dns_answer, a: addr%); ## ## name: The name returned by the reply. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl ## dns_HINFO_reply dns_MX_reply dns_PTR_reply dns_SOA_reply dns_SRV_reply ## dns_TSIG_addl dns_TXT_reply dns_WKS_reply dns_end dns_full_request ## dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name @@ -221,7 +221,7 @@ event dns_NS_reply%(c: connection, msg: dns_msg, ans: dns_answer, name: string%) ## ## name: The name returned by the reply. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_EDNS_addl dns_HINFO_reply dns_MX_reply +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_EDNS_addl dns_HINFO_reply dns_MX_reply ## dns_NS_reply dns_PTR_reply dns_SOA_reply dns_SRV_reply dns_TSIG_addl ## dns_TXT_reply dns_WKS_reply dns_end dns_full_request dns_mapping_altered ## dns_mapping_lost_name dns_mapping_new_name dns_mapping_unverified @@ -246,7 +246,7 @@ event dns_CNAME_reply%(c: connection, msg: dns_msg, ans: dns_answer, name: strin ## ## name: The name returned by the reply. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl ## dns_HINFO_reply dns_MX_reply dns_NS_reply dns_SOA_reply dns_SRV_reply ## dns_TSIG_addl dns_TXT_reply dns_WKS_reply dns_end dns_full_request ## dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name @@ -271,7 +271,7 @@ event dns_PTR_reply%(c: connection, msg: dns_msg, ans: dns_answer, name: string% ## ## soa: The parsed SOA value. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl ## dns_HINFO_reply dns_MX_reply dns_NS_reply dns_PTR_reply dns_SRV_reply ## dns_TSIG_addl dns_TXT_reply dns_WKS_reply dns_end dns_full_request ## dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name @@ -294,7 +294,7 @@ event dns_SOA_reply%(c: connection, msg: dns_msg, ans: dns_answer, soa: dns_soa% ## ## ans: The type-independent part of the parsed answer record. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl ## dns_HINFO_reply dns_MX_reply dns_NS_reply dns_PTR_reply dns_SOA_reply ## dns_SRV_reply dns_TSIG_addl dns_TXT_reply dns_end dns_full_request ## dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name @@ -317,7 +317,7 @@ event dns_WKS_reply%(c: connection, msg: dns_msg, ans: dns_answer%); ## ## ans: The type-independent part of the parsed answer record. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl dns_MX_reply +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl dns_MX_reply ## dns_NS_reply dns_PTR_reply dns_SOA_reply dns_SRV_reply dns_TSIG_addl ## dns_TXT_reply dns_WKS_reply dns_end dns_full_request dns_mapping_altered ## dns_mapping_lost_name dns_mapping_new_name dns_mapping_unverified @@ -344,7 +344,7 @@ event dns_HINFO_reply%(c: connection, msg: dns_msg, ans: dns_answer%); ## ## preference: The preference for *name* specified by the reply. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl ## dns_HINFO_reply dns_NS_reply dns_PTR_reply dns_SOA_reply dns_SRV_reply ## dns_TSIG_addl dns_TXT_reply dns_WKS_reply dns_end dns_full_request ## dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name @@ -369,7 +369,7 @@ event dns_MX_reply%(c: connection, msg: dns_msg, ans: dns_answer, name: string, ## ## strs: The textual information returned by the reply. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl ## dns_HINFO_reply dns_MX_reply dns_NS_reply dns_PTR_reply dns_SOA_reply ## dns_SRV_reply dns_TSIG_addl dns_WKS_reply dns_end dns_full_request ## dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name @@ -423,7 +423,7 @@ event dns_CAA_reply%(c: connection, msg: dns_msg, ans: dns_answer, flags: count, ## p: Port of the SRV response -- the TCP or UDP port on which the ## service is to be found. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl ## dns_HINFO_reply dns_MX_reply dns_NS_reply dns_PTR_reply dns_SOA_reply ## dns_TSIG_addl dns_TXT_reply dns_WKS_reply dns_end dns_full_request ## dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name @@ -442,7 +442,7 @@ event dns_SRV_reply%(c: connection, msg: dns_msg, ans: dns_answer, target: strin ## ## ans: The type-independent part of the parsed answer record. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl ## dns_HINFO_reply dns_MX_reply dns_NS_reply dns_PTR_reply dns_SOA_reply ## dns_TSIG_addl dns_TXT_reply dns_WKS_reply dns_SRV_reply dns_end event dns_unknown_reply%(c: connection, msg: dns_msg, ans: dns_answer%); @@ -461,7 +461,7 @@ event dns_unknown_reply%(c: connection, msg: dns_msg, ans: dns_answer%); ## ## ans: The parsed EDNS reply. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_HINFO_reply dns_MX_reply +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_HINFO_reply dns_MX_reply ## dns_NS_reply dns_PTR_reply dns_SOA_reply dns_SRV_reply dns_TSIG_addl ## dns_TXT_reply dns_WKS_reply dns_end dns_full_request dns_mapping_altered ## dns_mapping_lost_name dns_mapping_new_name dns_mapping_unverified @@ -484,7 +484,7 @@ event dns_EDNS_addl%(c: connection, msg: dns_msg, ans: dns_edns_additional%); ## ## ans: The parsed TSIG reply. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl ## dns_HINFO_reply dns_MX_reply dns_NS_reply dns_PTR_reply dns_SOA_reply ## dns_SRV_reply dns_TXT_reply dns_WKS_reply dns_end dns_full_request ## dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name @@ -573,7 +573,7 @@ event dns_DS%(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr%); ## ## msg: The parsed DNS message header. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl ## dns_HINFO_reply dns_MX_reply dns_NS_reply dns_PTR_reply dns_SOA_reply ## dns_SRV_reply dns_TSIG_addl dns_TXT_reply dns_WKS_reply dns_full_request ## dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name diff --git a/src/analyzer/protocol/finger/events.bif b/src/analyzer/protocol/finger/events.bif index e495263b12..d1b9212c22 100644 --- a/src/analyzer/protocol/finger/events.bif +++ b/src/analyzer/protocol/finger/events.bif @@ -11,7 +11,7 @@ ## ## hostname: The request's host name. ## -## .. bro:see:: finger_reply +## .. zeek:see:: finger_reply ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet @@ -28,7 +28,7 @@ event finger_request%(c: connection, full: bool, username: string, hostname: str ## ## reply_line: The reply as returned by the server ## -## .. bro:see:: finger_request +## .. zeek:see:: finger_request ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet diff --git a/src/analyzer/protocol/ftp/events.bif b/src/analyzer/protocol/ftp/events.bif index 16faa417d3..6cc2317936 100644 --- a/src/analyzer/protocol/ftp/events.bif +++ b/src/analyzer/protocol/ftp/events.bif @@ -9,7 +9,7 @@ ## ## arg: The arguments going with the command. ## -## .. bro:see:: ftp_reply fmt_ftp_port parse_eftp_port +## .. zeek:see:: ftp_reply fmt_ftp_port parse_eftp_port ## parse_ftp_epsv parse_ftp_pasv parse_ftp_port event ftp_request%(c: connection, command: string, arg: string%); @@ -29,7 +29,7 @@ event ftp_request%(c: connection, command: string, arg: string%); ## to reassemble the pieces before processing the response any ## further. ## -## .. bro:see:: ftp_request fmt_ftp_port parse_eftp_port +## .. zeek:see:: ftp_request fmt_ftp_port parse_eftp_port ## parse_ftp_epsv parse_ftp_pasv parse_ftp_port event ftp_reply%(c: connection, code: count, msg: string, cont_resp: bool%); diff --git a/src/analyzer/protocol/ftp/functions.bif b/src/analyzer/protocol/ftp/functions.bif index 20c26b7c57..ad9c89fadb 100644 --- a/src/analyzer/protocol/ftp/functions.bif +++ b/src/analyzer/protocol/ftp/functions.bif @@ -117,20 +117,20 @@ static Val* parse_eftp(const char* line) %%} ## Converts a string representation of the FTP PORT command to an -## :bro:type:`ftp_port`. +## :zeek:type:`ftp_port`. ## ## s: The string of the FTP PORT command, e.g., ``"10,0,0,1,4,31"``. ## ## Returns: The FTP PORT, e.g., ``[h=10.0.0.1, p=1055/tcp, valid=T]``. ## -## .. bro:see:: parse_eftp_port parse_ftp_pasv parse_ftp_epsv fmt_ftp_port +## .. zeek:see:: parse_eftp_port parse_ftp_pasv parse_ftp_epsv fmt_ftp_port function parse_ftp_port%(s: string%): ftp_port %{ return parse_port(s->CheckString()); %} ## Converts a string representation of the FTP EPRT command (see :rfc:`2428`) -## to an :bro:type:`ftp_port`. The format is +## to an :zeek:type:`ftp_port`. The format is ## ``"EPRT"``, ## where ```` is a delimiter in the ASCII range 33-126 (usually ``|``). ## @@ -138,19 +138,19 @@ function parse_ftp_port%(s: string%): ftp_port ## ## Returns: The FTP PORT, e.g., ``[h=10.0.0.1, p=1055/tcp, valid=T]``. ## -## .. bro:see:: parse_ftp_port parse_ftp_pasv parse_ftp_epsv fmt_ftp_port +## .. zeek:see:: parse_ftp_port parse_ftp_pasv parse_ftp_epsv fmt_ftp_port function parse_eftp_port%(s: string%): ftp_port %{ return parse_eftp(s->CheckString()); %} -## Converts the result of the FTP PASV command to an :bro:type:`ftp_port`. +## Converts the result of the FTP PASV command to an :zeek:type:`ftp_port`. ## ## str: The string containing the result of the FTP PASV command. ## ## Returns: The FTP PORT, e.g., ``[h=10.0.0.1, p=1055/tcp, valid=T]``. ## -## .. bro:see:: parse_ftp_port parse_eftp_port parse_ftp_epsv fmt_ftp_port +## .. zeek:see:: parse_ftp_port parse_eftp_port parse_ftp_epsv fmt_ftp_port function parse_ftp_pasv%(str: string%): ftp_port %{ const char* s = str->CheckString(); @@ -170,14 +170,14 @@ function parse_ftp_pasv%(str: string%): ftp_port %} ## Converts the result of the FTP EPSV command (see :rfc:`2428`) to an -## :bro:type:`ftp_port`. The format is ``" ()"``, +## :zeek:type:`ftp_port`. The format is ``" ()"``, ## where ```` is a delimiter in the ASCII range 33-126 (usually ``|``). ## ## str: The string containing the result of the FTP EPSV command. ## ## Returns: The FTP PORT, e.g., ``[h=10.0.0.1, p=1055/tcp, valid=T]``. ## -## .. bro:see:: parse_ftp_port parse_eftp_port parse_ftp_pasv fmt_ftp_port +## .. zeek:see:: parse_ftp_port parse_eftp_port parse_ftp_pasv fmt_ftp_port function parse_ftp_epsv%(str: string%): ftp_port %{ const char* s = str->CheckString(); @@ -196,7 +196,7 @@ function parse_ftp_epsv%(str: string%): ftp_port ## ## Returns: The FTP PORT string. ## -## .. bro:see:: parse_ftp_port parse_eftp_port parse_ftp_pasv parse_ftp_epsv +## .. zeek:see:: parse_ftp_port parse_eftp_port parse_ftp_pasv parse_ftp_epsv function fmt_ftp_port%(a: addr, p: port%): string %{ const uint32* addr; diff --git a/src/analyzer/protocol/gnutella/events.bif b/src/analyzer/protocol/gnutella/events.bif index 9384f34e88..f09b0890c7 100644 --- a/src/analyzer/protocol/gnutella/events.bif +++ b/src/analyzer/protocol/gnutella/events.bif @@ -3,7 +3,7 @@ ## See `Wikipedia `__ for more ## information about the Gnutella protocol. ## -## .. bro:see:: gnutella_binary_msg gnutella_establish gnutella_http_notify +## .. zeek:see:: gnutella_binary_msg gnutella_establish gnutella_http_notify ## gnutella_not_establish gnutella_partial_binary_msg gnutella_signature_found ## ## @@ -18,7 +18,7 @@ event gnutella_text_msg%(c: connection, orig: bool, headers: string%); ## See `Wikipedia `__ for more ## information about the Gnutella protocol. ## -## .. bro:see:: gnutella_establish gnutella_http_notify gnutella_not_establish +## .. zeek:see:: gnutella_establish gnutella_http_notify gnutella_not_establish ## gnutella_partial_binary_msg gnutella_signature_found gnutella_text_msg ## ## .. todo:: Bro's current default configuration does not activate the protocol @@ -35,7 +35,7 @@ event gnutella_binary_msg%(c: connection, orig: bool, msg_type: count, ## See `Wikipedia `__ for more ## information about the Gnutella protocol. ## -## .. bro:see:: gnutella_binary_msg gnutella_establish gnutella_http_notify +## .. zeek:see:: gnutella_binary_msg gnutella_establish gnutella_http_notify ## gnutella_not_establish gnutella_signature_found gnutella_text_msg ## ## .. todo:: Bro's current default configuration does not activate the protocol @@ -50,7 +50,7 @@ event gnutella_partial_binary_msg%(c: connection, orig: bool, ## See `Wikipedia `__ for more ## information about the Gnutella protocol. ## -## .. bro:see:: gnutella_binary_msg gnutella_http_notify gnutella_not_establish +## .. zeek:see:: gnutella_binary_msg gnutella_http_notify gnutella_not_establish ## gnutella_partial_binary_msg gnutella_signature_found gnutella_text_msg ## ## .. todo:: Bro's current default configuration does not activate the protocol @@ -64,7 +64,7 @@ event gnutella_establish%(c: connection%); ## See `Wikipedia `__ for more ## information about the Gnutella protocol. ## -## .. bro:see:: gnutella_binary_msg gnutella_establish gnutella_http_notify +## .. zeek:see:: gnutella_binary_msg gnutella_establish gnutella_http_notify ## gnutella_partial_binary_msg gnutella_signature_found gnutella_text_msg ## ## .. todo:: Bro's current default configuration does not activate the protocol @@ -78,7 +78,7 @@ event gnutella_not_establish%(c: connection%); ## See `Wikipedia `__ for more ## information about the Gnutella protocol. ## -## .. bro:see:: gnutella_binary_msg gnutella_establish gnutella_not_establish +## .. zeek:see:: gnutella_binary_msg gnutella_establish gnutella_not_establish ## gnutella_partial_binary_msg gnutella_signature_found gnutella_text_msg ## ## .. todo:: Bro's current default configuration does not activate the protocol diff --git a/src/analyzer/protocol/http/events.bif b/src/analyzer/protocol/http/events.bif index ab005ba8d6..f86ee09ccd 100644 --- a/src/analyzer/protocol/http/events.bif +++ b/src/analyzer/protocol/http/events.bif @@ -2,7 +2,7 @@ ## Generated for HTTP requests. Bro supports persistent and pipelined HTTP ## sessions and raises corresponding events as it parses client/server ## dialogues. This event is generated as soon as a request's initial line has -## been parsed, and before any :bro:id:`http_header` events are raised. +## been parsed, and before any :zeek:id:`http_header` events are raised. ## ## See `Wikipedia `__ ## for more information about the HTTP protocol. @@ -17,7 +17,7 @@ ## ## version: The version number specified in the request (e.g., ``1.1``). ## -## .. bro:see:: http_all_headers http_begin_entity http_content_type http_end_entity +## .. zeek:see:: http_all_headers http_begin_entity http_content_type http_end_entity ## http_entity_data http_event http_header http_message_done http_reply http_stats ## truncate_http_URI http_connection_upgrade event http_request%(c: connection, method: string, original_URI: string, unescaped_URI: string, version: string%); @@ -25,7 +25,7 @@ event http_request%(c: connection, method: string, original_URI: string, unescap ## Generated for HTTP replies. Bro supports persistent and pipelined HTTP ## sessions and raises corresponding events as it parses client/server ## dialogues. This event is generated as soon as a reply's initial line has -## been parsed, and before any :bro:id:`http_header` events are raised. +## been parsed, and before any :zeek:id:`http_header` events are raised. ## ## See `Wikipedia `__ ## for more information about the HTTP protocol. @@ -38,7 +38,7 @@ event http_request%(c: connection, method: string, original_URI: string, unescap ## ## reason: The textual description returned by the server along with *code*. ## -## .. bro:see:: http_all_headers http_begin_entity http_content_type http_end_entity +## .. zeek:see:: http_all_headers http_begin_entity http_content_type http_end_entity ## http_entity_data http_event http_header http_message_done http_request ## http_stats http_connection_upgrade event http_reply%(c: connection, version: string, code: count, reason: string%); @@ -58,7 +58,7 @@ event http_reply%(c: connection, version: string, code: count, reason: string%); ## ## value: The value of the header. ## -## .. bro:see:: http_all_headers http_begin_entity http_content_type http_end_entity +## .. zeek:see:: http_all_headers http_begin_entity http_content_type http_end_entity ## http_entity_data http_event http_message_done http_reply http_request ## http_stats http_connection_upgrade ## @@ -81,7 +81,7 @@ event http_header%(c: connection, is_orig: bool, name: string, value: string%); ## The table is indexed by the position of the header (1 for the first, ## 2 for the second, etc.). ## -## .. bro:see:: http_begin_entity http_content_type http_end_entity http_entity_data +## .. zeek:see:: http_begin_entity http_content_type http_end_entity http_entity_data ## http_event http_header http_message_done http_reply http_request http_stats ## http_connection_upgrade ## @@ -103,7 +103,7 @@ event http_all_headers%(c: connection, is_orig: bool, hlist: mime_header_list%); ## is_orig: True if the entity was sent by the originator of the TCP ## connection. ## -## .. bro:see:: http_all_headers http_content_type http_end_entity http_entity_data +## .. zeek:see:: http_all_headers http_content_type http_end_entity http_entity_data ## http_event http_header http_message_done http_reply http_request http_stats ## mime_begin_entity http_connection_upgrade event http_begin_entity%(c: connection, is_orig: bool%); @@ -122,7 +122,7 @@ event http_begin_entity%(c: connection, is_orig: bool%); ## is_orig: True if the entity was sent by the originator of the TCP ## connection. ## -## .. bro:see:: http_all_headers http_begin_entity http_content_type http_entity_data +## .. zeek:see:: http_all_headers http_begin_entity http_content_type http_entity_data ## http_event http_header http_message_done http_reply http_request ## http_stats mime_end_entity http_connection_upgrade event http_end_entity%(c: connection, is_orig: bool%); @@ -134,7 +134,7 @@ event http_end_entity%(c: connection, is_orig: bool%); ## A common idiom for using this event is to first *reassemble* the data ## at the scripting layer by concatenating it to a successively growing ## string; and only perform further content analysis once the corresponding -## :bro:id:`http_end_entity` event has been raised. Note, however, that doing so +## :zeek:id:`http_end_entity` event has been raised. Note, however, that doing so ## can be quite expensive for HTTP tranders. At the very least, one should ## impose an upper size limit on how much data is being buffered. ## @@ -150,7 +150,7 @@ event http_end_entity%(c: connection, is_orig: bool%); ## ## data: One chunk of raw entity data. ## -## .. bro:see:: http_all_headers http_begin_entity http_content_type http_end_entity +## .. zeek:see:: http_all_headers http_begin_entity http_content_type http_end_entity ## http_event http_header http_message_done http_reply http_request http_stats ## mime_entity_data http_entity_data_delivery_size skip_http_data ## http_connection_upgrade @@ -173,7 +173,7 @@ event http_entity_data%(c: connection, is_orig: bool, length: count, data: strin ## ## subty: The subtype. ## -## .. bro:see:: http_all_headers http_begin_entity http_end_entity http_entity_data +## .. zeek:see:: http_all_headers http_begin_entity http_end_entity http_entity_data ## http_event http_header http_message_done http_reply http_request http_stats ## http_connection_upgrade ## @@ -199,7 +199,7 @@ event http_content_type%(c: connection, is_orig: bool, ty: string, subty: string ## ## stat: Further meta information about the message. ## -## .. bro:see:: http_all_headers http_begin_entity http_content_type http_end_entity +## .. zeek:see:: http_all_headers http_begin_entity http_content_type http_end_entity ## http_entity_data http_event http_header http_reply http_request http_stats ## http_connection_upgrade event http_message_done%(c: connection, is_orig: bool, stat: http_message_stat%); @@ -216,7 +216,7 @@ event http_message_done%(c: connection, is_orig: bool, stat: http_message_stat%) ## ## detail: Further more detailed description of the error. ## -## .. bro:see:: http_all_headers http_begin_entity http_content_type http_end_entity +## .. zeek:see:: http_all_headers http_begin_entity http_content_type http_end_entity ## http_entity_data http_header http_message_done http_reply http_request ## http_stats mime_event http_connection_upgrade event http_event%(c: connection, event_type: string, detail: string%); @@ -230,7 +230,7 @@ event http_event%(c: connection, event_type: string, detail: string%); ## stats: Statistics summarizing HTTP-level properties of the finished ## connection. ## -## .. bro:see:: http_all_headers http_begin_entity http_content_type http_end_entity +## .. zeek:see:: http_all_headers http_begin_entity http_content_type http_end_entity ## http_entity_data http_event http_header http_message_done http_reply ## http_request http_connection_upgrade event http_stats%(c: connection, stats: http_stats_rec%); @@ -243,7 +243,7 @@ event http_stats%(c: connection, stats: http_stats_rec%); ## ## protocol: The protocol to which the connection is switching. ## -## .. bro:see:: http_all_headers http_begin_entity http_content_type http_end_entity +## .. zeek:see:: http_all_headers http_begin_entity http_content_type http_end_entity ## http_entity_data http_event http_header http_message_done http_reply ## http_request event http_connection_upgrade%(c: connection, protocol: string%); diff --git a/src/analyzer/protocol/http/functions.bif b/src/analyzer/protocol/http/functions.bif index 6ef6fecb81..ff4f0015b7 100644 --- a/src/analyzer/protocol/http/functions.bif +++ b/src/analyzer/protocol/http/functions.bif @@ -9,7 +9,7 @@ ## ## is_orig: If true, the client data is skipped, and the server data otherwise. ## -## .. bro:see:: skip_smtp_data +## .. zeek:see:: skip_smtp_data function skip_http_entity_data%(c: connection, is_orig: bool%): any %{ analyzer::ID id = mgr.CurrentAnalyzer(); diff --git a/src/analyzer/protocol/icmp/events.bif b/src/analyzer/protocol/icmp/events.bif index bd55f17b27..ef7d2b7da5 100644 --- a/src/analyzer/protocol/icmp/events.bif +++ b/src/analyzer/protocol/icmp/events.bif @@ -12,10 +12,10 @@ ## icmp: Additional ICMP-specific information augmenting the standard ## connection record *c*. ## -## .. bro:see:: icmp_error_message icmp_sent_payload +## .. zeek:see:: icmp_error_message icmp_sent_payload event icmp_sent%(c: connection, icmp: icmp_conn%); -## The same as :bro:see:`icmp_sent` except containing the ICMP payload. +## The same as :zeek:see:`icmp_sent` except containing the ICMP payload. ## ## c: The connection record for the corresponding ICMP flow. ## @@ -24,7 +24,7 @@ event icmp_sent%(c: connection, icmp: icmp_conn%); ## ## payload: The payload of the ICMP message. ## -## .. bro:see:: icmp_error_message icmp_sent_payload +## .. zeek:see:: icmp_error_message icmp_sent_payload event icmp_sent_payload%(c: connection, icmp: icmp_conn, payload: string%); ## Generated for ICMP *echo request* messages. @@ -45,7 +45,7 @@ event icmp_sent_payload%(c: connection, icmp: icmp_conn, payload: string%); ## payload: The message-specific data of the packet payload, i.e., everything ## after the first 8 bytes of the ICMP header. ## -## .. bro:see:: icmp_echo_reply +## .. zeek:see:: icmp_echo_reply event icmp_echo_request%(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string%); ## Generated for ICMP *echo reply* messages. @@ -66,7 +66,7 @@ event icmp_echo_request%(c: connection, icmp: icmp_conn, id: count, seq: count, ## payload: The message-specific data of the packet payload, i.e., everything ## after the first 8 bytes of the ICMP header. ## -## .. bro:see:: icmp_echo_request +## .. zeek:see:: icmp_echo_request event icmp_echo_reply%(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string%); ## Generated for all ICMPv6 error messages that are not handled @@ -88,7 +88,7 @@ event icmp_echo_reply%(c: connection, icmp: icmp_conn, id: count, seq: count, pa ## context: A record with specifics of the original packet that the message ## refers to. ## -## .. bro:see:: icmp_unreachable icmp_packet_too_big +## .. zeek:see:: icmp_unreachable icmp_packet_too_big ## icmp_time_exceeded icmp_parameter_problem event icmp_error_message%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); @@ -112,7 +112,7 @@ event icmp_error_message%(c: connection, icmp: icmp_conn, code: count, context: ## includes only a partial IP header for some reason, no ## fields of *context* will be filled out. ## -## .. bro:see:: icmp_error_message icmp_packet_too_big +## .. zeek:see:: icmp_error_message icmp_packet_too_big ## icmp_time_exceeded icmp_parameter_problem event icmp_unreachable%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); @@ -136,7 +136,7 @@ event icmp_unreachable%(c: connection, icmp: icmp_conn, code: count, context: ic ## a partial IP header for some reason, no fields of *context* will ## be filled out. ## -## .. bro:see:: icmp_error_message icmp_unreachable +## .. zeek:see:: icmp_error_message icmp_unreachable ## icmp_time_exceeded icmp_parameter_problem event icmp_packet_too_big%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); @@ -160,7 +160,7 @@ event icmp_packet_too_big%(c: connection, icmp: icmp_conn, code: count, context: ## only a partial IP header for some reason, no fields of *context* ## will be filled out. ## -## .. bro:see:: icmp_error_message icmp_unreachable icmp_packet_too_big +## .. zeek:see:: icmp_error_message icmp_unreachable icmp_packet_too_big ## icmp_parameter_problem event icmp_time_exceeded%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); @@ -184,7 +184,7 @@ event icmp_time_exceeded%(c: connection, icmp: icmp_conn, code: count, context: ## includes only a partial IP header for some reason, no fields ## of *context* will be filled out. ## -## .. bro:see:: icmp_error_message icmp_unreachable icmp_packet_too_big +## .. zeek:see:: icmp_error_message icmp_unreachable icmp_packet_too_big ## icmp_time_exceeded event icmp_parameter_problem%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); @@ -201,7 +201,7 @@ event icmp_parameter_problem%(c: connection, icmp: icmp_conn, code: count, conte ## ## options: Any Neighbor Discovery options included with message (:rfc:`4861`). ## -## .. bro:see:: icmp_router_advertisement +## .. zeek:see:: icmp_router_advertisement ## icmp_neighbor_solicitation icmp_neighbor_advertisement icmp_redirect event icmp_router_solicitation%(c: connection, icmp: icmp_conn, options: icmp6_nd_options%); @@ -239,7 +239,7 @@ event icmp_router_solicitation%(c: connection, icmp: icmp_conn, options: icmp6_n ## ## options: Any Neighbor Discovery options included with message (:rfc:`4861`). ## -## .. bro:see:: icmp_router_solicitation +## .. zeek:see:: icmp_router_solicitation ## icmp_neighbor_solicitation icmp_neighbor_advertisement icmp_redirect event icmp_router_advertisement%(c: connection, icmp: icmp_conn, cur_hop_limit: count, managed: bool, other: bool, home_agent: bool, pref: count, proxy: bool, rsv: count, router_lifetime: interval, reachable_time: interval, retrans_timer: interval, options: icmp6_nd_options%); @@ -258,7 +258,7 @@ event icmp_router_advertisement%(c: connection, icmp: icmp_conn, cur_hop_limit: ## ## options: Any Neighbor Discovery options included with message (:rfc:`4861`). ## -## .. bro:see:: icmp_router_solicitation icmp_router_advertisement +## .. zeek:see:: icmp_router_solicitation icmp_router_advertisement ## icmp_neighbor_advertisement icmp_redirect event icmp_neighbor_solicitation%(c: connection, icmp: icmp_conn, tgt: addr, options: icmp6_nd_options%); @@ -284,7 +284,7 @@ event icmp_neighbor_solicitation%(c: connection, icmp: icmp_conn, tgt: addr, opt ## ## options: Any Neighbor Discovery options included with message (:rfc:`4861`). ## -## .. bro:see:: icmp_router_solicitation icmp_router_advertisement +## .. zeek:see:: icmp_router_solicitation icmp_router_advertisement ## icmp_neighbor_solicitation icmp_redirect event icmp_neighbor_advertisement%(c: connection, icmp: icmp_conn, router: bool, solicited: bool, override: bool, tgt: addr, options: icmp6_nd_options%); @@ -306,7 +306,7 @@ event icmp_neighbor_advertisement%(c: connection, icmp: icmp_conn, router: bool, ## ## options: Any Neighbor Discovery options included with message (:rfc:`4861`). ## -## .. bro:see:: icmp_router_solicitation icmp_router_advertisement +## .. zeek:see:: icmp_router_solicitation icmp_router_advertisement ## icmp_neighbor_solicitation icmp_neighbor_advertisement event icmp_redirect%(c: connection, icmp: icmp_conn, tgt: addr, dest: addr, options: icmp6_nd_options%); diff --git a/src/analyzer/protocol/ident/events.bif b/src/analyzer/protocol/ident/events.bif index 96a7f37a31..ecbf8efee8 100644 --- a/src/analyzer/protocol/ident/events.bif +++ b/src/analyzer/protocol/ident/events.bif @@ -9,7 +9,7 @@ ## ## rport: The request's remote port. ## -## .. bro:see:: ident_error ident_reply +## .. zeek:see:: ident_error ident_reply ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet @@ -32,7 +32,7 @@ event ident_request%(c: connection, lport: port, rport: port%); ## ## system: The operating system returned by the reply. ## -## .. bro:see:: ident_error ident_request +## .. zeek:see:: ident_error ident_request ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet @@ -53,7 +53,7 @@ event ident_reply%(c: connection, lport: port, rport: port, user_id: string, sys ## ## line: The error description returned by the reply. ## -## .. bro:see:: ident_reply ident_request +## .. zeek:see:: ident_reply ident_request ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet diff --git a/src/analyzer/protocol/irc/events.bif b/src/analyzer/protocol/irc/events.bif index be425817b2..d6af5fbae1 100644 --- a/src/analyzer/protocol/irc/events.bif +++ b/src/analyzer/protocol/irc/events.bif @@ -15,7 +15,7 @@ ## ## arguments: The arguments for the command. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -23,7 +23,7 @@ ## ## .. note:: This event is generated only for messages that originate ## at the client-side. Commands coming in from remote trigger -## the :bro:id:`irc_message` event instead. +## the :zeek:id:`irc_message` event instead. event irc_request%(c: connection, is_orig: bool, prefix: string, command: string, arguments: string%); @@ -45,7 +45,7 @@ event irc_request%(c: connection, is_orig: bool, prefix: string, ## ## params: The reply's parameters. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -69,7 +69,7 @@ event irc_reply%(c: connection, is_orig: bool, prefix: string, ## ## message: TODO. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -79,7 +79,7 @@ event irc_reply%(c: connection, is_orig: bool, prefix: string, ## ## This event is generated only for messages that are forwarded by the server ## to the client. Commands coming from client trigger the -## :bro:id:`irc_request` event instead. +## :zeek:id:`irc_request` event instead. event irc_message%(c: connection, is_orig: bool, prefix: string, command: string, message: string%); @@ -98,7 +98,7 @@ event irc_message%(c: connection, is_orig: bool, prefix: string, ## ## message: The text included with the message. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -122,7 +122,7 @@ event irc_quit_message%(c: connection, is_orig: bool, nick: string, message: str ## ## message: The text of communication. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -147,7 +147,7 @@ event irc_privmsg_message%(c: connection, is_orig: bool, source: string, ## ## message: The text of communication. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_oper_message irc_oper_response irc_part_message @@ -172,7 +172,7 @@ event irc_notice_message%(c: connection, is_orig: bool, source: string, ## ## message: The text of communication. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -193,7 +193,7 @@ event irc_squery_message%(c: connection, is_orig: bool, source: string, ## ## info_list: The user information coming with the command. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_kick_message ## irc_message irc_mode_message irc_names_info irc_network_info irc_nick_message ## irc_notice_message irc_oper_message irc_oper_response irc_part_message @@ -217,7 +217,7 @@ event irc_join_message%(c: connection, is_orig: bool, info_list: irc_join_list%) ## ## message: The text coming with the message. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -240,7 +240,7 @@ event irc_part_message%(c: connection, is_orig: bool, nick: string, ## ## newnick: The new nickname. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_notice_message irc_oper_message irc_oper_response irc_part_message @@ -257,7 +257,7 @@ event irc_nick_message%(c: connection, is_orig: bool, who: string, newnick: stri ## is_orig: True if the command was sent by the originator of the TCP ## connection. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invite_message irc_join_message irc_kick_message ## irc_message irc_mode_message irc_names_info irc_network_info irc_nick_message ## irc_notice_message irc_oper_message irc_oper_response irc_part_message @@ -280,7 +280,7 @@ event irc_invalid_nick%(c: connection, is_orig: bool%); ## ## servers: The number of servers as returned in the reply. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_nick_message ## irc_notice_message irc_oper_message irc_oper_response irc_part_message @@ -304,7 +304,7 @@ event irc_network_info%(c: connection, is_orig: bool, users: count, ## ## servers: The number of servers as returned in the reply. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -324,7 +324,7 @@ event irc_server_info%(c: connection, is_orig: bool, users: count, ## ## chans: The number of channels as returned in the reply. ## -## .. bro:see:: irc_channel_topic irc_dcc_message irc_error_message irc_global_users +## .. zeek:see:: irc_channel_topic irc_dcc_message irc_error_message irc_global_users ## irc_invalid_nick irc_invite_message irc_join_message irc_kick_message ## irc_message irc_mode_message irc_names_info irc_network_info irc_nick_message ## irc_notice_message irc_oper_message irc_oper_response irc_part_message @@ -359,7 +359,7 @@ event irc_channel_info%(c: connection, is_orig: bool, chans: count%); ## ## real_name: The real name. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -386,7 +386,7 @@ event irc_who_line%(c: connection, is_orig: bool, target_nick: string, ## ## users: The set of users. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_network_info irc_nick_message ## irc_notice_message irc_oper_message irc_oper_response irc_part_message @@ -406,7 +406,7 @@ event irc_names_info%(c: connection, is_orig: bool, c_type: string, ## ## nick: The nickname specified in the reply. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -427,7 +427,7 @@ event irc_whois_operator_line%(c: connection, is_orig: bool, nick: string%); ## ## chans: The set of channels returned. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -453,7 +453,7 @@ event irc_whois_channel_line%(c: connection, is_orig: bool, nick: string, ## ## real_name: The real name specified in the reply. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -474,7 +474,7 @@ event irc_whois_user_line%(c: connection, is_orig: bool, nick: string, ## got_oper: True if the *oper* command was executed successfully ## (*youreport*) and false otherwise (*nooperhost*). ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_part_message @@ -496,7 +496,7 @@ event irc_oper_response%(c: connection, is_orig: bool, got_oper: bool%); ## ## msg: The message coming with the reply. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_invalid_nick irc_invite_message irc_join_message irc_kick_message ## irc_message irc_mode_message irc_names_info irc_network_info irc_nick_message ## irc_notice_message irc_oper_message irc_oper_response irc_part_message @@ -517,7 +517,7 @@ event irc_global_users%(c: connection, is_orig: bool, prefix: string, msg: strin ## ## topic: The topic specified in the reply. ## -## .. bro:see:: irc_channel_info irc_dcc_message irc_error_message irc_global_users +## .. zeek:see:: irc_channel_info irc_dcc_message irc_error_message irc_global_users ## irc_invalid_nick irc_invite_message irc_join_message irc_kick_message ## irc_message irc_mode_message irc_names_info irc_network_info irc_nick_message ## irc_notice_message irc_oper_message irc_oper_response irc_part_message @@ -539,7 +539,7 @@ event irc_channel_topic%(c: connection, is_orig: bool, channel: string, topic: s ## ## oper: True if the operator flag was set. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -561,7 +561,7 @@ event irc_who_message%(c: connection, is_orig: bool, mask: string, oper: bool%); ## ## users: TODO. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -583,7 +583,7 @@ event irc_whois_message%(c: connection, is_orig: bool, server: string, users: st ## ## password: The password specified in the message. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_response irc_part_message @@ -610,7 +610,7 @@ event irc_oper_message%(c: connection, is_orig: bool, user: string, password: st ## ## comment: The comment specified in the message. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_message irc_mode_message irc_names_info irc_network_info irc_nick_message ## irc_notice_message irc_oper_message irc_oper_response irc_part_message @@ -634,7 +634,7 @@ event irc_kick_message%(c: connection, is_orig: bool, prefix: string, ## ## message: The textual description specified in the message. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_global_users +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_global_users ## irc_invalid_nick irc_invite_message irc_join_message irc_kick_message ## irc_message irc_mode_message irc_names_info irc_network_info irc_nick_message ## irc_notice_message irc_oper_message irc_oper_response irc_part_message @@ -659,7 +659,7 @@ event irc_error_message%(c: connection, is_orig: bool, prefix: string, message: ## ## channel: The channel specified in the message. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_join_message irc_kick_message ## irc_message irc_mode_message irc_names_info irc_network_info irc_nick_message ## irc_notice_message irc_oper_message irc_oper_response irc_part_message @@ -683,7 +683,7 @@ event irc_invite_message%(c: connection, is_orig: bool, prefix: string, ## ## params: The parameters coming with the message. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_names_info irc_network_info irc_nick_message ## irc_notice_message irc_oper_message irc_oper_response irc_part_message @@ -708,7 +708,7 @@ event irc_mode_message%(c: connection, is_orig: bool, prefix: string, params: st ## ## message: The textual description specified in the message. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -742,7 +742,7 @@ event irc_squit_message%(c: connection, is_orig: bool, prefix: string, ## ## size: The size specified in the message. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_error_message irc_global_users +## .. zeek:see:: irc_channel_info irc_channel_topic irc_error_message irc_global_users ## irc_invalid_nick irc_invite_message irc_join_message irc_kick_message ## irc_message irc_mode_message irc_names_info irc_network_info irc_nick_message ## irc_notice_message irc_oper_message irc_oper_response irc_part_message @@ -771,7 +771,7 @@ event irc_dcc_message%(c: connection, is_orig: bool, ## ## real_name: The real name specified in the message. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -791,7 +791,7 @@ event irc_user_message%(c: connection, is_orig: bool, user: string, host: string ## ## password: The password specified in the message. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response diff --git a/src/analyzer/protocol/krb/events.bif b/src/analyzer/protocol/krb/events.bif index 19b165a4be..26405442ed 100644 --- a/src/analyzer/protocol/krb/events.bif +++ b/src/analyzer/protocol/krb/events.bif @@ -11,7 +11,7 @@ ## ## msg: A Kerberos KDC request message data structure. ## -## .. bro:see:: krb_as_response krb_tgs_request krb_tgs_response krb_ap_request +## .. zeek:see:: krb_as_response krb_tgs_request krb_tgs_response krb_ap_request ## krb_ap_response krb_priv krb_safe krb_cred krb_error event krb_as_request%(c: connection, msg: KRB::KDC_Request%); @@ -27,7 +27,7 @@ event krb_as_request%(c: connection, msg: KRB::KDC_Request%); ## ## msg: A Kerberos KDC reply message data structure. ## -## .. bro:see:: krb_as_request krb_tgs_request krb_tgs_response krb_ap_request +## .. zeek:see:: krb_as_request krb_tgs_request krb_tgs_response krb_ap_request ## krb_ap_response krb_priv krb_safe krb_cred krb_error event krb_as_response%(c: connection, msg: KRB::KDC_Response%); @@ -44,7 +44,7 @@ event krb_as_response%(c: connection, msg: KRB::KDC_Response%); ## ## msg: A Kerberos KDC request message data structure. ## -## .. bro:see:: krb_as_request krb_as_response krb_tgs_response krb_ap_request +## .. zeek:see:: krb_as_request krb_as_response krb_tgs_response krb_ap_request ## krb_ap_response krb_priv krb_safe krb_cred krb_error event krb_tgs_request%(c: connection, msg: KRB::KDC_Request%); @@ -60,7 +60,7 @@ event krb_tgs_request%(c: connection, msg: KRB::KDC_Request%); ## ## msg: A Kerberos KDC reply message data structure. ## -## .. bro:see:: krb_as_request krb_as_response krb_tgs_request krb_ap_request +## .. zeek:see:: krb_as_request krb_as_response krb_tgs_request krb_ap_request ## krb_ap_response krb_priv krb_safe krb_cred krb_error event krb_tgs_response%(c: connection, msg: KRB::KDC_Response%); @@ -78,7 +78,7 @@ event krb_tgs_response%(c: connection, msg: KRB::KDC_Response%); ## ## opts: A Kerberos AP options data structure. ## -## .. bro:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response +## .. zeek:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response ## krb_ap_response krb_priv krb_safe krb_cred krb_error event krb_ap_request%(c: connection, ticket: KRB::Ticket, opts: KRB::AP_Options%); @@ -93,7 +93,7 @@ event krb_ap_request%(c: connection, ticket: KRB::Ticket, opts: KRB::AP_Options% ## ## c: The connection over which this Kerberos message was sent. ## -## .. bro:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response +## .. zeek:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response ## krb_ap_request krb_priv krb_safe krb_cred krb_error event krb_ap_response%(c: connection%); @@ -109,7 +109,7 @@ event krb_ap_response%(c: connection%); ## ## is_orig: Whether the originator of the connection sent this message. ## -## .. bro:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response +## .. zeek:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response ## krb_ap_request krb_ap_response krb_safe krb_cred krb_error event krb_priv%(c: connection, is_orig: bool%); @@ -125,7 +125,7 @@ event krb_priv%(c: connection, is_orig: bool%); ## ## msg: A Kerberos SAFE message data structure. ## -## .. bro:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response +## .. zeek:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response ## krb_ap_request krb_ap_response krb_priv krb_cred krb_error event krb_safe%(c: connection, is_orig: bool, msg: KRB::SAFE_Msg%); @@ -141,7 +141,7 @@ event krb_safe%(c: connection, is_orig: bool, msg: KRB::SAFE_Msg%); ## ## tickets: Tickets obtained from the KDC that are being forwarded. ## -## .. bro:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response +## .. zeek:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response ## krb_ap_request krb_ap_response krb_priv krb_safe krb_error event krb_cred%(c: connection, is_orig: bool, tickets: KRB::Ticket_Vector%); @@ -154,6 +154,6 @@ event krb_cred%(c: connection, is_orig: bool, tickets: KRB::Ticket_Vector%); ## ## msg: A Kerberos error message data structure. ## -## .. bro:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response +## .. zeek:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response ## krb_ap_request krb_ap_response krb_priv krb_safe krb_cred event krb_error%(c: connection, msg: KRB::Error_Msg%); diff --git a/src/analyzer/protocol/login/events.bif b/src/analyzer/protocol/login/events.bif index 91c58f21c4..39921b4c5e 100644 --- a/src/analyzer/protocol/login/events.bif +++ b/src/analyzer/protocol/login/events.bif @@ -14,7 +14,7 @@ ## ## new_session: True if this is the first command of the Rsh session. ## -## .. bro:see:: rsh_reply login_confused login_confused_text login_display +## .. zeek:see:: rsh_reply login_confused login_confused_text login_display ## login_failure login_input_line login_output_line login_prompt login_success ## login_terminal ## @@ -41,7 +41,7 @@ event rsh_request%(c: connection, client_user: string, server_user: string, line ## ## line: The command line sent in the request. ## -## .. bro:see:: rsh_request login_confused login_confused_text login_display +## .. zeek:see:: rsh_request login_confused login_confused_text login_display ## login_failure login_input_line login_output_line login_prompt login_success ## login_terminal ## @@ -72,7 +72,7 @@ event rsh_reply%(c: connection, client_user: string, server_user: string, line: ## line: The line of text that led the analyzer to conclude that the ## authentication had failed. ## -## .. bro:see:: login_confused login_confused_text login_display login_input_line +## .. zeek:see:: login_confused login_confused_text login_display login_input_line ## login_output_line login_prompt login_success login_terminal direct_login_prompts ## get_login_state login_failure_msgs login_non_failure_msgs login_prompts login_success_msgs ## login_timeouts set_login_state @@ -85,7 +85,7 @@ event rsh_reply%(c: connection, client_user: string, server_user: string, line: ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event login_failure%(c: connection, user: string, client_user: string, password: string, line: string%); @@ -107,7 +107,7 @@ event login_failure%(c: connection, user: string, client_user: string, password: ## line: The line of text that led the analyzer to conclude that the ## authentication had succeeded. ## -## .. bro:see:: login_confused login_confused_text login_display login_failure +## .. zeek:see:: login_confused login_confused_text login_display login_failure ## login_input_line login_output_line login_prompt login_terminal ## direct_login_prompts get_login_state login_failure_msgs login_non_failure_msgs ## login_prompts login_success_msgs login_timeouts set_login_state @@ -120,7 +120,7 @@ event login_failure%(c: connection, user: string, client_user: string, password: ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event login_success%(c: connection, user: string, client_user: string, password: string, line: string%); @@ -131,13 +131,13 @@ event login_success%(c: connection, user: string, client_user: string, password: ## ## line: The input line. ## -## .. bro:see:: login_confused login_confused_text login_display login_failure +## .. zeek:see:: login_confused login_confused_text login_display login_failure ## login_output_line login_prompt login_success login_terminal rsh_request ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event login_input_line%(c: connection, line: string%); @@ -148,13 +148,13 @@ event login_input_line%(c: connection, line: string%); ## ## line: The ouput line. ## -## .. bro:see:: login_confused login_confused_text login_display login_failure +## .. zeek:see:: login_confused login_confused_text login_display login_failure ## login_input_line login_prompt login_success login_terminal rsh_reply ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event login_output_line%(c: connection, line: string%); @@ -173,7 +173,7 @@ event login_output_line%(c: connection, line: string%); ## line: The line of text that caused the heuristics to conclude they were ## confused. ## -## .. bro:see:: login_confused_text login_display login_failure login_input_line login_output_line +## .. zeek:see:: login_confused_text login_display login_failure login_input_line login_output_line ## login_prompt login_success login_terminal direct_login_prompts get_login_state ## login_failure_msgs login_non_failure_msgs login_prompts login_success_msgs ## login_timeouts set_login_state @@ -181,20 +181,20 @@ event login_output_line%(c: connection, line: string%); ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event login_confused%(c: connection, msg: string, line: string%); ## Generated after getting confused while tracking a Telnet/Rlogin ## authentication dialog. The *login* analyzer generates this even for every -## line of user input after it has reported :bro:id:`login_confused` for a +## line of user input after it has reported :zeek:id:`login_confused` for a ## connection. ## ## c: The connection. ## ## line: The line the user typed. ## -## .. bro:see:: login_confused login_display login_failure login_input_line +## .. zeek:see:: login_confused login_display login_failure login_input_line ## login_output_line login_prompt login_success login_terminal direct_login_prompts ## get_login_state login_failure_msgs login_non_failure_msgs login_prompts ## login_success_msgs login_timeouts set_login_state @@ -202,7 +202,7 @@ event login_confused%(c: connection, msg: string, line: string%); ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event login_confused_text%(c: connection, line: string%); @@ -213,13 +213,13 @@ event login_confused_text%(c: connection, line: string%); ## ## terminal: The TERM value transmitted. ## -## .. bro:see:: login_confused login_confused_text login_display login_failure +## .. zeek:see:: login_confused login_confused_text login_display login_failure ## login_input_line login_output_line login_prompt login_success ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event login_terminal%(c: connection, terminal: string%); @@ -230,13 +230,13 @@ event login_terminal%(c: connection, terminal: string%); ## ## display: The DISPLAY transmitted. ## -## .. bro:see:: login_confused login_confused_text login_failure login_input_line +## .. zeek:see:: login_confused login_confused_text login_failure login_input_line ## login_output_line login_prompt login_success login_terminal ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event login_display%(c: connection, display: string%); @@ -252,16 +252,16 @@ event login_display%(c: connection, display: string%); ## ## c: The connection. ## -## .. bro:see:: authentication_rejected authentication_skipped login_success +## .. zeek:see:: authentication_rejected authentication_skipped login_success ## ## .. note:: This event inspects the corresponding Telnet option -## while :bro:id:`login_success` heuristically determines success by watching +## while :zeek:id:`login_success` heuristically determines success by watching ## session data. ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event authentication_accepted%(name: string, c: connection%); @@ -277,16 +277,16 @@ event authentication_accepted%(name: string, c: connection%); ## ## c: The connection. ## -## .. bro:see:: authentication_accepted authentication_skipped login_failure +## .. zeek:see:: authentication_accepted authentication_skipped login_failure ## ## .. note:: This event inspects the corresponding Telnet option -## while :bro:id:`login_success` heuristically determines failure by watching +## while :zeek:id:`login_success` heuristically determines failure by watching ## session data. ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event authentication_rejected%(name: string, c: connection%); @@ -298,7 +298,7 @@ event authentication_rejected%(name: string, c: connection%); ## ## c: The connection. ## -## .. bro:see:: authentication_accepted authentication_rejected direct_login_prompts +## .. zeek:see:: authentication_accepted authentication_rejected direct_login_prompts ## get_login_state login_failure_msgs login_non_failure_msgs login_prompts ## login_success_msgs login_timeouts set_login_state ## @@ -310,7 +310,7 @@ event authentication_rejected%(name: string, c: connection%); ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event authentication_skipped%(c: connection%); @@ -325,13 +325,13 @@ event authentication_skipped%(c: connection%); ## ## prompt: The TTYPROMPT transmitted. ## -## .. bro:see:: login_confused login_confused_text login_display login_failure +## .. zeek:see:: login_confused login_confused_text login_display login_failure ## login_input_line login_output_line login_success login_terminal ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event login_prompt%(c: connection, prompt: string%); @@ -344,7 +344,7 @@ event login_prompt%(c: connection, prompt: string%); ## ## c: The connection. ## -## .. bro:see:: authentication_accepted authentication_rejected authentication_skipped +## .. zeek:see:: authentication_accepted authentication_rejected authentication_skipped ## login_confused login_confused_text login_display login_failure login_input_line ## login_output_line login_prompt login_success login_terminal event activating_encryption%(c: connection%); @@ -362,7 +362,7 @@ event activating_encryption%(c: connection%); ## ## c: The connection. ## -## .. bro:see:: bad_option bad_option_termination authentication_accepted +## .. zeek:see:: bad_option bad_option_termination authentication_accepted ## authentication_rejected authentication_skipped login_confused ## login_confused_text login_display login_failure login_input_line ## login_output_line login_prompt login_success login_terminal @@ -375,7 +375,7 @@ event inconsistent_option%(c: connection%); ## ## c: The connection. ## -## .. bro:see:: inconsistent_option bad_option_termination authentication_accepted +## .. zeek:see:: inconsistent_option bad_option_termination authentication_accepted ## authentication_rejected authentication_skipped login_confused ## login_confused_text login_display login_failure login_input_line ## login_output_line login_prompt login_success login_terminal @@ -383,7 +383,7 @@ event inconsistent_option%(c: connection%); ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event bad_option%(c: connection%); @@ -394,7 +394,7 @@ event bad_option%(c: connection%); ## ## c: The connection. ## -## .. bro:see:: inconsistent_option bad_option authentication_accepted +## .. zeek:see:: inconsistent_option bad_option authentication_accepted ## authentication_rejected authentication_skipped login_confused ## login_confused_text login_display login_failure login_input_line ## login_output_line login_prompt login_success login_terminal @@ -402,6 +402,6 @@ event bad_option%(c: connection%); ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event bad_option_termination%(c: connection%); diff --git a/src/analyzer/protocol/login/functions.bif b/src/analyzer/protocol/login/functions.bif index bc4b2a7104..932020595c 100644 --- a/src/analyzer/protocol/login/functions.bif +++ b/src/analyzer/protocol/login/functions.bif @@ -21,7 +21,7 @@ ## does not correctly know the state of the connection, and/or ## the username associated with it. ## -## .. bro:see:: set_login_state +## .. zeek:see:: set_login_state function get_login_state%(cid: conn_id%): count %{ Connection* c = sessions->FindConnection(cid); @@ -40,12 +40,12 @@ function get_login_state%(cid: conn_id%): count ## cid: The connection ID. ## ## new_state: The new state of the login analyzer. See -## :bro:id:`get_login_state` for possible values. +## :zeek:id:`get_login_state` for possible values. ## ## Returns: Returns false if *cid* is not an active connection ## or is not tagged as a login analyzer, and true otherwise. ## -## .. bro:see:: get_login_state +## .. zeek:see:: get_login_state function set_login_state%(cid: conn_id, new_state: count%): bool %{ Connection* c = sessions->FindConnection(cid); diff --git a/src/analyzer/protocol/mime/events.bif b/src/analyzer/protocol/mime/events.bif index c0b2e66132..1c73e2e69b 100644 --- a/src/analyzer/protocol/mime/events.bif +++ b/src/analyzer/protocol/mime/events.bif @@ -9,12 +9,12 @@ ## ## c: The connection. ## -## .. bro:see:: mime_all_data mime_all_headers mime_content_hash mime_end_entity +## .. zeek:see:: mime_all_data mime_all_headers mime_content_hash mime_end_entity ## mime_entity_data mime_event mime_one_header mime_segment_data smtp_data ## http_begin_entity ## ## .. note:: Bro also extracts MIME entities from HTTP sessions. For those, -## however, it raises :bro:id:`http_begin_entity` instead. +## however, it raises :zeek:id:`http_begin_entity` instead. event mime_begin_entity%(c: connection%); ## Generated when finishing parsing an email MIME entity. MIME is a @@ -28,12 +28,12 @@ event mime_begin_entity%(c: connection%); ## ## c: The connection. ## -## .. bro:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash +## .. zeek:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash ## mime_entity_data mime_event mime_one_header mime_segment_data smtp_data ## http_end_entity ## ## .. note:: Bro also extracts MIME entities from HTTP sessions. For those, -## however, it raises :bro:id:`http_end_entity` instead. +## however, it raises :zeek:id:`http_end_entity` instead. event mime_end_entity%(c: connection%); ## Generated for individual MIME headers extracted from email MIME @@ -48,12 +48,12 @@ event mime_end_entity%(c: connection%); ## ## h: The parsed MIME header. ## -## .. bro:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash +## .. zeek:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash ## mime_end_entity mime_entity_data mime_event mime_segment_data ## http_header http_all_headers ## ## .. note:: Bro also extracts MIME headers from HTTP sessions. For those, -## however, it raises :bro:id:`http_header` instead. +## however, it raises :zeek:id:`http_header` instead. event mime_one_header%(c: connection, h: mime_header_rec%); ## Generated for MIME headers extracted from email MIME entities, passing all @@ -70,12 +70,12 @@ event mime_one_header%(c: connection, h: mime_header_rec%); ## The table is indexed by the position of the header (1 for the first, ## 2 for the second, etc.). ## -## .. bro:see:: mime_all_data mime_begin_entity mime_content_hash mime_end_entity +## .. zeek:see:: mime_all_data mime_begin_entity mime_content_hash mime_end_entity ## mime_entity_data mime_event mime_one_header mime_segment_data ## http_header http_all_headers ## ## .. note:: Bro also extracts MIME headers from HTTP sessions. For those, -## however, it raises :bro:id:`http_header` instead. +## however, it raises :zeek:id:`http_header` instead. event mime_all_headers%(c: connection, hlist: mime_header_list%); ## Generated for chunks of decoded MIME data from email MIME entities. MIME @@ -83,7 +83,7 @@ event mime_all_headers%(c: connection, hlist: mime_header_list%); ## corresponding metadata, for transmission. As Bro parses the data of an ## entity, it raises a sequence of these events, each coming as soon as a new ## chunk of data is available. In contrast, there is also -## :bro:id:`mime_entity_data`, which passes all of an entities data at once +## :zeek:id:`mime_entity_data`, which passes all of an entities data at once ## in a single block. While the latter is more convenient to handle, ## ``mime_segment_data`` is more efficient as Bro does not need to buffer ## the data. Thus, if possible, this event should be preferred. @@ -98,17 +98,17 @@ event mime_all_headers%(c: connection, hlist: mime_header_list%); ## ## data: The raw data of one segment of the current entity. ## -## .. bro:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash +## .. zeek:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash ## mime_end_entity mime_entity_data mime_event mime_one_header http_entity_data ## mime_segment_length mime_segment_overlap_length ## ## .. note:: Bro also extracts MIME data from HTTP sessions. For those, -## however, it raises :bro:id:`http_entity_data` (sic!) instead. +## however, it raises :zeek:id:`http_entity_data` (sic!) instead. event mime_segment_data%(c: connection, length: count, data: string%); ## Generated for data decoded from an email MIME entity. This event delivers ## the complete content of a single MIME entity with the quoted-printable and -## and base64 data decoded. In contrast, there is also :bro:id:`mime_segment_data`, +## and base64 data decoded. In contrast, there is also :zeek:id:`mime_segment_data`, ## which passes on a sequence of data chunks as they come in. While ## ``mime_entity_data`` is more convenient to handle, ``mime_segment_data`` is ## more efficient as Bro does not need to buffer the data. Thus, if possible, @@ -124,7 +124,7 @@ event mime_segment_data%(c: connection, length: count, data: string%); ## ## data: The raw data of the complete entity. ## -## .. bro:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash +## .. zeek:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash ## mime_end_entity mime_event mime_one_header mime_segment_data ## ## .. note:: While Bro also decodes MIME entities extracted from HTTP @@ -147,7 +147,7 @@ event mime_entity_data%(c: connection, length: count, data: string%); ## ## data: The raw data of all MIME entities concatenated. ## -## .. bro:see:: mime_all_headers mime_begin_entity mime_content_hash mime_end_entity +## .. zeek:see:: mime_all_headers mime_begin_entity mime_content_hash mime_end_entity ## mime_entity_data mime_event mime_one_header mime_segment_data ## ## .. note:: While Bro also decodes MIME entities extracted from HTTP @@ -167,11 +167,11 @@ event mime_all_data%(c: connection, length: count, data: string%); ## ## detail: Further more detailed description of the error. ## -## .. bro:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash +## .. zeek:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash ## mime_end_entity mime_entity_data mime_one_header mime_segment_data http_event ## ## .. note:: Bro also extracts MIME headers from HTTP sessions. For those, -## however, it raises :bro:id:`http_event` instead. +## however, it raises :zeek:id:`http_event` instead. event mime_event%(c: connection, event_type: string, detail: string%); ## Generated for decoded MIME entities extracted from email messages, passing on @@ -188,7 +188,7 @@ event mime_event%(c: connection, event_type: string, detail: string%); ## ## hash_value: The MD5 hash. ## -## .. bro:see:: mime_all_data mime_all_headers mime_begin_entity mime_end_entity +## .. zeek:see:: mime_all_data mime_all_headers mime_begin_entity mime_end_entity ## mime_entity_data mime_event mime_one_header mime_segment_data ## ## .. note:: While Bro also decodes MIME entities extracted from HTTP diff --git a/src/analyzer/protocol/mysql/events.bif b/src/analyzer/protocol/mysql/events.bif index 34cbc54b4b..7ce65276a6 100644 --- a/src/analyzer/protocol/mysql/events.bif +++ b/src/analyzer/protocol/mysql/events.bif @@ -9,7 +9,7 @@ ## ## arg: The argument for the command (empty string if not provided). ## -## .. bro:see:: mysql_error mysql_ok mysql_server_version mysql_handshake +## .. zeek:see:: mysql_error mysql_ok mysql_server_version mysql_handshake event mysql_command_request%(c: connection, command: count, arg: string%); ## Generated for an unsuccessful MySQL response. @@ -23,7 +23,7 @@ event mysql_command_request%(c: connection, command: count, arg: string%); ## ## msg: Any extra details about the error (empty string if not provided). ## -## .. bro:see:: mysql_command_request mysql_ok mysql_server_version mysql_handshake +## .. zeek:see:: mysql_command_request mysql_ok mysql_server_version mysql_handshake event mysql_error%(c: connection, code: count, msg: string%); ## Generated for a successful MySQL response. @@ -35,7 +35,7 @@ event mysql_error%(c: connection, code: count, msg: string%); ## ## affected_rows: The number of rows that were affected. ## -## .. bro:see:: mysql_command_request mysql_error mysql_server_version mysql_handshake +## .. zeek:see:: mysql_command_request mysql_error mysql_server_version mysql_handshake event mysql_ok%(c: connection, affected_rows: count%); ## Generated for each MySQL ResultsetRow response packet. @@ -47,7 +47,7 @@ event mysql_ok%(c: connection, affected_rows: count%); ## ## row: The result row data. ## -## .. bro:see:: mysql_command_request mysql_error mysql_server_version mysql_handshake mysql_ok +## .. zeek:see:: mysql_command_request mysql_error mysql_server_version mysql_handshake mysql_ok event mysql_result_row%(c: connection, row: string_vec%); ## Generated for the initial server handshake packet, which includes the MySQL server version. @@ -59,7 +59,7 @@ event mysql_result_row%(c: connection, row: string_vec%); ## ## ver: The server version string. ## -## .. bro:see:: mysql_command_request mysql_error mysql_ok mysql_handshake +## .. zeek:see:: mysql_command_request mysql_error mysql_ok mysql_handshake event mysql_server_version%(c: connection, ver: string%); ## Generated for a client handshake response packet, which includes the username the client is attempting @@ -72,6 +72,6 @@ event mysql_server_version%(c: connection, ver: string%); ## ## username: The username supplied by the client ## -## .. bro:see:: mysql_command_request mysql_error mysql_ok mysql_server_version +## .. zeek:see:: mysql_command_request mysql_error mysql_ok mysql_server_version event mysql_handshake%(c: connection, username: string%); diff --git a/src/analyzer/protocol/ncp/events.bif b/src/analyzer/protocol/ncp/events.bif index 9b5b7d77a7..05da060658 100644 --- a/src/analyzer/protocol/ncp/events.bif +++ b/src/analyzer/protocol/ncp/events.bif @@ -11,7 +11,7 @@ ## ## func: The requested function, as specified by the protocol. ## -## .. bro:see:: ncp_reply +## .. zeek:see:: ncp_reply ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet @@ -36,7 +36,7 @@ event ncp_request%(c: connection, frame_type: count, length: count, func: count% ## ## completion_code: The reply's completion code, as specified by the protocol. ## -## .. bro:see:: ncp_request +## .. zeek:see:: ncp_request ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet diff --git a/src/analyzer/protocol/netbios/events.bif b/src/analyzer/protocol/netbios/events.bif index 72933f1e49..ed51264e92 100644 --- a/src/analyzer/protocol/netbios/events.bif +++ b/src/analyzer/protocol/netbios/events.bif @@ -16,7 +16,7 @@ ## ## data_len: The length of the message's payload. ## -## .. bro:see:: netbios_session_accepted netbios_session_keepalive +## .. zeek:see:: netbios_session_accepted netbios_session_keepalive ## netbios_session_raw_message netbios_session_rejected netbios_session_request ## netbios_session_ret_arg_resp decode_netbios_name decode_netbios_name_type ## @@ -44,7 +44,7 @@ event netbios_session_message%(c: connection, is_orig: bool, msg_type: count, da ## msg: The raw payload of the message sent, excluding the common NetBIOS ## header. ## -## .. bro:see:: netbios_session_accepted netbios_session_keepalive +## .. zeek:see:: netbios_session_accepted netbios_session_keepalive ## netbios_session_message netbios_session_raw_message netbios_session_rejected ## netbios_session_ret_arg_resp decode_netbios_name decode_netbios_name_type ## @@ -72,7 +72,7 @@ event netbios_session_request%(c: connection, msg: string%); ## msg: The raw payload of the message sent, excluding the common NetBIOS ## header. ## -## .. bro:see:: netbios_session_keepalive netbios_session_message +## .. zeek:see:: netbios_session_keepalive netbios_session_message ## netbios_session_raw_message netbios_session_rejected netbios_session_request ## netbios_session_ret_arg_resp decode_netbios_name decode_netbios_name_type ## @@ -100,7 +100,7 @@ event netbios_session_accepted%(c: connection, msg: string%); ## msg: The raw payload of the message sent, excluding the common NetBIOS ## header. ## -## .. bro:see:: netbios_session_accepted netbios_session_keepalive +## .. zeek:see:: netbios_session_accepted netbios_session_keepalive ## netbios_session_message netbios_session_raw_message netbios_session_request ## netbios_session_ret_arg_resp decode_netbios_name decode_netbios_name_type ## @@ -132,7 +132,7 @@ event netbios_session_rejected%(c: connection, msg: string%); ## msg: The raw payload of the message sent, excluding the common NetBIOS ## header (i.e., the ``user_data``). ## -## .. bro:see:: netbios_session_accepted netbios_session_keepalive +## .. zeek:see:: netbios_session_accepted netbios_session_keepalive ## netbios_session_message netbios_session_rejected netbios_session_request ## netbios_session_ret_arg_resp decode_netbios_name decode_netbios_name_type ## @@ -163,7 +163,7 @@ event netbios_session_raw_message%(c: connection, is_orig: bool, msg: string%); ## msg: The raw payload of the message sent, excluding the common NetBIOS ## header. ## -## .. bro:see:: netbios_session_accepted netbios_session_keepalive +## .. zeek:see:: netbios_session_accepted netbios_session_keepalive ## netbios_session_message netbios_session_raw_message netbios_session_rejected ## netbios_session_request decode_netbios_name decode_netbios_name_type ## @@ -193,7 +193,7 @@ event netbios_session_ret_arg_resp%(c: connection, msg: string%); ## msg: The raw payload of the message sent, excluding the common NetBIOS ## header. ## -## .. bro:see:: netbios_session_accepted netbios_session_message +## .. zeek:see:: netbios_session_accepted netbios_session_message ## netbios_session_raw_message netbios_session_rejected netbios_session_request ## netbios_session_ret_arg_resp decode_netbios_name decode_netbios_name_type ## diff --git a/src/analyzer/protocol/netbios/functions.bif b/src/analyzer/protocol/netbios/functions.bif index f92402a3e8..c86156931f 100644 --- a/src/analyzer/protocol/netbios/functions.bif +++ b/src/analyzer/protocol/netbios/functions.bif @@ -5,7 +5,7 @@ ## ## Returns: The decoded NetBIOS name, e.g., ``"THE NETBIOS NAME"``. ## -## .. bro:see:: decode_netbios_name_type +## .. zeek:see:: decode_netbios_name_type function decode_netbios_name%(name: string%): string %{ char buf[16]; @@ -41,7 +41,7 @@ function decode_netbios_name%(name: string%): string ## ## Returns: The numeric value of *name*. ## -## .. bro:see:: decode_netbios_name +## .. zeek:see:: decode_netbios_name function decode_netbios_name_type%(name: string%): count %{ const u_char* s = name->Bytes(); diff --git a/src/analyzer/protocol/ntlm/events.bif b/src/analyzer/protocol/ntlm/events.bif index a36d653968..88def089fa 100644 --- a/src/analyzer/protocol/ntlm/events.bif +++ b/src/analyzer/protocol/ntlm/events.bif @@ -4,7 +4,7 @@ ## ## negotiate: The parsed data of the :abbr:`NTLM (NT LAN Manager)` message. See init-bare for more details. ## -## .. bro:see:: ntlm_challenge ntlm_authenticate +## .. zeek:see:: ntlm_challenge ntlm_authenticate event ntlm_negotiate%(c: connection, negotiate: NTLM::Negotiate%); ## Generated for :abbr:`NTLM (NT LAN Manager)` messages of type *challenge*. @@ -13,7 +13,7 @@ event ntlm_negotiate%(c: connection, negotiate: NTLM::Negotiate%); ## ## negotiate: The parsed data of the :abbr:`NTLM (NT LAN Manager)` message. See init-bare for more details. ## -## .. bro:see:: ntlm_negotiate ntlm_authenticate +## .. zeek:see:: ntlm_negotiate ntlm_authenticate event ntlm_challenge%(c: connection, challenge: NTLM::Challenge%); ## Generated for :abbr:`NTLM (NT LAN Manager)` messages of type *authenticate*. @@ -22,5 +22,5 @@ event ntlm_challenge%(c: connection, challenge: NTLM::Challenge%); ## ## request: The parsed data of the :abbr:`NTLM (NT LAN Manager)` message. See init-bare for more details. ## -## .. bro:see:: ntlm_negotiate ntlm_challenge +## .. zeek:see:: ntlm_negotiate ntlm_challenge event ntlm_authenticate%(c: connection, request: NTLM::Authenticate%); diff --git a/src/analyzer/protocol/ntp/events.bif b/src/analyzer/protocol/ntp/events.bif index bba2dfbbe5..d32d680799 100644 --- a/src/analyzer/protocol/ntp/events.bif +++ b/src/analyzer/protocol/ntp/events.bif @@ -11,7 +11,7 @@ ## excess: The raw bytes of any optional parts of the NTP packet. Bro does not ## further parse any optional fields. ## -## .. bro:see:: ntp_session_timeout +## .. zeek:see:: ntp_session_timeout ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet diff --git a/src/analyzer/protocol/pop3/events.bif b/src/analyzer/protocol/pop3/events.bif index 74cf1f6f68..c51632b6c2 100644 --- a/src/analyzer/protocol/pop3/events.bif +++ b/src/analyzer/protocol/pop3/events.bif @@ -12,7 +12,7 @@ ## ## arg: The argument to the command. ## -## .. bro:see:: pop3_data pop3_login_failure pop3_login_success pop3_reply +## .. zeek:see:: pop3_data pop3_login_failure pop3_login_success pop3_reply ## pop3_unexpected ## ## .. todo:: Bro's current default configuration does not activate the protocol @@ -37,7 +37,7 @@ event pop3_request%(c: connection, is_orig: bool, ## ## msg: The textual description the server sent along with *cmd*. ## -## .. bro:see:: pop3_data pop3_login_failure pop3_login_success pop3_request +## .. zeek:see:: pop3_data pop3_login_failure pop3_login_success pop3_request ## pop3_unexpected ## ## .. todo:: This event is receiving odd parameters, should unify. @@ -62,7 +62,7 @@ event pop3_reply%(c: connection, is_orig: bool, cmd: string, msg: string%); ## ## data: The data sent. ## -## .. bro:see:: pop3_login_failure pop3_login_success pop3_reply pop3_request +## .. zeek:see:: pop3_login_failure pop3_login_success pop3_reply pop3_request ## pop3_unexpected ## ## .. todo:: Bro's current default configuration does not activate the protocol @@ -86,7 +86,7 @@ event pop3_data%(c: connection, is_orig: bool, data: string%); ## ## detail: The input that triggered the event. ## -## .. bro:see:: pop3_data pop3_login_failure pop3_login_success pop3_reply pop3_request +## .. zeek:see:: pop3_data pop3_login_failure pop3_login_success pop3_reply pop3_request ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet @@ -105,7 +105,7 @@ event pop3_unexpected%(c: connection, is_orig: bool, ## ## c: The connection. ## -## .. bro:see:: pop3_data pop3_login_failure pop3_login_success pop3_reply +## .. zeek:see:: pop3_data pop3_login_failure pop3_login_success pop3_reply ## pop3_request pop3_unexpected ## ## .. todo:: Bro's current default configuration does not activate the protocol @@ -128,7 +128,7 @@ event pop3_starttls%(c: connection%); ## ## password: The password used for authentication. ## -## .. bro:see:: pop3_data pop3_login_failure pop3_reply pop3_request +## .. zeek:see:: pop3_data pop3_login_failure pop3_reply pop3_request ## pop3_unexpected ## ## .. todo:: Bro's current default configuration does not activate the protocol @@ -152,7 +152,7 @@ event pop3_login_success%(c: connection, is_orig: bool, ## ## password: The password attempted for authentication. ## -## .. bro:see:: pop3_data pop3_login_success pop3_reply pop3_request +## .. zeek:see:: pop3_data pop3_login_success pop3_reply pop3_request ## pop3_unexpected ## ## .. todo:: Bro's current default configuration does not activate the protocol diff --git a/src/analyzer/protocol/rpc/events.bif b/src/analyzer/protocol/rpc/events.bif index b811a60cda..fd6331360d 100644 --- a/src/analyzer/protocol/rpc/events.bif +++ b/src/analyzer/protocol/rpc/events.bif @@ -10,7 +10,7 @@ ## ## info: Reports the status of the dialogue, along with some meta information. ## -## .. bro:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir +## .. zeek:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir ## nfs_proc_not_implemented nfs_proc_read nfs_proc_readdir nfs_proc_readlink ## nfs_proc_remove nfs_proc_rmdir nfs_proc_write nfs_reply_status rpc_call ## rpc_dialogue rpc_reply @@ -38,7 +38,7 @@ event nfs_proc_null%(c: connection, info: NFS3::info_t%); ## attrs: The attributes returned in the reply. The values may not be valid if ## the request was unsuccessful. ## -## .. bro:see:: nfs_proc_create nfs_proc_lookup nfs_proc_mkdir +## .. zeek:see:: nfs_proc_create nfs_proc_lookup nfs_proc_mkdir ## nfs_proc_not_implemented nfs_proc_null nfs_proc_read nfs_proc_readdir ## nfs_proc_readlink nfs_proc_remove nfs_proc_rmdir nfs_proc_write nfs_reply_status ## rpc_call rpc_dialogue rpc_reply file_mode @@ -66,7 +66,7 @@ event nfs_proc_getattr%(c: connection, info: NFS3::info_t, fh: string, attrs: NF ## rep: The attributes returned in the reply. The values may not be ## valid if the request was unsuccessful. ## -## .. bro:see:: nfs_proc_create nfs_proc_lookup nfs_proc_mkdir +## .. zeek:see:: nfs_proc_create nfs_proc_lookup nfs_proc_mkdir ## nfs_proc_not_implemented nfs_proc_null nfs_proc_read nfs_proc_readdir ## nfs_proc_readlink nfs_proc_remove nfs_proc_rmdir nfs_proc_write nfs_reply_status ## rpc_call rpc_dialogue rpc_reply file_mode @@ -94,7 +94,7 @@ event nfs_proc_sattr%(c: connection, info: NFS3::info_t, req: NFS3::sattrargs_t, ## rep: The response returned in the reply. The values may not be valid if the ## request was unsuccessful. ## -## .. bro:see:: nfs_proc_create nfs_proc_getattr nfs_proc_mkdir +## .. zeek:see:: nfs_proc_create nfs_proc_getattr nfs_proc_mkdir ## nfs_proc_not_implemented nfs_proc_null nfs_proc_read nfs_proc_readdir ## nfs_proc_readlink nfs_proc_remove nfs_proc_rmdir nfs_proc_write nfs_reply_status ## rpc_call rpc_dialogue rpc_reply @@ -122,7 +122,7 @@ event nfs_proc_lookup%(c: connection, info: NFS3::info_t, req: NFS3::diropargs_t ## rep: The response returned in the reply. The values may not be valid if the ## request was unsuccessful. ## -## .. bro:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir +## .. zeek:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir ## nfs_proc_not_implemented nfs_proc_null nfs_proc_remove nfs_proc_rmdir ## nfs_proc_write nfs_reply_status rpc_call rpc_dialogue rpc_reply ## NFS3::return_data NFS3::return_data_first_only NFS3::return_data_max @@ -150,7 +150,7 @@ event nfs_proc_read%(c: connection, info: NFS3::info_t, req: NFS3::readargs_t, r ## rep: The response returned in the reply. The values may not be valid if the ## request was unsuccessful. ## -## .. bro:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir +## .. zeek:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir ## nfs_proc_not_implemented nfs_proc_null nfs_proc_read nfs_proc_readdir ## nfs_proc_remove nfs_proc_rmdir nfs_proc_write nfs_reply_status ## nfs_proc_symlink rpc_call rpc_dialogue rpc_reply @@ -178,7 +178,7 @@ event nfs_proc_readlink%(c: connection, info: NFS3::info_t, fh: string, rep: NFS ## rep: The attributes returned in the reply. The values may not be ## valid if the request was unsuccessful. ## -## .. bro:see:: nfs_proc_create nfs_proc_lookup nfs_proc_mkdir +## .. zeek:see:: nfs_proc_create nfs_proc_lookup nfs_proc_mkdir ## nfs_proc_not_implemented nfs_proc_null nfs_proc_read nfs_proc_readdir ## nfs_proc_readlink nfs_proc_remove nfs_proc_rmdir nfs_proc_write nfs_reply_status ## nfs_proc_link rpc_call rpc_dialogue rpc_reply file_mode @@ -206,7 +206,7 @@ event nfs_proc_symlink%(c: connection, info: NFS3::info_t, req: NFS3::symlinkarg ## rep: The response returned in the reply. The values may not be valid if the ## request was unsuccessful. ## -## .. bro:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir +## .. zeek:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir ## nfs_proc_not_implemented nfs_proc_null nfs_proc_read nfs_proc_readdir ## nfs_proc_remove nfs_proc_rmdir nfs_proc_write nfs_reply_status rpc_call ## nfs_proc_symlink rpc_dialogue rpc_reply @@ -234,7 +234,7 @@ event nfs_proc_link%(c: connection, info: NFS3::info_t, req: NFS3::linkargs_t, r ## rep: The response returned in the reply. The values may not be valid if the ## request was unsuccessful. ## -## .. bro:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir +## .. zeek:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir ## nfs_proc_not_implemented nfs_proc_null nfs_proc_read nfs_proc_readdir ## nfs_proc_readlink nfs_proc_remove nfs_proc_rmdir nfs_reply_status rpc_call ## rpc_dialogue rpc_reply NFS3::return_data NFS3::return_data_first_only @@ -263,7 +263,7 @@ event nfs_proc_write%(c: connection, info: NFS3::info_t, req: NFS3::writeargs_t, ## rep: The response returned in the reply. The values may not be valid if the ## request was unsuccessful. ## -## .. bro:see:: nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir +## .. zeek:see:: nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir ## nfs_proc_not_implemented nfs_proc_null nfs_proc_read nfs_proc_readdir ## nfs_proc_readlink nfs_proc_remove nfs_proc_rmdir nfs_proc_write nfs_reply_status ## rpc_call rpc_dialogue rpc_reply @@ -291,7 +291,7 @@ event nfs_proc_create%(c: connection, info: NFS3::info_t, req: NFS3::diropargs_t ## rep: The response returned in the reply. The values may not be valid if the ## request was unsuccessful. ## -## .. bro:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup +## .. zeek:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup ## nfs_proc_not_implemented nfs_proc_null nfs_proc_read nfs_proc_readdir ## nfs_proc_readlink nfs_proc_remove nfs_proc_rmdir nfs_proc_write nfs_reply_status ## rpc_call rpc_dialogue rpc_reply @@ -319,7 +319,7 @@ event nfs_proc_mkdir%(c: connection, info: NFS3::info_t, req: NFS3::diropargs_t, ## rep: The response returned in the reply. The values may not be valid if the ## request was unsuccessful. ## -## .. bro:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir +## .. zeek:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir ## nfs_proc_not_implemented nfs_proc_null nfs_proc_read nfs_proc_readdir ## nfs_proc_readlink nfs_proc_rmdir nfs_proc_write nfs_reply_status rpc_call ## rpc_dialogue rpc_reply @@ -347,7 +347,7 @@ event nfs_proc_remove%(c: connection, info: NFS3::info_t, req: NFS3::diropargs_t ## rep: The response returned in the reply. The values may not be valid if the ## request was unsuccessful. ## -## .. bro:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir +## .. zeek:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir ## nfs_proc_not_implemented nfs_proc_null nfs_proc_read nfs_proc_readdir ## nfs_proc_readlink nfs_proc_remove nfs_proc_write nfs_reply_status rpc_call ## rpc_dialogue rpc_reply @@ -375,7 +375,7 @@ event nfs_proc_rmdir%(c: connection, info: NFS3::info_t, req: NFS3::diropargs_t, ## rep: The response returned in the reply. The values may not be valid if the ## request was unsuccessful. ## -## .. bro:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir +## .. zeek:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir ## nfs_proc_not_implemented nfs_proc_null nfs_proc_read nfs_proc_readdir ## nfs_proc_readlink nfs_proc_remove nfs_proc_rename nfs_proc_write ## nfs_reply_status rpc_call rpc_dialogue rpc_reply @@ -403,7 +403,7 @@ event nfs_proc_rename%(c: connection, info: NFS3::info_t, req: NFS3::renameoparg ## rep: The response returned in the reply. The values may not be valid if the ## request was unsuccessful. ## -## .. bro:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir +## .. zeek:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir ## nfs_proc_not_implemented nfs_proc_null nfs_proc_read nfs_proc_readlink ## nfs_proc_remove nfs_proc_rmdir nfs_proc_write nfs_reply_status rpc_call ## rpc_dialogue rpc_reply @@ -427,7 +427,7 @@ event nfs_proc_readdir%(c: connection, info: NFS3::info_t, req: NFS3::readdirarg ## ## proc: The procedure called that Bro does not implement. ## -## .. bro:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir +## .. zeek:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir ## nfs_proc_null nfs_proc_read nfs_proc_readdir nfs_proc_readlink nfs_proc_remove ## nfs_proc_rmdir nfs_proc_write nfs_reply_status rpc_call rpc_dialogue rpc_reply ## @@ -444,7 +444,7 @@ event nfs_proc_not_implemented%(c: connection, info: NFS3::info_t, proc: NFS3::p ## ## info: Reports the status included in the reply. ## -## .. bro:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir +## .. zeek:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir ## nfs_proc_not_implemented nfs_proc_null nfs_proc_read nfs_proc_readdir ## nfs_proc_readlink nfs_proc_remove nfs_proc_rmdir nfs_proc_write rpc_call ## rpc_dialogue rpc_reply @@ -463,7 +463,7 @@ event nfs_reply_status%(n: connection, info: NFS3::info_t%); ## ## r: The RPC connection. ## -## .. bro:see:: pm_request_set pm_request_unset pm_request_getport +## .. zeek:see:: pm_request_set pm_request_unset pm_request_getport ## pm_request_dump pm_request_callit pm_attempt_null pm_attempt_set ## pm_attempt_unset pm_attempt_getport pm_attempt_dump ## pm_attempt_callit pm_bad_port rpc_call rpc_dialogue rpc_reply @@ -488,7 +488,7 @@ event pm_request_null%(r: connection%); ## reply. If no reply was seen, this will be false once the request ## times out. ## -## .. bro:see:: pm_request_null pm_request_unset pm_request_getport +## .. zeek:see:: pm_request_null pm_request_unset pm_request_getport ## pm_request_dump pm_request_callit pm_attempt_null pm_attempt_set ## pm_attempt_unset pm_attempt_getport pm_attempt_dump ## pm_attempt_callit pm_bad_port rpc_call rpc_dialogue rpc_reply @@ -513,7 +513,7 @@ event pm_request_set%(r: connection, m: pm_mapping, success: bool%); ## reply. If no reply was seen, this will be false once the request ## times out. ## -## .. bro:see:: pm_request_null pm_request_set pm_request_getport +## .. zeek:see:: pm_request_null pm_request_set pm_request_getport ## pm_request_dump pm_request_callit pm_attempt_null pm_attempt_set ## pm_attempt_unset pm_attempt_getport pm_attempt_dump ## pm_attempt_callit pm_bad_port rpc_call rpc_dialogue rpc_reply @@ -536,7 +536,7 @@ event pm_request_unset%(r: connection, m: pm_mapping, success: bool%); ## ## p: The port returned by the server. ## -## .. bro:see:: pm_request_null pm_request_set pm_request_unset +## .. zeek:see:: pm_request_null pm_request_set pm_request_unset ## pm_request_dump pm_request_callit pm_attempt_null pm_attempt_set ## pm_attempt_unset pm_attempt_getport pm_attempt_dump ## pm_attempt_callit pm_bad_port rpc_call rpc_dialogue rpc_reply @@ -557,7 +557,7 @@ event pm_request_getport%(r: connection, pr: pm_port_request, p: port%); ## ## m: The mappings returned by the server. ## -## .. bro:see:: pm_request_null pm_request_set pm_request_unset +## .. zeek:see:: pm_request_null pm_request_set pm_request_unset ## pm_request_getport pm_request_callit pm_attempt_null ## pm_attempt_set pm_attempt_unset pm_attempt_getport ## pm_attempt_dump pm_attempt_callit pm_bad_port rpc_call @@ -581,7 +581,7 @@ event pm_request_dump%(r: connection, m: pm_mappings%); ## ## p: The port value returned by the call. ## -## .. bro:see:: pm_request_null pm_request_set pm_request_unset +## .. zeek:see:: pm_request_null pm_request_set pm_request_unset ## pm_request_getport pm_request_dump pm_attempt_null ## pm_attempt_set pm_attempt_unset pm_attempt_getport ## pm_attempt_dump pm_attempt_callit pm_bad_port rpc_call @@ -602,9 +602,9 @@ event pm_request_callit%(r: connection, call: pm_callit_request, p: port%); ## r: The RPC connection. ## ## status: The status of the reply, which should be one of the index values of -## :bro:id:`RPC_status`. +## :zeek:id:`RPC_status`. ## -## .. bro:see:: pm_request_null pm_request_set pm_request_unset +## .. zeek:see:: pm_request_null pm_request_set pm_request_unset ## pm_request_getport pm_request_dump pm_request_callit ## pm_attempt_set pm_attempt_unset pm_attempt_getport ## pm_attempt_dump pm_attempt_callit pm_bad_port rpc_call @@ -625,11 +625,11 @@ event pm_attempt_null%(r: connection, status: rpc_status%); ## r: The RPC connection. ## ## status: The status of the reply, which should be one of the index values of -## :bro:id:`RPC_status`. +## :zeek:id:`RPC_status`. ## ## m: The argument to the original request. ## -## .. bro:see:: pm_request_null pm_request_set pm_request_unset +## .. zeek:see:: pm_request_null pm_request_set pm_request_unset ## pm_request_getport pm_request_dump pm_request_callit ## pm_attempt_null pm_attempt_unset pm_attempt_getport ## pm_attempt_dump pm_attempt_callit pm_bad_port rpc_call @@ -650,11 +650,11 @@ event pm_attempt_set%(r: connection, status: rpc_status, m: pm_mapping%); ## r: The RPC connection. ## ## status: The status of the reply, which should be one of the index values of -## :bro:id:`RPC_status`. +## :zeek:id:`RPC_status`. ## ## m: The argument to the original request. ## -## .. bro:see:: pm_request_null pm_request_set pm_request_unset +## .. zeek:see:: pm_request_null pm_request_set pm_request_unset ## pm_request_getport pm_request_dump pm_request_callit ## pm_attempt_null pm_attempt_set pm_attempt_getport ## pm_attempt_dump pm_attempt_callit pm_bad_port rpc_call @@ -675,11 +675,11 @@ event pm_attempt_unset%(r: connection, status: rpc_status, m: pm_mapping%); ## r: The RPC connection. ## ## status: The status of the reply, which should be one of the index values of -## :bro:id:`RPC_status`. +## :zeek:id:`RPC_status`. ## ## pr: The argument to the original request. ## -## .. bro:see:: pm_request_null pm_request_set pm_request_unset +## .. zeek:see:: pm_request_null pm_request_set pm_request_unset ## pm_request_getport pm_request_dump pm_request_callit ## pm_attempt_null pm_attempt_set pm_attempt_unset pm_attempt_dump ## pm_attempt_callit pm_bad_port rpc_call rpc_dialogue rpc_reply @@ -699,9 +699,9 @@ event pm_attempt_getport%(r: connection, status: rpc_status, pr: pm_port_request ## r: The RPC connection. ## ## status: The status of the reply, which should be one of the index values of -## :bro:id:`RPC_status`. +## :zeek:id:`RPC_status`. ## -## .. bro:see:: pm_request_null pm_request_set pm_request_unset +## .. zeek:see:: pm_request_null pm_request_set pm_request_unset ## pm_request_getport pm_request_dump pm_request_callit ## pm_attempt_null pm_attempt_set pm_attempt_unset ## pm_attempt_getport pm_attempt_callit pm_bad_port rpc_call @@ -722,11 +722,11 @@ event pm_attempt_dump%(r: connection, status: rpc_status%); ## r: The RPC connection. ## ## status: The status of the reply, which should be one of the index values of -## :bro:id:`RPC_status`. +## :zeek:id:`RPC_status`. ## ## call: The argument to the original request. ## -## .. bro:see:: pm_request_null pm_request_set pm_request_unset +## .. zeek:see:: pm_request_null pm_request_set pm_request_unset ## pm_request_getport pm_request_dump pm_request_callit ## pm_attempt_null pm_attempt_set pm_attempt_unset ## pm_attempt_getport pm_attempt_dump pm_bad_port rpc_call @@ -751,7 +751,7 @@ event pm_attempt_callit%(r: connection, status: rpc_status, call: pm_callit_requ ## ## bad_p: The invalid port value. ## -## .. bro:see:: pm_request_null pm_request_set pm_request_unset +## .. zeek:see:: pm_request_null pm_request_set pm_request_unset ## pm_request_getport pm_request_dump pm_request_callit ## pm_attempt_null pm_attempt_set pm_attempt_unset ## pm_attempt_getport pm_attempt_dump pm_attempt_callit rpc_call @@ -767,7 +767,7 @@ event pm_bad_port%(r: connection, bad_p: count%); ## and reply by their transaction identifiers and raises this event once both ## have been seen. If there's not a reply, this event will still be generated ## eventually on timeout. In that case, *status* will be set to -## :bro:enum:`RPC_TIMEOUT`. +## :zeek:enum:`RPC_TIMEOUT`. ## ## See `Wikipedia `__ for more information ## about the ONC RPC protocol. @@ -781,7 +781,7 @@ event pm_bad_port%(r: connection, bad_p: count%); ## proc: The procedure of the remote program to call. ## ## status: The status of the reply, which should be one of the index values of -## :bro:id:`RPC_status`. +## :zeek:id:`RPC_status`. ## ## start_time: The time when the *call* was seen. ## @@ -789,13 +789,13 @@ event pm_bad_port%(r: connection, bad_p: count%); ## ## reply_len: The size of the *reply_body* PDU. ## -## .. bro:see:: rpc_call rpc_reply dce_rpc_bind dce_rpc_message dce_rpc_request +## .. zeek:see:: rpc_call rpc_reply dce_rpc_bind dce_rpc_message dce_rpc_request ## dce_rpc_response rpc_timeout ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event rpc_dialogue%(c: connection, prog: count, ver: count, proc: count, status: rpc_status, start_time: time, call_len: count, reply_len: count%); @@ -816,13 +816,13 @@ event rpc_dialogue%(c: connection, prog: count, ver: count, proc: count, status: ## ## call_len: The size of the *call_body* PDU. ## -## .. bro:see:: rpc_dialogue rpc_reply dce_rpc_bind dce_rpc_message dce_rpc_request +## .. zeek:see:: rpc_dialogue rpc_reply dce_rpc_bind dce_rpc_message dce_rpc_request ## dce_rpc_response rpc_timeout ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event rpc_call%(c: connection, xid: count, prog: count, ver: count, proc: count, call_len: count%); @@ -836,17 +836,17 @@ event rpc_call%(c: connection, xid: count, prog: count, ver: count, proc: count, ## xid: The transaction identifier allowing to match requests with replies. ## ## status: The status of the reply, which should be one of the index values of -## :bro:id:`RPC_status`. +## :zeek:id:`RPC_status`. ## ## reply_len: The size of the *reply_body* PDU. ## -## .. bro:see:: rpc_call rpc_dialogue dce_rpc_bind dce_rpc_message dce_rpc_request +## .. zeek:see:: rpc_call rpc_dialogue dce_rpc_bind dce_rpc_message dce_rpc_request ## dce_rpc_response rpc_timeout ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event rpc_reply%(c: connection, xid: count, status: rpc_status, reply_len: count%); @@ -859,7 +859,7 @@ event rpc_reply%(c: connection, xid: count, status: rpc_status, reply_len: count ## ## info: Reports the status of the dialogue, along with some meta information. ## -## .. bro:see:: mount_proc_mnt mount_proc_umnt +## .. zeek:see:: mount_proc_mnt mount_proc_umnt ## mount_proc_umnt_all mount_proc_not_implemented ## ## .. todo:: Bro's current default configuration does not activate the protocol @@ -882,7 +882,7 @@ event mount_proc_null%(c: connection, info: MOUNT3::info_t%); ## rep: The response returned in the reply. The values may not be valid if the ## request was unsuccessful. ## -## .. bro:see:: mount_proc_mnt mount_proc_umnt +## .. zeek:see:: mount_proc_mnt mount_proc_umnt ## mount_proc_umnt_all mount_proc_not_implemented ## ## .. todo:: Bro's current default configuration does not activate the protocol @@ -902,7 +902,7 @@ event mount_proc_mnt%(c: connection, info: MOUNT3::info_t, req: MOUNT3::dirmntar ## ## req: The arguments passed in the request. ## -## .. bro:see:: mount_proc_mnt mount_proc_umnt +## .. zeek:see:: mount_proc_mnt mount_proc_umnt ## mount_proc_umnt_all mount_proc_not_implemented ## ## .. todo:: Bro's current default configuration does not activate the protocol @@ -922,7 +922,7 @@ event mount_proc_umnt%(c: connection, info: MOUNT3::info_t, req: MOUNT3::dirmnta ## ## req: The arguments passed in the request. ## -## .. bro:see:: mount_proc_mnt mount_proc_umnt +## .. zeek:see:: mount_proc_mnt mount_proc_umnt ## mount_proc_umnt_all mount_proc_not_implemented ## ## .. todo:: Bro's current default configuration does not activate the protocol @@ -940,7 +940,7 @@ event mount_proc_umnt_all%(c: connection, info: MOUNT3::info_t, req: MOUNT3::dir ## ## proc: The procedure called that Bro does not implement. ## -## .. bro:see:: mount_proc_mnt mount_proc_umnt +## .. zeek:see:: mount_proc_mnt mount_proc_umnt ## mount_proc_umnt_all mount_proc_not_implemented ## ## .. todo:: Bro's current default configuration does not activate the protocol @@ -956,7 +956,7 @@ event mount_proc_not_implemented%(c: connection, info: MOUNT3::info_t, proc: MOU ## ## info: Reports the status included in the reply. ## -## .. bro:see:: mount_proc_mnt mount_proc_umnt +## .. zeek:see:: mount_proc_mnt mount_proc_umnt ## mount_proc_umnt_all mount_proc_not_implemented ## ## .. todo:: Bro's current default configuration does not activate the protocol diff --git a/src/analyzer/protocol/sip/events.bif b/src/analyzer/protocol/sip/events.bif index f8ab6f4f37..fb8f9b77d1 100644 --- a/src/analyzer/protocol/sip/events.bif +++ b/src/analyzer/protocol/sip/events.bif @@ -13,7 +13,7 @@ ## ## version: The version number specified in the request (e.g., ``2.0``). ## -## .. bro:see:: sip_reply sip_header sip_all_headers sip_begin_entity sip_end_entity +## .. zeek:see:: sip_reply sip_header sip_all_headers sip_begin_entity sip_end_entity event sip_request%(c: connection, method: string, original_URI: string, version: string%); ## Generated for :abbr:`SIP (Session Initiation Protocol)` replies, used in Voice over IP (VoIP). @@ -31,7 +31,7 @@ event sip_request%(c: connection, method: string, original_URI: string, version: ## ## reason: Textual details for the response code. ## -## .. bro:see:: sip_request sip_header sip_all_headers sip_begin_entity sip_end_entity +## .. zeek:see:: sip_request sip_header sip_all_headers sip_begin_entity sip_end_entity event sip_reply%(c: connection, version: string, code: count, reason: string%); ## Generated for each :abbr:`SIP (Session Initiation Protocol)` header. @@ -47,7 +47,7 @@ event sip_reply%(c: connection, version: string, code: count, reason: string%); ## ## value: Header value. ## -## .. bro:see:: sip_request sip_reply sip_all_headers sip_begin_entity sip_end_entity +## .. zeek:see:: sip_request sip_reply sip_all_headers sip_begin_entity sip_end_entity event sip_header%(c: connection, is_orig: bool, name: string, value: string%); ## Generated once for all :abbr:`SIP (Session Initiation Protocol)` headers from the originator or responder. @@ -61,7 +61,7 @@ event sip_header%(c: connection, is_orig: bool, name: string, value: string%); ## ## hlist: All the headers, and their values ## -## .. bro:see:: sip_request sip_reply sip_header sip_begin_entity sip_end_entity +## .. zeek:see:: sip_request sip_reply sip_header sip_begin_entity sip_end_entity event sip_all_headers%(c: connection, is_orig: bool, hlist: mime_header_list%); ## Generated at the beginning of a :abbr:`SIP (Session Initiation Protocol)` message. @@ -75,7 +75,7 @@ event sip_all_headers%(c: connection, is_orig: bool, hlist: mime_header_list%); ## ## is_orig: Whether the message came from the originator. ## -## .. bro:see:: sip_request sip_reply sip_header sip_all_headers sip_end_entity +## .. zeek:see:: sip_request sip_reply sip_header sip_all_headers sip_end_entity event sip_begin_entity%(c: connection, is_orig: bool%); ## Generated at the end of a :abbr:`SIP (Session Initiation Protocol)` message. @@ -87,5 +87,5 @@ event sip_begin_entity%(c: connection, is_orig: bool%); ## ## is_orig: Whether the message came from the originator. ## -## .. bro:see:: sip_request sip_reply sip_header sip_all_headers sip_begin_entity +## .. zeek:see:: sip_request sip_reply sip_header sip_all_headers sip_begin_entity event sip_end_entity%(c: connection, is_orig: bool%); diff --git a/src/analyzer/protocol/smb/events.bif b/src/analyzer/protocol/smb/events.bif index d0091589fe..77746c2a09 100644 --- a/src/analyzer/protocol/smb/events.bif +++ b/src/analyzer/protocol/smb/events.bif @@ -3,7 +3,7 @@ ## up is when the drive mapping isn't seen so the analyzer is not able ## to determine whether to send the data to the files framework or to ## the DCE_RPC analyzer. This heuristic can be tuned by adding or -## removing "named pipe" names from the :bro:see:`SMB::pipe_filenames` +## removing "named pipe" names from the :zeek:see:`SMB::pipe_filenames` ## const. ## ## c: The connection. diff --git a/src/analyzer/protocol/smb/smb1_com_check_directory.bif b/src/analyzer/protocol/smb/smb1_com_check_directory.bif index 15feb3ad59..26f83210ff 100644 --- a/src/analyzer/protocol/smb/smb1_com_check_directory.bif +++ b/src/analyzer/protocol/smb/smb1_com_check_directory.bif @@ -10,7 +10,7 @@ ## ## directory_name: The directory name to check for existence. ## -## .. bro:see:: smb1_message smb1_check_directory_response +## .. zeek:see:: smb1_message smb1_check_directory_response event smb1_check_directory_request%(c: connection, hdr: SMB1::Header, directory_name: string%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -23,5 +23,5 @@ event smb1_check_directory_request%(c: connection, hdr: SMB1::Header, directory_ ## ## hdr: The parsed header of the :abbr:`SMB (Server Message Block)` version 1 message. ## -## .. bro:see:: smb1_message smb1_check_directory_request +## .. zeek:see:: smb1_message smb1_check_directory_request event smb1_check_directory_response%(c: connection, hdr: SMB1::Header%); \ No newline at end of file diff --git a/src/analyzer/protocol/smb/smb1_com_close.bif b/src/analyzer/protocol/smb/smb1_com_close.bif index 37958e1d19..8d2d8f0747 100644 --- a/src/analyzer/protocol/smb/smb1_com_close.bif +++ b/src/analyzer/protocol/smb/smb1_com_close.bif @@ -10,6 +10,6 @@ ## ## file_id: The file identifier being closed. ## -## .. bro:see:: smb1_message +## .. zeek:see:: smb1_message event smb1_close_request%(c: connection, hdr: SMB1::Header, file_id: count%); diff --git a/src/analyzer/protocol/smb/smb1_com_create_directory.bif b/src/analyzer/protocol/smb/smb1_com_create_directory.bif index f5e29b467b..40ddf44c8d 100644 --- a/src/analyzer/protocol/smb/smb1_com_create_directory.bif +++ b/src/analyzer/protocol/smb/smb1_com_create_directory.bif @@ -11,7 +11,7 @@ ## ## directory_name: The name of the directory to create. ## -## .. bro:see:: smb1_message smb1_create_directory_response smb1_transaction2_request +## .. zeek:see:: smb1_message smb1_create_directory_response smb1_transaction2_request event smb1_create_directory_request%(c: connection, hdr: SMB1::Header, directory_name: string%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -25,5 +25,5 @@ event smb1_create_directory_request%(c: connection, hdr: SMB1::Header, directory ## ## hdr: The parsed header of the :abbr:`SMB (Server Message Block)` version 1 message. ## -## .. bro:see:: smb1_message smb1_create_directory_request smb1_transaction2_request +## .. zeek:see:: smb1_message smb1_create_directory_request smb1_transaction2_request event smb1_create_directory_response%(c: connection, hdr: SMB1::Header%); \ No newline at end of file diff --git a/src/analyzer/protocol/smb/smb1_com_echo.bif b/src/analyzer/protocol/smb/smb1_com_echo.bif index 5b255af371..f95261ca3c 100644 --- a/src/analyzer/protocol/smb/smb1_com_echo.bif +++ b/src/analyzer/protocol/smb/smb1_com_echo.bif @@ -12,7 +12,7 @@ ## ## data: The data for the server to echo. ## -## .. bro:see:: smb1_message smb1_echo_response +## .. zeek:see:: smb1_message smb1_echo_response event smb1_echo_request%(c: connection, echo_count: count, data: string%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -28,5 +28,5 @@ event smb1_echo_request%(c: connection, echo_count: count, data: string%); ## ## data: The data echoed back from the client. ## -## .. bro:see:: smb1_message smb1_echo_request +## .. zeek:see:: smb1_message smb1_echo_request event smb1_echo_response%(c: connection, seq_num: count, data: string%); \ No newline at end of file diff --git a/src/analyzer/protocol/smb/smb1_com_logoff_andx.bif b/src/analyzer/protocol/smb/smb1_com_logoff_andx.bif index 88b5016328..ff5168e4dd 100644 --- a/src/analyzer/protocol/smb/smb1_com_logoff_andx.bif +++ b/src/analyzer/protocol/smb/smb1_com_logoff_andx.bif @@ -10,6 +10,6 @@ ## ## is_orig: Indicates which host sent the logoff message. ## -## .. bro:see:: smb1_message +## .. zeek:see:: smb1_message event smb1_logoff_andx%(c: connection, is_orig: bool%); diff --git a/src/analyzer/protocol/smb/smb1_com_negotiate.bif b/src/analyzer/protocol/smb/smb1_com_negotiate.bif index fdb2201c1f..7dfe02cb68 100644 --- a/src/analyzer/protocol/smb/smb1_com_negotiate.bif +++ b/src/analyzer/protocol/smb/smb1_com_negotiate.bif @@ -11,7 +11,7 @@ ## ## dialects: The SMB dialects supported by the client. ## -## .. bro:see:: smb1_message smb1_negotiate_response +## .. zeek:see:: smb1_message smb1_negotiate_response event smb1_negotiate_request%(c: connection, hdr: SMB1::Header, dialects: string_vec%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -26,7 +26,7 @@ event smb1_negotiate_request%(c: connection, hdr: SMB1::Header, dialects: string ## ## response: A record structure containing more information from the response. ## -## .. bro:see:: smb1_message smb1_negotiate_request +## .. zeek:see:: smb1_message smb1_negotiate_request event smb1_negotiate_response%(c: connection, hdr: SMB1::Header, response: SMB1::NegotiateResponse%); #### Types diff --git a/src/analyzer/protocol/smb/smb1_com_nt_cancel.bif b/src/analyzer/protocol/smb/smb1_com_nt_cancel.bif index f04fc839ec..66bbbc5fb9 100644 --- a/src/analyzer/protocol/smb/smb1_com_nt_cancel.bif +++ b/src/analyzer/protocol/smb/smb1_com_nt_cancel.bif @@ -8,5 +8,5 @@ ## ## hdr: The parsed header of the :abbr:`SMB (Server Message Block)` version 1 message. ## -## .. bro:see:: smb1_message +## .. zeek:see:: smb1_message event smb1_nt_cancel_request%(c: connection, hdr: SMB1::Header%); \ No newline at end of file diff --git a/src/analyzer/protocol/smb/smb1_com_nt_create_andx.bif b/src/analyzer/protocol/smb/smb1_com_nt_create_andx.bif index f8008e878b..d19d59fd50 100644 --- a/src/analyzer/protocol/smb/smb1_com_nt_create_andx.bif +++ b/src/analyzer/protocol/smb/smb1_com_nt_create_andx.bif @@ -11,7 +11,7 @@ ## ## name: The ``name`` attribute specified in the message. ## -## .. bro:see:: smb1_message smb1_nt_create_andx_response +## .. zeek:see:: smb1_message smb1_nt_create_andx_response event smb1_nt_create_andx_request%(c: connection, hdr: SMB1::Header, file_name: string%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -30,7 +30,7 @@ event smb1_nt_create_andx_request%(c: connection, hdr: SMB1::Header, file_name: ## ## times: Timestamps associated with the file in question. ## -## .. bro:see:: smb1_message smb1_nt_create_andx_request +## .. zeek:see:: smb1_message smb1_nt_create_andx_request event smb1_nt_create_andx_response%(c: connection, hdr: SMB1::Header, file_id: count, file_size: count, times: SMB::MACTimes%); diff --git a/src/analyzer/protocol/smb/smb1_com_query_information.bif b/src/analyzer/protocol/smb/smb1_com_query_information.bif index 64a5150dc9..e2f1ded6bd 100644 --- a/src/analyzer/protocol/smb/smb1_com_query_information.bif +++ b/src/analyzer/protocol/smb/smb1_com_query_information.bif @@ -11,6 +11,6 @@ ## ## filename: The filename that the client is querying. ## -## .. bro:see:: smb1_message smb1_transaction2_request +## .. zeek:see:: smb1_message smb1_transaction2_request event smb1_query_information_request%(c: connection, hdr: SMB1::Header, filename: string%); diff --git a/src/analyzer/protocol/smb/smb1_com_read_andx.bif b/src/analyzer/protocol/smb/smb1_com_read_andx.bif index 73cacf0a65..a7c04bffca 100644 --- a/src/analyzer/protocol/smb/smb1_com_read_andx.bif +++ b/src/analyzer/protocol/smb/smb1_com_read_andx.bif @@ -15,7 +15,7 @@ ## ## length: The number of bytes being requested. ## -## .. bro:see:: smb1_message smb1_read_andx_response +## .. zeek:see:: smb1_message smb1_read_andx_response event smb1_read_andx_request%(c: connection, hdr: SMB1::Header, file_id: count, offset: count, length: count%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -29,6 +29,6 @@ event smb1_read_andx_request%(c: connection, hdr: SMB1::Header, file_id: count, ## ## data_len: The length of data from the requested file. ## -## .. bro:see:: smb1_message smb1_read_andx_request +## .. zeek:see:: smb1_message smb1_read_andx_request event smb1_read_andx_response%(c: connection, hdr: SMB1::Header, data_len: count%); diff --git a/src/analyzer/protocol/smb/smb1_com_session_setup_andx.bif b/src/analyzer/protocol/smb/smb1_com_session_setup_andx.bif index 7971a4977c..b50fa5d875 100644 --- a/src/analyzer/protocol/smb/smb1_com_session_setup_andx.bif +++ b/src/analyzer/protocol/smb/smb1_com_session_setup_andx.bif @@ -9,7 +9,7 @@ ## ## request: The parsed request data of the SMB message. See init-bare for more details. ## -## .. bro:see:: smb1_message smb1_session_setup_andx_response +## .. zeek:see:: smb1_message smb1_session_setup_andx_response event smb1_session_setup_andx_request%(c: connection, hdr: SMB1::Header, request: SMB1::SessionSetupAndXRequest%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -23,7 +23,7 @@ event smb1_session_setup_andx_request%(c: connection, hdr: SMB1::Header, request ## ## response: The parsed response data of the SMB message. See init-bare for more details. ## -## .. bro:see:: smb1_message smb1_session_setup_andx_request +## .. zeek:see:: smb1_message smb1_session_setup_andx_request event smb1_session_setup_andx_response%(c: connection, hdr: SMB1::Header, response: SMB1::SessionSetupAndXResponse%); #### Types diff --git a/src/analyzer/protocol/smb/smb1_com_transaction.bif b/src/analyzer/protocol/smb/smb1_com_transaction.bif index 0c411b55c3..cd80a668dc 100644 --- a/src/analyzer/protocol/smb/smb1_com_transaction.bif +++ b/src/analyzer/protocol/smb/smb1_com_transaction.bif @@ -18,7 +18,7 @@ ## ## data: content of the SMB_Data.Trans_Data field ## -## .. bro:see:: smb1_message smb1_transaction2_request +## .. zeek:see:: smb1_message smb1_transaction2_request event smb1_transaction_request%(c: connection, hdr: SMB1::Header, name: string, sub_cmd: count, parameters: string, data: string%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` diff --git a/src/analyzer/protocol/smb/smb1_com_transaction2.bif b/src/analyzer/protocol/smb/smb1_com_transaction2.bif index aa30aeebe1..48e2f7cdd6 100644 --- a/src/analyzer/protocol/smb/smb1_com_transaction2.bif +++ b/src/analyzer/protocol/smb/smb1_com_transaction2.bif @@ -15,7 +15,7 @@ ## ## sub_cmd: The sub command, some are parsed and have their own events. ## -## .. bro:see:: smb1_message smb1_trans2_find_first2_request smb1_trans2_query_path_info_request +## .. zeek:see:: smb1_message smb1_trans2_find_first2_request smb1_trans2_query_path_info_request ## smb1_trans2_get_dfs_referral_request smb1_transaction_request event smb1_transaction2_request%(c: connection, hdr: SMB1::Header, args: SMB1::Trans2_Args, sub_cmd: count%); @@ -31,7 +31,7 @@ event smb1_transaction2_request%(c: connection, hdr: SMB1::Header, args: SMB1::T ## ## args: A record data structure with arguments given to the command. ## -## .. bro:see:: smb1_message smb1_transaction2_request smb1_trans2_query_path_info_request +## .. zeek:see:: smb1_message smb1_transaction2_request smb1_trans2_query_path_info_request ## smb1_trans2_get_dfs_referral_request event smb1_trans2_find_first2_request%(c: connection, hdr: SMB1::Header, args: SMB1::Find_First2_Request_Args%); @@ -47,7 +47,7 @@ event smb1_trans2_find_first2_request%(c: connection, hdr: SMB1::Header, args: S ## ## file_name: File name the request is in reference to. ## -## .. bro:see:: smb1_message smb1_transaction2_request smb1_trans2_find_first2_request +## .. zeek:see:: smb1_message smb1_transaction2_request smb1_trans2_find_first2_request ## smb1_trans2_get_dfs_referral_request event smb1_trans2_query_path_info_request%(c: connection, hdr: SMB1::Header, file_name: string%); @@ -63,7 +63,7 @@ event smb1_trans2_query_path_info_request%(c: connection, hdr: SMB1::Header, fil ## ## file_name: File name the request is in reference to. ## -## .. bro:see:: smb1_message smb1_transaction2_request smb1_trans2_find_first2_request +## .. zeek:see:: smb1_message smb1_transaction2_request smb1_trans2_find_first2_request ## smb1_trans2_query_path_info_request event smb1_trans2_get_dfs_referral_request%(c: connection, hdr: SMB1::Header, file_name: string%); diff --git a/src/analyzer/protocol/smb/smb1_com_tree_connect_andx.bif b/src/analyzer/protocol/smb/smb1_com_tree_connect_andx.bif index 16aeb2bbb6..95274af115 100644 --- a/src/analyzer/protocol/smb/smb1_com_tree_connect_andx.bif +++ b/src/analyzer/protocol/smb/smb1_com_tree_connect_andx.bif @@ -12,7 +12,7 @@ ## ## service: The ``service`` attribute specified in the message. ## -## .. bro:see:: smb1_message smb1_tree_connect_andx_response +## .. zeek:see:: smb1_message smb1_tree_connect_andx_response event smb1_tree_connect_andx_request%(c: connection, hdr: SMB1::Header, path: string, service: string%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -29,6 +29,6 @@ event smb1_tree_connect_andx_request%(c: connection, hdr: SMB1::Header, path: st ## ## native_file_system: The file system of the remote server as indicate by the server. ## -## .. bro:see:: smb1_message smb1_tree_connect_andx_request +## .. zeek:see:: smb1_message smb1_tree_connect_andx_request event smb1_tree_connect_andx_response%(c: connection, hdr: SMB1::Header, service: string, native_file_system: string%); diff --git a/src/analyzer/protocol/smb/smb1_com_tree_disconnect.bif b/src/analyzer/protocol/smb/smb1_com_tree_disconnect.bif index 493ee66238..db94e1ff2a 100644 --- a/src/analyzer/protocol/smb/smb1_com_tree_disconnect.bif +++ b/src/analyzer/protocol/smb/smb1_com_tree_disconnect.bif @@ -10,6 +10,6 @@ ## ## is_orig: True if the message was from the originator. ## -## .. bro:see:: smb1_message +## .. zeek:see:: smb1_message event smb1_tree_disconnect%(c: connection, hdr: SMB1::Header, is_orig: bool%); diff --git a/src/analyzer/protocol/smb/smb1_com_write_andx.bif b/src/analyzer/protocol/smb/smb1_com_write_andx.bif index d30c8af2ba..6bf086e978 100644 --- a/src/analyzer/protocol/smb/smb1_com_write_andx.bif +++ b/src/analyzer/protocol/smb/smb1_com_write_andx.bif @@ -13,7 +13,7 @@ ## ## data: The data being written. ## -## .. bro:see:: smb1_message smb1_write_andx_response +## .. zeek:see:: smb1_message smb1_write_andx_response event smb1_write_andx_request%(c: connection, hdr: SMB1::Header, file_id: count, offset: count, data_len: count%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -28,5 +28,5 @@ event smb1_write_andx_request%(c: connection, hdr: SMB1::Header, file_id: count, ## ## written_bytes: The number of bytes the server reported having actually written. ## -## .. bro:see:: smb1_message smb1_write_andx_request +## .. zeek:see:: smb1_message smb1_write_andx_request event smb1_write_andx_response%(c: connection, hdr: SMB1::Header, written_bytes: count%); diff --git a/src/analyzer/protocol/smb/smb1_events.bif b/src/analyzer/protocol/smb/smb1_events.bif index 4746af34a4..e5134b8bd0 100644 --- a/src/analyzer/protocol/smb/smb1_events.bif +++ b/src/analyzer/protocol/smb/smb1_events.bif @@ -14,7 +14,7 @@ ## is_orig: True if the message was sent by the originator of the underlying ## transport-level connection. ## -## .. bro:see:: smb2_message +## .. zeek:see:: smb2_message event smb1_message%(c: connection, hdr: SMB1::Header, is_orig: bool%); ## Generated when there is an :abbr:`SMB (Server Message Block)` version 1 response with no message body. @@ -23,7 +23,7 @@ event smb1_message%(c: connection, hdr: SMB1::Header, is_orig: bool%); ## ## hdr: The parsed header of the :abbr:`SMB (Server Message Block)` message. ## -## .. bro:see:: smb1_message +## .. zeek:see:: smb1_message event smb1_empty_response%(c: connection, hdr: SMB1::Header%); ## Generated for :abbr:`SMB (Server Message Block)` version 1 messages @@ -37,6 +37,6 @@ event smb1_empty_response%(c: connection, hdr: SMB1::Header%); ## is_orig: True if the message was sent by the originator of the underlying ## transport-level connection. ## -## .. bro:see:: smb1_message +## .. zeek:see:: smb1_message event smb1_error%(c: connection, hdr: SMB1::Header, is_orig: bool%); diff --git a/src/analyzer/protocol/smb/smb2_com_close.bif b/src/analyzer/protocol/smb/smb2_com_close.bif index 5ac4afa1db..4f8d802c63 100644 --- a/src/analyzer/protocol/smb/smb2_com_close.bif +++ b/src/analyzer/protocol/smb/smb2_com_close.bif @@ -10,7 +10,7 @@ ## ## file_name: The SMB2 GUID of the file being closed. ## -## .. bro:see:: smb2_message smb2_close_response +## .. zeek:see:: smb2_message smb2_close_response event smb2_close_request%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -25,7 +25,7 @@ event smb2_close_request%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID% ## ## response: A record of attributes returned from the server from the close. ## -## .. bro:see:: smb2_message smb2_close_request +## .. zeek:see:: smb2_message smb2_close_request event smb2_close_response%(c: connection, hdr: SMB2::Header, response: SMB2::CloseResponse%); diff --git a/src/analyzer/protocol/smb/smb2_com_create.bif b/src/analyzer/protocol/smb/smb2_com_create.bif index 9a77878e9f..7d9c4e4895 100644 --- a/src/analyzer/protocol/smb/smb2_com_create.bif +++ b/src/analyzer/protocol/smb/smb2_com_create.bif @@ -10,7 +10,7 @@ ## ## request: A record with more information related to the request. ## -## .. bro:see:: smb2_message smb2_create_response +## .. zeek:see:: smb2_message smb2_create_response event smb2_create_request%(c: connection, hdr: SMB2::Header, request: SMB2::CreateRequest%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -25,7 +25,7 @@ event smb2_create_request%(c: connection, hdr: SMB2::Header, request: SMB2::Crea ## ## response: A record with more information related to the response. ## -## .. bro:see:: smb2_message smb2_create_request +## .. zeek:see:: smb2_message smb2_create_request event smb2_create_response%(c: connection, hdr: SMB2::Header, response: SMB2::CreateResponse%); #### Types diff --git a/src/analyzer/protocol/smb/smb2_com_negotiate.bif b/src/analyzer/protocol/smb/smb2_com_negotiate.bif index 80c7c1aea5..2202064933 100644 --- a/src/analyzer/protocol/smb/smb2_com_negotiate.bif +++ b/src/analyzer/protocol/smb/smb2_com_negotiate.bif @@ -10,7 +10,7 @@ ## ## dialects: A vector of the client's supported dialects. ## -## .. bro:see:: smb2_message smb2_negotiate_response +## .. zeek:see:: smb2_message smb2_negotiate_response event smb2_negotiate_request%(c: connection, hdr: SMB2::Header, dialects: index_vec%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -25,7 +25,7 @@ event smb2_negotiate_request%(c: connection, hdr: SMB2::Header, dialects: index_ ## ## response: The negotiate response data structure. ## -## .. bro:see:: smb2_message smb2_negotiate_request +## .. zeek:see:: smb2_message smb2_negotiate_request event smb2_negotiate_response%(c: connection, hdr: SMB2::Header, response: SMB2::NegotiateResponse%); #### Types diff --git a/src/analyzer/protocol/smb/smb2_com_read.bif b/src/analyzer/protocol/smb/smb2_com_read.bif index 4ccc8d7788..b14874b38b 100644 --- a/src/analyzer/protocol/smb/smb2_com_read.bif +++ b/src/analyzer/protocol/smb/smb2_com_read.bif @@ -14,5 +14,5 @@ ## ## length: The number of bytes of the file being read. ## -## .. bro:see:: smb2_message +## .. zeek:see:: smb2_message event smb2_read_request%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, offset: count, length: count%); diff --git a/src/analyzer/protocol/smb/smb2_com_session_setup.bif b/src/analyzer/protocol/smb/smb2_com_session_setup.bif index 99430d5ac9..b3dbe6cc57 100644 --- a/src/analyzer/protocol/smb/smb2_com_session_setup.bif +++ b/src/analyzer/protocol/smb/smb2_com_session_setup.bif @@ -11,7 +11,7 @@ ## ## request: A record containing more information related to the request. ## -## .. bro:see:: smb2_message smb2_session_setup_response +## .. zeek:see:: smb2_message smb2_session_setup_response event smb2_session_setup_request%(c: connection, hdr: SMB2::Header, request: SMB2::SessionSetupRequest%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -26,7 +26,7 @@ event smb2_session_setup_request%(c: connection, hdr: SMB2::Header, request: SMB ## ## response: A record containing more information related to the response. ## -## .. bro:see:: smb2_message smb2_session_setup_request +## .. zeek:see:: smb2_message smb2_session_setup_request event smb2_session_setup_response%(c: connection, hdr: SMB2::Header, response: SMB2::SessionSetupResponse%); #### Types diff --git a/src/analyzer/protocol/smb/smb2_com_set_info.bif b/src/analyzer/protocol/smb/smb2_com_set_info.bif index 1f6d9386f8..37a0b8900f 100644 --- a/src/analyzer/protocol/smb/smb2_com_set_info.bif +++ b/src/analyzer/protocol/smb/smb2_com_set_info.bif @@ -11,7 +11,7 @@ ## ## dst_filename: The filename to rename the file into. ## -## .. bro:see:: smb2_message smb2_file_delete smb2_file_sattr +## .. zeek:see:: smb2_message smb2_file_delete smb2_file_sattr event smb2_file_rename%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, dst_filename: string%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -28,7 +28,7 @@ event smb2_file_rename%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, d ## delete_pending: A boolean value to indicate that a file should be deleted ## when it's closed if set to T. ## -## .. bro:see:: smb2_message smb2_file_rename smb2_file_sattr +## .. zeek:see:: smb2_message smb2_file_rename smb2_file_sattr event smb2_file_delete%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, delete_pending: bool%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -46,7 +46,7 @@ event smb2_file_delete%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, d ## ## attrs: File attributes. ## -## .. bro:see:: smb2_message smb2_file_rename smb2_file_delete +## .. zeek:see:: smb2_message smb2_file_rename smb2_file_delete event smb2_file_sattr%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, times: SMB::MACTimes, attrs: SMB2::FileAttrs%); # TODO - Not implemented @@ -60,7 +60,7 @@ event smb2_file_sattr%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, ti # # request: A record containing more information related to the request. # -# .. bro:see:: smb2_message smb2_file_rename smb2_file_delete +# .. zeek:see:: smb2_message smb2_file_rename smb2_file_delete # event smb2_set_info_request%(c: connection, hdr: SMB2::Header, request: SMB2::SetInfoRequest%); # # type SMB2::SetInfoRequest: record; diff --git a/src/analyzer/protocol/smb/smb2_com_transform_header.bif b/src/analyzer/protocol/smb/smb2_com_transform_header.bif index 1506fe3222..629ae27841 100644 --- a/src/analyzer/protocol/smb/smb2_com_transform_header.bif +++ b/src/analyzer/protocol/smb/smb2_com_transform_header.bif @@ -8,7 +8,7 @@ ## ## hdr: The parsed transformed header message, which is starting with \xfdSMB and different from SMB1 and SMB2 headers. ## -## .. bro:see:: smb2_message +## .. zeek:see:: smb2_message event smb2_transform_header%(c: connection, hdr: SMB2::Transform_header%); type SMB2::Transform_header: record; diff --git a/src/analyzer/protocol/smb/smb2_com_tree_connect.bif b/src/analyzer/protocol/smb/smb2_com_tree_connect.bif index 78978f3971..877f5b2c4c 100644 --- a/src/analyzer/protocol/smb/smb2_com_tree_connect.bif +++ b/src/analyzer/protocol/smb/smb2_com_tree_connect.bif @@ -10,7 +10,7 @@ ## ## path: Path of the requested tree. ## -## .. bro:see:: smb2_message smb2_tree_connect_response +## .. zeek:see:: smb2_message smb2_tree_connect_response event smb2_tree_connect_request%(c: connection, hdr: SMB2::Header, path: string%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -25,7 +25,7 @@ event smb2_tree_connect_request%(c: connection, hdr: SMB2::Header, path: string% ## ## response: A record with more information related to the response. ## -## .. bro:see:: smb2_message smb2_tree_connect_request +## .. zeek:see:: smb2_message smb2_tree_connect_request event smb2_tree_connect_response%(c: connection, hdr: SMB2::Header, response: SMB2::TreeConnectResponse%); type SMB2::TreeConnectResponse: record; diff --git a/src/analyzer/protocol/smb/smb2_com_tree_disconnect.bif b/src/analyzer/protocol/smb/smb2_com_tree_disconnect.bif index fdcd5d9d8b..6c7f3b7c2d 100644 --- a/src/analyzer/protocol/smb/smb2_com_tree_disconnect.bif +++ b/src/analyzer/protocol/smb/smb2_com_tree_disconnect.bif @@ -6,7 +6,7 @@ ## ## hdr: The parsed header of the :abbr:`SMB (Server Message Block)` version 2 message. ## -## .. bro:see:: smb2_message +## .. zeek:see:: smb2_message event smb2_tree_disconnect_request%(c: connection, hdr: SMB2::Header%); @@ -18,5 +18,5 @@ event smb2_tree_disconnect_request%(c: connection, hdr: SMB2::Header%); ## ## hdr: The parsed header of the :abbr:`SMB (Server Message Block)` version 2 message. ## -## .. bro:see:: smb2_message +## .. zeek:see:: smb2_message event smb2_tree_disconnect_response%(c: connection, hdr: SMB2::Header%); diff --git a/src/analyzer/protocol/smb/smb2_com_write.bif b/src/analyzer/protocol/smb/smb2_com_write.bif index 66dab9b077..71df322090 100644 --- a/src/analyzer/protocol/smb/smb2_com_write.bif +++ b/src/analyzer/protocol/smb/smb2_com_write.bif @@ -14,7 +14,7 @@ ## ## length: The number of bytes of the file being written. ## -## .. bro:see:: smb2_message +## .. zeek:see:: smb2_message event smb2_write_request%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, offset: count, length: count%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -29,5 +29,5 @@ event smb2_write_request%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, ## ## length: The number of bytes of the file being written. ## -## .. bro:see:: smb2_message +## .. zeek:see:: smb2_message event smb2_write_response%(c: connection, hdr: SMB2::Header, length: count%); diff --git a/src/analyzer/protocol/smb/smb2_events.bif b/src/analyzer/protocol/smb/smb2_events.bif index a8a2c439fc..7f7d6ab9db 100644 --- a/src/analyzer/protocol/smb/smb2_events.bif +++ b/src/analyzer/protocol/smb/smb2_events.bif @@ -13,5 +13,5 @@ ## ## is_orig: True if the message came from the originator side. ## -## .. bro:see:: smb1_message +## .. zeek:see:: smb1_message event smb2_message%(c: connection, hdr: SMB2::Header, is_orig: bool%); diff --git a/src/analyzer/protocol/smtp/events.bif b/src/analyzer/protocol/smtp/events.bif index 898e98e0d1..9bc9190b31 100644 --- a/src/analyzer/protocol/smtp/events.bif +++ b/src/analyzer/protocol/smtp/events.bif @@ -16,7 +16,7 @@ ## ## arg: The request command's arguments. ## -## .. bro:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash +## .. zeek:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash ## mime_end_entity mime_entity_data mime_event mime_one_header mime_segment_data ## smtp_data smtp_reply ## @@ -47,7 +47,7 @@ event smtp_request%(c: connection, is_orig: bool, command: string, arg: string%) ## line. If so, further events will be raised and a handler may want to ## reassemble the pieces before processing the response any further. ## -## .. bro:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash +## .. zeek:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash ## mime_end_entity mime_entity_data mime_event mime_one_header mime_segment_data ## smtp_data smtp_request ## @@ -70,7 +70,7 @@ event smtp_reply%(c: connection, is_orig: bool, code: count, cmd: string, msg: s ## data: The raw data. Note that the size of each chunk is undefined and ## depends on specifics of the underlying TCP connection. ## -## .. bro:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash +## .. zeek:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash ## mime_end_entity mime_entity_data mime_event mime_one_header mime_segment_data ## smtp_reply smtp_request skip_smtp_data ## @@ -96,7 +96,7 @@ event smtp_data%(c: connection, is_orig: bool, data: string%); ## ## detail: The actual SMTP line triggering the event. ## -## .. bro:see:: smtp_data smtp_request smtp_reply +## .. zeek:see:: smtp_data smtp_request smtp_reply event smtp_unexpected%(c: connection, is_orig: bool, msg: string, detail: string%); ## Generated if a connection switched to using TLS using STARTTLS or X-ANONYMOUSTLS. diff --git a/src/analyzer/protocol/smtp/functions.bif b/src/analyzer/protocol/smtp/functions.bif index 8630685096..a5670c7d64 100644 --- a/src/analyzer/protocol/smtp/functions.bif +++ b/src/analyzer/protocol/smtp/functions.bif @@ -7,7 +7,7 @@ ## ## c: The SMTP connection. ## -## .. bro:see:: skip_http_entity_data +## .. zeek:see:: skip_http_entity_data function skip_smtp_data%(c: connection%): any %{ analyzer::Analyzer* sa = c->FindAnalyzer("SMTP"); diff --git a/src/analyzer/protocol/ssh/events.bif b/src/analyzer/protocol/ssh/events.bif index cb6c5e248e..6ff62e501d 100644 --- a/src/analyzer/protocol/ssh/events.bif +++ b/src/analyzer/protocol/ssh/events.bif @@ -7,7 +7,7 @@ ## ## version: The identification string ## -## .. bro:see:: ssh_client_version ssh_auth_successful ssh_auth_failed +## .. zeek:see:: ssh_client_version ssh_auth_successful ssh_auth_failed ## ssh_auth_result ssh_auth_attempted ssh_capabilities ## ssh2_server_host_key ssh1_server_host_key ssh_server_host_key ## ssh_encrypted_packet ssh2_dh_server_params ssh2_gss_error @@ -23,7 +23,7 @@ event ssh_server_version%(c: connection, version: string%); ## ## version: The identification string ## -## .. bro:see:: ssh_server_version ssh_auth_successful ssh_auth_failed +## .. zeek:see:: ssh_server_version ssh_auth_successful ssh_auth_failed ## ssh_auth_result ssh_auth_attempted ssh_capabilities ## ssh2_server_host_key ssh1_server_host_key ssh_server_host_key ## ssh_encrypted_packet ssh2_dh_server_params ssh2_gss_error @@ -44,7 +44,7 @@ event ssh_client_version%(c: connection, version: string%); ## :abbr:`SSH (Secure Shell)` protocol provides a mechanism for ## unauthenticated access, which some servers support. ## -## .. bro:see:: ssh_server_version ssh_client_version ssh_auth_failed +## .. zeek:see:: ssh_server_version ssh_client_version ssh_auth_failed ## ssh_auth_result ssh_auth_attempted ssh_capabilities ## ssh2_server_host_key ssh1_server_host_key ssh_server_host_key ## ssh_encrypted_packet ssh2_dh_server_params ssh2_gss_error @@ -74,7 +74,7 @@ event ssh_auth_successful%(c: connection, auth_method_none: bool%); ## authenticated: This is true if the analyzer detected a ## successful connection from the authentication attempt. ## -## .. bro:see:: ssh_server_version ssh_client_version +## .. zeek:see:: ssh_server_version ssh_client_version ## ssh_auth_successful ssh_auth_failed ssh_auth_result ## ssh_capabilities ssh2_server_host_key ssh1_server_host_key ## ssh_server_host_key ssh_encrypted_packet ssh2_dh_server_params @@ -96,7 +96,7 @@ event ssh_auth_attempted%(c: connection, authenticated: bool%); ## capabilities: The list of algorithms and languages that the sender ## advertises support for, in order of preference. ## -## .. bro:see:: ssh_server_version ssh_client_version +## .. zeek:see:: ssh_server_version ssh_client_version ## ssh_auth_successful ssh_auth_failed ssh_auth_result ## ssh_auth_attempted ssh2_server_host_key ssh1_server_host_key ## ssh_server_host_key ssh_encrypted_packet ssh2_dh_server_params @@ -113,7 +113,7 @@ event ssh_capabilities%(c: connection, cookie: string, capabilities: SSH::Capabi ## key: The server's public host key. Note that this is the public key ## itself, and not just the fingerprint or hash. ## -## .. bro:see:: ssh_server_version ssh_client_version +## .. zeek:see:: ssh_server_version ssh_client_version ## ssh_auth_successful ssh_auth_failed ssh_auth_result ## ssh_auth_attempted ssh_capabilities ssh1_server_host_key ## ssh_server_host_key ssh_encrypted_packet ssh2_dh_server_params @@ -131,7 +131,7 @@ event ssh2_server_host_key%(c: connection, key: string%); ## ## e: The exponent for the serer's public host key. ## -## .. bro:see:: ssh_server_version ssh_client_version +## .. zeek:see:: ssh_server_version ssh_client_version ## ssh_auth_successful ssh_auth_failed ssh_auth_result ## ssh_auth_attempted ssh_capabilities ssh2_server_host_key ## ssh_server_host_key ssh_encrypted_packet ssh2_dh_server_params @@ -141,7 +141,7 @@ event ssh1_server_host_key%(c: connection, p: string, e: string%); ## This event is generated when an :abbr:`SSH (Secure Shell)` ## encrypted packet is seen. This event is not handled by default, but ## is provided for heuristic analysis scripts. Note that you have to set -## :bro:id:`SSH::disable_analyzer_after_detection` to false to use this +## :zeek:id:`SSH::disable_analyzer_after_detection` to false to use this ## event. This carries a performance penalty. ## ## c: The connection over which the :abbr:`SSH (Secure Shell)` @@ -153,7 +153,7 @@ event ssh1_server_host_key%(c: connection, p: string, e: string%); ## len: The length of the :abbr:`SSH (Secure Shell)` payload, in ## bytes. Note that this ignores reassembly, as this is unknown. ## -## .. bro:see:: ssh_server_version ssh_client_version +## .. zeek:see:: ssh_server_version ssh_client_version ## ssh_auth_successful ssh_auth_failed ssh_auth_result ## ssh_auth_attempted ssh_capabilities ssh2_server_host_key ## ssh1_server_host_key ssh_server_host_key ssh2_dh_server_params @@ -171,7 +171,7 @@ event ssh_encrypted_packet%(c: connection, orig: bool, len: count%); ## ## q: The DH generator. ## -## .. bro:see:: ssh_server_version ssh_client_version +## .. zeek:see:: ssh_server_version ssh_client_version ## ssh_auth_successful ssh_auth_failed ssh_auth_result ## ssh_auth_attempted ssh_capabilities ssh2_server_host_key ## ssh1_server_host_key ssh_server_host_key ssh_encrypted_packet @@ -191,7 +191,7 @@ event ssh2_dh_server_params%(c: connection, p: string, q: string%); ## ## err_msg: Detailed human-readable error message ## -## .. bro:see:: ssh_server_version ssh_client_version +## .. zeek:see:: ssh_server_version ssh_client_version ## ssh_auth_successful ssh_auth_failed ssh_auth_result ## ssh_auth_attempted ssh_capabilities ssh2_server_host_key ## ssh1_server_host_key ssh_server_host_key ssh_encrypted_packet @@ -211,7 +211,7 @@ event ssh2_gss_error%(c: connection, major_status: count, minor_status: count, e ## ## q: The ephemeral public key ## -## .. bro:see:: ssh_server_version ssh_client_version +## .. zeek:see:: ssh_server_version ssh_client_version ## ssh_auth_successful ssh_auth_failed ssh_auth_result ## ssh_auth_attempted ssh_capabilities ssh2_server_host_key ## ssh1_server_host_key ssh_server_host_key ssh_encrypted_packet diff --git a/src/analyzer/protocol/ssl/events.bif b/src/analyzer/protocol/ssl/events.bif index 2ef675554f..03a2a93868 100644 --- a/src/analyzer/protocol/ssl/events.bif +++ b/src/analyzer/protocol/ssl/events.bif @@ -10,7 +10,7 @@ ## ## version: The protocol version as extracted from the client's message. The ## values are standardized as part of the SSL/TLS protocol. The -## :bro:id:`SSL::version_strings` table maps them to descriptive names. +## :zeek:id:`SSL::version_strings` table maps them to descriptive names. ## ## record_version: TLS version given in the record layer of the message. ## Set to 0 for SSLv2. @@ -25,12 +25,12 @@ ## ## ciphers: The list of ciphers the client offered to use. The values are ## standardized as part of the SSL/TLS protocol. The -## :bro:id:`SSL::cipher_desc` table maps them to descriptive names. +## :zeek:id:`SSL::cipher_desc` table maps them to descriptive names. ## ## comp_methods: The list of compression methods that the client offered to use. ## This value is not sent in TLSv1.3 or SSLv2. ## -## .. bro:see:: ssl_alert ssl_established ssl_extension ssl_server_hello +## .. zeek:see:: ssl_alert ssl_established ssl_extension ssl_server_hello ## ssl_session_ticket_handshake x509_certificate ssl_handshake_message ## ssl_change_cipher_spec ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params @@ -49,7 +49,7 @@ event ssl_client_hello%(c: connection, version: count, record_version: count, po ## ## version: The protocol version as extracted from the server's message. ## The values are standardized as part of the SSL/TLS protocol. The -## :bro:id:`SSL::version_strings` table maps them to descriptive names. +## :zeek:id:`SSL::version_strings` table maps them to descriptive names. ## ## record_version: TLS version given in the record layer of the message. ## Set to 0 for SSLv2. @@ -65,14 +65,14 @@ event ssl_client_hello%(c: connection, version: count, record_version: count, po ## the connection-id is returned. ## ## cipher: The cipher chosen by the server. The values are standardized as part -## of the SSL/TLS protocol. The :bro:id:`SSL::cipher_desc` table maps +## of the SSL/TLS protocol. The :zeek:id:`SSL::cipher_desc` table maps ## them to descriptive names. ## ## comp_method: The compression method chosen by the client. The values are ## standardized as part of the SSL/TLS protocol. This value is not ## sent in TLSv1.3 or SSLv2. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_extension +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_extension ## ssl_session_ticket_handshake x509_certificate ssl_server_curve ## ssl_dh_server_params ssl_handshake_message ssl_change_cipher_spec ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params @@ -91,12 +91,12 @@ event ssl_server_hello%(c: connection, version: count, record_version: count, po ## is_orig: True if event is raised for originator side of the connection. ## ## code: The numerical code of the extension. The values are standardized as -## part of the SSL/TLS protocol. The :bro:id:`SSL::extensions` table maps +## part of the SSL/TLS protocol. The :zeek:id:`SSL::extensions` table maps ## them to descriptive names. ## ## val: The raw extension value that was sent in the message. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension_ec_point_formats ## ssl_extension_elliptic_curves ssl_extension_application_layer_protocol_negotiation ## ssl_extension_server_name ssl_extension_signature_algorithm ssl_extension_key_share @@ -113,7 +113,7 @@ event ssl_extension%(c: connection, is_orig: bool, code: count, val: string%); ## ## curves: List of supported elliptic curves. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_ec_point_formats ssl_extension_application_layer_protocol_negotiation ## ssl_extension_server_name ssl_server_curve ssl_extension_signature_algorithm @@ -133,7 +133,7 @@ event ssl_extension_elliptic_curves%(c: connection, is_orig: bool, curves: index ## ## point_formats: List of supported point formats. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_elliptic_curves ssl_extension_application_layer_protocol_negotiation ## ssl_extension_server_name ssl_server_curve ssl_extension_signature_algorithm @@ -154,7 +154,7 @@ event ssl_extension_ec_point_formats%(c: connection, is_orig: bool, point_format ## ## signature_algorithms: List of supported signature and hash algorithm pairs. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_elliptic_curves ssl_extension_application_layer_protocol_negotiation ## ssl_extension_server_name ssl_server_curve ssl_extension_key_share @@ -173,7 +173,7 @@ event ssl_extension_signature_algorithm%(c: connection, is_orig: bool, signature ## ## curves: List of supported/chosen named groups. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_elliptic_curves ssl_extension_application_layer_protocol_negotiation ## ssl_extension_server_name ssl_server_curve @@ -193,7 +193,7 @@ event ssl_extension_key_share%(c: connection, is_orig: bool, curves: index_vec%) ## .. note:: This event is deprecated and superseded by the ssl_ecdh_server_params ## event. This event will be removed in a future version of Bro. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_elliptic_curves ssl_extension_application_layer_protocol_negotiation ## ssl_extension_server_name ssl_extension_key_share @@ -212,7 +212,7 @@ event ssl_server_curve%(c: connection, curve: count%) &deprecated; ## ## point: The server's ECDH public key. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_server_curve ssl_server_signature ## ssl_dh_client_params ssl_ecdh_client_params ssl_rsa_client_pms event ssl_ecdh_server_params%(c: connection, curve: count, point: string%); @@ -229,7 +229,7 @@ event ssl_ecdh_server_params%(c: connection, curve: count, point: string%); ## ## Ys: The server's DH public key. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_server_curve ssl_server_signature ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params ## ssl_rsa_client_pms @@ -252,7 +252,7 @@ event ssl_dh_server_params%(c: connection, p: string, q: string, Ys: string%); ## corresponding to the certified public key in the server's certificate ## message is used for signing. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_server_curve ssl_rsa_client_pms ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params event ssl_server_signature%(c: connection, signature_and_hashalgorithm: SSL::SignatureAndHashAlgorithm, signature: string%); @@ -265,7 +265,7 @@ event ssl_server_signature%(c: connection, signature_and_hashalgorithm: SSL::Sig ## ## point: The client's ECDH public key. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_server_curve ssl_server_signature ## ssl_dh_client_params ssl_ecdh_server_params ssl_rsa_client_pms event ssl_ecdh_client_params%(c: connection, point: string%); @@ -278,7 +278,7 @@ event ssl_ecdh_client_params%(c: connection, point: string%); ## ## Yc: The client's DH public key. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_server_curve ssl_server_signature ## ssl_ecdh_server_params ssl_ecdh_client_params ssl_rsa_client_pms event ssl_dh_client_params%(c: connection, Yc: string%); @@ -291,7 +291,7 @@ event ssl_dh_client_params%(c: connection, Yc: string%); ## ## pms: The encrypted pre-master secret. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_server_curve ssl_server_signature ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params event ssl_rsa_client_pms%(c: connection, pms: string%); @@ -309,7 +309,7 @@ event ssl_rsa_client_pms%(c: connection, pms: string%); ## ## protocols: List of supported application layer protocols. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_elliptic_curves ssl_extension_ec_point_formats ## ssl_extension_server_name ssl_extension_key_share @@ -329,7 +329,7 @@ event ssl_extension_application_layer_protocol_negotiation%(c: connection, is_or ## ## names: A list of server names (DNS hostnames). ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_elliptic_curves ssl_extension_ec_point_formats ## ssl_extension_application_layer_protocol_negotiation @@ -359,7 +359,7 @@ event ssl_extension_server_name%(c: connection, is_orig: bool, names: string_vec ## ## signature: signature part of the digitally_signed struct ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_elliptic_curves ssl_extension_ec_point_formats ## ssl_extension_server_name ssl_extension_key_share @@ -379,7 +379,7 @@ event ssl_extension_signed_certificate_timestamp%(c: connection, is_orig: bool, ## ## versions: List of supported TLS versions. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_elliptic_curves ssl_extension_ec_point_formats ## ssl_extension_application_layer_protocol_negotiation @@ -396,7 +396,7 @@ event ssl_extension_supported_versions%(c: connection, is_orig: bool, versions: ## ## versions: List of supported Pre-Shared Key Exchange Modes. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_elliptic_curves ssl_extension_ec_point_formats ## ssl_extension_application_layer_protocol_negotiation @@ -415,7 +415,7 @@ event ssl_extension_psk_key_exchange_modes%(c: connection, is_orig: bool, modes: ## ## c: The connection. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_extension ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_extension ssl_server_hello ## ssl_session_ticket_handshake x509_certificate event ssl_established%(c: connection%); @@ -438,7 +438,7 @@ event ssl_established%(c: connection%); ## desc: A numerical value identifying the cause of the *alert*. The values are ## defined as part of the SSL/TLS protocol. ## -## .. bro:see:: ssl_client_hello ssl_established ssl_extension ssl_server_hello +## .. zeek:see:: ssl_client_hello ssl_established ssl_extension ssl_server_hello ## ssl_session_ticket_handshake event ssl_alert%(c: connection, is_orig: bool, level: count, desc: count%); @@ -459,7 +459,7 @@ event ssl_alert%(c: connection, is_orig: bool, level: count, desc: count%); ## ## ticket: The raw ticket data. ## -## .. bro:see:: ssl_client_hello ssl_established ssl_extension ssl_server_hello +## .. zeek:see:: ssl_client_hello ssl_established ssl_extension ssl_server_hello ## ssl_alert event ssl_session_ticket_handshake%(c: connection, ticket_lifetime_hint: count, ticket: string%); @@ -481,7 +481,7 @@ event ssl_session_ticket_handshake%(c: connection, ticket_lifetime_hint: count, ## payload: payload contained in the heartbeat message. Size can differ from ## payload_length, if payload_length and actual packet length disagree. ## -## .. bro:see:: ssl_client_hello ssl_established ssl_extension ssl_server_hello +## .. zeek:see:: ssl_client_hello ssl_established ssl_extension ssl_server_hello ## ssl_alert ssl_encrypted_data event ssl_heartbeat%(c: connection, is_orig: bool, length: count, heartbeat_type: count, payload_length: count, payload: string%); @@ -504,14 +504,14 @@ event ssl_heartbeat%(c: connection, is_orig: bool, length: count, heartbeat_type ## ## length: length of the entire message. ## -## .. bro:see:: ssl_client_hello ssl_established ssl_extension ssl_server_hello +## .. zeek:see:: ssl_client_hello ssl_established ssl_extension ssl_server_hello ## ssl_alert ssl_heartbeat event ssl_plaintext_data%(c: connection, is_orig: bool, record_version: count, content_type: count, length: count%); ## Generated for SSL/TLS messages that are sent after session encryption ## started. ## -## Note that :bro:id:`SSL::disable_analyzer_after_detection` has to be changed +## Note that :zeek:id:`SSL::disable_analyzer_after_detection` has to be changed ## from its default to false for this event to be generated. ## ## c: The connection. @@ -526,7 +526,7 @@ event ssl_plaintext_data%(c: connection, is_orig: bool, record_version: count, c ## ## length: length of the entire message. ## -## .. bro:see:: ssl_client_hello ssl_established ssl_extension ssl_server_hello +## .. zeek:see:: ssl_client_hello ssl_established ssl_extension ssl_server_hello ## ssl_alert ssl_heartbeat event ssl_encrypted_data%(c: connection, is_orig: bool, record_version: count, content_type: count, length: count%); @@ -551,7 +551,7 @@ event ssl_stapled_ocsp%(c: connection, is_orig: bool, response: string%); ## ## length: Length of the handshake message that was seen. ## -## .. bro:see:: ssl_alert ssl_established ssl_extension ssl_server_hello +## .. zeek:see:: ssl_alert ssl_established ssl_extension ssl_server_hello ## ssl_session_ticket_handshake x509_certificate ssl_client_hello ## ssl_change_cipher_spec event ssl_handshake_message%(c: connection, is_orig: bool, msg_type: count, length: count%); @@ -563,7 +563,7 @@ event ssl_handshake_message%(c: connection, is_orig: bool, msg_type: count, leng ## ## is_orig: True if event is raised for originator side of the connection. ## -## .. bro:see:: ssl_alert ssl_established ssl_extension ssl_server_hello +## .. zeek:see:: ssl_alert ssl_established ssl_extension ssl_server_hello ## ssl_session_ticket_handshake x509_certificate ssl_client_hello ## ssl_handshake_message event ssl_change_cipher_spec%(c: connection, is_orig: bool%); diff --git a/src/analyzer/protocol/tcp/events.bif b/src/analyzer/protocol/tcp/events.bif index 5e862317b1..72cf44c243 100644 --- a/src/analyzer/protocol/tcp/events.bif +++ b/src/analyzer/protocol/tcp/events.bif @@ -5,7 +5,7 @@ ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_established connection_external connection_finished ## connection_first_ACK connection_half_finished connection_partial_close ## connection_pending connection_rejected connection_reset connection_reused @@ -15,13 +15,13 @@ event new_connection_contents%(c: connection%); ## Generated for an unsuccessful connection attempt. This event is raised when ## an originator unsuccessfully attempted to establish a connection. -## "Unsuccessful" is defined as at least :bro:id:`tcp_attempt_delay` seconds +## "Unsuccessful" is defined as at least :zeek:id:`tcp_attempt_delay` seconds ## having elapsed since the originator first sent a connection establishment ## packet to the destination without seeing a reply. ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_established +## .. zeek:see:: connection_EOF connection_SYN_packet connection_established ## connection_external connection_finished connection_first_ACK ## connection_half_finished connection_partial_close connection_pending ## connection_rejected connection_reset connection_reused connection_state_remove @@ -31,15 +31,15 @@ event connection_attempt%(c: connection%); ## Generated when seeing a SYN-ACK packet from the responder in a TCP ## handshake. An associated SYN packet was not seen from the originator -## side if its state is not set to :bro:see:`TCP_ESTABLISHED`. +## side if its state is not set to :zeek:see:`TCP_ESTABLISHED`. ## The final ACK of the handshake in response to SYN-ACK may ## or may not occur later, one way to tell is to check the *history* field of -## :bro:type:`connection` to see if the originator sent an ACK, indicated by +## :zeek:type:`connection` to see if the originator sent an ACK, indicated by ## 'A' in the history string. ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_external connection_finished connection_first_ACK ## connection_half_finished connection_partial_close connection_pending ## connection_rejected connection_reset connection_reused connection_state_remove @@ -54,7 +54,7 @@ event connection_established%(c: connection%); ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_established connection_external connection_finished ## connection_first_ACK connection_half_finished connection_partial_close ## connection_pending connection_rejected connection_reset connection_reused @@ -66,12 +66,12 @@ event partial_connection%(c: connection%); ## Generated when a previously inactive endpoint attempts to close a TCP ## connection via a normal FIN handshake or an abort RST sequence. When the ## endpoint sent one of these packets, Bro waits -## :bro:id:`tcp_partial_close_delay` prior to generating the event, to give +## :zeek:id:`tcp_partial_close_delay` prior to generating the event, to give ## the other endpoint a chance to close the connection normally. ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_established connection_external connection_finished ## connection_first_ACK connection_half_finished connection_pending ## connection_rejected connection_reset connection_reused connection_state_remove @@ -84,7 +84,7 @@ event connection_partial_close%(c: connection%); ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_established connection_external connection_first_ACK ## connection_half_finished connection_partial_close connection_pending ## connection_rejected connection_reset connection_reused connection_state_remove @@ -98,7 +98,7 @@ event connection_finished%(c: connection%); ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_established connection_external connection_finished ## connection_first_ACK connection_partial_close connection_pending ## connection_rejected connection_reset connection_reused connection_state_remove @@ -112,7 +112,7 @@ event connection_half_finished%(c: connection%); ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_established connection_external connection_finished ## connection_first_ACK connection_half_finished connection_partial_close ## connection_pending connection_reset connection_reused connection_state_remove @@ -121,10 +121,10 @@ event connection_half_finished%(c: connection%); ## ## .. note:: ## -## If the responder does not respond at all, :bro:id:`connection_attempt` is +## If the responder does not respond at all, :zeek:id:`connection_attempt` is ## raised instead. If the responder initially accepts the connection but -## aborts it later, Bro first generates :bro:id:`connection_established` -## and then :bro:id:`connection_reset`. +## aborts it later, Bro first generates :zeek:id:`connection_established` +## and then :zeek:id:`connection_reset`. event connection_rejected%(c: connection%); ## Generated when an endpoint aborted a TCP connection. The event is raised @@ -133,7 +133,7 @@ event connection_rejected%(c: connection%); ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_established connection_external connection_finished ## connection_first_ACK connection_half_finished connection_partial_close ## connection_pending connection_rejected connection_reused @@ -146,7 +146,7 @@ event connection_reset%(c: connection%); ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_established connection_external connection_finished ## connection_first_ACK connection_half_finished connection_partial_close ## connection_rejected connection_reset connection_reused connection_state_remove @@ -161,7 +161,7 @@ event connection_pending%(c: connection%); ## ## pkt: Information extracted from the SYN packet. ## -## .. bro:see:: connection_EOF connection_attempt connection_established +## .. zeek:see:: connection_EOF connection_attempt connection_established ## connection_external connection_finished connection_first_ACK ## connection_half_finished connection_partial_close connection_pending ## connection_rejected connection_reset connection_reused connection_state_remove @@ -182,7 +182,7 @@ event connection_SYN_packet%(c: connection, pkt: SYN_packet%); ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_established connection_external connection_finished ## connection_half_finished connection_partial_close connection_pending ## connection_rejected connection_reset connection_reused connection_state_remove @@ -202,7 +202,7 @@ event connection_first_ACK%(c: connection%); ## ## is_orig: True if the event is raised for the originator side. ## -## .. bro:see:: connection_SYN_packet connection_attempt connection_established +## .. zeek:see:: connection_SYN_packet connection_attempt connection_established ## connection_external connection_finished connection_first_ACK ## connection_half_finished connection_partial_close connection_pending ## connection_rejected connection_reset connection_reused connection_state_remove @@ -213,7 +213,7 @@ event connection_EOF%(c: connection, is_orig: bool%); ## Generated for every TCP packet. This is a very low-level and expensive event ## that should be avoided when at all possible. It's usually infeasible to ## handle when processing even medium volumes of traffic in real-time. It's -## slightly better than :bro:id:`new_packet` because it affects only TCP, but +## slightly better than :zeek:id:`new_packet` because it affects only TCP, but ## not much. That said, if you work from a trace and want to do some ## packet-level analysis, it may come in handy. ## @@ -235,7 +235,7 @@ event connection_EOF%(c: connection, is_orig: bool%); ## payload: The raw TCP payload. Note that this may be shorter than *len* if ## the packet was not fully captured. ## -## .. bro:see:: new_packet packet_contents tcp_option tcp_contents tcp_rexmit +## .. zeek:see:: new_packet packet_contents tcp_option tcp_contents tcp_rexmit event tcp_packet%(c: connection, is_orig: bool, flags: string, seq: count, ack: count, len: count, payload: string%); ## Generated for each option found in a TCP header. Like many of the ``tcp_*`` @@ -250,16 +250,16 @@ event tcp_packet%(c: connection, is_orig: bool, flags: string, seq: count, ack: ## ## optlen: The length of the options value. ## -## .. bro:see:: tcp_packet tcp_contents tcp_rexmit +## .. zeek:see:: tcp_packet tcp_contents tcp_rexmit ## ## .. note:: There is currently no way to get the actual option value, if any. event tcp_option%(c: connection, is_orig: bool, opt: count, optlen: count%); ## Generated for each chunk of reassembled TCP payload. When content delivery is -## enabled for a TCP connection (via :bro:id:`tcp_content_delivery_ports_orig`, -## :bro:id:`tcp_content_delivery_ports_resp`, -## :bro:id:`tcp_content_deliver_all_orig`, -## :bro:id:`tcp_content_deliver_all_resp`), this event is raised for each chunk +## enabled for a TCP connection (via :zeek:id:`tcp_content_delivery_ports_orig`, +## :zeek:id:`tcp_content_delivery_ports_resp`, +## :zeek:id:`tcp_content_deliver_all_orig`, +## :zeek:id:`tcp_content_deliver_all_resp`), this event is raised for each chunk ## of in-order payload reconstructed from the packet stream. Note that this ## event is potentially expensive if many connections carry significant amounts ## of data as then all that data needs to be passed on to the scripting layer. @@ -273,7 +273,7 @@ event tcp_option%(c: connection, is_orig: bool, opt: count, optlen: count%); ## ## contents: The raw payload, which will be non-empty. ## -## .. bro:see:: tcp_packet tcp_option tcp_rexmit +## .. zeek:see:: tcp_packet tcp_option tcp_rexmit ## tcp_content_delivery_ports_orig tcp_content_delivery_ports_resp ## tcp_content_deliver_all_resp tcp_content_deliver_all_orig ## @@ -299,7 +299,7 @@ event tcp_rexmit%(c: connection, is_orig: bool, seq: count, len: count, data_in_ ## ## threshold: the threshold that was crossed ## -## .. bro:see:: udp_multiple_checksum_errors +## .. zeek:see:: udp_multiple_checksum_errors ## tcp_multiple_zero_windows tcp_multiple_retransmissions tcp_multiple_gap event tcp_multiple_checksum_errors%(c: connection, is_orig: bool, threshold: count%); @@ -312,7 +312,7 @@ event tcp_multiple_checksum_errors%(c: connection, is_orig: bool, threshold: cou ## ## threshold: the threshold that was crossed ## -## .. bro:see:: tcp_multiple_checksum_errors tcp_multiple_retransmissions tcp_multiple_gap +## .. zeek:see:: tcp_multiple_checksum_errors tcp_multiple_retransmissions tcp_multiple_gap event tcp_multiple_zero_windows%(c: connection, is_orig: bool, threshold: count%); ## Generated if a TCP flow crosses a retransmission threshold, per @@ -324,7 +324,7 @@ event tcp_multiple_zero_windows%(c: connection, is_orig: bool, threshold: count% ## ## threshold: the threshold that was crossed ## -## .. bro:see:: tcp_multiple_checksum_errors tcp_multiple_zero_windows tcp_multiple_gap +## .. zeek:see:: tcp_multiple_checksum_errors tcp_multiple_zero_windows tcp_multiple_gap event tcp_multiple_retransmissions%(c: connection, is_orig: bool, threshold: count%); ## Generated if a TCP flow crosses a gap threshold, per 'G'/'g' history @@ -336,7 +336,7 @@ event tcp_multiple_retransmissions%(c: connection, is_orig: bool, threshold: cou ## ## threshold: the threshold that was crossed ## -## .. bro:see:: tcp_multiple_checksum_errors tcp_multiple_zero_windows tcp_multiple_retransmissions +## .. zeek:see:: tcp_multiple_checksum_errors tcp_multiple_zero_windows tcp_multiple_retransmissions event tcp_multiple_gap%(c: connection, is_orig: bool, threshold: count%); ## Generated when failing to write contents of a TCP stream to a file. @@ -347,5 +347,5 @@ event tcp_multiple_gap%(c: connection, is_orig: bool, threshold: count%); ## ## msg: A reason or description for the failure. ## -## .. bro:see:: set_contents_file get_contents_file +## .. zeek:see:: set_contents_file get_contents_file event contents_file_write_failure%(c: connection, is_orig: bool, msg: string%); diff --git a/src/analyzer/protocol/tcp/functions.bif b/src/analyzer/protocol/tcp/functions.bif index 90c3e5ae2a..4aa218991e 100644 --- a/src/analyzer/protocol/tcp/functions.bif +++ b/src/analyzer/protocol/tcp/functions.bif @@ -12,7 +12,7 @@ ## Returns: The highest sequence number sent by a connection's originator, or 0 ## if *cid* does not point to an active TCP connection. ## -## .. bro:see:: get_resp_seq +## .. zeek:see:: get_resp_seq function get_orig_seq%(cid: conn_id%): count %{ Connection* c = sessions->FindConnection(cid); @@ -41,7 +41,7 @@ function get_orig_seq%(cid: conn_id%): count ## Returns: The highest sequence number sent by a connection's responder, or 0 ## if *cid* does not point to an active TCP connection. ## -## .. bro:see:: get_orig_seq +## .. zeek:see:: get_orig_seq function get_resp_seq%(cid: conn_id%): count %{ Connection* c = sessions->FindConnection(cid); @@ -89,9 +89,9 @@ function get_resp_seq%(cid: conn_id%): count ## contents of individual packets. Reordering and duplicates are ## removed. If any data is missing, the recording stops at the ## missing data; this can happen, e.g., due to an -## :bro:id:`content_gap` event. +## :zeek:id:`content_gap` event. ## -## .. bro:see:: get_contents_file set_record_packets contents_file_write_failure +## .. zeek:see:: get_contents_file set_record_packets contents_file_write_failure function set_contents_file%(cid: conn_id, direction: count, f: file%): bool %{ Connection* c = sessions->FindConnection(cid); @@ -107,14 +107,14 @@ function set_contents_file%(cid: conn_id, direction: count, f: file%): bool ## cid: The connection ID. ## ## direction: Controls what sides of the connection to record. See -## :bro:id:`set_contents_file` for possible values. +## :zeek:id:`set_contents_file` for possible values. ## -## Returns: The :bro:type:`file` handle for the contents file of the +## Returns: The :zeek:type:`file` handle for the contents file of the ## connection identified by *cid*. If the connection exists ## but there is no contents file for *direction*, then the function ## generates an error and returns a file handle to ``stderr``. ## -## .. bro:see:: set_contents_file set_record_packets contents_file_write_failure +## .. zeek:see:: set_contents_file set_record_packets contents_file_write_failure function get_contents_file%(cid: conn_id, direction: count%): file %{ Connection* c = sessions->FindConnection(cid); diff --git a/src/analyzer/protocol/teredo/events.bif b/src/analyzer/protocol/teredo/events.bif index 62bc7d06cd..080eb1bf6e 100644 --- a/src/analyzer/protocol/teredo/events.bif +++ b/src/analyzer/protocol/teredo/events.bif @@ -5,7 +5,7 @@ ## ## inner: The Teredo-encapsulated IPv6 packet header and transport header. ## -## .. bro:see:: teredo_authentication teredo_origin_indication teredo_bubble +## .. zeek:see:: teredo_authentication teredo_origin_indication teredo_bubble ## ## .. note:: Since this event may be raised on a per-packet basis, handling ## it may become particularly expensive for real-time analysis. @@ -19,7 +19,7 @@ event teredo_packet%(outer: connection, inner: teredo_hdr%); ## ## inner: The Teredo-encapsulated IPv6 packet header and transport header. ## -## .. bro:see:: teredo_packet teredo_origin_indication teredo_bubble +## .. zeek:see:: teredo_packet teredo_origin_indication teredo_bubble ## ## .. note:: Since this event may be raised on a per-packet basis, handling ## it may become particularly expensive for real-time analysis. @@ -33,21 +33,21 @@ event teredo_authentication%(outer: connection, inner: teredo_hdr%); ## ## inner: The Teredo-encapsulated IPv6 packet header and transport header. ## -## .. bro:see:: teredo_packet teredo_authentication teredo_bubble +## .. zeek:see:: teredo_packet teredo_authentication teredo_bubble ## ## .. note:: Since this event may be raised on a per-packet basis, handling ## it may become particularly expensive for real-time analysis. event teredo_origin_indication%(outer: connection, inner: teredo_hdr%); ## Generated for Teredo bubble packets. That is, IPv6 packets encapsulated -## in a Teredo tunnel that have a Next Header value of :bro:id:`IPPROTO_NONE`. +## in a Teredo tunnel that have a Next Header value of :zeek:id:`IPPROTO_NONE`. ## See :rfc:`4380` for more information about the Teredo protocol. ## ## outer: The Teredo tunnel connection. ## ## inner: The Teredo-encapsulated IPv6 packet header and transport header. ## -## .. bro:see:: teredo_packet teredo_authentication teredo_origin_indication +## .. zeek:see:: teredo_packet teredo_authentication teredo_origin_indication ## ## .. note:: Since this event may be raised on a per-packet basis, handling ## it may become particularly expensive for real-time analysis. diff --git a/src/analyzer/protocol/udp/events.bif b/src/analyzer/protocol/udp/events.bif index afcace330b..60326bf601 100644 --- a/src/analyzer/protocol/udp/events.bif +++ b/src/analyzer/protocol/udp/events.bif @@ -4,7 +4,7 @@ ## ## u: The connection record for the corresponding UDP flow. ## -## .. bro:see:: udp_contents udp_reply udp_session_done +## .. zeek:see:: udp_contents udp_reply udp_session_done event udp_request%(u: connection%); ## Generated for each packet sent by a UDP flow's responder. This a potentially @@ -13,17 +13,17 @@ event udp_request%(u: connection%); ## ## u: The connection record for the corresponding UDP flow. ## -## .. bro:see:: udp_contents udp_request udp_session_done +## .. zeek:see:: udp_contents udp_request udp_session_done event udp_reply%(u: connection%); ## Generated for UDP packets to pass on their payload. As the number of UDP ## packets can be very large, this event is normally raised only for those on -## ports configured in :bro:id:`udp_content_delivery_ports_orig` (for packets -## sent by the flow's originator) or :bro:id:`udp_content_delivery_ports_resp` +## ports configured in :zeek:id:`udp_content_delivery_ports_orig` (for packets +## sent by the flow's originator) or :zeek:id:`udp_content_delivery_ports_resp` ## (for packets sent by the flow's responder). However, delivery can be enabled ## for all UDP request and reply packets by setting -## :bro:id:`udp_content_deliver_all_orig` or -## :bro:id:`udp_content_deliver_all_resp`, respectively. Note that this +## :zeek:id:`udp_content_deliver_all_orig` or +## :zeek:id:`udp_content_deliver_all_resp`, respectively. Note that this ## event is also raised for all matching UDP packets, including empty ones. ## ## u: The connection record for the corresponding UDP flow. @@ -32,7 +32,7 @@ event udp_reply%(u: connection%); ## ## contents: TODO. ## -## .. bro:see:: udp_reply udp_request udp_session_done +## .. zeek:see:: udp_reply udp_request udp_session_done ## udp_content_deliver_all_orig udp_content_deliver_all_resp ## udp_content_delivery_ports_orig udp_content_delivery_ports_resp event udp_contents%(u: connection, is_orig: bool, contents: string%); @@ -46,6 +46,6 @@ event udp_contents%(u: connection, is_orig: bool, contents: string%); ## ## threshold: the threshold that was crossed ## -## .. bro:see:: udp_reply udp_request udp_session_done +## .. zeek:see:: udp_reply udp_request udp_session_done ## tcp_multiple_checksum_errors event udp_multiple_checksum_errors%(u: connection, is_orig: bool, threshold: count%); diff --git a/src/bro.bif b/src/bro.bif index 4440f823c7..7493d5618b 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -303,7 +303,7 @@ static int next_fmt(const char*& fmt, val_list* args, ODesc* d, int& n) ## Returns the current wall-clock time. ## -## In general, you should use :bro:id:`network_time` instead +## In general, you should use :zeek:id:`network_time` instead ## unless you are using Bro for non-networking uses (such as general ## scripting; not particularly recommended), because otherwise your script ## may behave very differently on live traffic versus played-back traffic @@ -311,7 +311,7 @@ static int next_fmt(const char*& fmt, val_list* args, ODesc* d, int& n) ## ## Returns: The wall-clock time. ## -## .. bro:see:: network_time +## .. zeek:see:: network_time function current_time%(%): time %{ return new Val(current_time(), TYPE_TIME); @@ -323,7 +323,7 @@ function current_time%(%): time ## ## Returns: The timestamp of the packet processed. ## -## .. bro:see:: current_time +## .. zeek:see:: current_time function network_time%(%): time %{ return new Val(network_time, TYPE_TIME); @@ -336,7 +336,7 @@ function network_time%(%): time ## Returns: The system environment variable identified by *var*, or an empty ## string if it is not defined. ## -## .. bro:see:: setenv +## .. zeek:see:: setenv function getenv%(var: string%): string %{ const char* env_val = getenv(var->CheckString()); @@ -353,7 +353,7 @@ function getenv%(var: string%): string ## ## Returns: True on success. ## -## .. bro:see:: getenv +## .. zeek:see:: getenv function setenv%(var: string, val: string%): bool %{ int result = setenv(var->AsString()->CheckString(), @@ -368,7 +368,7 @@ function setenv%(var: string, val: string%): bool ## ## code: The exit code to return with. ## -## .. bro:see:: terminate +## .. zeek:see:: terminate function exit%(code: int%): any %{ exit(code); @@ -380,7 +380,7 @@ function exit%(code: int%): any ## Returns: True after successful termination and false when Bro is still in ## the process of shutting down. ## -## .. bro:see:: exit bro_is_terminating +## .. zeek:see:: exit bro_is_terminating function terminate%(%): bool %{ if ( terminating ) @@ -446,7 +446,7 @@ static int do_system(const char* s) ## ## Returns: The return value from the OS ``system`` function. ## -## .. bro:see:: system_env safe_shell_quote piped_exec +## .. zeek:see:: system_env safe_shell_quote piped_exec ## ## .. note:: ## @@ -461,18 +461,18 @@ function system%(str: string%): int %} ## Invokes a command via the ``system`` function of the OS with a prepared -## environment. The function is essentially the same as :bro:id:`system`, +## environment. The function is essentially the same as :zeek:id:`system`, ## but changes the environment before invoking the command. ## ## str: The command to execute. ## -## env: A :bro:type:`table` with the environment variables in the form +## env: A :zeek:type:`table` with the environment variables in the form ## of key-value pairs. Each specified environment variable name ## will be automatically prepended with ``BRO_ARG_``. ## ## Returns: The return value from the OS ``system`` function. ## -## .. bro:see:: system safe_shell_quote piped_exec +## .. zeek:see:: system safe_shell_quote piped_exec function system_env%(str: string, env: table_string_of_string%): int %{ if ( env->Type()->Tag() != TYPE_TABLE ) @@ -500,7 +500,7 @@ function system_env%(str: string, env: table_string_of_string%): int ## ## Returns: True on success. ## -## .. bro:see:: system system_env +## .. zeek:see:: system system_env function piped_exec%(program: string, to_write: string%): bool %{ const char* prog = program->CheckString(); @@ -536,14 +536,14 @@ function piped_exec%(program: string, to_write: string%): bool ## ## Returns: The MD5 hash value of the concatenated arguments. ## -## .. bro:see:: md5_hmac md5_hash_init md5_hash_update md5_hash_finish +## .. zeek:see:: md5_hmac md5_hash_init md5_hash_update md5_hash_finish ## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish ## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish ## ## .. note:: ## ## This function performs a one-shot computation of its arguments. -## For incremental hash computation, see :bro:id:`md5_hash_init` and +## For incremental hash computation, see :zeek:id:`md5_hash_init` and ## friends. function md5_hash%(...%): string %{ @@ -556,14 +556,14 @@ function md5_hash%(...%): string ## ## Returns: The SHA1 hash value of the concatenated arguments. ## -## .. bro:see:: md5_hash md5_hmac md5_hash_init md5_hash_update md5_hash_finish +## .. zeek:see:: md5_hash md5_hmac md5_hash_init md5_hash_update md5_hash_finish ## sha1_hash_init sha1_hash_update sha1_hash_finish ## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish ## ## .. note:: ## ## This function performs a one-shot computation of its arguments. -## For incremental hash computation, see :bro:id:`sha1_hash_init` and +## For incremental hash computation, see :zeek:id:`sha1_hash_init` and ## friends. function sha1_hash%(...%): string %{ @@ -576,14 +576,14 @@ function sha1_hash%(...%): string ## ## Returns: The SHA256 hash value of the concatenated arguments. ## -## .. bro:see:: md5_hash md5_hmac md5_hash_init md5_hash_update md5_hash_finish +## .. zeek:see:: md5_hash md5_hmac md5_hash_init md5_hash_update md5_hash_finish ## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish ## sha256_hash_init sha256_hash_update sha256_hash_finish ## ## .. note:: ## ## This function performs a one-shot computation of its arguments. -## For incremental hash computation, see :bro:id:`sha256_hash_init` and +## For incremental hash computation, see :zeek:id:`sha256_hash_init` and ## friends. function sha256_hash%(...%): string %{ @@ -598,7 +598,7 @@ function sha256_hash%(...%): string ## ## Returns: The HMAC-MD5 hash value of the concatenated arguments. ## -## .. bro:see:: md5_hash md5_hash_init md5_hash_update md5_hash_finish +## .. zeek:see:: md5_hash md5_hash_init md5_hash_update md5_hash_finish ## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish ## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish function md5_hmac%(...%): string @@ -609,8 +609,8 @@ function md5_hmac%(...%): string %} ## Constructs an MD5 handle to enable incremental hash computation. You can -## feed data to the returned opaque value with :bro:id:`md5_hash_update` and -## eventually need to call :bro:id:`md5_hash_finish` to finish the computation +## feed data to the returned opaque value with :zeek:id:`md5_hash_update` and +## eventually need to call :zeek:id:`md5_hash_finish` to finish the computation ## and get the hash digest. ## ## For example, when computing incremental MD5 values of transferred files in @@ -618,12 +618,12 @@ function md5_hmac%(...%): string ## HTTP session record. Then, one would call ## ``c$http$md5_handle = md5_hash_init()`` once before invoking ## ``md5_hash_update(c$http$md5_handle, some_more_data)`` in the -## :bro:id:`http_entity_data` event handler. When all data has arrived, a call -## to :bro:id:`md5_hash_finish` returns the final hash value. +## :zeek:id:`http_entity_data` event handler. When all data has arrived, a call +## to :zeek:id:`md5_hash_finish` returns the final hash value. ## ## Returns: The opaque handle associated with this hash computation. ## -## .. bro:see:: md5_hmac md5_hash md5_hash_update md5_hash_finish +## .. zeek:see:: md5_hmac md5_hash md5_hash_update md5_hash_finish ## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish ## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish function md5_hash_init%(%): opaque of md5 @@ -634,8 +634,8 @@ function md5_hash_init%(%): opaque of md5 %} ## Constructs an SHA1 handle to enable incremental hash computation. You can -## feed data to the returned opaque value with :bro:id:`sha1_hash_update` and -## finally need to call :bro:id:`sha1_hash_finish` to finish the computation +## feed data to the returned opaque value with :zeek:id:`sha1_hash_update` and +## finally need to call :zeek:id:`sha1_hash_finish` to finish the computation ## and get the hash digest. ## ## For example, when computing incremental SHA1 values of transferred files in @@ -643,12 +643,12 @@ function md5_hash_init%(%): opaque of md5 ## HTTP session record. Then, one would call ## ``c$http$sha1_handle = sha1_hash_init()`` once before invoking ## ``sha1_hash_update(c$http$sha1_handle, some_more_data)`` in the -## :bro:id:`http_entity_data` event handler. When all data has arrived, a call -## to :bro:id:`sha1_hash_finish` returns the final hash value. +## :zeek:id:`http_entity_data` event handler. When all data has arrived, a call +## to :zeek:id:`sha1_hash_finish` returns the final hash value. ## ## Returns: The opaque handle associated with this hash computation. ## -## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish +## .. zeek:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish ## sha1_hash sha1_hash_update sha1_hash_finish ## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish function sha1_hash_init%(%): opaque of sha1 @@ -659,8 +659,8 @@ function sha1_hash_init%(%): opaque of sha1 %} ## Constructs an SHA256 handle to enable incremental hash computation. You can -## feed data to the returned opaque value with :bro:id:`sha256_hash_update` and -## finally need to call :bro:id:`sha256_hash_finish` to finish the computation +## feed data to the returned opaque value with :zeek:id:`sha256_hash_update` and +## finally need to call :zeek:id:`sha256_hash_finish` to finish the computation ## and get the hash digest. ## ## For example, when computing incremental SHA256 values of transferred files in @@ -668,12 +668,12 @@ function sha1_hash_init%(%): opaque of sha1 ## HTTP session record. Then, one would call ## ``c$http$sha256_handle = sha256_hash_init()`` once before invoking ## ``sha256_hash_update(c$http$sha256_handle, some_more_data)`` in the -## :bro:id:`http_entity_data` event handler. When all data has arrived, a call -## to :bro:id:`sha256_hash_finish` returns the final hash value. +## :zeek:id:`http_entity_data` event handler. When all data has arrived, a call +## to :zeek:id:`sha256_hash_finish` returns the final hash value. ## ## Returns: The opaque handle associated with this hash computation. ## -## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish +## .. zeek:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish ## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish ## sha256_hash sha256_hash_update sha256_hash_finish function sha256_hash_init%(%): opaque of sha256 @@ -684,7 +684,7 @@ function sha256_hash_init%(%): opaque of sha256 %} ## Updates the MD5 value associated with a given index. It is required to -## call :bro:id:`md5_hash_init` once before calling this +## call :zeek:id:`md5_hash_init` once before calling this ## function. ## ## handle: The opaque handle associated with this hash computation. @@ -693,7 +693,7 @@ function sha256_hash_init%(%): opaque of sha256 ## ## Returns: True on success. ## -## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_finish +## .. zeek:see:: md5_hmac md5_hash md5_hash_init md5_hash_finish ## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish ## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish function md5_hash_update%(handle: opaque of md5, data: string%): bool @@ -703,7 +703,7 @@ function md5_hash_update%(handle: opaque of md5, data: string%): bool %} ## Updates the SHA1 value associated with a given index. It is required to -## call :bro:id:`sha1_hash_init` once before calling this +## call :zeek:id:`sha1_hash_init` once before calling this ## function. ## ## handle: The opaque handle associated with this hash computation. @@ -712,7 +712,7 @@ function md5_hash_update%(handle: opaque of md5, data: string%): bool ## ## Returns: True on success. ## -## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish +## .. zeek:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish ## sha1_hash sha1_hash_init sha1_hash_finish ## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish function sha1_hash_update%(handle: opaque of sha1, data: string%): bool @@ -722,7 +722,7 @@ function sha1_hash_update%(handle: opaque of sha1, data: string%): bool %} ## Updates the SHA256 value associated with a given index. It is required to -## call :bro:id:`sha256_hash_init` once before calling this +## call :zeek:id:`sha256_hash_init` once before calling this ## function. ## ## handle: The opaque handle associated with this hash computation. @@ -731,7 +731,7 @@ function sha1_hash_update%(handle: opaque of sha1, data: string%): bool ## ## Returns: True on success. ## -## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish +## .. zeek:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish ## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish ## sha256_hash sha256_hash_init sha256_hash_finish function sha256_hash_update%(handle: opaque of sha256, data: string%): bool @@ -746,7 +746,7 @@ function sha256_hash_update%(handle: opaque of sha256, data: string%): bool ## ## Returns: The hash value associated with the computation of *handle*. ## -## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update +## .. zeek:see:: md5_hmac md5_hash md5_hash_init md5_hash_update ## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish ## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish function md5_hash_finish%(handle: opaque of md5%): string @@ -760,7 +760,7 @@ function md5_hash_finish%(handle: opaque of md5%): string ## ## Returns: The hash value associated with the computation of *handle*. ## -## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish +## .. zeek:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish ## sha1_hash sha1_hash_init sha1_hash_update ## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish function sha1_hash_finish%(handle: opaque of sha1%): string @@ -774,7 +774,7 @@ function sha1_hash_finish%(handle: opaque of sha1%): string ## ## Returns: The hash value associated with the computation of *handle*. ## -## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish +## .. zeek:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish ## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish ## sha256_hash sha256_hash_init sha256_hash_update function sha256_hash_finish%(handle: opaque of sha256%): string @@ -789,7 +789,7 @@ function sha256_hash_finish%(handle: opaque of sha256%): string ## ## Returns: The hashed value. ## -## .. bro:see:: hrw_weight +## .. zeek:see:: hrw_weight function fnv1a32%(input: any%): count %{ ODesc desc(DESC_BINARY); @@ -814,14 +814,14 @@ function fnv1a32%(input: any%): count ## The weight function used is the one recommended in the original ## paper: ``_. ## -## key_digest: A 32-bit digest of a key. E.g. use :bro:see:`fnv1a32` to +## key_digest: A 32-bit digest of a key. E.g. use :zeek:see:`fnv1a32` to ## produce this. ## ## site_id: A 32-bit site/node identifier. ## ## Returns: The weight value for the key/site pair. ## -## .. bro:see:: fnv1a32 +## .. zeek:see:: fnv1a32 function hrw_weight%(key_digest: count, site_id: count%): count %{ uint32 d = key_digest; @@ -845,7 +845,7 @@ function hrw_weight%(key_digest: count, site_id: count%): count ## ## Returns: a random positive integer in the interval *[0, max)*. ## -## .. bro:see:: srand +## .. zeek:see:: srand ## ## .. note:: ## @@ -857,11 +857,11 @@ function rand%(max: count%): count return val_mgr->GetCount(result); %} -## Sets the seed for subsequent :bro:id:`rand` calls. +## Sets the seed for subsequent :zeek:id:`rand` calls. ## ## seed: The seed for the PRNG. ## -## .. bro:see:: rand +## .. zeek:see:: rand ## ## .. note:: ## @@ -897,7 +897,7 @@ function syslog%(s: string%): any ## Returns: The MIME type of *data*, or "" if there was an error ## or no match. This is the strongest signature match. ## -## .. bro:see:: file_magic +## .. zeek:see:: file_magic function identify_data%(data: string, return_mime: bool &default=T%): string %{ if ( ! return_mime ) @@ -918,7 +918,7 @@ function identify_data%(data: string, return_mime: bool &default=T%): string ## ## Returns: All matching signatures, in order of strength. ## -## .. bro:see:: identify_data +## .. zeek:see:: identify_data function file_magic%(data: string%): mime_matches %{ RuleMatcher::MIME_Matches matches; @@ -965,7 +965,7 @@ function file_magic%(data: string%): mime_matches ## which each byte in the file depends upon the previous byte. ## For random sequences this value will be close to zero. ## -## .. bro:see:: entropy_test_init entropy_test_add entropy_test_finish +## .. zeek:see:: entropy_test_init entropy_test_add entropy_test_finish function find_entropy%(data: string%): entropy_test_result %{ double montepi, scc, ent, mean, chisq; @@ -987,7 +987,7 @@ function find_entropy%(data: string%): entropy_test_result ## ## Returns: An opaque handle to be used in subsequent operations. ## -## .. bro:see:: find_entropy entropy_test_add entropy_test_finish +## .. zeek:see:: find_entropy entropy_test_add entropy_test_finish function entropy_test_init%(%): opaque of entropy %{ return new EntropyVal(); @@ -1001,7 +1001,7 @@ function entropy_test_init%(%): opaque of entropy ## ## Returns: True on success. ## -## .. bro:see:: find_entropy entropy_test_add entropy_test_finish +## .. zeek:see:: find_entropy entropy_test_add entropy_test_finish function entropy_test_add%(handle: opaque of entropy, data: string%): bool %{ bool status = static_cast(handle)->Feed(data->Bytes(), @@ -1010,15 +1010,15 @@ function entropy_test_add%(handle: opaque of entropy, data: string%): bool %} ## Finishes an incremental entropy calculation. Before using this function, -## one needs to obtain an opaque handle with :bro:id:`entropy_test_init` and -## add data to it via :bro:id:`entropy_test_add`. +## one needs to obtain an opaque handle with :zeek:id:`entropy_test_init` and +## add data to it via :zeek:id:`entropy_test_add`. ## ## handle: The opaque handle representing the entropy calculation state. ## -## Returns: The result of the entropy test. See :bro:id:`find_entropy` for a +## Returns: The result of the entropy test. See :zeek:id:`find_entropy` for a ## description of the individual components. ## -## .. bro:see:: find_entropy entropy_test_init entropy_test_add +## .. zeek:see:: find_entropy entropy_test_init entropy_test_add function entropy_test_finish%(handle: opaque of entropy%): entropy_test_result %{ double montepi, scc, ent, mean, chisq; @@ -1040,7 +1040,7 @@ function entropy_test_finish%(handle: opaque of entropy%): entropy_test_result ## ## Returns: A string identifier that is unique. ## -## .. bro:see:: unique_id_from +## .. zeek:see:: unique_id_from function unique_id%(prefix: string%) : string %{ char tmp[20]; @@ -1056,7 +1056,7 @@ function unique_id%(prefix: string%) : string ## ## Returns: A string identifier that is unique. ## -## .. bro:see:: unique_id +## .. zeek:see:: unique_id function unique_id_from%(pool: int, prefix: string%) : string %{ pool += UID_POOL_CUSTOM_SCRIPT; // Make sure we don't conflict with internal pool. @@ -1181,7 +1181,7 @@ function val_size%(v: any%): count ## ## newsize: The new size of *aggr*. ## -## Returns: The old size of *aggr*, or 0 if *aggr* is not a :bro:type:`vector`. +## Returns: The old size of *aggr*, or 0 if *aggr* is not a :zeek:type:`vector`. function resize%(aggr: any, newsize: count%) : count %{ if ( aggr->Type()->Tag() != TYPE_VECTOR ) @@ -1200,7 +1200,7 @@ function resize%(aggr: any, newsize: count%) : count ## ## Returns: True if any element in *v* is true. ## -## .. bro:see:: all_set +## .. zeek:see:: all_set function any_set%(v: any%) : bool %{ if ( v->Type()->Tag() != TYPE_VECTOR || @@ -1225,7 +1225,7 @@ function any_set%(v: any%) : bool ## ## Returns: True iff all elements in *v* are true or there are no elements. ## -## .. bro:see:: any_set +## .. zeek:see:: any_set ## ## .. note:: ## @@ -1324,7 +1324,7 @@ bool indirect_unsigned_sort_function(size_t a, size_t b) ## Returns: The vector, sorted from minimum to maximum value. If the vector ## could not be sorted, then the original vector is returned instead. ## -## .. bro:see:: order +## .. zeek:see:: order function sort%(v: any, ...%) : any %{ v->Ref(); // we always return v @@ -1384,7 +1384,7 @@ function sort%(v: any, ...%) : any %} ## Returns the order of the elements in a vector according to some -## comparison function. See :bro:id:`sort` for details about the comparison +## comparison function. See :zeek:id:`sort` for details about the comparison ## function. ## ## v: The vector whose order to compute. @@ -1393,7 +1393,7 @@ function sort%(v: any, ...%) : any ## For example, the elements of *v* in order are (assuming ``o`` ## is the vector returned by ``order``): v[o[0]], v[o[1]], etc. ## -## .. bro:see:: sort +## .. zeek:see:: sort function order%(v: any, ...%) : index_vec %{ VectorVal* result_v = new VectorVal( @@ -1501,7 +1501,7 @@ function cat%(...%): string %} ## Concatenates all arguments, with a separator placed between each one. This -## function is similar to :bro:id:`cat`, but places a separator between each +## function is similar to :zeek:id:`cat`, but places a separator between each ## given argument. If any of the variable arguments is an empty string it is ## replaced by a given default string instead. ## @@ -1512,7 +1512,7 @@ function cat%(...%): string ## Returns: A concatenation of all arguments with *sep* between each one and ## empty strings replaced with *def*. ## -## .. bro:see:: cat string_cat cat_string_array cat_string_array_n +## .. zeek:see:: cat string_cat cat_string_array cat_string_array_n function cat_sep%(sep: string, def: string, ...%): string %{ ODesc d; @@ -1574,12 +1574,12 @@ function cat_sep%(sep: string, def: string, ...%): string ## ## - ``[efg]``: Double ## -## Returns: Returns the formatted string. Given no arguments, :bro:id:`fmt` +## Returns: Returns the formatted string. Given no arguments, :zeek:id:`fmt` ## returns an empty string. Given no format string or the wrong ## number of additional arguments for the given format specifier, -## :bro:id:`fmt` generates a run-time error. +## :zeek:id:`fmt` generates a run-time error. ## -## .. bro:see:: cat cat_sep string_cat cat_string_array cat_string_array_n +## .. zeek:see:: cat cat_sep string_cat cat_string_array cat_string_array_n function fmt%(...%): string %{ if ( @ARGC@ == 0 ) @@ -1623,27 +1623,27 @@ function fmt%(...%): string # # =========================================================================== -## Computes the greatest integer less than the given :bro:type:`double` value. +## Computes the greatest integer less than the given :zeek:type:`double` value. ## For example, ``floor(3.14)`` returns ``3.0``, and ``floor(-3.14)`` ## returns ``-4.0``. ## -## d: The :bro:type:`double` to manipulate. +## d: The :zeek:type:`double` to manipulate. ## -## Returns: The next lowest integer of *d* as :bro:type:`double`. +## Returns: The next lowest integer of *d* as :zeek:type:`double`. ## -## .. bro:see:: sqrt exp ln log10 +## .. zeek:see:: sqrt exp ln log10 function floor%(d: double%): double %{ return new Val(floor(d), TYPE_DOUBLE); %} -## Computes the square root of a :bro:type:`double`. +## Computes the square root of a :zeek:type:`double`. ## ## x: The number to compute the square root of. ## ## Returns: The square root of *x*. ## -## .. bro:see:: floor exp ln log10 +## .. zeek:see:: floor exp ln log10 function sqrt%(x: double%): double %{ if ( x < 0 ) @@ -1661,7 +1661,7 @@ function sqrt%(x: double%): double ## ## Returns: *e* to the power of *d*. ## -## .. bro:see:: floor sqrt ln log10 +## .. zeek:see:: floor sqrt ln log10 function exp%(d: double%): double %{ return new Val(exp(d), TYPE_DOUBLE); @@ -1673,7 +1673,7 @@ function exp%(d: double%): double ## ## Returns: The natural logarithm of *d*. ## -## .. bro:see:: exp floor sqrt log10 +## .. zeek:see:: exp floor sqrt log10 function ln%(d: double%): double %{ return new Val(log(d), TYPE_DOUBLE); @@ -1685,7 +1685,7 @@ function ln%(d: double%): double ## ## Returns: The common logarithm of *d*. ## -## .. bro:see:: exp floor sqrt ln +## .. zeek:see:: exp floor sqrt ln function log10%(d: double%): double %{ return new Val(log10(d), TYPE_DOUBLE); @@ -1787,7 +1787,7 @@ function type_name%(t: any%): string ## ## Returns: True if reading traffic from a network interface. ## -## .. bro:see:: reading_traces +## .. zeek:see:: reading_traces function reading_live_traffic%(%): bool %{ return val_mgr->GetBool(reading_live); @@ -1798,7 +1798,7 @@ function reading_live_traffic%(%): bool ## ## Returns: True if reading traffic from a network trace. ## -## .. bro:see:: reading_live_traffic +## .. zeek:see:: reading_live_traffic function reading_traces%(%): bool %{ return val_mgr->GetBool(reading_traces); @@ -1810,7 +1810,7 @@ function reading_traces%(%): bool ## ## Returns: A table that maps variable names to their sizes. ## -## .. bro:see:: global_ids +## .. zeek:see:: global_ids function global_sizes%(%): var_sizes %{ TableVal* sizes = new TableVal(var_sizes); @@ -1837,7 +1837,7 @@ function global_sizes%(%): var_sizes ## ## Returns: A table that maps identifier names to information about them. ## -## .. bro:see:: global_sizes +## .. zeek:see:: global_sizes function global_ids%(%): id_table %{ TableVal* ids = new TableVal(id_table); @@ -1977,10 +1977,10 @@ function record_fields%(rec: any%): record_field_table ## Enables detailed collection of profiling statistics. Statistics include ## CPU/memory usage, connections, TCP states/reassembler, DNS lookups, -## timers, and script-level state. The script variable :bro:id:`profiling_file` +## timers, and script-level state. The script variable :zeek:id:`profiling_file` ## holds the name of the file. ## -## .. bro:see:: get_conn_stats +## .. zeek:see:: get_conn_stats ## get_dns_stats ## get_event_stats ## get_file_analysis_stats @@ -2052,7 +2052,7 @@ function is_local_interface%(ip: addr%) : bool ## ## Returns: True (unconditionally). ## -## .. bro:see:: get_matcher_stats +## .. zeek:see:: get_matcher_stats function dump_rule_stats%(f: file%): bool %{ if ( rule_matcher ) @@ -2065,7 +2065,7 @@ function dump_rule_stats%(f: file%): bool ## ## Returns: True if Bro is in the process of shutting down. ## -## .. bro:see:: terminate +## .. zeek:see:: terminate function bro_is_terminating%(%): bool %{ return val_mgr->GetBool(terminating); @@ -2143,10 +2143,10 @@ function is_v6_subnet%(s: subnet%): bool # # =========================================================================== -## Converts the *data* field of :bro:type:`ip6_routing` records that have +## Converts the *data* field of :zeek:type:`ip6_routing` records that have ## *rtype* of 0 into a vector of addresses. ## -## s: The *data* field of an :bro:type:`ip6_routing` record that has +## s: The *data* field of an :zeek:type:`ip6_routing` record that has ## an *rtype* of 0. ## ## Returns: The vector of addresses contained in the routing header data. @@ -2173,14 +2173,14 @@ function routing0_data_to_addrs%(s: string%): addr_vec return rval; %} -## Converts an :bro:type:`addr` to an :bro:type:`index_vec`. +## Converts an :zeek:type:`addr` to an :zeek:type:`index_vec`. ## ## a: The address to convert into a vector of counts. ## ## Returns: A vector containing the host-order address representation, ## four elements in size for IPv6 addresses, or one element for IPv4. ## -## .. bro:see:: counts_to_addr +## .. zeek:see:: counts_to_addr function addr_to_counts%(a: addr%): index_vec %{ VectorVal* rval = new VectorVal(internal_type("index_vec")->AsVectorType()); @@ -2193,14 +2193,14 @@ function addr_to_counts%(a: addr%): index_vec return rval; %} -## Converts an :bro:type:`index_vec` to an :bro:type:`addr`. +## Converts an :zeek:type:`index_vec` to an :zeek:type:`addr`. ## ## v: The vector containing host-order IP address representation, ## one element for IPv4 addresses, four elements for IPv6 addresses. ## ## Returns: An IP address. ## -## .. bro:see:: addr_to_counts +## .. zeek:see:: addr_to_counts function counts_to_addr%(v: index_vec%): addr %{ if ( v->AsVector()->size() == 1 ) @@ -2223,11 +2223,11 @@ function counts_to_addr%(v: index_vec%): addr } %} -## Converts an :bro:type:`enum` to an :bro:type:`int`. +## Converts an :zeek:type:`enum` to an :zeek:type:`int`. ## -## e: The :bro:type:`enum` to convert. +## e: The :zeek:type:`enum` to convert. ## -## Returns: The :bro:type:`int` value that corresponds to the :bro:type:`enum`. +## Returns: The :zeek:type:`int` value that corresponds to the :zeek:type:`enum`. function enum_to_int%(e: any%): int %{ if ( e->Type()->Tag() != TYPE_ENUM ) @@ -2239,13 +2239,13 @@ function enum_to_int%(e: any%): int return val_mgr->GetInt(e->AsEnum()); %} -## Converts a :bro:type:`string` to an :bro:type:`int`. +## Converts a :zeek:type:`string` to an :zeek:type:`int`. ## -## str: The :bro:type:`string` to convert. +## str: The :zeek:type:`string` to convert. ## -## Returns: The :bro:type:`string` *str* as :bro:type:`int`. +## Returns: The :zeek:type:`string` *str* as :zeek:type:`int`. ## -## .. bro:see:: to_addr to_port to_subnet +## .. zeek:see:: to_addr to_port to_subnet function to_int%(str: string%): int %{ const char* s = str->CheckString(); @@ -2264,11 +2264,11 @@ function to_int%(str: string%): int %} -## Converts a (positive) :bro:type:`int` to a :bro:type:`count`. +## Converts a (positive) :zeek:type:`int` to a :zeek:type:`count`. ## -## n: The :bro:type:`int` to convert. +## n: The :zeek:type:`int` to convert. ## -## Returns: The :bro:type:`int` *n* as unsigned integer, or 0 if *n* < 0. +## Returns: The :zeek:type:`int` *n* as unsigned integer, or 0 if *n* < 0. function int_to_count%(n: int%): count %{ if ( n < 0 ) @@ -2279,13 +2279,13 @@ function int_to_count%(n: int%): count return val_mgr->GetCount(n); %} -## Converts a :bro:type:`double` to a :bro:type:`count`. +## Converts a :zeek:type:`double` to a :zeek:type:`count`. ## -## d: The :bro:type:`double` to convert. +## d: The :zeek:type:`double` to convert. ## -## Returns: The :bro:type:`double` *d* as unsigned integer, or 0 if *d* < 0.0. +## Returns: The :zeek:type:`double` *d* as unsigned integer, or 0 if *d* < 0.0. ## -## .. bro:see:: double_to_time +## .. zeek:see:: double_to_time function double_to_count%(d: double%): count %{ if ( d < 0.0 ) @@ -2294,14 +2294,14 @@ function double_to_count%(d: double%): count return val_mgr->GetCount(bro_uint_t(rint(d))); %} -## Converts a :bro:type:`string` to a :bro:type:`count`. +## Converts a :zeek:type:`string` to a :zeek:type:`count`. ## -## str: The :bro:type:`string` to convert. +## str: The :zeek:type:`string` to convert. ## -## Returns: The :bro:type:`string` *str* as unsigned integer, or 0 if *str* has +## Returns: The :zeek:type:`string` *str* as unsigned integer, or 0 if *str* has ## an invalid format. ## -## .. bro:see:: to_addr to_int to_port to_subnet +## .. zeek:see:: to_addr to_int to_port to_subnet function to_count%(str: string%): count %{ const char* s = str->CheckString(); @@ -2318,88 +2318,88 @@ function to_count%(str: string%): count return val_mgr->GetCount(u); %} -## Converts an :bro:type:`interval` to a :bro:type:`double`. +## Converts an :zeek:type:`interval` to a :zeek:type:`double`. ## -## i: The :bro:type:`interval` to convert. +## i: The :zeek:type:`interval` to convert. ## -## Returns: The :bro:type:`interval` *i* as :bro:type:`double`. +## Returns: The :zeek:type:`interval` *i* as :zeek:type:`double`. ## -## .. bro:see:: double_to_interval +## .. zeek:see:: double_to_interval function interval_to_double%(i: interval%): double %{ return new Val(i, TYPE_DOUBLE); %} -## Converts a :bro:type:`time` value to a :bro:type:`double`. +## Converts a :zeek:type:`time` value to a :zeek:type:`double`. ## -## t: The :bro:type:`time` to convert. +## t: The :zeek:type:`time` to convert. ## -## Returns: The :bro:type:`time` value *t* as :bro:type:`double`. +## Returns: The :zeek:type:`time` value *t* as :zeek:type:`double`. ## -## .. bro:see:: double_to_time +## .. zeek:see:: double_to_time function time_to_double%(t: time%): double %{ return new Val(t, TYPE_DOUBLE); %} -## Converts a :bro:type:`double` value to a :bro:type:`time`. +## Converts a :zeek:type:`double` value to a :zeek:type:`time`. ## -## d: The :bro:type:`double` to convert. +## d: The :zeek:type:`double` to convert. ## -## Returns: The :bro:type:`double` value *d* as :bro:type:`time`. +## Returns: The :zeek:type:`double` value *d* as :zeek:type:`time`. ## -## .. bro:see:: time_to_double double_to_count +## .. zeek:see:: time_to_double double_to_count function double_to_time%(d: double%): time %{ return new Val(d, TYPE_TIME); %} -## Converts a :bro:type:`double` to an :bro:type:`interval`. +## Converts a :zeek:type:`double` to an :zeek:type:`interval`. ## -## d: The :bro:type:`double` to convert. +## d: The :zeek:type:`double` to convert. ## -## Returns: The :bro:type:`double` *d* as :bro:type:`interval`. +## Returns: The :zeek:type:`double` *d* as :zeek:type:`interval`. ## -## .. bro:see:: interval_to_double +## .. zeek:see:: interval_to_double function double_to_interval%(d: double%): interval %{ return new Val(d, TYPE_INTERVAL); %} -## Converts a :bro:type:`port` to a :bro:type:`count`. +## Converts a :zeek:type:`port` to a :zeek:type:`count`. ## -## p: The :bro:type:`port` to convert. +## p: The :zeek:type:`port` to convert. ## -## Returns: The :bro:type:`port` *p* as :bro:type:`count`. +## Returns: The :zeek:type:`port` *p* as :zeek:type:`count`. ## -## .. bro:see:: count_to_port +## .. zeek:see:: count_to_port function port_to_count%(p: port%): count %{ return val_mgr->GetCount(p->Port()); %} -## Converts a :bro:type:`count` and ``transport_proto`` to a :bro:type:`port`. +## Converts a :zeek:type:`count` and ``transport_proto`` to a :zeek:type:`port`. ## -## num: The :bro:type:`port` number. +## num: The :zeek:type:`port` number. ## ## proto: The transport protocol. ## -## Returns: The :bro:type:`count` *num* as :bro:type:`port`. +## Returns: The :zeek:type:`count` *num* as :zeek:type:`port`. ## -## .. bro:see:: port_to_count +## .. zeek:see:: port_to_count function count_to_port%(num: count, proto: transport_proto%): port %{ return val_mgr->GetPort(num, (TransportProto)proto->AsEnum()); %} -## Converts a :bro:type:`string` to an :bro:type:`addr`. +## Converts a :zeek:type:`string` to an :zeek:type:`addr`. ## -## ip: The :bro:type:`string` to convert. +## ip: The :zeek:type:`string` to convert. ## -## Returns: The :bro:type:`string` *ip* as :bro:type:`addr`, or the unspecified +## Returns: The :zeek:type:`string` *ip* as :zeek:type:`addr`, or the unspecified ## address ``::`` if the input string does not parse correctly. ## -## .. bro:see:: to_count to_int to_port count_to_v4_addr raw_bytes_to_v4_addr +## .. zeek:see:: to_count to_int to_port count_to_v4_addr raw_bytes_to_v4_addr ## to_subnet function to_addr%(ip: string%): addr %{ @@ -2409,14 +2409,14 @@ function to_addr%(ip: string%): addr return ret; %} -## Converts a :bro:type:`string` to a :bro:type:`subnet`. +## Converts a :zeek:type:`string` to a :zeek:type:`subnet`. ## ## sn: The subnet to convert. ## -## Returns: The *sn* string as a :bro:type:`subnet`, or the unspecified subnet +## Returns: The *sn* string as a :zeek:type:`subnet`, or the unspecified subnet ## ``::/0`` if the input string does not parse correctly. ## -## .. bro:see:: to_count to_int to_port count_to_v4_addr raw_bytes_to_v4_addr +## .. zeek:see:: to_count to_int to_port count_to_v4_addr raw_bytes_to_v4_addr ## to_addr function to_subnet%(sn: string%): subnet %{ @@ -2426,49 +2426,49 @@ function to_subnet%(sn: string%): subnet return ret; %} -## Converts a :bro:type:`addr` to a :bro:type:`subnet`. +## Converts a :zeek:type:`addr` to a :zeek:type:`subnet`. ## ## a: The address to convert. ## -## Returns: The address as a :bro:type:`subnet`. +## Returns: The address as a :zeek:type:`subnet`. ## -## .. bro:see:: to_subnet +## .. zeek:see:: to_subnet function addr_to_subnet%(a: addr%): subnet %{ int width = (a->AsAddr().GetFamily() == IPv4 ? 32 : 128); return new SubNetVal(a->AsAddr(), width); %} -## Converts a :bro:type:`subnet` to an :bro:type:`addr` by +## Converts a :zeek:type:`subnet` to an :zeek:type:`addr` by ## extracting the prefix. ## ## sn: The subnet to convert. ## -## Returns: The subnet as an :bro:type:`addr`. +## Returns: The subnet as an :zeek:type:`addr`. ## -## .. bro:see:: to_subnet +## .. zeek:see:: to_subnet function subnet_to_addr%(sn: subnet%): addr %{ return new AddrVal(sn->Prefix()); %} -## Returns the width of a :bro:type:`subnet`. +## Returns the width of a :zeek:type:`subnet`. ## ## sn: The subnet. ## ## Returns: The width of the subnet. ## -## .. bro:see:: to_subnet +## .. zeek:see:: to_subnet function subnet_width%(sn: subnet%): count %{ return val_mgr->GetCount(sn->Width()); %} -## Converts a :bro:type:`string` to a :bro:type:`double`. +## Converts a :zeek:type:`string` to a :zeek:type:`double`. ## -## str: The :bro:type:`string` to convert. +## str: The :zeek:type:`string` to convert. ## -## Returns: The :bro:type:`string` *str* as double, or 0 if *str* has +## Returns: The :zeek:type:`string` *str* as double, or 0 if *str* has ## an invalid format. ## function to_double%(str: string%): double @@ -2487,13 +2487,13 @@ function to_double%(str: string%): double return new Val(d, TYPE_DOUBLE); %} -## Converts a :bro:type:`count` to an :bro:type:`addr`. +## Converts a :zeek:type:`count` to an :zeek:type:`addr`. ## -## ip: The :bro:type:`count` to convert. +## ip: The :zeek:type:`count` to convert. ## -## Returns: The :bro:type:`count` *ip* as :bro:type:`addr`. +## Returns: The :zeek:type:`count` *ip* as :zeek:type:`addr`. ## -## .. bro:see:: raw_bytes_to_v4_addr to_addr to_subnet +## .. zeek:see:: raw_bytes_to_v4_addr to_addr to_subnet function count_to_v4_addr%(ip: count%): addr %{ if ( ip > 4294967295LU ) @@ -2505,15 +2505,15 @@ function count_to_v4_addr%(ip: count%): addr return new AddrVal(htonl(uint32(ip))); %} -## Converts a :bro:type:`string` of bytes into an IPv4 address. In particular, +## Converts a :zeek:type:`string` of bytes into an IPv4 address. In particular, ## this function interprets the first 4 bytes of the string as an IPv4 address ## in network order. ## -## b: The raw bytes (:bro:type:`string`) to convert. +## b: The raw bytes (:zeek:type:`string`) to convert. ## -## Returns: The byte :bro:type:`string` *b* as :bro:type:`addr`. +## Returns: The byte :zeek:type:`string` *b* as :zeek:type:`addr`. ## -## .. bro:see:: raw_bytes_to_v4_addr to_addr to_subnet +## .. zeek:see:: raw_bytes_to_v4_addr to_addr to_subnet function raw_bytes_to_v4_addr%(b: string%): addr %{ uint32 a = 0; @@ -2530,13 +2530,13 @@ function raw_bytes_to_v4_addr%(b: string%): addr return new AddrVal(htonl(a)); %} -## Converts a :bro:type:`string` to a :bro:type:`port`. +## Converts a :zeek:type:`string` to a :zeek:type:`port`. ## -## s: The :bro:type:`string` to convert. +## s: The :zeek:type:`string` to convert. ## -## Returns: A :bro:type:`port` converted from *s*. +## Returns: A :zeek:type:`port` converted from *s*. ## -## .. bro:see:: to_addr to_count to_int to_subnet +## .. zeek:see:: to_addr to_count to_int to_subnet function to_port%(s: string%): port %{ int port = 0; @@ -2561,7 +2561,7 @@ function to_port%(s: string%): port return val_mgr->GetPort(port, TRANSPORT_UNKNOWN); %} -## Converts a string of bytes (in network byte order) to a :bro:type:`double`. +## Converts a string of bytes (in network byte order) to a :zeek:type:`double`. ## ## s: A string of bytes containing the binary representation of a double value. ## @@ -2582,7 +2582,7 @@ function bytestring_to_double%(s: string%): double return new Val(ntohd(d), TYPE_DOUBLE); %} -## Converts a string of bytes to a :bro:type:`count`. +## Converts a string of bytes to a :zeek:type:`count`. ## ## s: A string of bytes containing the binary representation of the value. ## @@ -2680,7 +2680,7 @@ function bytestring_to_count%(s: string, is_le: bool &default=F%): count ## ## Returns: The IP address corresponding to *s*. ## -## .. bro:see:: addr_to_ptr_name to_addr +## .. zeek:see:: addr_to_ptr_name to_addr function ptr_name_to_addr%(s: string%): addr %{ if ( s->Len() != 72 ) @@ -2744,7 +2744,7 @@ function ptr_name_to_addr%(s: string%): addr ## ## Returns: The reverse pointer representation of *a*. ## -## .. bro:see:: ptr_name_to_addr to_addr +## .. zeek:see:: ptr_name_to_addr to_addr function addr_to_ptr_name%(a: addr%): string %{ return new StringVal(a->AsAddr().PtrName().c_str()); @@ -2757,7 +2757,7 @@ function addr_to_ptr_name%(a: addr%): string ## ## Returns: The hexadecimal representation of *bytestring*. ## -## .. bro:see:: hexdump hexstr_to_bytestring +## .. zeek:see:: hexdump hexstr_to_bytestring function bytestring_to_hexstr%(bytestring: string%): string %{ bro_uint_t len = bytestring->AsString()->Len(); @@ -2781,7 +2781,7 @@ function bytestring_to_hexstr%(bytestring: string%): string ## ## Returns: The binary representation of *hexstr*. ## -## .. bro:see:: hexdump bytestring_to_hexstr +## .. zeek:see:: hexdump bytestring_to_hexstr function hexstr_to_bytestring%(hexstr: string%): string %{ bro_uint_t len = hexstr->AsString()->Len(); @@ -2826,7 +2826,7 @@ function hexstr_to_bytestring%(hexstr: string%): string ## ## Returns: The encoded version of *s*. ## -## .. bro:see:: decode_base64 +## .. zeek:see:: decode_base64 function encode_base64%(s: string, a: string &default=""%): string %{ BroString* t = encode_base64(s->AsString(), a->AsString()); @@ -2849,7 +2849,7 @@ function encode_base64%(s: string, a: string &default=""%): string ## ## Returns: The encoded version of *s*. ## -## .. bro:see:: encode_base64 +## .. zeek:see:: encode_base64 function encode_base64_custom%(s: string, a: string%): string &deprecated %{ BroString* t = encode_base64(s->AsString(), a->AsString()); @@ -2871,7 +2871,7 @@ function encode_base64_custom%(s: string, a: string%): string &deprecated ## ## Returns: The decoded version of *s*. ## -## .. bro:see:: decode_base64_conn encode_base64 +## .. zeek:see:: decode_base64_conn encode_base64 function decode_base64%(s: string, a: string &default=""%): string %{ BroString* t = decode_base64(s->AsString(), a->AsString()); @@ -2897,7 +2897,7 @@ function decode_base64%(s: string, a: string &default=""%): string ## ## Returns: The decoded version of *s*. ## -## .. bro:see:: decode_base64 +## .. zeek:see:: decode_base64 function decode_base64_conn%(cid: conn_id, s: string, a: string &default=""%): string %{ Connection* conn = sessions->FindConnection(cid); @@ -2926,7 +2926,7 @@ function decode_base64_conn%(cid: conn_id, s: string, a: string &default=""%): s ## ## Returns: The decoded version of *s*. ## -## .. bro:see:: decode_base64 decode_base64_conn +## .. zeek:see:: decode_base64 decode_base64_conn function decode_base64_custom%(s: string, a: string%): string &deprecated %{ BroString* t = decode_base64(s->AsString(), a->AsString()); @@ -2990,12 +2990,12 @@ function uuid_to_string%(uuid: string%): string ## ## Returns: The compiled pattern of the concatenation of *p1* and *p2*. ## -## .. bro:see:: convert_for_pattern string_to_pattern +## .. zeek:see:: convert_for_pattern string_to_pattern ## ## .. note:: ## ## This function must be called at Zeek startup time, e.g., in the event -## :bro:id:`zeek_init`. +## :zeek:id:`zeek_init`. function merge_pattern%(p1: pattern, p2: pattern%): pattern &deprecated %{ RE_Matcher* re = new RE_Matcher(); @@ -3028,16 +3028,16 @@ char* to_pat_str(int sn, const char* ss) } %%} -## Escapes a string so that it becomes a valid :bro:type:`pattern` and can be -## used with the :bro:id:`string_to_pattern`. Any character from the set +## Escapes a string so that it becomes a valid :zeek:type:`pattern` and can be +## used with the :zeek:id:`string_to_pattern`. Any character from the set ## ``^$-:"\/|*+?.(){}[]`` is prefixed with a ``\``. ## ## s: The string to escape. ## ## Returns: An escaped version of *s* that has the structure of a valid -## :bro:type:`pattern`. +## :zeek:type:`pattern`. ## -## .. bro:see:: merge_pattern string_to_pattern +## .. zeek:see:: merge_pattern string_to_pattern ## function convert_for_pattern%(s: string%): string %{ @@ -3047,22 +3047,22 @@ function convert_for_pattern%(s: string%): string return ret; %} -## Converts a :bro:type:`string` into a :bro:type:`pattern`. +## Converts a :zeek:type:`string` into a :zeek:type:`pattern`. ## ## s: The string to convert. ## ## convert: If true, *s* is first passed through the function -## :bro:id:`convert_for_pattern` to escape special characters of +## :zeek:id:`convert_for_pattern` to escape special characters of ## patterns. ## -## Returns: *s* as :bro:type:`pattern`. +## Returns: *s* as :zeek:type:`pattern`. ## -## .. bro:see:: convert_for_pattern merge_pattern +## .. zeek:see:: convert_for_pattern merge_pattern ## ## .. note:: ## ## This function must be called at Zeek startup time, e.g., in the event -## :bro:id:`zeek_init`. +## :zeek:id:`zeek_init`. function string_to_pattern%(s: string, convert: bool%): pattern %{ const char* ss = (const char*) (s->Bytes()); @@ -3147,7 +3147,7 @@ function strptime%(fmt: string, d: string%) : time ## ## Returns: The address *a* masked down to *top_bits_to_keep* bits. ## -## .. bro:see:: remask_addr +## .. zeek:see:: remask_addr function mask_addr%(a: addr, top_bits_to_keep: count%): subnet %{ return new SubNetVal(a->AsAddr(), top_bits_to_keep); @@ -3169,7 +3169,7 @@ function mask_addr%(a: addr, top_bits_to_keep: count%): subnet ## ## Returns: The address *a* masked down to *top_bits_to_keep* bits. ## -## .. bro:see:: mask_addr +## .. zeek:see:: mask_addr function remask_addr%(a1: addr, a2: addr, top_bits_from_a1: count%): addr %{ IPAddr addr1(a1->AsAddr()); @@ -3179,37 +3179,37 @@ function remask_addr%(a1: addr, a2: addr, top_bits_from_a1: count%): addr return new AddrVal(addr1|addr2); %} -## Checks whether a given :bro:type:`port` has TCP as transport protocol. +## Checks whether a given :zeek:type:`port` has TCP as transport protocol. ## -## p: The :bro:type:`port` to check. +## p: The :zeek:type:`port` to check. ## ## Returns: True iff *p* is a TCP port. ## -## .. bro:see:: is_udp_port is_icmp_port +## .. zeek:see:: is_udp_port is_icmp_port function is_tcp_port%(p: port%): bool %{ return val_mgr->GetBool(p->IsTCP()); %} -## Checks whether a given :bro:type:`port` has UDP as transport protocol. +## Checks whether a given :zeek:type:`port` has UDP as transport protocol. ## -## p: The :bro:type:`port` to check. +## p: The :zeek:type:`port` to check. ## ## Returns: True iff *p* is a UDP port. ## -## .. bro:see:: is_icmp_port is_tcp_port +## .. zeek:see:: is_icmp_port is_tcp_port function is_udp_port%(p: port%): bool %{ return val_mgr->GetBool(p->IsUDP()); %} -## Checks whether a given :bro:type:`port` has ICMP as transport protocol. +## Checks whether a given :zeek:type:`port` has ICMP as transport protocol. ## -## p: The :bro:type:`port` to check. +## p: The :zeek:type:`port` to check. ## ## Returns: True iff *p* is an ICMP port. ## -## .. bro:see:: is_tcp_port is_udp_port +## .. zeek:see:: is_tcp_port is_udp_port function is_icmp_port%(p: port%): bool %{ return val_mgr->GetBool(p->IsICMP()); @@ -3251,7 +3251,7 @@ EnumVal* map_conn_type(TransportProto tp) ## ## Returns: The transport protocol of the connection identified by *cid*. ## -## .. bro:see:: get_port_transport_proto +## .. zeek:see:: get_port_transport_proto ## get_orig_seq get_resp_seq function get_conn_transport_proto%(cid: conn_id%): transport_proto %{ @@ -3265,13 +3265,13 @@ function get_conn_transport_proto%(cid: conn_id%): transport_proto return map_conn_type(c->ConnTransport()); %} -## Extracts the transport protocol from a :bro:type:`port`. +## Extracts the transport protocol from a :zeek:type:`port`. ## ## p: The port. ## ## Returns: The transport protocol of the port *p*. ## -## .. bro:see:: get_conn_transport_proto +## .. zeek:see:: get_conn_transport_proto ## get_orig_seq get_resp_seq function get_port_transport_proto%(p: port%): transport_proto %{ @@ -3284,7 +3284,7 @@ function get_port_transport_proto%(p: port%): transport_proto ## ## Returns: True if the connection identified by *c* exists. ## -## .. bro:see:: lookup_connection +## .. zeek:see:: lookup_connection function connection_exists%(c: conn_id%): bool %{ if ( sessions->FindConnection(c) ) @@ -3293,15 +3293,15 @@ function connection_exists%(c: conn_id%): bool return val_mgr->GetBool(0); %} -## Returns the :bro:type:`connection` record for a given connection identifier. +## Returns the :zeek:type:`connection` record for a given connection identifier. ## ## cid: The connection ID. ## -## Returns: The :bro:type:`connection` record for *cid*. If *cid* does not point +## Returns: The :zeek:type:`connection` record for *cid*. If *cid* does not point ## to an existing connection, the function generates a run-time error ## and returns a dummy value. ## -## .. bro:see:: connection_exists +## .. zeek:see:: connection_exists function lookup_connection%(cid: conn_id%): connection %{ Connection* conn = sessions->FindConnection(cid); @@ -3361,7 +3361,7 @@ const char* conn_id_string(Val* c) ## ## Returns: True on success. ## -## .. bro:see:: dump_packet get_current_packet send_current_packet +## .. zeek:see:: dump_packet get_current_packet send_current_packet function dump_current_packet%(file_name: string%) : bool %{ const Packet* pkt; @@ -3392,7 +3392,7 @@ function dump_current_packet%(file_name: string%) : bool ## Returns: The currently processed packet, which is a record ## containing the timestamp, ``snaplen``, and packet data. ## -## .. bro:see:: dump_current_packet dump_packet send_current_packet +## .. zeek:see:: dump_current_packet dump_packet send_current_packet function get_current_packet%(%) : pcap_packet %{ const Packet* p; @@ -3422,10 +3422,10 @@ function get_current_packet%(%) : pcap_packet ## Function to get the raw headers of the currently processed packet. ## -## Returns: The :bro:type:`raw_pkt_hdr` record containing the Layer 2, 3 and +## Returns: The :zeek:type:`raw_pkt_hdr` record containing the Layer 2, 3 and ## 4 headers of the currently processed packet. ## -## .. bro:see:: raw_pkt_hdr get_current_packet +## .. zeek:see:: raw_pkt_hdr get_current_packet function get_current_packet_header%(%) : raw_pkt_hdr %{ const Packet* p; @@ -3448,7 +3448,7 @@ function get_current_packet_header%(%) : raw_pkt_hdr ## ## Returns: True on success ## -## .. bro:see:: get_current_packet dump_current_packet send_current_packet +## .. zeek:see:: get_current_packet dump_current_packet send_current_packet function dump_packet%(pkt: pcap_packet, file_name: string%) : bool %{ if ( addl_pkt_dumper && addl_pkt_dumper->Path() != file_name->CheckString()) @@ -3555,7 +3555,7 @@ private: ## ## Returns: The DNS name of *host*. ## -## .. bro:see:: lookup_hostname +## .. zeek:see:: lookup_hostname function lookup_addr%(host: addr%) : string %{ // FIXME: It should be easy to adapt the function to synchronous @@ -3584,7 +3584,7 @@ function lookup_addr%(host: addr%) : string ## ## Returns: The DNS TXT record associated with *host*. ## -## .. bro:see:: lookup_hostname +## .. zeek:see:: lookup_hostname function lookup_hostname_txt%(host: string%) : string %{ // FIXME: Is should be easy to adapt the function to synchronous @@ -3613,7 +3613,7 @@ function lookup_hostname_txt%(host: string%) : string ## ## Returns: A set of DNS A and AAAA records associated with *host*. ## -## .. bro:see:: lookup_addr +## .. zeek:see:: lookup_addr function lookup_hostname%(host: string%) : addr_set %{ // FIXME: Is should be easy to adapt the function to synchronous @@ -3945,7 +3945,7 @@ static bool mmdb_try_open_asn () ## ## Returns: A boolean indicating whether the db was successfully opened. ## -## .. bro:see:: lookup_asn +## .. zeek:see:: lookup_asn function mmdb_open_location_db%(f: string%) : bool %{ #ifdef USE_GEOIP @@ -3962,7 +3962,7 @@ function mmdb_open_location_db%(f: string%) : bool ## ## Returns: A boolean indicating whether the db was successfully opened. ## -## .. bro:see:: lookup_asn +## .. zeek:see:: lookup_asn function mmdb_open_asn_db%(f: string%) : bool %{ #ifdef USE_GEOIP @@ -3979,7 +3979,7 @@ function mmdb_open_asn_db%(f: string%) : bool ## ## Returns: A record with country, region, city, latitude, and longitude. ## -## .. bro:see:: lookup_asn +## .. zeek:see:: lookup_asn function lookup_location%(a: addr%) : geo_location %{ RecordVal* location = new RecordVal(geo_location); @@ -4064,7 +4064,7 @@ function lookup_location%(a: addr%) : geo_location ## ## Returns: The number of the ASN that contains *a*. ## -## .. bro:see:: lookup_location +## .. zeek:see:: lookup_location function lookup_asn%(a: addr%) : count %{ #ifdef USE_GEOIP @@ -4128,7 +4128,7 @@ function lookup_asn%(a: addr%) : count ## ## Returns: Distance in miles. ## -## .. bro:see:: haversine_distance_ip +## .. zeek:see:: haversine_distance_ip function haversine_distance%(lat1: double, long1: double, lat2: double, long2: double%): double %{ const double PI = 3.14159; @@ -4254,7 +4254,7 @@ function file_mode%(mode: count%): string ## Returns: True if the connection identified by *cid* exists and has analyzer ## *aid*. ## -## .. bro:see:: Analyzer::schedule_analyzer Analyzer::name +## .. zeek:see:: Analyzer::schedule_analyzer Analyzer::name function disable_analyzer%(cid: conn_id, aid: count, err_if_no_conn: bool &default=T%) : bool %{ Connection* c = sessions->FindConnection(cid); @@ -4289,7 +4289,7 @@ function disable_analyzer%(cid: conn_id, aid: count, err_if_no_conn: bool &defau ## .. note:: ## ## Bro will still generate connection-oriented events such as -## :bro:id:`connection_finished`. +## :zeek:id:`connection_finished`. function skip_further_processing%(cid: conn_id%): bool %{ Connection* c = sessions->FindConnection(cid); @@ -4311,15 +4311,15 @@ function skip_further_processing%(cid: conn_id%): bool ## Returns: False if *cid* does not point to an active connection, and true ## otherwise. ## -## .. bro:see:: skip_further_processing +## .. zeek:see:: skip_further_processing ## ## .. note:: ## ## This is independent of whether Bro processes the packets of this ## connection, which is controlled separately by -## :bro:id:`skip_further_processing`. +## :zeek:id:`skip_further_processing`. ## -## .. bro:see:: get_contents_file set_contents_file +## .. zeek:see:: get_contents_file set_contents_file function set_record_packets%(cid: conn_id, do_record: bool%): bool %{ Connection* c = sessions->FindConnection(cid); @@ -4357,13 +4357,13 @@ function set_inactivity_timeout%(cid: conn_id, t: interval%): interval # =========================================================================== ## Opens a file for writing. If a file with the same name already exists, this -## function overwrites it (as opposed to :bro:id:`open_for_append`). +## function overwrites it (as opposed to :zeek:id:`open_for_append`). ## ## f: The path to the file. ## -## Returns: A :bro:type:`file` handle for subsequent operations. +## Returns: A :zeek:type:`file` handle for subsequent operations. ## -## .. bro:see:: active_file open_for_append close write_file +## .. zeek:see:: active_file open_for_append close write_file ## get_file_name set_buf flush_all mkdir enable_raw_output ## rmdir unlink rename function open%(f: string%): file @@ -4377,13 +4377,13 @@ function open%(f: string%): file %} ## Opens a file for writing or appending. If a file with the same name already -## exists, this function appends to it (as opposed to :bro:id:`open`). +## exists, this function appends to it (as opposed to :zeek:id:`open`). ## ## f: The path to the file. ## -## Returns: A :bro:type:`file` handle for subsequent operations. +## Returns: A :zeek:type:`file` handle for subsequent operations. ## -## .. bro:see:: active_file open close write_file +## .. zeek:see:: active_file open close write_file ## get_file_name set_buf flush_all mkdir enable_raw_output ## rmdir unlink rename function open_for_append%(f: string%): file @@ -4393,11 +4393,11 @@ function open_for_append%(f: string%): file ## Closes an open file and flushes any buffered content. ## -## f: A :bro:type:`file` handle to an open file. +## f: A :zeek:type:`file` handle to an open file. ## ## Returns: True on success. ## -## .. bro:see:: active_file open open_for_append write_file +## .. zeek:see:: active_file open open_for_append write_file ## get_file_name set_buf flush_all mkdir enable_raw_output ## rmdir unlink rename function close%(f: file%): bool @@ -4407,13 +4407,13 @@ function close%(f: file%): bool ## Writes data to an open file. ## -## f: A :bro:type:`file` handle to an open file. +## f: A :zeek:type:`file` handle to an open file. ## ## data: The data to write to *f*. ## ## Returns: True on success. ## -## .. bro:see:: active_file open open_for_append close +## .. zeek:see:: active_file open open_for_append close ## get_file_name set_buf flush_all mkdir enable_raw_output ## rmdir unlink rename function write_file%(f: file, data: string%): bool @@ -4426,14 +4426,14 @@ function write_file%(f: file, data: string%): bool ## Alters the buffering behavior of a file. ## -## f: A :bro:type:`file` handle to an open file. +## f: A :zeek:type:`file` handle to an open file. ## ## buffered: When true, *f* is fully buffered, i.e., bytes are saved in a ## buffer until the block size has been reached. When ## false, *f* is line buffered, i.e., bytes are saved up until a ## newline occurs. ## -## .. bro:see:: active_file open open_for_append close +## .. zeek:see:: active_file open open_for_append close ## get_file_name write_file flush_all mkdir enable_raw_output ## rmdir unlink rename function set_buf%(f: file, buffered: bool%): any @@ -4446,7 +4446,7 @@ function set_buf%(f: file, buffered: bool%): any ## ## Returns: True on success. ## -## .. bro:see:: active_file open open_for_append close +## .. zeek:see:: active_file open open_for_append close ## get_file_name write_file set_buf mkdir enable_raw_output ## rmdir unlink rename function flush_all%(%): bool @@ -4461,7 +4461,7 @@ function flush_all%(%): bool ## Returns: True if the operation succeeds or if *f* already exists, ## and false if the file creation fails. ## -## .. bro:see:: active_file open_for_append close write_file +## .. zeek:see:: active_file open_for_append close write_file ## get_file_name set_buf flush_all enable_raw_output ## rmdir unlink rename function mkdir%(f: string%): bool @@ -4493,7 +4493,7 @@ function mkdir%(f: string%): bool ## Returns: True if the operation succeeds, and false if the ## directory delete operation fails. ## -## .. bro:see:: active_file open_for_append close write_file +## .. zeek:see:: active_file open_for_append close write_file ## get_file_name set_buf flush_all enable_raw_output ## mkdir unlink rename function rmdir%(d: string%): bool @@ -4517,7 +4517,7 @@ function rmdir%(d: string%): bool ## Returns: True if the operation succeeds and the file was deleted, ## and false if the deletion fails. ## -## .. bro:see:: active_file open_for_append close write_file +## .. zeek:see:: active_file open_for_append close write_file ## get_file_name set_buf flush_all enable_raw_output ## mkdir rmdir rename function unlink%(f: string%): bool @@ -4542,7 +4542,7 @@ function unlink%(f: string%): bool ## ## Returns: True if the rename succeeds and false otherwise. ## -## .. bro:see:: active_file open_for_append close write_file +## .. zeek:see:: active_file open_for_append close write_file ## get_file_name set_buf flush_all enable_raw_output ## mkdir rmdir unlink function rename%(src_f: string, dst_f: string%): bool @@ -4564,7 +4564,7 @@ function rename%(src_f: string, dst_f: string%): bool ## ## f: The file to check. ## -## Returns: True if *f* is an open :bro:type:`file`. +## Returns: True if *f* is an open :zeek:type:`file`. ## ## .. todo:: Rename to ``is_open``. function active_file%(f: file%): bool @@ -4578,7 +4578,7 @@ function active_file%(f: file%): bool ## ## Returns: The filename associated with *f*. ## -## .. bro:see:: open +## .. zeek:see:: open function get_file_name%(f: file%): string %{ if ( ! f ) @@ -4594,7 +4594,7 @@ function get_file_name%(f: file%): string ## Returns: Rotation statistics which include the original file name, the name ## after the rotation, and the time when *f* was opened/closed. ## -## .. bro:see:: rotate_file_by_name calc_next_rotate +## .. zeek:see:: rotate_file_by_name calc_next_rotate function rotate_file%(f: file%): rotate_info %{ RecordVal* info = f->Rotate(); @@ -4618,7 +4618,7 @@ function rotate_file%(f: file%): rotate_info ## Returns: Rotation statistics which include the original file name, the name ## after the rotation, and the time when *f* was opened/closed. ## -## .. bro:see:: rotate_file calc_next_rotate +## .. zeek:see:: rotate_file calc_next_rotate function rotate_file_by_name%(f: string%): rotate_info %{ RecordVal* info = new RecordVal(rotate_info); @@ -4672,7 +4672,7 @@ function rotate_file_by_name%(f: string%): rotate_info ## ## Returns: The duration until the next file rotation time. ## -## .. bro:see:: rotate_file rotate_file_by_name +## .. zeek:see:: rotate_file rotate_file_by_name function calc_next_rotate%(i: interval%) : interval %{ const char* base_time = log_rotate_base_time ? @@ -4697,16 +4697,16 @@ function file_size%(f: string%) : double return new Val(double(s.st_size), TYPE_DOUBLE); %} -## Disables sending :bro:id:`print_hook` events to remote peers for a given +## Disables sending :zeek:id:`print_hook` events to remote peers for a given ## file. In a ## distributed setup, communicating Bro instances generate the event -## :bro:id:`print_hook` for each print statement and send it to the remote +## :zeek:id:`print_hook` for each print statement and send it to the remote ## side. When disabled for a particular file, these events will not be ## propagated to other peers. ## -## f: The file to disable :bro:id:`print_hook` events for. +## f: The file to disable :zeek:id:`print_hook` events for. ## -## .. bro:see:: enable_raw_output +## .. zeek:see:: enable_raw_output function disable_print_hook%(f: file%): any %{ f->DisablePrintHook(); @@ -4714,11 +4714,11 @@ function disable_print_hook%(f: file%): any %} ## Prevents escaping of non-ASCII characters when writing to a file. -## This function is equivalent to :bro:attr:`&raw_output`. +## This function is equivalent to :zeek:attr:`&raw_output`. ## ## f: The file to disable raw output for. ## -## .. bro:see:: disable_print_hook +## .. zeek:see:: disable_print_hook function enable_raw_output%(f: file%): any %{ f->EnableRawOutput(); @@ -4745,7 +4745,7 @@ function enable_raw_output%(f: file%): any ## ## Returns: True (unconditionally). ## -## .. bro:see:: Pcap::precompile_pcap_filter +## .. zeek:see:: Pcap::precompile_pcap_filter ## Pcap::install_pcap_filter ## install_src_net_filter ## uninstall_src_addr_filter @@ -4775,7 +4775,7 @@ function install_src_addr_filter%(ip: addr, tcp_flags: count, prob: double%) : b ## ## Returns: True (unconditionally). ## -## .. bro:see:: Pcap::precompile_pcap_filter +## .. zeek:see:: Pcap::precompile_pcap_filter ## Pcap::install_pcap_filter ## install_src_addr_filter ## uninstall_src_addr_filter @@ -4799,7 +4799,7 @@ function install_src_net_filter%(snet: subnet, tcp_flags: count, prob: double%) ## ## Returns: True on success. ## -## .. bro:see:: Pcap::precompile_pcap_filter +## .. zeek:see:: Pcap::precompile_pcap_filter ## Pcap::install_pcap_filter ## install_src_addr_filter ## install_src_net_filter @@ -4820,7 +4820,7 @@ function uninstall_src_addr_filter%(ip: addr%) : bool ## ## Returns: True on success. ## -## .. bro:see:: Pcap::precompile_pcap_filter +## .. zeek:see:: Pcap::precompile_pcap_filter ## Pcap::install_pcap_filter ## install_src_addr_filter ## install_src_net_filter @@ -4850,7 +4850,7 @@ function uninstall_src_net_filter%(snet: subnet%) : bool ## ## Returns: True (unconditionally). ## -## .. bro:see:: Pcap::precompile_pcap_filter +## .. zeek:see:: Pcap::precompile_pcap_filter ## Pcap::install_pcap_filter ## install_src_addr_filter ## install_src_net_filter @@ -4880,7 +4880,7 @@ function install_dst_addr_filter%(ip: addr, tcp_flags: count, prob: double%) : b ## ## Returns: True (unconditionally). ## -## .. bro:see:: Pcap::precompile_pcap_filter +## .. zeek:see:: Pcap::precompile_pcap_filter ## Pcap::install_pcap_filter ## install_src_addr_filter ## install_src_net_filter @@ -4904,7 +4904,7 @@ function install_dst_net_filter%(snet: subnet, tcp_flags: count, prob: double%) ## ## Returns: True on success. ## -## .. bro:see:: Pcap::precompile_pcap_filter +## .. zeek:see:: Pcap::precompile_pcap_filter ## Pcap::install_pcap_filter ## install_src_addr_filter ## install_src_net_filter @@ -4925,7 +4925,7 @@ function uninstall_dst_addr_filter%(ip: addr%) : bool ## ## Returns: True on success. ## -## .. bro:see:: Pcap::precompile_pcap_filter +## .. zeek:see:: Pcap::precompile_pcap_filter ## Pcap::install_pcap_filter ## install_src_addr_filter ## install_src_net_filter @@ -4966,13 +4966,13 @@ function enable_communication%(%): any &deprecated return 0; %} -## Flushes in-memory state tagged with the :bro:attr:`&persistent` attribute +## Flushes in-memory state tagged with the :zeek:attr:`&persistent` attribute ## to disk. The function writes the state to the file ``.state/state.bst`` in ## the directory where Bro was started. ## ## Returns: True on success. ## -## .. bro:see:: rescan_state +## .. zeek:see:: rescan_state function checkpoint_state%(%) : bool %{ return val_mgr->GetBool(persistence_serializer->WriteState(true)); @@ -4980,11 +4980,11 @@ function checkpoint_state%(%) : bool ## Reads persistent state and populates the in-memory data structures ## accordingly. Persistent state is read from the ``.state`` directory. -## This function is the dual to :bro:id:`checkpoint_state`. +## This function is the dual to :zeek:id:`checkpoint_state`. ## ## Returns: True on success. ## -## .. bro:see:: checkpoint_state +## .. zeek:see:: checkpoint_state function rescan_state%(%) : bool %{ return val_mgr->GetBool(persistence_serializer->ReadAll(false, true)); @@ -4997,7 +4997,7 @@ function rescan_state%(%) : bool ## ## Returns: True if opening the target file succeeds. ## -## .. bro:see:: capture_state_updates +## .. zeek:see:: capture_state_updates function capture_events%(filename: string%) : bool %{ if ( ! event_serializer ) @@ -5009,14 +5009,14 @@ function capture_events%(filename: string%) : bool (const char*) filename->CheckString())); %} -## Writes state updates generated by :bro:attr:`&synchronized` variables to a +## Writes state updates generated by :zeek:attr:`&synchronized` variables to a ## file. ## ## filename: The name of the file which stores the state updates. ## ## Returns: True if opening the target file succeeds. ## -## .. bro:see:: capture_events +## .. zeek:see:: capture_events function capture_state_updates%(filename: string%) : bool %{ if ( ! state_serializer ) @@ -5049,7 +5049,7 @@ function capture_state_updates%(filename: string%) : bool ## ## Returns: A locally unique ID of the new peer. ## -## .. bro:see:: disconnect +## .. zeek:see:: disconnect ## listen ## request_remote_events ## request_remote_sync @@ -5068,11 +5068,11 @@ function connect%(ip: addr, zone_id: string, p: port, our_class: string, retry: ## Terminate the connection with a peer. ## -## p: The peer ID returned from :bro:id:`connect`. +## p: The peer ID returned from :zeek:id:`connect`. ## ## Returns: True on success. ## -## .. bro:see:: connect listen +## .. zeek:see:: connect listen function disconnect%(p: event_peer%) : bool &deprecated %{ RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); @@ -5082,13 +5082,13 @@ function disconnect%(p: event_peer%) : bool &deprecated ## Subscribes to all events from a remote peer whose names match a given ## pattern. ## -## p: The peer ID returned from :bro:id:`connect`. +## p: The peer ID returned from :zeek:id:`connect`. ## ## handlers: The pattern describing the events to request from peer *p*. ## ## Returns: True on success. ## -## .. bro:see:: request_remote_sync +## .. zeek:see:: request_remote_sync ## request_remote_logs ## set_accept_state function request_remote_events%(p: event_peer, handlers: pattern%) : bool &deprecated @@ -5099,14 +5099,14 @@ function request_remote_events%(p: event_peer, handlers: pattern%) : bool &depre ## Requests synchronization of IDs with a remote peer. ## -## p: The peer ID returned from :bro:id:`connect`. +## p: The peer ID returned from :zeek:id:`connect`. ## ## auth: If true, the local instance considers its current state authoritative ## and sends it to *p* right after the handshake. ## ## Returns: True on success. ## -## .. bro:see:: request_remote_events +## .. zeek:see:: request_remote_events ## request_remote_logs ## set_accept_state function request_remote_sync%(p: event_peer, auth: bool%) : bool &deprecated @@ -5117,11 +5117,11 @@ function request_remote_sync%(p: event_peer, auth: bool%) : bool &deprecated ## Requests logs from a remote peer. ## -## p: The peer ID returned from :bro:id:`connect`. +## p: The peer ID returned from :zeek:id:`connect`. ## ## Returns: True on success. ## -## .. bro:see:: request_remote_events +## .. zeek:see:: request_remote_events ## request_remote_sync function request_remote_logs%(p: event_peer%) : bool &deprecated %{ @@ -5131,13 +5131,13 @@ function request_remote_logs%(p: event_peer%) : bool &deprecated ## Sets a boolean flag indicating whether Bro accepts state from a remote peer. ## -## p: The peer ID returned from :bro:id:`connect`. +## p: The peer ID returned from :zeek:id:`connect`. ## ## accept: True if Bro accepts state from peer *p*, or false otherwise. ## ## Returns: True on success. ## -## .. bro:see:: request_remote_events +## .. zeek:see:: request_remote_events ## request_remote_sync ## set_compression_level function set_accept_state%(p: event_peer, accept: bool%) : bool &deprecated @@ -5148,14 +5148,14 @@ function set_accept_state%(p: event_peer, accept: bool%) : bool &deprecated ## Sets the compression level of the session with a remote peer. ## -## p: The peer ID returned from :bro:id:`connect`. +## p: The peer ID returned from :zeek:id:`connect`. ## ## level: Allowed values are in the range *[0, 9]*, where 0 is the default and ## means no compression. ## ## Returns: True on success. ## -## .. bro:see:: set_accept_state +## .. zeek:see:: set_accept_state function set_compression_level%(p: event_peer, level: count%) : bool &deprecated %{ RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); @@ -5181,7 +5181,7 @@ function set_compression_level%(p: event_peer, level: count%) : bool &deprecated ## ## Returns: True on success. ## -## .. bro:see:: connect disconnect +## .. zeek:see:: connect disconnect function listen%(ip: addr, p: port, ssl: bool, ipv6: bool, zone_id: string, retry_interval: interval%) : bool &deprecated %{ return val_mgr->GetBool(remote_serializer->Listen(ip->AsAddr(), p->Port(), ssl, ipv6, zone_id->CheckString(), retry_interval)); @@ -5197,11 +5197,11 @@ function is_remote_event%(%) : bool ## Sends all persistent state to a remote peer. ## -## p: The peer ID returned from :bro:id:`connect`. +## p: The peer ID returned from :zeek:id:`connect`. ## ## Returns: True on success. ## -## .. bro:see:: send_id send_ping send_current_packet send_capture_filter +## .. zeek:see:: send_id send_ping send_current_packet send_capture_filter function send_state%(p: event_peer%) : bool %{ RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); @@ -5211,13 +5211,13 @@ function send_state%(p: event_peer%) : bool ## Sends a global identifier to a remote peer, which then might install it ## locally. ## -## p: The peer ID returned from :bro:id:`connect`. +## p: The peer ID returned from :zeek:id:`connect`. ## ## id: The identifier to send. ## ## Returns: True on success. ## -## .. bro:see:: send_state send_ping send_current_packet send_capture_filter +## .. zeek:see:: send_state send_ping send_current_packet send_capture_filter function send_id%(p: event_peer, id: string%) : bool &deprecated %{ RemoteSerializer::PeerID pid = p->AsRecordVal()->Lookup(0)->AsCount(); @@ -5245,7 +5245,7 @@ function terminate_communication%(%) : bool &deprecated ## Signals a remote peer that the local Bro instance finished the initial ## handshake. ## -## p: The peer ID returned from :bro:id:`connect`. +## p: The peer ID returned from :zeek:id:`connect`. ## ## Returns: True on success. function complete_handshake%(p: event_peer%) : bool &deprecated @@ -5255,16 +5255,16 @@ function complete_handshake%(p: event_peer%) : bool &deprecated %} ## Sends a ping event to a remote peer. In combination with an event handler -## for :bro:id:`remote_pong`, this function can be used to measure latency +## for :zeek:id:`remote_pong`, this function can be used to measure latency ## between two peers. ## -## p: The peer ID returned from :bro:id:`connect`. +## p: The peer ID returned from :zeek:id:`connect`. ## -## seq: A sequence number (also included by :bro:id:`remote_pong`). +## seq: A sequence number (also included by :zeek:id:`remote_pong`). ## ## Returns: True if sending the ping succeeds. ## -## .. bro:see:: send_state send_id send_current_packet send_capture_filter +## .. zeek:see:: send_state send_id send_current_packet send_capture_filter function send_ping%(p: event_peer, seq: count%) : bool &deprecated %{ RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); @@ -5273,11 +5273,11 @@ function send_ping%(p: event_peer, seq: count%) : bool &deprecated ## Sends the currently processed packet to a remote peer. ## -## p: The peer ID returned from :bro:id:`connect`. +## p: The peer ID returned from :zeek:id:`connect`. ## ## Returns: True if sending the packet succeeds. ## -## .. bro:see:: send_id send_state send_ping send_capture_filter +## .. zeek:see:: send_id send_state send_ping send_capture_filter ## dump_packet dump_current_packet get_current_packet function send_current_packet%(p: event_peer%) : bool &deprecated %{ @@ -5301,7 +5301,7 @@ function send_current_packet%(p: event_peer%) : bool &deprecated ## ## Returns: The ID of the peer who generated the last event. ## -## .. bro:see:: get_local_event_peer +## .. zeek:see:: get_local_event_peer function get_event_peer%(%) : event_peer &deprecated %{ SourceID src = mgr.CurrentSource(); @@ -5340,7 +5340,7 @@ function get_event_peer%(%) : event_peer &deprecated ## ## Returns: The peer ID of the local Bro instance. ## -## .. bro:see:: get_event_peer +## .. zeek:see:: get_event_peer function get_local_event_peer%(%) : event_peer &deprecated %{ RecordVal* p = mgr.GetLocalPeerVal(); @@ -5350,13 +5350,13 @@ function get_local_event_peer%(%) : event_peer &deprecated ## Sends a capture filter to a remote peer. ## -## p: The peer ID returned from :bro:id:`connect`. +## p: The peer ID returned from :zeek:id:`connect`. ## ## s: The capture filter. ## ## Returns: True if sending the packet succeeds. ## -## .. bro:see:: send_id send_state send_ping send_current_packet +## .. zeek:see:: send_id send_state send_ping send_current_packet function send_capture_filter%(p: event_peer, s: string%) : bool &deprecated %{ RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); @@ -5367,7 +5367,7 @@ function send_capture_filter%(p: event_peer, s: string%) : bool &deprecated ## distributed trace processing with communication enabled ## (*pseudo-realtime* mode). ## -## .. bro:see:: continue_processing suspend_state_updates resume_state_updates +## .. zeek:see:: continue_processing suspend_state_updates resume_state_updates function suspend_processing%(%) : any %{ net_suspend_processing(); @@ -5376,16 +5376,16 @@ function suspend_processing%(%) : any ## Resumes Bro's packet processing. ## -## .. bro:see:: suspend_processing suspend_state_updates resume_state_updates +## .. zeek:see:: suspend_processing suspend_state_updates resume_state_updates function continue_processing%(%) : any %{ net_continue_processing(); return 0; %} -## Stops propagating :bro:attr:`&synchronized` accesses. +## Stops propagating :zeek:attr:`&synchronized` accesses. ## -## .. bro:see:: suspend_processing continue_processing resume_state_updates +## .. zeek:see:: suspend_processing continue_processing resume_state_updates function suspend_state_updates%(%) : any &deprecated %{ if ( remote_serializer ) @@ -5393,9 +5393,9 @@ function suspend_state_updates%(%) : any &deprecated return 0; %} -## Resumes propagating :bro:attr:`&synchronized` accesses. +## Resumes propagating :zeek:attr:`&synchronized` accesses. ## -## .. bro:see:: suspend_processing continue_processing suspend_state_updates +## .. zeek:see:: suspend_processing continue_processing suspend_state_updates function resume_state_updates%(%) : any &deprecated %{ if ( remote_serializer ) @@ -5442,7 +5442,7 @@ function match_signatures%(c: connection, pattern_type: int, s: string, ## ## width: The number of bits from the top that should remain intact. ## -## .. bro:see:: preserve_subnet anonymize_addr +## .. zeek:see:: preserve_subnet anonymize_addr ## ## .. todo:: Currently dysfunctional. function preserve_prefix%(a: addr, width: count%): any @@ -5468,7 +5468,7 @@ function preserve_prefix%(a: addr, width: count%): any ## ## a: The subnet to preserve. ## -## .. bro:see:: preserve_prefix anonymize_addr +## .. zeek:see:: preserve_prefix anonymize_addr ## ## .. todo:: Currently dysfunctional. function preserve_subnet%(a: subnet%): any @@ -5504,7 +5504,7 @@ function preserve_subnet%(a: subnet%): any ## ## Returns: An anonymized version of *a*. ## -## .. bro:see:: preserve_prefix preserve_subnet +## .. zeek:see:: preserve_prefix preserve_subnet ## ## .. todo:: Currently dysfunctional. function anonymize_addr%(a: addr, cl: IPAddrAnonymizationClass%): addr diff --git a/src/broker/data.bif b/src/broker/data.bif index 2f6dc2cd77..53ce5d506c 100644 --- a/src/broker/data.bif +++ b/src/broker/data.bif @@ -7,7 +7,7 @@ module Broker; -## Enumerates the possible types that :bro:see:`Broker::Data` may be in +## Enumerates the possible types that :zeek:see:`Broker::Data` may be in ## terms of Bro data types. enum DataType %{ NONE, diff --git a/src/broker/messaging.bif b/src/broker/messaging.bif index ec7696c752..807cefa3fc 100644 --- a/src/broker/messaging.bif +++ b/src/broker/messaging.bif @@ -74,7 +74,7 @@ module Broker; type Broker::Event: record; ## Create a data structure that may be used to send a remote event via -## :bro:see:`Broker::publish`. +## :zeek:see:`Broker::publish`. ## ## args: an event, followed by a list of argument values that may be used ## to call it. @@ -93,7 +93,7 @@ function Broker::make_event%(...%): Broker::Event ## topic: a topic associated with the event message. ## ## args: Either the event arguments as already made by -## :bro:see:`Broker::make_event` or the argument list to pass along +## :zeek:see:`Broker::make_event` or the argument list to pass along ## to it. ## ## Returns: true if the message is sent. @@ -172,7 +172,7 @@ type Cluster::Pool: record; ## script like "Intel::cluster_rr_key". ## ## args: Either the event arguments as already made by -## :bro:see:`Broker::make_event` or the argument list to pass along +## :zeek:see:`Broker::make_event` or the argument list to pass along ## to it. ## ## Returns: true if the message is sent. @@ -215,7 +215,7 @@ function Cluster::publish_rr%(pool: Pool, key: string, ...%): bool ## distribute keys among available nodes. ## ## args: Either the event arguments as already made by -## :bro:see:`Broker::make_event` or the argument list to pass along +## :zeek:see:`Broker::make_event` or the argument list to pass along ## to it. ## ## Returns: true if the message is sent. diff --git a/src/event.bif b/src/event.bif index 2cab61752c..3932618188 100644 --- a/src/event.bif +++ b/src/event.bif @@ -24,7 +24,7 @@ # # - Parameters # -# - .. bro:see:: +# - .. zeek:see:: # # - .. note:: # @@ -35,12 +35,12 @@ ## one-time initialization code at startup. At the time a handler runs, Zeek will ## have executed any global initializations and statements. ## -## .. bro:see:: zeek_done +## .. zeek:see:: zeek_done ## ## .. note:: ## ## When a ``zeek_init`` handler executes, Zeek has not yet seen any input -## packets and therefore :bro:id:`network_time` is not initialized yet. An +## packets and therefore :zeek:id:`network_time` is not initialized yet. An ## artifact of that is that any timer installed in a ``zeek_init`` handler ## will fire immediately with the first packet. The standard way to work ## around that is to ignore the first time the timer fires and immediately @@ -50,7 +50,7 @@ event zeek_init%(%); ## Deprecated synonym for ``zeek_init``. ## -## .. bro:see: zeek_init +## .. zeek:see: zeek_init event bro_init%(%) &deprecated; ## Generated at Zeek termination time. The event engine generates this event when @@ -58,17 +58,17 @@ event bro_init%(%) &deprecated; ## trace file(s), receiving a termination signal, or because Zeek was run without ## a network input source and has finished executing any global statements. ## -## .. bro:see:: zeek_init +## .. zeek:see:: zeek_init ## ## .. note:: ## -## If Zeek terminates due to an invocation of :bro:id:`exit`, then this event +## If Zeek terminates due to an invocation of :zeek:id:`exit`, then this event ## is not generated. event zeek_done%(%); ## Deprecated synonym for ``zeek_done``. ## -## .. bro:see: zeek_done +## .. zeek:see: zeek_done event bro_done%(%) &deprecated; ## Generated for every new connection. This event is raised with the first @@ -78,7 +78,7 @@ event bro_done%(%) &deprecated; ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_established connection_external connection_finished ## connection_first_ACK connection_half_finished connection_partial_close ## connection_pending connection_rejected connection_reset connection_reused @@ -108,12 +108,12 @@ event tunnel_changed%(c: connection, e: EncapsulatingConnVector%); ## Generated when a TCP connection timed out. This event is raised when ## no activity was seen for an interval of at least -## :bro:id:`tcp_connection_linger`, and either one endpoint has already +## :zeek:id:`tcp_connection_linger`, and either one endpoint has already ## closed the connection or one side never became active. ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_established connection_external connection_finished ## connection_first_ACK connection_half_finished connection_partial_close ## connection_pending connection_rejected connection_reset connection_reused @@ -125,7 +125,7 @@ event tunnel_changed%(c: connection, e: EncapsulatingConnVector%); ## ## The precise semantics of this event can be unintuitive as it only ## covers a subset of cases where a connection times out. Often, handling -## :bro:id:`connection_state_remove` is the better option. That one will be +## :zeek:id:`connection_state_remove` is the better option. That one will be ## generated reliably when an interval of ``tcp_inactivity_timeout`` has ## passed without any activity seen (but also for all other ways a ## connection may terminate). @@ -140,7 +140,7 @@ event connection_timeout%(c: connection%); ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_established connection_external connection_finished ## connection_first_ACK connection_half_finished connection_partial_close ## connection_pending connection_rejected connection_reset connection_reused @@ -155,7 +155,7 @@ event connection_state_remove%(c: connection%); ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_established connection_external connection_finished ## connection_first_ACK connection_half_finished connection_partial_close ## connection_pending connection_rejected connection_reset connection_state_remove @@ -169,7 +169,7 @@ event connection_reused%(c: connection%); ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_established connection_external connection_finished ## connection_first_ACK connection_half_finished connection_partial_close ## connection_pending connection_rejected connection_reset connection_reused @@ -188,7 +188,7 @@ event connection_status_update%(c: connection%); ## ## new_label: The new flow label that the endpoint is using. ## -## .. bro:see:: connection_established new_connection +## .. zeek:see:: connection_established new_connection event connection_flow_label_changed%(c: connection, is_orig: bool, old_label: count, new_label: count%); ## Generated for a new connection received from the communication subsystem. @@ -208,11 +208,11 @@ event connection_external%(c: connection, tag: string%); ## ## u: The connection record for the corresponding UDP flow. ## -## .. bro:see:: udp_contents udp_reply udp_request +## .. zeek:see:: udp_contents udp_reply udp_request event udp_session_done%(u: connection%); ## Generated when a connection is seen that is marked as being expected. -## The function :bro:id:`Analyzer::schedule_analyzer` tells Bro to expect a +## The function :zeek:id:`Analyzer::schedule_analyzer` tells Bro to expect a ## particular connection to come up, and which analyzer to associate with it. ## Once the first packet of such a connection is indeed seen, this event is ## raised. @@ -220,11 +220,11 @@ event udp_session_done%(u: connection%); ## c: The connection. ## ## a: The analyzer that was scheduled for the connection with the -## :bro:id:`Analyzer::schedule_analyzer` call. When the event is raised, that +## :zeek:id:`Analyzer::schedule_analyzer` call. When the event is raised, that ## analyzer will already have been activated to process the connection. The ## ``count`` is one of the ``ANALYZER_*`` constants, e.g., ``ANALYZER_HTTP``. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_established connection_external connection_finished ## connection_first_ACK connection_half_finished connection_partial_close ## connection_pending connection_rejected connection_reset connection_reused @@ -243,11 +243,11 @@ event scheduled_analyzer_applied%(c: connection, a: Analyzer::Tag%); ## ## p: Information from the header of the packet that triggered the event. ## -## .. bro:see:: new_packet packet_contents +## .. zeek:see:: new_packet packet_contents event raw_packet%(p: raw_pkt_hdr%); ## Generated for all packets that make it into Bro's connection processing. In -## contrast to :bro:id:`raw_packet` this filters out some more packets that don't +## contrast to :zeek:id:`raw_packet` this filters out some more packets that don't ## pass certain sanity checks. ## ## This is a very low-level and expensive event that should be avoided when at all @@ -259,7 +259,7 @@ event raw_packet%(p: raw_pkt_hdr%); ## ## p: Information from the header of the packet that triggered the event. ## -## .. bro:see:: tcp_packet packet_contents raw_packet +## .. zeek:see:: tcp_packet packet_contents raw_packet event new_packet%(c: connection, p: pkt_hdr%); ## Generated for every IPv6 packet that contains extension headers. @@ -270,7 +270,7 @@ event new_packet%(c: connection, p: pkt_hdr%); ## ## p: Information from the header of the packet that triggered the event. ## -## .. bro:see:: new_packet tcp_packet packet_contents esp_packet +## .. zeek:see:: new_packet tcp_packet packet_contents esp_packet event ipv6_ext_headers%(c: connection, p: pkt_hdr%); ## Generated for any packets using the IPv6 Encapsulating Security Payload (ESP) @@ -278,35 +278,35 @@ event ipv6_ext_headers%(c: connection, p: pkt_hdr%); ## ## p: Information from the header of the packet that triggered the event. ## -## .. bro:see:: new_packet tcp_packet ipv6_ext_headers +## .. zeek:see:: new_packet tcp_packet ipv6_ext_headers event esp_packet%(p: pkt_hdr%); ## Generated for any packet using a Mobile IPv6 Mobility Header. ## ## p: Information from the header of the packet that triggered the event. ## -## .. bro:see:: new_packet tcp_packet ipv6_ext_headers +## .. zeek:see:: new_packet tcp_packet ipv6_ext_headers event mobile_ipv6_message%(p: pkt_hdr%); ## Generated for every packet that has a non-empty transport-layer payload. ## This is a very low-level and expensive event that should be avoided when ## at all possible. It's usually infeasible to handle when processing even ## medium volumes of traffic in real-time. It's even worse than -## :bro:id:`new_packet`. That said, if you work from a trace and want to +## :zeek:id:`new_packet`. That said, if you work from a trace and want to ## do some packet-level analysis, it may come in handy. ## ## c: The connection the packet is part of. ## ## contents: The raw transport-layer payload. ## -## .. bro:see:: new_packet tcp_packet +## .. zeek:see:: new_packet tcp_packet event packet_contents%(c: connection, contents: string%); ## Generated when Bro detects a TCP retransmission inconsistency. When ## reassembling a TCP stream, Bro buffers all payload until it sees the ## responder acking it. If during that time, the sender resends a chunk of ## payload but with different content than originally, this event will be -## raised. In addition, if :bro:id:`tcp_max_old_segments` is larger than zero, +## raised. In addition, if :zeek:id:`tcp_max_old_segments` is larger than zero, ## mismatches with that older still-buffered data will likewise trigger the event. ## ## c: The connection showing the inconsistency. @@ -321,7 +321,7 @@ event packet_contents%(c: connection, contents: string%); ## ``A`` -> ACK; ``P`` -> PUSH. This string will not always be set, ## only if the information is available; it's "best effort". ## -## .. bro:see:: tcp_rexmit tcp_contents +## .. zeek:see:: tcp_rexmit tcp_contents event rexmit_inconsistency%(c: connection, t1: string, t2: string, tcp_flags: string%); ## Generated when Bro detects a gap in a reassembled TCP payload stream. This @@ -362,14 +362,14 @@ event content_gap%(c: connection, is_orig: bool, seq: count, length: count%); ## aid: A unique integer ID identifying the specific *instance* of the ## analyzer *atype* that is analyzing the connection ``c``. The ID can ## be used to reference the analyzer when using builtin functions like -## :bro:id:`disable_analyzer`. +## :zeek:id:`disable_analyzer`. ## -## .. bro:see:: protocol_violation +## .. zeek:see:: protocol_violation ## ## .. note:: ## ## Bro's default scripts use this event to determine the ``service`` column -## of :bro:type:`Conn::Info`: once confirmed, the protocol will be listed +## of :zeek:type:`Conn::Info`: once confirmed, the protocol will be listed ## there (and thus in ``conn.log``). event protocol_confirmation%(c: connection, atype: Analyzer::Tag, aid: count%); @@ -390,16 +390,16 @@ event protocol_confirmation%(c: connection, atype: Analyzer::Tag, aid: count%); ## aid: A unique integer ID identifying the specific *instance* of the ## analyzer *atype* that is analyzing the connection ``c``. The ID can ## be used to reference the analyzer when using builtin functions like -## :bro:id:`disable_analyzer`. +## :zeek:id:`disable_analyzer`. ## ## reason: TODO. ## -## .. bro:see:: protocol_confirmation +## .. zeek:see:: protocol_confirmation ## ## .. note:: ## ## Bro's default scripts use this event to disable an analyzer via -## :bro:id:`disable_analyzer` if it's parsing the wrong protocol. That's +## :zeek:id:`disable_analyzer` if it's parsing the wrong protocol. That's ## however a script-level decision and not done automatically by the event ## engine. event protocol_violation%(c: connection, atype: Analyzer::Tag, aid: count, reason: string%); @@ -414,7 +414,7 @@ event protocol_violation%(c: connection, atype: Analyzer::Tag, aid: count, reaso ## ## rs: Statistics for the responder endpoint. ## -## .. bro:see:: connection_state_remove +## .. zeek:see:: connection_state_remove event conn_stats%(c: connection, os: endpoint_stats, rs: endpoint_stats%); ## Generated for unexpected activity related to a specific connection. When @@ -431,7 +431,7 @@ event conn_stats%(c: connection, os: endpoint_stats, rs: endpoint_stats%); ## ## addl: Optional additional context further describing the situation. ## -## .. bro:see:: flow_weird net_weird file_weird +## .. zeek:see:: flow_weird net_weird file_weird ## ## .. note:: "Weird" activity is much more common in real-world network traffic ## than one would intuitively expect. While in principle, any protocol @@ -454,7 +454,7 @@ event conn_weird%(name: string, c: connection, addl: string%); ## ## dst: The destination address corresponding to the activity. ## -## .. bro:see:: conn_weird net_weird file_weird +## .. zeek:see:: conn_weird net_weird file_weird ## ## .. note:: "Weird" activity is much more common in real-world network traffic ## than one would intuitively expect. While in principle, any protocol @@ -472,7 +472,7 @@ event flow_weird%(name: string, src: addr, dst: addr%); ## scripts use this name in filtering policies that specify which ## "weirds" are worth reporting. ## -## .. bro:see:: flow_weird file_weird +## .. zeek:see:: flow_weird file_weird ## ## .. note:: "Weird" activity is much more common in real-world network traffic ## than one would intuitively expect. While in principle, any protocol @@ -493,7 +493,7 @@ event net_weird%(name: string%); ## ## addl: Additional information related to the weird. ## -## .. bro:see:: flow_weird net_weird conn_weird +## .. zeek:see:: flow_weird net_weird conn_weird ## ## .. note:: "Weird" activity is much more common in real-world network traffic ## than one would intuitively expect. While in principle, any protocol @@ -502,7 +502,7 @@ event net_weird%(name: string%); event file_weird%(name: string, f: fa_file, addl: string%); ## Generated regularly for the purpose of profiling Bro's processing. This event -## is raised for every :bro:id:`load_sample_freq` packet. For these packets, +## is raised for every :zeek:id:`load_sample_freq` packet. For these packets, ## Bro records script-level functions executed during their processing as well ## as further internal locations. By sampling the processing in this form, one ## can understand where Bro spends its time. @@ -538,7 +538,7 @@ event signature_match%(state: signature_state, msg: string, data: string%); ## used on a system. This is a protocol-independent event that is fed by ## different analyzers. For example, the HTTP analyzer reports user-agent and ## server software by raising this event, assuming it can parse it (if not, -## :bro:id:`software_parse_error` will be generated instead). +## :zeek:id:`software_parse_error` will be generated instead). ## ## c: The connection. ## @@ -549,7 +549,7 @@ event signature_match%(state: signature_state, msg: string, data: string%); ## descr: The raw (unparsed) software identification string as extracted from ## the protocol. ## -## .. bro:see:: software_parse_error software_unparsed_version_found OS_version_found +## .. zeek:see:: software_parse_error software_unparsed_version_found OS_version_found event software_version_found%(c: connection, host: addr, s: software, descr: string%); @@ -557,7 +557,7 @@ event software_version_found%(c: connection, host: addr, ## used on a system but cannot parse it. This is a protocol-independent event ## that is fed by different analyzers. For example, the HTTP analyzer reports ## user-agent and server software by raising this event if it cannot parse them -## directly (if it can :bro:id:`software_version_found` will be generated +## directly (if it can :zeek:id:`software_version_found` will be generated ## instead). ## ## c: The connection. @@ -567,7 +567,7 @@ event software_version_found%(c: connection, host: addr, ## descr: The raw (unparsed) software identification string as extracted from ## the protocol. ## -## .. bro:see:: software_version_found software_unparsed_version_found +## .. zeek:see:: software_version_found software_unparsed_version_found ## OS_version_found event software_parse_error%(c: connection, host: addr, descr: string%); @@ -575,7 +575,7 @@ event software_parse_error%(c: connection, host: addr, descr: string%); ## used on a system. This is a protocol-independent event that is fed by ## different analyzers. For example, the HTTP analyzer reports user-agent and ## server software by raising this event. Different from -## :bro:id:`software_version_found` and :bro:id:`software_parse_error`, this +## :zeek:id:`software_version_found` and :zeek:id:`software_parse_error`, this ## event is always raised, independent of whether Bro can parse the version ## string. ## @@ -585,13 +585,13 @@ event software_parse_error%(c: connection, host: addr, descr: string%); ## ## str: The software identification string as extracted from the protocol. ## -## .. bro:see:: software_parse_error software_version_found OS_version_found +## .. zeek:see:: software_parse_error software_version_found OS_version_found event software_unparsed_version_found%(c: connection, host: addr, str: string%); ## Generated when an operating system has been fingerprinted. Bro uses `p0f ## `__ to fingerprint endpoints passively, ## and it raises this event for each system identified. The p0f fingerprints are -## defined by :bro:id:`passive_fingerprint_file`. +## defined by :zeek:id:`passive_fingerprint_file`. ## ## c: The connection. ## @@ -599,7 +599,7 @@ event software_unparsed_version_found%(c: connection, host: addr, str: string%); ## ## OS: The OS version string. ## -## .. bro:see:: passive_fingerprint_file software_parse_error +## .. zeek:see:: passive_fingerprint_file software_parse_error ## software_version_found software_unparsed_version_found ## generate_OS_version_event event OS_version_found%(c: connection, host: addr, OS: OS_version%); @@ -610,7 +610,7 @@ event OS_version_found%(c: connection, host: addr, OS: OS_version%); ## ## p: A record describing the peer. ## -## .. bro:see:: remote_capture_filter remote_connection_closed remote_connection_error +## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error ## remote_connection_handshake_done remote_event_registered remote_log remote_pong ## remote_state_access_performed remote_state_inconsistency print_hook event remote_connection_established%(p: event_peer%); @@ -621,7 +621,7 @@ event remote_connection_established%(p: event_peer%); ## ## p: A record describing the peer. ## -## .. bro:see:: remote_capture_filter remote_connection_error +## .. zeek:see:: remote_capture_filter remote_connection_error ## remote_connection_established remote_connection_handshake_done ## remote_event_registered remote_log remote_pong remote_state_access_performed ## remote_state_inconsistency print_hook @@ -633,7 +633,7 @@ event remote_connection_closed%(p: event_peer%); ## ## p: A record describing the peer. ## -## .. bro:see:: remote_capture_filter remote_connection_closed remote_connection_error +## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error ## remote_connection_established remote_event_registered remote_log remote_pong ## remote_state_access_performed remote_state_inconsistency print_hook event remote_connection_handshake_done%(p: event_peer%); @@ -646,7 +646,7 @@ event remote_connection_handshake_done%(p: event_peer%); ## ## name: TODO. ## -## .. bro:see:: remote_capture_filter remote_connection_closed +## .. zeek:see:: remote_capture_filter remote_connection_closed ## remote_connection_error remote_connection_established ## remote_connection_handshake_done remote_log remote_pong ## remote_state_access_performed remote_state_inconsistency print_hook @@ -660,7 +660,7 @@ event remote_event_registered%(p: event_peer, name: string%); ## ## reason: A textual description of the error. ## -## .. bro:see:: remote_capture_filter remote_connection_closed +## .. zeek:see:: remote_capture_filter remote_connection_closed ## remote_connection_established remote_connection_handshake_done ## remote_event_registered remote_log remote_pong remote_state_access_performed ## remote_state_inconsistency print_hook @@ -674,20 +674,20 @@ event remote_connection_error%(p: event_peer, reason: string%); ## ## filter: The filter string sent by the peer. ## -## .. bro:see:: remote_connection_closed remote_connection_error +## .. zeek:see:: remote_connection_closed remote_connection_error ## remote_connection_established remote_connection_handshake_done ## remote_event_registered remote_log remote_pong remote_state_access_performed ## remote_state_inconsistency print_hook event remote_capture_filter%(p: event_peer, filter: string%); -## Generated after a call to :bro:id:`send_state` when all data has been +## Generated after a call to :zeek:id:`send_state` when all data has been ## successfully sent to the remote side. While this event is ## intended primarily for use by Bro's communication framework, it can also ## trigger additional code if helpful. ## ## p: A record describing the remote peer. ## -## .. bro:see:: remote_capture_filter remote_connection_closed +## .. zeek:see:: remote_capture_filter remote_connection_closed ## remote_connection_error remote_connection_established ## remote_connection_handshake_done remote_event_registered remote_log remote_pong ## remote_state_access_performed remote_state_inconsistency print_hook @@ -696,7 +696,7 @@ event finished_send_state%(p: event_peer%); ## Generated if state synchronization detects an inconsistency. While this ## event is intended primarily for use by Bro's communication framework, it can ## also trigger additional code if helpful. This event is only raised if -## :bro:id:`remote_check_sync_consistency` is false. +## :zeek:id:`remote_check_sync_consistency` is false. ## ## operation: The textual description of the state operation performed. ## @@ -709,7 +709,7 @@ event finished_send_state%(p: event_peer%); ## found before the operation was carried out. The difference between ## *real_old* and *expected_old* is the inconsistency being reported. ## -## .. bro:see:: remote_capture_filter remote_connection_closed +## .. zeek:see:: remote_capture_filter remote_connection_closed ## remote_connection_error remote_connection_established ## remote_connection_handshake_done remote_event_registered remote_log remote_pong ## remote_state_access_performed print_hook remote_check_sync_consistency @@ -720,17 +720,17 @@ event remote_state_inconsistency%(operation: string, id: string, ## intended primarily for use by Bro's communication framework, it can also ## trigger additional code if helpful. ## -## level: The log level, which is either :bro:id:`REMOTE_LOG_INFO` or -## :bro:id:`REMOTE_LOG_ERROR`. +## level: The log level, which is either :zeek:id:`REMOTE_LOG_INFO` or +## :zeek:id:`REMOTE_LOG_ERROR`. ## ## src: The component of the communication system that logged the message. -## Currently, this will be one of :bro:id:`REMOTE_SRC_CHILD` (Bro's -## child process), :bro:id:`REMOTE_SRC_PARENT` (Bro's main process), or -## :bro:id:`REMOTE_SRC_SCRIPT` (the script level). +## Currently, this will be one of :zeek:id:`REMOTE_SRC_CHILD` (Bro's +## child process), :zeek:id:`REMOTE_SRC_PARENT` (Bro's main process), or +## :zeek:id:`REMOTE_SRC_SCRIPT` (the script level). ## ## msg: The message logged. ## -## .. bro:see:: remote_capture_filter remote_connection_closed remote_connection_error +## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error ## remote_connection_established remote_connection_handshake_done ## remote_event_registered remote_pong remote_state_access_performed ## remote_state_inconsistency print_hook remote_log_peer @@ -739,21 +739,21 @@ event remote_log%(level: count, src: count, msg: string%); ## Generated for communication log messages. While this event is ## intended primarily for use by Bro's communication framework, it can also ## trigger additional code if helpful. This event is equivalent to -## :bro:see:`remote_log` except the message is with respect to a certain peer. +## :zeek:see:`remote_log` except the message is with respect to a certain peer. ## ## p: A record describing the remote peer. ## -## level: The log level, which is either :bro:id:`REMOTE_LOG_INFO` or -## :bro:id:`REMOTE_LOG_ERROR`. +## level: The log level, which is either :zeek:id:`REMOTE_LOG_INFO` or +## :zeek:id:`REMOTE_LOG_ERROR`. ## ## src: The component of the communication system that logged the message. -## Currently, this will be one of :bro:id:`REMOTE_SRC_CHILD` (Bro's -## child process), :bro:id:`REMOTE_SRC_PARENT` (Bro's main process), or -## :bro:id:`REMOTE_SRC_SCRIPT` (the script level). +## Currently, this will be one of :zeek:id:`REMOTE_SRC_CHILD` (Bro's +## child process), :zeek:id:`REMOTE_SRC_PARENT` (Bro's main process), or +## :zeek:id:`REMOTE_SRC_SCRIPT` (the script level). ## ## msg: The message logged. ## -## .. bro:see:: remote_capture_filter remote_connection_closed remote_connection_error +## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error ## remote_connection_established remote_connection_handshake_done ## remote_event_registered remote_pong remote_state_access_performed ## remote_state_inconsistency print_hook remote_log @@ -761,12 +761,12 @@ event remote_log_peer%(p: event_peer, level: count, src: count, msg: string%); ## Generated when a remote peer has answered to our ping. This event is part of ## Bro's infrastructure for measuring communication latency. One can send a ping -## by calling :bro:id:`send_ping` and when a corresponding reply is received, +## by calling :zeek:id:`send_ping` and when a corresponding reply is received, ## this event will be raised. ## ## p: The peer sending us the pong. ## -## seq: The sequence number passed to the original :bro:id:`send_ping` call. +## seq: The sequence number passed to the original :zeek:id:`send_ping` call. ## The number is sent back by the peer in its response. ## ## d1: The time interval between sending the ping and receiving the pong. This @@ -779,7 +779,7 @@ event remote_log_peer%(p: event_peer, level: count, src: count, msg: string%); ## ping and when its parent process sent the pong. This is the ## processing latency at the peer. ## -## .. bro:see:: remote_capture_filter remote_connection_closed remote_connection_error +## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error ## remote_connection_established remote_connection_handshake_done ## remote_event_registered remote_log remote_state_access_performed ## remote_state_inconsistency print_hook @@ -793,27 +793,27 @@ event remote_pong%(p: event_peer, seq: count, ## ## v: The new value of the variable. ## -## .. bro:see:: remote_capture_filter remote_connection_closed remote_connection_error +## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error ## remote_connection_established remote_connection_handshake_done ## remote_event_registered remote_log remote_pong remote_state_inconsistency ## print_hook event remote_state_access_performed%(id: string, v: any%); ## Generated each time Bro's internal profiling log is updated. The file is -## defined by :bro:id:`profiling_file`, and its update frequency by -## :bro:id:`profiling_interval` and :bro:id:`expensive_profiling_multiple`. +## defined by :zeek:id:`profiling_file`, and its update frequency by +## :zeek:id:`profiling_interval` and :zeek:id:`expensive_profiling_multiple`. ## ## f: The profiling file. ## ## expensive: True if this event corresponds to heavier-weight profiling as -## indicated by the :bro:id:`expensive_profiling_multiple` variable. +## indicated by the :zeek:id:`expensive_profiling_multiple` variable. ## -## .. bro:see:: profiling_interval expensive_profiling_multiple +## .. zeek:see:: profiling_interval expensive_profiling_multiple event profiling_update%(f: file, expensive: bool%); ## Raised for informational messages reported via Bro's reporter framework. Such ## messages may be generated internally by the event engine and also by other -## scripts calling :bro:id:`Reporter::info`. +## scripts calling :zeek:id:`Reporter::info`. ## ## t: The time the message was passed to the reporter. ## @@ -822,7 +822,7 @@ event profiling_update%(f: file, expensive: bool%); ## location: A (potentially empty) string describing a location associated with ## the message. ## -## .. bro:see:: reporter_warning reporter_error Reporter::info Reporter::warning +## .. zeek:see:: reporter_warning reporter_error Reporter::info Reporter::warning ## Reporter::error ## ## .. note:: Bro will not call reporter events recursively. If the handler of @@ -832,7 +832,7 @@ event reporter_info%(t: time, msg: string, location: string%) &error_handler; ## Raised for warnings reported via Bro's reporter framework. Such messages may ## be generated internally by the event engine and also by other scripts calling -## :bro:id:`Reporter::warning`. +## :zeek:id:`Reporter::warning`. ## ## t: The time the warning was passed to the reporter. ## @@ -841,7 +841,7 @@ event reporter_info%(t: time, msg: string, location: string%) &error_handler; ## location: A (potentially empty) string describing a location associated with ## the warning. ## -## .. bro:see:: reporter_info reporter_error Reporter::info Reporter::warning +## .. zeek:see:: reporter_info reporter_error Reporter::info Reporter::warning ## Reporter::error ## ## .. note:: Bro will not call reporter events recursively. If the handler of @@ -851,7 +851,7 @@ event reporter_warning%(t: time, msg: string, location: string%) &error_handler; ## Raised for errors reported via Bro's reporter framework. Such messages may ## be generated internally by the event engine and also by other scripts calling -## :bro:id:`Reporter::error`. +## :zeek:id:`Reporter::error`. ## ## t: The time the error was passed to the reporter. ## @@ -860,7 +860,7 @@ event reporter_warning%(t: time, msg: string, location: string%) &error_handler; ## location: A (potentially empty) string describing a location associated with ## the error. ## -## .. bro:see:: reporter_info reporter_warning Reporter::info Reporter::warning +## .. zeek:see:: reporter_info reporter_warning Reporter::info Reporter::warning ## Reporter::error ## ## .. note:: Bro will not call reporter events recursively. If the handler of @@ -878,11 +878,11 @@ event zeek_script_loaded%(path: string, level: count%); ## Deprecated synonym for ``zeek_script_loaded``. ## -## .. bro:see: zeek_script_loaded +## .. zeek:see: zeek_script_loaded event bro_script_loaded%(path: string, level: count%) &deprecated; ## Generated each time Bro's script interpreter opens a file. This event is -## triggered only for files opened via :bro:id:`open`, and in particular not for +## triggered only for files opened via :zeek:id:`open`, and in particular not for ## normal log files as created by log writers. ## ## f: The opened file. @@ -896,7 +896,7 @@ event event_queue_flush_point%(%); ## belongs. All incoming data to the framework is buffered, and depends ## on a handler for this event to return a string value that uniquely ## identifies a file. Among all handlers of this event, the last one to -## call :bro:see:`set_file_handle` will "win". +## call :zeek:see:`set_file_handle` will "win". ## ## tag: The analyzer which is carrying the file data. ## @@ -904,15 +904,15 @@ event event_queue_flush_point%(%); ## ## is_orig: The direction the file data is flowing over the connection. ## -## .. bro:see:: set_file_handle +## .. zeek:see:: set_file_handle event get_file_handle%(tag: Analyzer::Tag, c: connection, is_orig: bool%); ## Indicates that an analysis of a new file has begun. The analysis can be -## augmented at this time via :bro:see:`Files::add_analyzer`. +## augmented at this time via :zeek:see:`Files::add_analyzer`. ## ## f: The file. ## -## .. bro:see:: file_over_new_connection file_timeout file_gap +## .. zeek:see:: file_over_new_connection file_timeout file_gap ## file_sniff file_state_remove event file_new%(f: fa_file%); @@ -925,16 +925,16 @@ event file_new%(f: fa_file%); ## ## is_orig: true if the originator of *c* is the one sending the file. ## -## .. bro:see:: file_new file_timeout file_gap file_sniff +## .. zeek:see:: file_new file_timeout file_gap file_sniff ## file_state_remove event file_over_new_connection%(f: fa_file, c: connection, is_orig: bool%); ## Provide all metadata that has been inferred about a particular file ## from inspection of the initial content that been seen at the beginning ## of the file. The analysis can be augmented at this time via -## :bro:see:`Files::add_analyzer`. The amount of data fed into the file +## :zeek:see:`Files::add_analyzer`. The amount of data fed into the file ## sniffing can be increased or decreased by changing either -## :bro:see:`default_file_bof_buffer_size` or the `bof_buffer_size` field +## :zeek:see:`default_file_bof_buffer_size` or the `bof_buffer_size` field ## in an `fa_file` record. The event will be raised even if content inspection ## has been unable to infer any metadata, in which case the fields in *meta* ## will be left all unset. @@ -943,7 +943,7 @@ event file_over_new_connection%(f: fa_file, c: connection, is_orig: bool%); ## ## meta: Metadata that's been discovered about the file. ## -## .. bro:see:: file_over_new_connection file_timeout file_gap +## .. zeek:see:: file_over_new_connection file_timeout file_gap ## file_state_remove event file_sniff%(f: fa_file, meta: fa_metadata%); @@ -952,7 +952,7 @@ event file_sniff%(f: fa_file, meta: fa_metadata%); ## ## f: The file. ## -## .. bro:see:: file_new file_over_new_connection file_gap +## .. zeek:see:: file_new file_over_new_connection file_gap ## file_sniff file_state_remove default_file_timeout_interval ## Files::set_timeout_interval event file_timeout%(f: fa_file%); @@ -965,12 +965,12 @@ event file_timeout%(f: fa_file%); ## ## len: The number of missing bytes. ## -## .. bro:see:: file_new file_over_new_connection file_timeout +## .. zeek:see:: file_new file_over_new_connection file_timeout ## file_sniff file_state_remove file_reassembly_overflow event file_gap%(f: fa_file, offset: count, len: count%); ## Indicates that the file had an overflow of the reassembly buffer. -## This is a specialization of the :bro:id:`file_gap` event. +## This is a specialization of the :zeek:id:`file_gap` event. ## ## f: The file. ## @@ -981,7 +981,7 @@ event file_gap%(f: fa_file, offset: count, len: count%); ## file data and get back under the reassembly buffer size limit. ## This value will also be represented as a gap. ## -## .. bro:see:: file_new file_over_new_connection file_timeout +## .. zeek:see:: file_new file_over_new_connection file_timeout ## file_sniff file_state_remove file_gap ## Files::enable_reassembler Files::reassembly_buffer_size ## Files::enable_reassembly Files::disable_reassembly @@ -992,7 +992,7 @@ event file_reassembly_overflow%(f: fa_file, offset: count, skipped: count%); ## ## f: The file. ## -## .. bro:see:: file_new file_over_new_connection file_timeout file_gap +## .. zeek:see:: file_new file_over_new_connection file_timeout file_gap ## file_sniff event file_state_remove%(f: fa_file%); @@ -1003,7 +1003,7 @@ event file_state_remove%(f: fa_file%); ## ## dm: A record describing the new resolver result (which matches the old one). ## -## .. bro:see:: dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name +## .. zeek:see:: dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name ## dns_mapping_unverified event dns_mapping_valid%(dm: dns_mapping%); @@ -1015,7 +1015,7 @@ event dns_mapping_valid%(dm: dns_mapping%); ## ## dm: A record describing the old resolver result. ## -## .. bro:see:: dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name +## .. zeek:see:: dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name ## dns_mapping_valid event dns_mapping_unverified%(dm: dns_mapping%); @@ -1026,7 +1026,7 @@ event dns_mapping_unverified%(dm: dns_mapping%); ## ## dm: A record describing the new resolver result. ## -## .. bro:see:: dns_mapping_altered dns_mapping_lost_name dns_mapping_unverified +## .. zeek:see:: dns_mapping_altered dns_mapping_lost_name dns_mapping_unverified ## dns_mapping_valid event dns_mapping_new_name%(dm: dns_mapping%); @@ -1038,7 +1038,7 @@ event dns_mapping_new_name%(dm: dns_mapping%); ## ## dm: A record describing the old resolver result. ## -## .. bro:see:: dns_mapping_altered dns_mapping_new_name dns_mapping_unverified +## .. zeek:see:: dns_mapping_altered dns_mapping_new_name dns_mapping_unverified ## dns_mapping_valid event dns_mapping_lost_name%(dm: dns_mapping%); @@ -1055,7 +1055,7 @@ event dns_mapping_lost_name%(dm: dns_mapping%); ## new_addrs: Addresses that were not part of the returned set for the query ## described by *dm*, but now are. ## -## .. bro:see:: dns_mapping_lost_name dns_mapping_new_name dns_mapping_unverified +## .. zeek:see:: dns_mapping_lost_name dns_mapping_new_name dns_mapping_unverified ## dns_mapping_valid event dns_mapping_altered%(dm: dns_mapping, old_addrs: addr_set, new_addrs: addr_set%); diff --git a/src/file_analysis/analyzer/extract/events.bif b/src/file_analysis/analyzer/extract/events.bif index d1dfe0c654..2324294b88 100644 --- a/src/file_analysis/analyzer/extract/events.bif +++ b/src/file_analysis/analyzer/extract/events.bif @@ -1,17 +1,17 @@ ## This event is generated when a file extraction analyzer is about ## to exceed the maximum permitted file size allowed by the -## *extract_limit* field of :bro:see:`Files::AnalyzerArgs`. +## *extract_limit* field of :zeek:see:`Files::AnalyzerArgs`. ## The analyzer is automatically removed from file *f*. ## ## f: The file. ## ## args: Arguments that identify a particular file extraction analyzer. ## This is only provided to be able to pass along to -## :bro:see:`FileExtract::set_limit`. +## :zeek:see:`FileExtract::set_limit`. ## ## limit: The limit, in bytes, the extracted file is about to breach. ## ## len: The length of the file chunk about to be written. ## -## .. bro:see:: Files::add_analyzer Files::ANALYZER_EXTRACT +## .. zeek:see:: Files::add_analyzer Files::ANALYZER_EXTRACT event file_extraction_limit%(f: fa_file, args: Files::AnalyzerArgs, limit: count, len: count%); diff --git a/src/file_analysis/analyzer/extract/functions.bif b/src/file_analysis/analyzer/extract/functions.bif index 18e9dde171..c91f0590bd 100644 --- a/src/file_analysis/analyzer/extract/functions.bif +++ b/src/file_analysis/analyzer/extract/functions.bif @@ -6,7 +6,7 @@ module FileExtract; #include "file_analysis/Manager.h" %%} -## :bro:see:`FileExtract::set_limit`. +## :zeek:see:`FileExtract::set_limit`. function FileExtract::__set_limit%(file_id: string, args: any, n: count%): bool %{ using BifType::Record::Files::AnalyzerArgs; diff --git a/src/file_analysis/analyzer/hash/events.bif b/src/file_analysis/analyzer/hash/events.bif index e03cbf359a..814c4741e6 100644 --- a/src/file_analysis/analyzer/hash/events.bif +++ b/src/file_analysis/analyzer/hash/events.bif @@ -7,6 +7,6 @@ ## ## hash: The result of the hashing. ## -## .. bro:see:: Files::add_analyzer Files::ANALYZER_MD5 +## .. zeek:see:: Files::add_analyzer Files::ANALYZER_MD5 ## Files::ANALYZER_SHA1 Files::ANALYZER_SHA256 event file_hash%(f: fa_file, kind: string, hash: string%); diff --git a/src/file_analysis/analyzer/pe/events.bif b/src/file_analysis/analyzer/pe/events.bif index c804937c49..1d25936a65 100644 --- a/src/file_analysis/analyzer/pe/events.bif +++ b/src/file_analysis/analyzer/pe/events.bif @@ -6,7 +6,7 @@ ## ## h: The parsed DOS header information. ## -## .. bro:see:: pe_dos_code pe_file_header pe_optional_header pe_section_header +## .. zeek:see:: pe_dos_code pe_file_header pe_optional_header pe_section_header event pe_dos_header%(f: fa_file, h: PE::DOSHeader%); ## A :abbr:`PE (Portable Executable)` file DOS stub was parsed. @@ -17,7 +17,7 @@ event pe_dos_header%(f: fa_file, h: PE::DOSHeader%); ## ## code: The DOS stub ## -## .. bro:see:: pe_dos_header pe_file_header pe_optional_header pe_section_header +## .. zeek:see:: pe_dos_header pe_file_header pe_optional_header pe_section_header event pe_dos_code%(f: fa_file, code: string%); ## A :abbr:`PE (Portable Executable)` file file header was parsed. @@ -29,7 +29,7 @@ event pe_dos_code%(f: fa_file, code: string%); ## ## h: The parsed file header information. ## -## .. bro:see:: pe_dos_header pe_dos_code pe_optional_header pe_section_header +## .. zeek:see:: pe_dos_header pe_dos_code pe_optional_header pe_section_header event pe_file_header%(f: fa_file, h: PE::FileHeader%); ## A :abbr:`PE (Portable Executable)` file optional header was parsed. @@ -42,7 +42,7 @@ event pe_file_header%(f: fa_file, h: PE::FileHeader%); ## ## h: The parsed optional header information. ## -## .. bro:see:: pe_dos_header pe_dos_code pe_file_header pe_section_header +## .. zeek:see:: pe_dos_header pe_dos_code pe_file_header pe_section_header event pe_optional_header%(f: fa_file, h: PE::OptionalHeader%); ## A :abbr:`PE (Portable Executable)` file section header was parsed. @@ -53,5 +53,5 @@ event pe_optional_header%(f: fa_file, h: PE::OptionalHeader%); ## ## h: The parsed section header information. ## -## .. bro:see:: pe_dos_header pe_dos_code pe_file_header pe_optional_header +## .. zeek:see:: pe_dos_header pe_dos_code pe_file_header pe_optional_header event pe_section_header%(f: fa_file, h: PE::SectionHeader%); diff --git a/src/file_analysis/analyzer/x509/events.bif b/src/file_analysis/analyzer/x509/events.bif index 68afe5340a..fd4f9fadfe 100644 --- a/src/file_analysis/analyzer/x509/events.bif +++ b/src/file_analysis/analyzer/x509/events.bif @@ -11,7 +11,7 @@ ## ## cert: The parsed certificate information. ## -## .. bro:see:: x509_extension x509_ext_basic_constraints +## .. zeek:see:: x509_extension x509_ext_basic_constraints ## x509_ext_subject_alternative_name x509_parse x509_verify ## x509_get_certificate_string x509_ocsp_ext_signed_certificate_timestamp event x509_certificate%(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate%); @@ -25,7 +25,7 @@ event x509_certificate%(f: fa_file, cert_ref: opaque of x509, cert: X509::Certif ## ## ext: The parsed extension. ## -## .. bro:see:: x509_certificate x509_ext_basic_constraints +## .. zeek:see:: x509_certificate x509_ext_basic_constraints ## x509_ext_subject_alternative_name x509_parse x509_verify ## x509_get_certificate_string x509_ocsp_ext_signed_certificate_timestamp event x509_extension%(f: fa_file, ext: X509::Extension%); @@ -37,7 +37,7 @@ event x509_extension%(f: fa_file, ext: X509::Extension%); ## ## ext: The parsed basic constraints extension. ## -## .. bro:see:: x509_certificate x509_extension +## .. zeek:see:: x509_certificate x509_extension ## x509_ext_subject_alternative_name x509_parse x509_verify ## x509_get_certificate_string x509_ocsp_ext_signed_certificate_timestamp event x509_ext_basic_constraints%(f: fa_file, ext: X509::BasicConstraints%); @@ -51,7 +51,7 @@ event x509_ext_basic_constraints%(f: fa_file, ext: X509::BasicConstraints%); ## ## ext: The parsed subject alternative name extension. ## -## .. bro:see:: x509_certificate x509_extension x509_ext_basic_constraints +## .. zeek:see:: x509_certificate x509_extension x509_ext_basic_constraints ## x509_parse x509_verify x509_ocsp_ext_signed_certificate_timestamp ## x509_get_certificate_string event x509_ext_subject_alternative_name%(f: fa_file, ext: X509::SubjectAlternativeName%); @@ -76,7 +76,7 @@ event x509_ext_subject_alternative_name%(f: fa_file, ext: X509::SubjectAlternati ## ## signature: signature part of the digitally_signed struct ## -## .. bro:see:: ssl_extension_signed_certificate_timestamp x509_extension x509_ext_basic_constraints +## .. zeek:see:: ssl_extension_signed_certificate_timestamp x509_extension x509_ext_basic_constraints ## x509_parse x509_verify x509_ext_subject_alternative_name ## x509_get_certificate_string ssl_extension_signed_certificate_timestamp ## sct_verify ocsp_request ocsp_request_certificate ocsp_response_status diff --git a/src/file_analysis/analyzer/x509/functions.bif b/src/file_analysis/analyzer/x509/functions.bif index e4e263fd35..40d4ec6da8 100644 --- a/src/file_analysis/analyzer/x509/functions.bif +++ b/src/file_analysis/analyzer/x509/functions.bif @@ -192,7 +192,7 @@ const EVP_MD* hash_to_evp(int hash) ## ## Returns: A X509::Certificate structure. ## -## .. bro:see:: x509_certificate x509_extension x509_ext_basic_constraints +## .. zeek:see:: x509_certificate x509_extension x509_ext_basic_constraints ## x509_ext_subject_alternative_name x509_verify ## x509_get_certificate_string function x509_parse%(cert: opaque of x509%): X509::Certificate @@ -213,7 +213,7 @@ function x509_parse%(cert: opaque of x509%): X509::Certificate ## ## Returns: X509 certificate as a string. ## -## .. bro:see:: x509_certificate x509_extension x509_ext_basic_constraints +## .. zeek:see:: x509_certificate x509_extension x509_ext_basic_constraints ## x509_ext_subject_alternative_name x509_parse x509_verify function x509_get_certificate_string%(cert: opaque of x509, pem: bool &default=F%): string %{ @@ -249,7 +249,7 @@ function x509_get_certificate_string%(cert: opaque of x509, pem: bool &default=F ## Returns: A record of type X509::Result containing the result code of the ## verify operation. ## -## .. bro:see:: x509_certificate x509_extension x509_ext_basic_constraints +## .. zeek:see:: x509_certificate x509_extension x509_ext_basic_constraints ## x509_ext_subject_alternative_name x509_parse ## x509_get_certificate_string x509_verify function x509_ocsp_verify%(certs: x509_opaque_vector, ocsp_reply: string, root_certs: table_string_of_string, verify_time: time &default=network_time()%): X509::Result @@ -536,7 +536,7 @@ x509_ocsp_cleanup: ## verify operation. In case of success also returns the full ## certificate chain. ## -## .. bro:see:: x509_certificate x509_extension x509_ext_basic_constraints +## .. zeek:see:: x509_certificate x509_extension x509_ext_basic_constraints ## x509_ext_subject_alternative_name x509_parse ## x509_get_certificate_string x509_ocsp_verify sct_verify function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_string, verify_time: time &default=network_time()%): X509::Result @@ -646,7 +646,7 @@ x509_verify_chainerror: ## ## Returns: T if the validation could be performed succesfully, F otherwhise. ## -## .. bro:see:: ssl_extension_signed_certificate_timestamp +## .. zeek:see:: ssl_extension_signed_certificate_timestamp ## x509_ocsp_ext_signed_certificate_timestamp ## x509_verify function sct_verify%(cert: opaque of x509, logid: string, log_key: string, signature: string, timestamp: count, hash_algorithm: count, issuer_key_hash: string &default=""%): bool @@ -876,7 +876,7 @@ StringVal* x509_entity_hash(file_analysis::X509Val *cert_handle, unsigned int ha ## ## Returns: The hash as a string. ## -## .. bro:see:: x509_issuer_name_hash x509_spki_hash +## .. zeek:see:: x509_issuer_name_hash x509_spki_hash ## x509_verify sct_verify function x509_subject_name_hash%(cert: opaque of x509, hash_alg: count%): string %{ @@ -894,7 +894,7 @@ function x509_subject_name_hash%(cert: opaque of x509, hash_alg: count%): string ## ## Returns: The hash as a string. ## -## .. bro:see:: x509_subject_name_hash x509_spki_hash +## .. zeek:see:: x509_subject_name_hash x509_spki_hash ## x509_verify sct_verify function x509_issuer_name_hash%(cert: opaque of x509, hash_alg: count%): string %{ @@ -912,7 +912,7 @@ function x509_issuer_name_hash%(cert: opaque of x509, hash_alg: count%): string ## ## Returns: The hash as a string. ## -## .. bro:see:: x509_subject_name_hash x509_issuer_name_hash +## .. zeek:see:: x509_subject_name_hash x509_issuer_name_hash ## x509_verify sct_verify function x509_spki_hash%(cert: opaque of x509, hash_alg: count%): string %{ diff --git a/src/file_analysis/analyzer/x509/ocsp_events.bif b/src/file_analysis/analyzer/x509/ocsp_events.bif index f49208d238..564126b2bb 100644 --- a/src/file_analysis/analyzer/x509/ocsp_events.bif +++ b/src/file_analysis/analyzer/x509/ocsp_events.bif @@ -7,7 +7,7 @@ ## ## req: version: the version of the OCSP request. Typically 0 (Version 1). ## -## .. bro:see:: ocsp_request_certificate ocsp_response_status +## .. zeek:see:: ocsp_request_certificate ocsp_response_status ## ocsp_response_bytes ocsp_response_certificate ocsp_extension ## x509_ocsp_ext_signed_certificate_timestamp event ocsp_request%(f: fa_file, version: count%); @@ -27,7 +27,7 @@ event ocsp_request%(f: fa_file, version: count%); ## ## serialNumber: Serial number of the certificate for which the status is requested. ## -## .. bro:see:: ocsp_request ocsp_response_status +## .. zeek:see:: ocsp_request ocsp_response_status ## ocsp_response_bytes ocsp_response_certificate ocsp_extension ## x509_ocsp_ext_signed_certificate_timestamp event ocsp_request_certificate%(f: fa_file, hashAlgorithm: string, issuerNameHash: string, issuerKeyHash: string, serialNumber: string%); @@ -41,7 +41,7 @@ event ocsp_request_certificate%(f: fa_file, hashAlgorithm: string, issuerNameHas ## ## status: The status of the OCSP response (e.g. succesful, malformedRequest, tryLater). ## -## .. bro:see:: ocsp_request ocsp_request_certificate +## .. zeek:see:: ocsp_request ocsp_request_certificate ## ocsp_response_bytes ocsp_response_certificate ocsp_extension ## x509_ocsp_ext_signed_certificate_timestamp event ocsp_response_status%(f: fa_file, status: string%); @@ -68,7 +68,7 @@ event ocsp_response_status%(f: fa_file, status: string%); ## certs: Optional list of certificates that are sent with the OCSP response; these typically ## are needed to perform validation of the reply. ## -## .. bro:see:: ocsp_request ocsp_request_certificate ocsp_response_status +## .. zeek:see:: ocsp_request ocsp_request_certificate ocsp_response_status ## ocsp_response_certificate ocsp_extension ## x509_ocsp_ext_signed_certificate_timestamp event ocsp_response_bytes%(f: fa_file, resp_ref: opaque of ocsp_resp, status: string, version: count, responderId: string, producedAt: time, signatureAlgorithm: string, certs: x509_opaque_vector%); @@ -96,7 +96,7 @@ event ocsp_response_bytes%(f: fa_file, resp_ref: opaque of ocsp_resp, status: st ## ## nextUpdate: Time next response will be ready; 0 if not supploed. ## -## .. bro:see:: ocsp_request ocsp_request_certificate ocsp_response_status +## .. zeek:see:: ocsp_request ocsp_request_certificate ocsp_response_status ## ocsp_response_bytes ocsp_extension ## x509_ocsp_ext_signed_certificate_timestamp event ocsp_response_certificate%(f: fa_file, hashAlgorithm: string, issuerNameHash: string, issuerKeyHash: string, serialNumber: string, certStatus: string, revokeTime: time, revokeReason: string, thisUpdate: time, nextUpdate: time%); @@ -111,7 +111,7 @@ event ocsp_response_certificate%(f: fa_file, hashAlgorithm: string, issuerNameHa ## global_resp: T if extension encountered in the global response (in ResponseData), ## F when encountered in a SingleResponse. ## -## .. bro:see:: ocsp_request ocsp_request_certificate ocsp_response_status +## .. zeek:see:: ocsp_request ocsp_request_certificate ocsp_response_status ## ocsp_response_bytes ocsp_response_certificate ## x509_ocsp_ext_signed_certificate_timestamp event ocsp_extension%(f: fa_file, ext: X509::Extension, global_resp: bool%); diff --git a/src/file_analysis/file_analysis.bif b/src/file_analysis/file_analysis.bif index 81435bc3b5..f3086041b0 100644 --- a/src/file_analysis/file_analysis.bif +++ b/src/file_analysis/file_analysis.bif @@ -8,35 +8,35 @@ module Files; type AnalyzerArgs: record; -## :bro:see:`Files::set_timeout_interval`. +## :zeek:see:`Files::set_timeout_interval`. function Files::__set_timeout_interval%(file_id: string, t: interval%): bool %{ bool result = file_mgr->SetTimeoutInterval(file_id->CheckString(), t); return val_mgr->GetBool(result); %} -## :bro:see:`Files::enable_reassembly`. +## :zeek:see:`Files::enable_reassembly`. function Files::__enable_reassembly%(file_id: string%): bool %{ bool result = file_mgr->EnableReassembly(file_id->CheckString()); return val_mgr->GetBool(result); %} -## :bro:see:`Files::disable_reassembly`. +## :zeek:see:`Files::disable_reassembly`. function Files::__disable_reassembly%(file_id: string%): bool %{ bool result = file_mgr->DisableReassembly(file_id->CheckString()); return val_mgr->GetBool(result); %} -## :bro:see:`Files::set_reassembly_buffer_size`. +## :zeek:see:`Files::set_reassembly_buffer_size`. function Files::__set_reassembly_buffer%(file_id: string, max: count%): bool %{ bool result = file_mgr->SetReassemblyBuffer(file_id->CheckString(), max); return val_mgr->GetBool(result); %} -## :bro:see:`Files::add_analyzer`. +## :zeek:see:`Files::add_analyzer`. function Files::__add_analyzer%(file_id: string, tag: Files::Tag, args: any%): bool %{ using BifType::Record::Files::AnalyzerArgs; @@ -47,7 +47,7 @@ function Files::__add_analyzer%(file_id: string, tag: Files::Tag, args: any%): b return val_mgr->GetBool(result); %} -## :bro:see:`Files::remove_analyzer`. +## :zeek:see:`Files::remove_analyzer`. function Files::__remove_analyzer%(file_id: string, tag: Files::Tag, args: any%): bool %{ using BifType::Record::Files::AnalyzerArgs; @@ -58,20 +58,20 @@ function Files::__remove_analyzer%(file_id: string, tag: Files::Tag, args: any%) return val_mgr->GetBool(result); %} -## :bro:see:`Files::stop`. +## :zeek:see:`Files::stop`. function Files::__stop%(file_id: string%): bool %{ bool result = file_mgr->IgnoreFile(file_id->CheckString()); return val_mgr->GetBool(result); %} -## :bro:see:`Files::analyzer_name`. +## :zeek:see:`Files::analyzer_name`. function Files::__analyzer_name%(tag: Files::Tag%) : string %{ return new StringVal(file_mgr->GetComponentName(tag)); %} -## :bro:see:`Files::file_exists`. +## :zeek:see:`Files::file_exists`. function Files::__file_exists%(fuid: string%): bool %{ if ( file_mgr->LookupFile(fuid->CheckString()) != nullptr ) @@ -80,7 +80,7 @@ function Files::__file_exists%(fuid: string%): bool return val_mgr->GetFalse(); %} -## :bro:see:`Files::lookup_file`. +## :zeek:see:`Files::lookup_file`. function Files::__lookup_file%(fuid: string%): fa_file %{ auto f = file_mgr->LookupFile(fuid->CheckString()); @@ -95,14 +95,14 @@ function Files::__lookup_file%(fuid: string%): fa_file module GLOBAL; -## For use within a :bro:see:`get_file_handle` handler to set a unique +## For use within a :zeek:see:`get_file_handle` handler to set a unique ## identifier to associate with the current input to the file analysis ## framework. Using an empty string for the handle signifies that the ## input will be ignored/discarded. ## ## handle: A string that uniquely identifies a file. ## -## .. bro:see:: get_file_handle +## .. zeek:see:: get_file_handle function set_file_handle%(handle: string%): any %{ auto bytes = reinterpret_cast(handle->Bytes()); diff --git a/src/iosource/pcap/pcap.bif b/src/iosource/pcap/pcap.bif index 1e7ca8a844..9e6e0238ba 100644 --- a/src/iosource/pcap/pcap.bif +++ b/src/iosource/pcap/pcap.bif @@ -12,7 +12,7 @@ const bufsize: count; ## ## Returns: True if *s* is valid and precompiles successfully. ## -## .. bro:see:: Pcap::install_pcap_filter +## .. zeek:see:: Pcap::install_pcap_filter ## install_src_addr_filter ## install_src_net_filter ## uninstall_src_addr_filter @@ -51,14 +51,14 @@ function precompile_pcap_filter%(id: PcapFilterID, s: string%): bool %} ## Installs a PCAP filter that has been precompiled with -## :bro:id:`Pcap::precompile_pcap_filter`. +## :zeek:id:`Pcap::precompile_pcap_filter`. ## ## id: The PCAP filter id of a precompiled filter. ## ## Returns: True if the filter associated with *id* has been installed ## successfully. ## -## .. bro:see:: Pcap::precompile_pcap_filter +## .. zeek:see:: Pcap::precompile_pcap_filter ## install_src_addr_filter ## install_src_net_filter ## uninstall_src_addr_filter @@ -90,7 +90,7 @@ function Pcap::install_pcap_filter%(id: PcapFilterID%): bool ## ## Returns: A descriptive error message of the PCAP function that failed. ## -## .. bro:see:: Pcap::precompile_pcap_filter +## .. zeek:see:: Pcap::precompile_pcap_filter ## Pcap::install_pcap_filter ## install_src_addr_filter ## install_src_net_filter diff --git a/src/main.cc b/src/main.cc index 1dddc99681..af29b1e7d7 100644 --- a/src/main.cc +++ b/src/main.cc @@ -55,7 +55,7 @@ extern "C" { #include "analyzer/Tag.h" #include "plugin/Manager.h" #include "file_analysis/Manager.h" -#include "broxygen/Manager.h" +#include "zeexygen/Manager.h" #include "iosource/Manager.h" #include "broker/Manager.h" @@ -91,7 +91,7 @@ input::Manager* input_mgr = 0; plugin::Manager* plugin_mgr = 0; analyzer::Manager* analyzer_mgr = 0; file_analysis::Manager* file_mgr = 0; -broxygen::Manager* broxygen_mgr = 0; +zeexygen::Manager* zeexygen_mgr = 0; iosource::Manager* iosource_mgr = 0; bro_broker::Manager* broker_mgr = 0; @@ -194,7 +194,7 @@ void usage(int code = 1) fprintf(stderr, " -T|--re-level | set 'RE_level' for rules\n"); fprintf(stderr, " -U|--status-file | Record process status in file\n"); fprintf(stderr, " -W|--watchdog | activate watchdog timer\n"); - fprintf(stderr, " -X|--broxygen | generate documentation based on config file\n"); + fprintf(stderr, " -X|--zeexygen | generate documentation based on config file\n"); #ifdef USE_PERFTOOLS_DEBUG fprintf(stderr, " -m|--mem-leaks | show leaks [perftools]\n"); @@ -214,7 +214,7 @@ void usage(int code = 1) fprintf(stderr, " $BRO_SEED_FILE | file to load seeds from (not set)\n"); fprintf(stderr, " $BRO_LOG_SUFFIX | ASCII log file extension (.%s)\n", logging::writer::Ascii::LogExt().c_str()); fprintf(stderr, " $BRO_PROFILER_FILE | Output file for script execution statistics (not set)\n"); - fprintf(stderr, " $BRO_DISABLE_BROXYGEN | Disable Broxygen documentation support (%s)\n", getenv("BRO_DISABLE_BROXYGEN") ? "set" : "not set"); + fprintf(stderr, " $BRO_DISABLE_BROXYGEN | Disable Zeexygen documentation support (%s)\n", getenv("BRO_DISABLE_BROXYGEN") ? "set" : "not set"); fprintf(stderr, "\n"); @@ -370,7 +370,7 @@ void terminate_bro() plugin_mgr->FinishPlugins(); - delete broxygen_mgr; + delete zeexygen_mgr; delete timer_mgr; delete persistence_serializer; delete event_serializer; @@ -534,7 +534,7 @@ int main(int argc, char** argv) {"filter", required_argument, 0, 'f'}, {"help", no_argument, 0, 'h'}, {"iface", required_argument, 0, 'i'}, - {"broxygen", required_argument, 0, 'X'}, + {"zeexygen", required_argument, 0, 'X'}, {"prefix", required_argument, 0, 'p'}, {"readfile", required_argument, 0, 'r'}, {"rulefile", required_argument, 0, 's'}, @@ -586,7 +586,7 @@ int main(int argc, char** argv) if ( p ) add_to_name_list(p, ':', prefixes); - string broxygen_config; + string zeexygen_config; #ifdef USE_IDMEF string libidmef_dtd_path = "idmef-message.dtd"; @@ -739,7 +739,7 @@ int main(int argc, char** argv) break; case 'X': - broxygen_config = optarg; + zeexygen_config = optarg; break; #ifdef USE_PERFTOOLS_DEBUG @@ -821,7 +821,7 @@ int main(int argc, char** argv) timer_mgr = new PQ_TimerMgr(""); // timer_mgr = new CQ_TimerMgr(); - broxygen_mgr = new broxygen::Manager(broxygen_config, bro_argv[0]); + zeexygen_mgr = new zeexygen::Manager(zeexygen_config, bro_argv[0]); add_essential_input_file("base/init-bare.zeek"); add_essential_input_file("base/init-frameworks-and-bifs.zeek"); @@ -872,7 +872,7 @@ int main(int argc, char** argv) plugin_mgr->InitPreScript(); analyzer_mgr->InitPreScript(); file_mgr->InitPreScript(); - broxygen_mgr->InitPreScript(); + zeexygen_mgr->InitPreScript(); bool missing_plugin = false; @@ -958,7 +958,7 @@ int main(int argc, char** argv) exit(1); plugin_mgr->InitPostScript(); - broxygen_mgr->InitPostScript(); + zeexygen_mgr->InitPostScript(); broker_mgr->InitPostScript(); if ( print_plugins ) @@ -988,7 +988,7 @@ int main(int argc, char** argv) } reporter->InitOptions(); - broxygen_mgr->GenerateDocs(); + zeexygen_mgr->GenerateDocs(); if ( user_pcap_filter ) { diff --git a/src/option.bif b/src/option.bif index 2156808763..849e6ccfb0 100644 --- a/src/option.bif +++ b/src/option.bif @@ -48,10 +48,10 @@ static bool call_option_handlers_and_set_value(StringVal* name, ID* i, Val* val, ## ## Returns: true on success, false when an error occurred. ## -## .. bro:see:: Option::set_change_handler Config::set_value +## .. zeek:see:: Option::set_change_handler Config::set_value ## -## .. note:: :bro:id:`Option::set` only works on one node and does not distribute -## new values across a cluster. The higher-level :bro:id:`Config::set_value` +## .. note:: :zeek:id:`Option::set` only works on one node and does not distribute +## new values across a cluster. The higher-level :zeek:id:`Config::set_value` ## supports clusterization and should typically be used instead of this ## lower-level function. function Option::set%(ID: string, val: any, location: string &default=""%): bool @@ -105,7 +105,7 @@ function Option::set%(ID: string, val: any, location: string &default=""%): bool %} ## Set a change handler for an option. The change handler will be -## called anytime :bro:id:`Option::set` is called for the option. +## called anytime :zeek:id:`Option::set` is called for the option. ## ## ID: The ID of the option for which change notifications are desired. ## @@ -127,7 +127,7 @@ function Option::set%(ID: string, val: any, location: string &default=""%): bool ## ## Returns: true when the change handler was set, false when an error occurred. ## -## .. bro:see:: Option::set +## .. zeek:see:: Option::set function Option::set_change_handler%(ID: string, on_change: any, priority: int &default=0%): bool %{ auto i = global_scope()->Lookup(ID->CheckString()); diff --git a/src/parse.y b/src/parse.y index 3b5d2cab14..0e363eb321 100644 --- a/src/parse.y +++ b/src/parse.y @@ -88,7 +88,7 @@ #include "Scope.h" #include "Reporter.h" #include "Brofiler.h" -#include "broxygen/Manager.h" +#include "zeexygen/Manager.h" #include #include @@ -1039,7 +1039,7 @@ type_decl: $$ = new TypeDecl($3, $1, $4, (in_record > 0)); if ( in_record > 0 && cur_decl_type_id ) - broxygen_mgr->RecordField(cur_decl_type_id, $$, ::filename); + zeexygen_mgr->RecordField(cur_decl_type_id, $$, ::filename); } ; @@ -1073,7 +1073,7 @@ decl: TOK_MODULE TOK_ID ';' { current_module = $2; - broxygen_mgr->ModuleUsage(::filename, current_module); + zeexygen_mgr->ModuleUsage(::filename, current_module); } | TOK_EXPORT '{' { is_export = true; } decl_list '}' @@ -1082,36 +1082,36 @@ decl: | TOK_GLOBAL def_global_id opt_type init_class opt_init opt_attr ';' { add_global($2, $3, $4, $5, $6, VAR_REGULAR); - broxygen_mgr->Identifier($2); + zeexygen_mgr->Identifier($2); } | TOK_OPTION def_global_id opt_type init_class opt_init opt_attr ';' { add_global($2, $3, $4, $5, $6, VAR_OPTION); - broxygen_mgr->Identifier($2); + zeexygen_mgr->Identifier($2); } | TOK_CONST def_global_id opt_type init_class opt_init opt_attr ';' { add_global($2, $3, $4, $5, $6, VAR_CONST); - broxygen_mgr->Identifier($2); + zeexygen_mgr->Identifier($2); } | TOK_REDEF global_id opt_type init_class opt_init opt_attr ';' { add_global($2, $3, $4, $5, $6, VAR_REDEF); - broxygen_mgr->Redef($2, ::filename); + zeexygen_mgr->Redef($2, ::filename); } | TOK_REDEF TOK_ENUM global_id TOK_ADD_TO '{' - { parser_redef_enum($3); broxygen_mgr->Redef($3, ::filename); } + { parser_redef_enum($3); zeexygen_mgr->Redef($3, ::filename); } enum_body '}' ';' { - // Broxygen already grabbed new enum IDs as the type created them. + // Zeexygen already grabbed new enum IDs as the type created them. } | TOK_REDEF TOK_RECORD global_id - { cur_decl_type_id = $3; broxygen_mgr->Redef($3, ::filename); } + { cur_decl_type_id = $3; zeexygen_mgr->Redef($3, ::filename); } TOK_ADD_TO '{' { ++in_record; } type_decl_list @@ -1127,12 +1127,12 @@ decl: } | TOK_TYPE global_id ':' - { cur_decl_type_id = $2; broxygen_mgr->StartType($2); } + { cur_decl_type_id = $2; zeexygen_mgr->StartType($2); } type opt_attr ';' { cur_decl_type_id = 0; add_type($2, $5, $6); - broxygen_mgr->Identifier($2); + zeexygen_mgr->Identifier($2); } | func_hdr func_body @@ -1167,7 +1167,7 @@ func_hdr: begin_func($2, current_module.c_str(), FUNC_FLAVOR_FUNCTION, 0, $3, $4); $$ = $3; - broxygen_mgr->Identifier($2); + zeexygen_mgr->Identifier($2); } | TOK_EVENT event_id func_params opt_attr { diff --git a/src/plugin/ComponentManager.h b/src/plugin/ComponentManager.h index 0069c77359..22bd2dd302 100644 --- a/src/plugin/ComponentManager.h +++ b/src/plugin/ComponentManager.h @@ -10,7 +10,7 @@ #include "Var.h" #include "Val.h" #include "Reporter.h" -#include "broxygen/Manager.h" +#include "zeexygen/Manager.h" namespace plugin { @@ -134,7 +134,7 @@ ComponentManager::ComponentManager(const string& arg_module, const string& tag_enum_type = new EnumType(module + "::" + local_id); ::ID* id = install_ID(local_id.c_str(), module.c_str(), true, true); add_type(id, tag_enum_type, 0); - broxygen_mgr->Identifier(id); + zeexygen_mgr->Identifier(id); } template diff --git a/src/probabilistic/bloom-filter.bif b/src/probabilistic/bloom-filter.bif index 468a6eeae2..284aebc745 100644 --- a/src/probabilistic/bloom-filter.bif +++ b/src/probabilistic/bloom-filter.bif @@ -22,14 +22,14 @@ module GLOBAL; ## rate of *fp*. ## ## name: A name that uniquely identifies and seeds the Bloom filter. If empty, -## the filter will use :bro:id:`global_hash_seed` if that's set, and +## the filter will use :zeek:id:`global_hash_seed` if that's set, and ## otherwise use a local seed tied to the current Bro process. Only ## filters with the same seed can be merged with -## :bro:id:`bloomfilter_merge`. +## :zeek:id:`bloomfilter_merge`. ## ## Returns: A Bloom filter handle. ## -## .. bro:see:: bloomfilter_basic_init2 bloomfilter_counting_init bloomfilter_add +## .. zeek:see:: bloomfilter_basic_init2 bloomfilter_counting_init bloomfilter_add ## bloomfilter_lookup bloomfilter_clear bloomfilter_merge global_hash_seed function bloomfilter_basic_init%(fp: double, capacity: count, name: string &default=""%): opaque of bloomfilter @@ -50,7 +50,7 @@ function bloomfilter_basic_init%(fp: double, capacity: count, %} ## Creates a basic Bloom filter. This function serves as a low-level -## alternative to :bro:id:`bloomfilter_basic_init` where the user has full +## alternative to :zeek:id:`bloomfilter_basic_init` where the user has full ## control over the number of hash functions and cells in the underlying bit ## vector. ## @@ -59,14 +59,14 @@ function bloomfilter_basic_init%(fp: double, capacity: count, ## cells: The number of cells of the underlying bit vector. ## ## name: A name that uniquely identifies and seeds the Bloom filter. If empty, -## the filter will use :bro:id:`global_hash_seed` if that's set, and +## the filter will use :zeek:id:`global_hash_seed` if that's set, and ## otherwise use a local seed tied to the current Bro process. Only ## filters with the same seed can be merged with -## :bro:id:`bloomfilter_merge`. +## :zeek:id:`bloomfilter_merge`. ## ## Returns: A Bloom filter handle. ## -## .. bro:see:: bloomfilter_basic_init bloomfilter_counting_init bloomfilter_add +## .. zeek:see:: bloomfilter_basic_init bloomfilter_counting_init bloomfilter_add ## bloomfilter_lookup bloomfilter_clear bloomfilter_merge global_hash_seed function bloomfilter_basic_init2%(k: count, cells: count, name: string &default=""%): opaque of bloomfilter @@ -103,14 +103,14 @@ function bloomfilter_basic_init2%(k: count, cells: count, ## counter vector becomes a cell of size *w* bits. ## ## name: A name that uniquely identifies and seeds the Bloom filter. If empty, -## the filter will use :bro:id:`global_hash_seed` if that's set, and +## the filter will use :zeek:id:`global_hash_seed` if that's set, and ## otherwise use a local seed tied to the current Bro process. Only ## filters with the same seed can be merged with -## :bro:id:`bloomfilter_merge`. +## :zeek:id:`bloomfilter_merge`. ## ## Returns: A Bloom filter handle. ## -## .. bro:see:: bloomfilter_basic_init bloomfilter_basic_init2 bloomfilter_add +## .. zeek:see:: bloomfilter_basic_init bloomfilter_basic_init2 bloomfilter_add ## bloomfilter_lookup bloomfilter_clear bloomfilter_merge global_hash_seed function bloomfilter_counting_init%(k: count, cells: count, max: count, name: string &default=""%): opaque of bloomfilter @@ -139,7 +139,7 @@ function bloomfilter_counting_init%(k: count, cells: count, max: count, ## ## x: The element to add. ## -## .. bro:see:: bloomfilter_basic_init bloomfilter_basic_init2 +## .. zeek:see:: bloomfilter_basic_init bloomfilter_basic_init2 ## bloomfilter_counting_init bloomfilter_lookup bloomfilter_clear ## bloomfilter_merge function bloomfilter_add%(bf: opaque of bloomfilter, x: any%): any @@ -166,7 +166,7 @@ function bloomfilter_add%(bf: opaque of bloomfilter, x: any%): any ## ## Returns: the counter associated with *x* in *bf*. ## -## .. bro:see:: bloomfilter_basic_init bloomfilter_basic_init2 +## .. zeek:see:: bloomfilter_basic_init bloomfilter_basic_init2 ## bloomfilter_counting_init bloomfilter_add bloomfilter_clear ## bloomfilter_merge function bloomfilter_lookup%(bf: opaque of bloomfilter, x: any%): count @@ -191,7 +191,7 @@ function bloomfilter_lookup%(bf: opaque of bloomfilter, x: any%): count ## ## bf: The Bloom filter handle. ## -## .. bro:see:: bloomfilter_basic_init bloomfilter_basic_init2 +## .. zeek:see:: bloomfilter_basic_init bloomfilter_basic_init2 ## bloomfilter_counting_init bloomfilter_add bloomfilter_lookup ## bloomfilter_merge function bloomfilter_clear%(bf: opaque of bloomfilter%): any @@ -216,7 +216,7 @@ function bloomfilter_clear%(bf: opaque of bloomfilter%): any ## ## Returns: The union of *bf1* and *bf2*. ## -## .. bro:see:: bloomfilter_basic_init bloomfilter_basic_init2 +## .. zeek:see:: bloomfilter_basic_init bloomfilter_basic_init2 ## bloomfilter_counting_init bloomfilter_add bloomfilter_lookup ## bloomfilter_clear function bloomfilter_merge%(bf1: opaque of bloomfilter, diff --git a/src/probabilistic/cardinality-counter.bif b/src/probabilistic/cardinality-counter.bif index 4ba528bd3c..2fa7953c9e 100644 --- a/src/probabilistic/cardinality-counter.bif +++ b/src/probabilistic/cardinality-counter.bif @@ -17,7 +17,7 @@ module GLOBAL; ## ## Returns: a HLL cardinality handle. ## -## .. bro:see:: hll_cardinality_estimate hll_cardinality_merge_into hll_cardinality_add +## .. zeek:see:: hll_cardinality_estimate hll_cardinality_merge_into hll_cardinality_add ## hll_cardinality_copy function hll_cardinality_init%(err: double, confidence: double%): opaque of cardinality %{ @@ -35,7 +35,7 @@ function hll_cardinality_init%(err: double, confidence: double%): opaque of card ## ## Returns: true on success. ## -## .. bro:see:: hll_cardinality_estimate hll_cardinality_merge_into +## .. zeek:see:: hll_cardinality_estimate hll_cardinality_merge_into ## hll_cardinality_init hll_cardinality_copy function hll_cardinality_add%(handle: opaque of cardinality, elem: any%): bool %{ @@ -60,7 +60,7 @@ function hll_cardinality_add%(handle: opaque of cardinality, elem: any%): bool ## Merges a HLL cardinality counter into another. ## ## .. note:: The same restrictions as for Bloom filter merging apply, -## see :bro:id:`bloomfilter_merge`. +## see :zeek:id:`bloomfilter_merge`. ## ## handle1: the first HLL handle, which will contain the merged result. ## @@ -68,7 +68,7 @@ function hll_cardinality_add%(handle: opaque of cardinality, elem: any%): bool ## ## Returns: true on success. ## -## .. bro:see:: hll_cardinality_estimate hll_cardinality_add +## .. zeek:see:: hll_cardinality_estimate hll_cardinality_add ## hll_cardinality_init hll_cardinality_copy function hll_cardinality_merge_into%(handle1: opaque of cardinality, handle2: opaque of cardinality%): bool %{ @@ -103,7 +103,7 @@ function hll_cardinality_merge_into%(handle1: opaque of cardinality, handle2: op ## ## Returns: the cardinality estimate. Returns -1.0 if the counter is empty. ## -## .. bro:see:: hll_cardinality_merge_into hll_cardinality_add +## .. zeek:see:: hll_cardinality_merge_into hll_cardinality_add ## hll_cardinality_init hll_cardinality_copy function hll_cardinality_estimate%(handle: opaque of cardinality%): double %{ @@ -121,7 +121,7 @@ function hll_cardinality_estimate%(handle: opaque of cardinality%): double ## ## Returns: copy of handle. ## -## .. bro:see:: hll_cardinality_estimate hll_cardinality_merge_into hll_cardinality_add +## .. zeek:see:: hll_cardinality_estimate hll_cardinality_merge_into hll_cardinality_add ## hll_cardinality_init function hll_cardinality_copy%(handle: opaque of cardinality%): opaque of cardinality %{ diff --git a/src/probabilistic/top-k.bif b/src/probabilistic/top-k.bif index 8d2a8c0fd8..8691521f31 100644 --- a/src/probabilistic/top-k.bif +++ b/src/probabilistic/top-k.bif @@ -10,7 +10,7 @@ ## ## Returns: Opaque pointer to the data structure. ## -## .. bro:see:: topk_add topk_get_top topk_count topk_epsilon +## .. zeek:see:: topk_add topk_get_top topk_count topk_epsilon ## topk_size topk_sum topk_merge topk_merge_prune function topk_init%(size: count%): opaque of topk %{ @@ -28,7 +28,7 @@ function topk_init%(size: count%): opaque of topk ## ## value: observed value. ## -## .. bro:see:: topk_init topk_get_top topk_count topk_epsilon +## .. zeek:see:: topk_init topk_get_top topk_count topk_epsilon ## topk_size topk_sum topk_merge topk_merge_prune function topk_add%(handle: opaque of topk, value: any%): any %{ @@ -47,7 +47,7 @@ function topk_add%(handle: opaque of topk, value: any%): any ## ## Returns: vector of the first k elements. ## -## .. bro:see:: topk_init topk_add topk_count topk_epsilon +## .. zeek:see:: topk_init topk_add topk_count topk_epsilon ## topk_size topk_sum topk_merge topk_merge_prune function topk_get_top%(handle: opaque of topk, k: count%): any_vec %{ @@ -68,7 +68,7 @@ function topk_get_top%(handle: opaque of topk, k: count%): any_vec ## ## Returns: Overestimated number for how often the element has been encountered. ## -## .. bro:see:: topk_init topk_add topk_get_top topk_epsilon +## .. zeek:see:: topk_init topk_add topk_get_top topk_epsilon ## topk_size topk_sum topk_merge topk_merge_prune function topk_count%(handle: opaque of topk, value: any%): count %{ @@ -79,7 +79,7 @@ function topk_count%(handle: opaque of topk, value: any%): count ## Get the maximal overestimation for count. ## -## .. note:: Same restrictions as for :bro:id:`topk_count` apply. +## .. note:: Same restrictions as for :zeek:id:`topk_count` apply. ## ## handle: the TopK handle. ## @@ -88,7 +88,7 @@ function topk_count%(handle: opaque of topk, value: any%): count ## Returns: Number which represents the maximal overestimation for the count of ## this element. ## -## .. bro:see:: topk_init topk_add topk_get_top topk_count +## .. zeek:see:: topk_init topk_add topk_get_top topk_count ## topk_size topk_sum topk_merge topk_merge_prune function topk_epsilon%(handle: opaque of topk, value: any%): count %{ @@ -107,7 +107,7 @@ function topk_epsilon%(handle: opaque of topk, value: any%): count ## ## Returns: size given during initialization. ## -## .. bro:see:: topk_init topk_add topk_get_top topk_count topk_epsilon +## .. zeek:see:: topk_init topk_add topk_get_top topk_count topk_epsilon ## topk_sum topk_merge topk_merge_prune function topk_size%(handle: opaque of topk%): count %{ @@ -120,14 +120,14 @@ function topk_size%(handle: opaque of topk%): count ## ## .. note:: This is equal to the number of all inserted objects if the data ## structure never has been pruned. Do not use after -## calling :bro:id:`topk_merge_prune` (will throw a warning message if used +## calling :zeek:id:`topk_merge_prune` (will throw a warning message if used ## afterwards). ## ## handle: the TopK handle. ## ## Returns: sum of all counts. ## -## .. bro:see:: topk_init topk_add topk_get_top topk_count topk_epsilon +## .. zeek:see:: topk_init topk_add topk_get_top topk_count topk_epsilon ## topk_size topk_merge topk_merge_prune function topk_sum%(handle: opaque of topk%): count %{ @@ -145,7 +145,7 @@ function topk_sum%(handle: opaque of topk%): count ## .. note:: This does not remove any elements, the resulting data structure ## can be bigger than the maximum size given on initialization. ## -## .. bro:see:: topk_init topk_add topk_get_top topk_count topk_epsilon +## .. zeek:see:: topk_init topk_add topk_get_top topk_count topk_epsilon ## topk_size topk_sum topk_merge_prune function topk_merge%(handle1: opaque of topk, handle2: opaque of topk%): any %{ @@ -164,14 +164,14 @@ function topk_merge%(handle1: opaque of topk, handle2: opaque of topk%): any ## data structure back to the size given on initialization. ## ## .. note:: Use with care and only when being aware of the restrictions this -## entails. Do not call :bro:id:`topk_size` or :bro:id:`topk_add` afterwards, +## entails. Do not call :zeek:id:`topk_size` or :zeek:id:`topk_add` afterwards, ## results will probably not be what you expect. ## ## handle1: the TopK handle in which the second TopK structure is merged. ## ## handle2: the TopK handle in which is merged into the first TopK structure. ## -## .. bro:see:: topk_init topk_add topk_get_top topk_count topk_epsilon +## .. zeek:see:: topk_init topk_add topk_get_top topk_count topk_epsilon ## topk_size topk_sum topk_merge function topk_merge_prune%(handle1: opaque of topk, handle2: opaque of topk%): any %{ diff --git a/src/reporter.bif b/src/reporter.bif index d273c5cac8..dd74b944d6 100644 --- a/src/reporter.bif +++ b/src/reporter.bif @@ -19,7 +19,7 @@ module Reporter; ## ## Returns: Always true. ## -## .. bro:see:: reporter_info +## .. zeek:see:: reporter_info function Reporter::info%(msg: string%): bool %{ reporter->PushLocation(frame->GetCall()->GetLocationInfo()); @@ -34,7 +34,7 @@ function Reporter::info%(msg: string%): bool ## ## Returns: Always true. ## -## .. bro:see:: reporter_warning +## .. zeek:see:: reporter_warning function Reporter::warning%(msg: string%): bool %{ reporter->PushLocation(frame->GetCall()->GetLocationInfo()); @@ -50,7 +50,7 @@ function Reporter::warning%(msg: string%): bool ## ## Returns: Always true. ## -## .. bro:see:: reporter_error +## .. zeek:see:: reporter_error function Reporter::error%(msg: string%): bool %{ reporter->PushLocation(frame->GetCall()->GetLocationInfo()); diff --git a/src/scan.l b/src/scan.l index fb8ca20f8e..0b9a019cc8 100644 --- a/src/scan.l +++ b/src/scan.l @@ -29,7 +29,7 @@ #include "Traverse.h" #include "analyzer/Analyzer.h" -#include "broxygen/Manager.h" +#include "zeexygen/Manager.h" #include "plugin/Manager.h" @@ -162,19 +162,19 @@ ESCSEQ (\\([^\n]|[0-7]+|x[[:xdigit:]]+)) %% ##!.* { - broxygen_mgr->SummaryComment(::filename, yytext + 3); + zeexygen_mgr->SummaryComment(::filename, yytext + 3); } ##<.* { string hint(cur_enum_type && last_id_tok ? make_full_var_name(current_module.c_str(), last_id_tok) : ""); - broxygen_mgr->PostComment(yytext + 3, hint); + zeexygen_mgr->PostComment(yytext + 3, hint); } ##.* { if ( yytext[2] != '#' ) - broxygen_mgr->PreComment(yytext + 2); + zeexygen_mgr->PreComment(yytext + 2); } #{OWS}@no-test.* return TOK_NO_TEST; @@ -376,7 +376,7 @@ when return TOK_WHEN; string loader = ::filename; // load_files may change ::filename, save copy string loading = find_relative_script_file(new_file); (void) load_files(new_file); - broxygen_mgr->ScriptDependency(loader, loading); + zeexygen_mgr->ScriptDependency(loader, loading); } @load-sigs{WS}{FILE} { @@ -720,7 +720,7 @@ static int load_files(const char* orig_file) else file_stack.append(new FileInfo); - broxygen_mgr->Script(file_path); + zeexygen_mgr->Script(file_path); DBG_LOG(DBG_SCRIPTS, "Loading %s", file_path.c_str()); diff --git a/src/stats.bif b/src/stats.bif index bb4d92586f..d31f66de4e 100644 --- a/src/stats.bif +++ b/src/stats.bif @@ -25,7 +25,7 @@ RecordType* ReporterStats; ## ## Returns: A record of packet statistics. ## -## .. bro:see:: get_conn_stats +## .. zeek:see:: get_conn_stats ## get_dns_stats ## get_event_stats ## get_file_analysis_stats @@ -74,7 +74,7 @@ function get_net_stats%(%): NetStats ## ## Returns: A record with connection and packet statistics. ## -## .. bro:see:: get_dns_stats +## .. zeek:see:: get_dns_stats ## get_event_stats ## get_file_analysis_stats ## get_gap_stats @@ -125,7 +125,7 @@ function get_conn_stats%(%): ConnStats ## ## Returns: A record with process statistics. ## -## .. bro:see:: get_conn_stats +## .. zeek:see:: get_conn_stats ## get_dns_stats ## get_event_stats ## get_file_analysis_stats @@ -182,7 +182,7 @@ function get_proc_stats%(%): ProcStats ## ## Returns: A record with event engine statistics. ## -## .. bro:see:: get_conn_stats +## .. zeek:see:: get_conn_stats ## get_dns_stats ## get_file_analysis_stats ## get_gap_stats @@ -209,7 +209,7 @@ function get_event_stats%(%): EventStats ## ## Returns: A record with reassembler statistics. ## -## .. bro:see:: get_conn_stats +## .. zeek:see:: get_conn_stats ## get_dns_stats ## get_event_stats ## get_file_analysis_stats @@ -238,7 +238,7 @@ function get_reassembler_stats%(%): ReassemblerStats ## ## Returns: A record with DNS lookup statistics. ## -## .. bro:see:: get_conn_stats +## .. zeek:see:: get_conn_stats ## get_event_stats ## get_file_analysis_stats ## get_gap_stats @@ -272,7 +272,7 @@ function get_dns_stats%(%): DNSStats ## ## Returns: A record with timer usage statistics. ## -## .. bro:see:: get_conn_stats +## .. zeek:see:: get_conn_stats ## get_dns_stats ## get_event_stats ## get_file_analysis_stats @@ -300,7 +300,7 @@ function get_timer_stats%(%): TimerStats ## ## Returns: A record with file analysis statistics. ## -## .. bro:see:: get_conn_stats +## .. zeek:see:: get_conn_stats ## get_dns_stats ## get_event_stats ## get_gap_stats @@ -328,7 +328,7 @@ function get_file_analysis_stats%(%): FileAnalysisStats ## ## Returns: A record with thread usage statistics. ## -## .. bro:see:: get_conn_stats +## .. zeek:see:: get_conn_stats ## get_dns_stats ## get_event_stats ## get_file_analysis_stats @@ -354,7 +354,7 @@ function get_thread_stats%(%): ThreadStats ## ## Returns: A record with TCP gap statistics. ## -## .. bro:see:: get_conn_stats +## .. zeek:see:: get_conn_stats ## get_dns_stats ## get_event_stats ## get_file_analysis_stats @@ -386,7 +386,7 @@ function get_gap_stats%(%): GapStats ## ## Returns: A record with matcher statistics. ## -## .. bro:see:: get_conn_stats +## .. zeek:see:: get_conn_stats ## get_dns_stats ## get_event_stats ## get_file_analysis_stats @@ -423,7 +423,7 @@ function get_matcher_stats%(%): MatcherStats ## ## Returns: A record with Broker statistics. ## -## .. bro:see:: get_conn_stats +## .. zeek:see:: get_conn_stats ## get_dns_stats ## get_event_stats ## get_file_analysis_stats @@ -459,7 +459,7 @@ function get_broker_stats%(%): BrokerStats ## ## Returns: A record with reporter statistics. ## -## .. bro:see:: get_conn_stats +## .. zeek:see:: get_conn_stats ## get_dns_stats ## get_event_stats ## get_file_analysis_stats diff --git a/src/strings.bif b/src/strings.bif index e7571d5c70..ef584ee7af 100644 --- a/src/strings.bif +++ b/src/strings.bif @@ -55,7 +55,7 @@ function levenshtein_distance%(s1: string, s2: string%): count ## ## Returns: The concatenation of all (string) arguments. ## -## .. bro:see:: cat cat_sep cat_string_array cat_string_array_n +## .. zeek:see:: cat cat_sep cat_string_array cat_string_array_n ## fmt ## join_string_vec join_string_array function string_cat%(...%): string @@ -123,11 +123,11 @@ BroString* cat_string_array_n(TableVal* tbl, int start, int end) ## Concatenates all elements in an array of strings. ## -## a: The :bro:type:`string_array` (``table[count] of string``). +## a: The :zeek:type:`string_array` (``table[count] of string``). ## ## Returns: The concatenation of all elements in *a*. ## -## .. bro:see:: cat cat_sep string_cat cat_string_array_n +## .. zeek:see:: cat cat_sep string_cat cat_string_array_n ## fmt ## join_string_vec join_string_array function cat_string_array%(a: string_array%): string &deprecated @@ -138,7 +138,7 @@ function cat_string_array%(a: string_array%): string &deprecated ## Concatenates a specific range of elements in an array of strings. ## -## a: The :bro:type:`string_array` (``table[count] of string``). +## a: The :zeek:type:`string_array` (``table[count] of string``). ## ## start: The array index of the first element of the range. ## @@ -146,7 +146,7 @@ function cat_string_array%(a: string_array%): string &deprecated ## ## Returns: The concatenation of the range *[start, end]* in *a*. ## -## .. bro:see:: cat string_cat cat_string_array +## .. zeek:see:: cat string_cat cat_string_array ## fmt ## join_string_vec join_string_array function cat_string_array_n%(a: string_array, start: count, end: count%): string &deprecated @@ -160,12 +160,12 @@ function cat_string_array_n%(a: string_array, start: count, end: count%): string ## ## sep: The separator to place between each element. ## -## a: The :bro:type:`string_array` (``table[count] of string``). +## a: The :zeek:type:`string_array` (``table[count] of string``). ## ## Returns: The concatenation of all elements in *a*, with *sep* placed ## between each element. ## -## .. bro:see:: cat cat_sep string_cat cat_string_array cat_string_array_n +## .. zeek:see:: cat cat_sep string_cat cat_string_array cat_string_array_n ## fmt ## join_string_vec function join_string_array%(sep: string, a: string_array%): string &deprecated @@ -196,12 +196,12 @@ function join_string_array%(sep: string, a: string_array%): string &deprecated ## ## sep: The separator to place between each element. ## -## vec: The :bro:type:`string_vec` (``vector of string``). +## vec: The :zeek:type:`string_vec` (``vector of string``). ## ## Returns: The concatenation of all elements in *vec*, with *sep* placed ## between each element. ## -## .. bro:see:: cat cat_sep string_cat cat_string_array cat_string_array_n +## .. zeek:see:: cat cat_sep string_cat cat_string_array cat_string_array_n ## fmt ## join_string_array function join_string_vec%(vec: string_vec, sep: string%): string @@ -233,11 +233,11 @@ function join_string_vec%(vec: string_vec, sep: string%): string ## Sorts an array of strings. ## -## a: The :bro:type:`string_array` (``table[count] of string``). +## a: The :zeek:type:`string_array` (``table[count] of string``). ## ## Returns: A sorted copy of *a*. ## -## .. bro:see:: sort +## .. zeek:see:: sort function sort_string_array%(a: string_array%): string_array &deprecated %{ TableVal* tbl = a->AsTableVal(); @@ -278,7 +278,7 @@ function sort_string_array%(a: string_array%): string_array &deprecated ## Returns: An edited version of *arg_s* where *arg_edit_char* triggers the ## deletion of the last character. ## -## .. bro:see:: clean +## .. zeek:see:: clean ## to_string_literal ## escape_string ## strip @@ -558,7 +558,7 @@ Val* do_sub(StringVal* str_val, RE_Matcher* re, StringVal* repl, int do_all) ## Returns: An array of strings where each element corresponds to a substring ## in *str* separated by *re*. ## -## .. bro:see:: split1 split_all split_n str_split split_string1 split_string_all split_string_n str_split +## .. zeek:see:: split1 split_all split_n str_split split_string1 split_string_all split_string_n str_split ## ## .. note:: The returned table starts at index 1. Note that conceptually the ## return value is meant to be a vector and this might change in the @@ -578,7 +578,7 @@ function split%(str: string, re: pattern%): string_array &deprecated ## Returns: An array of strings where each element corresponds to a substring ## in *str* separated by *re*. ## -## .. bro:see:: split_string1 split_string_all split_string_n str_split +## .. zeek:see:: split_string1 split_string_all split_string_n str_split ## function split_string%(str: string, re: pattern%): string_vec %{ @@ -586,7 +586,7 @@ function split_string%(str: string, re: pattern%): string_vec %} ## Splits a string *once* into a two-element array of strings according to a -## pattern. This function is the same as :bro:id:`split`, but *str* is only +## pattern. This function is the same as :zeek:id:`split`, but *str* is only ## split once (if possible) at the earliest position and an array of two strings ## is returned. ## @@ -599,14 +599,14 @@ function split_string%(str: string, re: pattern%): string_vec ## second everything after *re*. An array of one string is returned ## when *s* cannot be split. ## -## .. bro:see:: split split_all split_n str_split split_string split_string_all split_string_n str_split +## .. zeek:see:: split split_all split_n str_split split_string split_string_all split_string_n str_split function split1%(str: string, re: pattern%): string_array &deprecated %{ return do_split(str, re, 0, 1); %} ## Splits a string *once* into a two-element array of strings according to a -## pattern. This function is the same as :bro:id:`split_string`, but *str* is +## pattern. This function is the same as :zeek:id:`split_string`, but *str* is ## only split once (if possible) at the earliest position and an array of two ## strings is returned. ## @@ -619,14 +619,14 @@ function split1%(str: string, re: pattern%): string_array &deprecated ## second everything after *re*. An array of one string is returned ## when *s* cannot be split. ## -## .. bro:see:: split_string split_string_all split_string_n str_split +## .. zeek:see:: split_string split_string_all split_string_n str_split function split_string1%(str: string, re: pattern%): string_vec %{ return do_split_string(str, re, 0, 1); %} ## Splits a string into an array of strings according to a pattern. This -## function is the same as :bro:id:`split`, except that the separators are +## function is the same as :zeek:id:`split`, except that the separators are ## returned as well. For example, ``split_all("a-b--cd", /(\-)+/)`` returns ## ``{"a", "-", "b", "--", "cd"}``: odd-indexed elements do not match the ## pattern and even-indexed ones do. @@ -639,14 +639,14 @@ function split_string1%(str: string, re: pattern%): string_vec ## to a substring in *str* of the part not matching *re* (odd-indexed) ## and the part that matches *re* (even-indexed). ## -## .. bro:see:: split split1 split_n str_split split_string split_string1 split_string_n str_split +## .. zeek:see:: split split1 split_n str_split split_string split_string1 split_string_n str_split function split_all%(str: string, re: pattern%): string_array &deprecated %{ return do_split(str, re, 1, 0); %} ## Splits a string into an array of strings according to a pattern. This -## function is the same as :bro:id:`split_string`, except that the separators +## function is the same as :zeek:id:`split_string`, except that the separators ## are returned as well. For example, ``split_string_all("a-b--cd", /(\-)+/)`` ## returns ``{"a", "-", "b", "--", "cd"}``: odd-indexed elements do match the ## pattern and even-indexed ones do not. @@ -659,15 +659,15 @@ function split_all%(str: string, re: pattern%): string_array &deprecated ## to a substring in *str* of the part not matching *re* (even-indexed) ## and the part that matches *re* (odd-indexed). ## -## .. bro:see:: split_string split_string1 split_string_n str_split +## .. zeek:see:: split_string split_string1 split_string_n str_split function split_string_all%(str: string, re: pattern%): string_vec %{ return do_split_string(str, re, 1, 0); %} ## Splits a string a given number of times into an array of strings according -## to a pattern. This function is similar to :bro:id:`split1` and -## :bro:id:`split_all`, but with customizable behavior with respect to +## to a pattern. This function is similar to :zeek:id:`split1` and +## :zeek:id:`split_all`, but with customizable behavior with respect to ## including separators in the result and the number of times to split. ## ## str: The string to split. @@ -675,7 +675,7 @@ function split_string_all%(str: string, re: pattern%): string_vec ## re: The pattern describing the element separator in *str*. ## ## incl_sep: A flag indicating whether to include the separator matches in the -## result (as in :bro:id:`split_all`). +## result (as in :zeek:id:`split_all`). ## ## max_num_sep: The number of times to split *str*. ## @@ -684,7 +684,7 @@ function split_string_all%(str: string, re: pattern%): string_vec ## not matching *re* (odd-indexed) and the part that matches *re* ## (even-indexed). ## -## .. bro:see:: split split1 split_all str_split split_string split_string1 split_string_all str_split +## .. zeek:see:: split split1 split_all str_split split_string split_string1 split_string_all str_split function split_n%(str: string, re: pattern, incl_sep: bool, max_num_sep: count%): string_array &deprecated %{ @@ -692,8 +692,8 @@ function split_n%(str: string, re: pattern, %} ## Splits a string a given number of times into an array of strings according -## to a pattern. This function is similar to :bro:id:`split_string1` and -## :bro:id:`split_string_all`, but with customizable behavior with respect to +## to a pattern. This function is similar to :zeek:id:`split_string1` and +## :zeek:id:`split_string_all`, but with customizable behavior with respect to ## including separators in the result and the number of times to split. ## ## str: The string to split. @@ -701,7 +701,7 @@ function split_n%(str: string, re: pattern, ## re: The pattern describing the element separator in *str*. ## ## incl_sep: A flag indicating whether to include the separator matches in the -## result (as in :bro:id:`split_string_all`). +## result (as in :zeek:id:`split_string_all`). ## ## max_num_sep: The number of times to split *str*. ## @@ -710,7 +710,7 @@ function split_n%(str: string, re: pattern, ## not matching *re* (even-indexed) and the part that matches *re* ## (odd-indexed). ## -## .. bro:see:: split_string split_string1 split_string_all str_split +## .. zeek:see:: split_string split_string1 split_string_all str_split function split_string_n%(str: string, re: pattern, incl_sep: bool, max_num_sep: count%): string_vec %{ @@ -729,7 +729,7 @@ function split_string_n%(str: string, re: pattern, ## Returns: A copy of *str* with the first occurence of *re* replaced with ## *repl*. ## -## .. bro:see:: gsub subst_string +## .. zeek:see:: gsub subst_string function sub%(str: string, re: pattern, repl: string%): string %{ return do_sub(str, re, repl, 0); @@ -746,7 +746,7 @@ function sub%(str: string, re: pattern, repl: string%): string ## ## Returns: A copy of *str* with all occurrences of *re* replaced with *repl*. ## -## .. bro:see:: sub subst_string +## .. zeek:see:: sub subst_string function gsub%(str: string, re: pattern, repl: string%): string %{ return do_sub(str, re, repl, 1); @@ -775,7 +775,7 @@ function strcmp%(s1: string, s2: string%): int ## Returns: The location of *little* in *big*, or 0 if *little* is not found in ## *big*. ## -## .. bro:see:: find_all find_last +## .. zeek:see:: find_all find_last function strstr%(big: string, little: string%): count %{ return val_mgr->GetCount( @@ -792,7 +792,7 @@ function strstr%(big: string, little: string%): count ## ## Returns: A copy of *s* where each occurrence of *from* is replaced with *to*. ## -## .. bro:see:: sub gsub +## .. zeek:see:: sub gsub function subst_string%(s: string, from: string, to: string%): string %{ const int little_len = from->Len(); @@ -843,7 +843,7 @@ function subst_string%(s: string, from: string, to: string%): string ## by ``isascii`` and ``isupper``) folded to lowercase ## (via ``tolower``). ## -## .. bro:see:: to_upper is_ascii +## .. zeek:see:: to_upper is_ascii function to_lower%(str: string%): string %{ const u_char* s = str->Bytes(); @@ -872,7 +872,7 @@ function to_lower%(str: string%): string ## by ``isascii`` and ``islower``) folded to uppercase ## (via ``toupper``). ## -## .. bro:see:: to_lower is_ascii +## .. zeek:see:: to_lower is_ascii function to_upper%(str: string%): string %{ const u_char* s = str->Bytes(); @@ -900,13 +900,13 @@ function to_upper%(str: string%): string ## ## If the string does not yet have a trailing NUL, one is added internally. ## -## In contrast to :bro:id:`escape_string`, this encoding is *not* fully reversible.` +## In contrast to :zeek:id:`escape_string`, this encoding is *not* fully reversible.` ## ## str: The string to escape. ## ## Returns: The escaped string. ## -## .. bro:see:: to_string_literal escape_string +## .. zeek:see:: to_string_literal escape_string function clean%(str: string%): string %{ char* s = str->AsString()->Render(); @@ -924,7 +924,7 @@ function clean%(str: string%): string ## ## Returns: The escaped string. ## -## .. bro:see:: clean escape_string +## .. zeek:see:: clean escape_string function to_string_literal%(str: string%): string %{ char* s = str->AsString()->Render(BroString::BRO_STRING_LITERAL); @@ -938,7 +938,7 @@ function to_string_literal%(str: string%): string ## Returns: False if any byte value of *str* is greater than 127, and true ## otherwise. ## -## .. bro:see:: to_upper to_lower +## .. zeek:see:: to_upper to_lower function is_ascii%(str: string%): bool %{ int n = str->Len(); @@ -957,13 +957,13 @@ function is_ascii%(str: string%): bool ## - values not in *[32, 126]* to ``\xXX`` ## - ``\`` to ``\\`` ## -## In contrast to :bro:id:`clean`, this encoding is fully reversible.` +## In contrast to :zeek:id:`clean`, this encoding is fully reversible.` ## ## str: The string to escape. ## ## Returns: The escaped string. ## -## .. bro:see:: clean to_string_literal +## .. zeek:see:: clean to_string_literal function escape_string%(s: string%): string %{ char* escstr = s->AsString()->Render(BroString::ESC_HEX | BroString::ESC_ESC); @@ -1022,7 +1022,7 @@ function str_smith_waterman%(s1: string, s2: string, params: sw_params%) : sw_su ## ## Returns: A vector of strings. ## -## .. bro:see:: split split1 split_all split_n +## .. zeek:see:: split split1 split_all split_n function str_split%(s: string, idx: index_vec%): string_vec %{ vector* idx_v = idx->AsVector(); @@ -1057,7 +1057,7 @@ function str_split%(s: string, idx: index_vec%): string_vec ## ## Returns: A copy of *str* with leading and trailing whitespace removed. ## -## .. bro:see:: sub gsub lstrip rstrip +## .. zeek:see:: sub gsub lstrip rstrip function strip%(str: string%): string %{ const u_char* s = str->Bytes(); @@ -1105,7 +1105,7 @@ static bool should_strip(u_char c, const BroString* strip_chars) ## Returns: A copy of *str* with the characters in *chars* removed from ## the beginning. ## -## .. bro:see:: sub gsub strip rstrip +## .. zeek:see:: sub gsub strip rstrip function lstrip%(str: string, chars: string &default=" \t\n\r\v\f"%): string %{ const u_char* s = str->Bytes(); @@ -1136,7 +1136,7 @@ function lstrip%(str: string, chars: string &default=" \t\n\r\v\f"%): string ## Returns: A copy of *str* with the characters in *chars* removed from ## the end. ## -## .. bro:see:: sub gsub strip lstrip +## .. zeek:see:: sub gsub strip lstrip function rstrip%(str: string, chars: string &default=" \t\n\r\v\f"%): string %{ const u_char* s = str->Bytes(); @@ -1180,7 +1180,7 @@ function string_fill%(len: int, source: string%): string ## Takes a string and escapes characters that would allow execution of ## commands at the shell level. Must be used before including strings in -## :bro:id:`system` or similar calls. +## :zeek:id:`system` or similar calls. ## ## source: The string to escape. ## @@ -1191,7 +1191,7 @@ function string_fill%(len: int, source: string%): string ## backslash-escaped string in double-quotes to ultimately preserve ## the literal value of all input characters. ## -## .. bro:see:: system safe_shell_quote +## .. zeek:see:: system safe_shell_quote function safe_shell_quote%(source: string%): string %{ unsigned j = 0; @@ -1220,9 +1220,9 @@ function safe_shell_quote%(source: string%): string ## Takes a string and escapes characters that would allow execution of ## commands at the shell level. Must be used before including strings in -## :bro:id:`system` or similar calls. This function is deprecated, use -## :bro:see:`safe_shell_quote` as a replacement. The difference is that -## :bro:see:`safe_shell_quote` automatically returns a value that is +## :zeek:id:`system` or similar calls. This function is deprecated, use +## :zeek:see:`safe_shell_quote` as a replacement. The difference is that +## :zeek:see:`safe_shell_quote` automatically returns a value that is ## wrapped in double-quotes, which is required to correctly and fully ## escape any characters that might be interpreted by the shell. ## @@ -1230,7 +1230,7 @@ function safe_shell_quote%(source: string%): string ## ## Returns: A shell-escaped version of *source*. ## -## .. bro:see:: system safe_shell_quote +## .. zeek:see:: system safe_shell_quote function str_shell_escape%(source: string%): string &deprecated %{ unsigned j = 0; @@ -1267,7 +1267,7 @@ function str_shell_escape%(source: string%): string &deprecated ## ## Returns: The set of strings in *str* that match *re*, or the empty set. ## -## .. bro:see: find_last strstr +## .. zeek:see: find_last strstr function find_all%(str: string, re: pattern%) : string_set %{ TableVal* a = new TableVal(string_set); @@ -1301,7 +1301,7 @@ function find_all%(str: string, re: pattern%) : string_set ## ## Returns: The last string in *str* that matches *re*, or the empty string. ## -## .. bro:see: find_all strstr +## .. zeek:see: find_all strstr function find_last%(str: string, re: pattern%) : string %{ const u_char* s = str->Bytes(); @@ -1325,7 +1325,7 @@ function find_last%(str: string, re: pattern%) : string ## ## Returns: The hex dump of the given string. ## -## .. bro:see:: string_to_ascii_hex bytestring_to_hexstr +## .. zeek:see:: string_to_ascii_hex bytestring_to_hexstr ## ## .. note:: Based on Netdude's hex editor code. ## diff --git a/src/broxygen/CMakeLists.txt b/src/zeexygen/CMakeLists.txt similarity index 73% rename from src/broxygen/CMakeLists.txt rename to src/zeexygen/CMakeLists.txt index f41cd68ff5..43060866a9 100644 --- a/src/broxygen/CMakeLists.txt +++ b/src/zeexygen/CMakeLists.txt @@ -7,7 +7,7 @@ include_directories(BEFORE ${CMAKE_CURRENT_BINARY_DIR} ) -set(broxygen_SRCS +set(zeexygen_SRCS Manager.cc Info.h PackageInfo.cc @@ -19,7 +19,7 @@ set(broxygen_SRCS utils.cc ) -bif_target(broxygen.bif) -bro_add_subdir_library(broxygen ${broxygen_SRCS}) +bif_target(zeexygen.bif) +bro_add_subdir_library(zeexygen ${zeexygen_SRCS}) -add_dependencies(bro_broxygen generate_outputs) +add_dependencies(bro_zeexygen generate_outputs) diff --git a/src/broxygen/Configuration.cc b/src/zeexygen/Configuration.cc similarity index 87% rename from src/broxygen/Configuration.cc rename to src/zeexygen/Configuration.cc index 4780e6ad99..7b1f5e35fd 100644 --- a/src/broxygen/Configuration.cc +++ b/src/zeexygen/Configuration.cc @@ -11,7 +11,7 @@ #include #include -using namespace broxygen; +using namespace zeexygen; using namespace std; static TargetFactory create_target_factory() @@ -37,7 +37,7 @@ Config::Config(const string& arg_file, const string& delim) ifstream f(file.c_str()); if ( ! f.is_open() ) - reporter->FatalError("failed to open Broxygen config file '%s': %s", + reporter->FatalError("failed to open Zeexygen config file '%s': %s", file.c_str(), strerror(errno)); string line; @@ -59,20 +59,20 @@ Config::Config(const string& arg_file, const string& delim) continue; if ( tokens.size() != 3 ) - reporter->FatalError("malformed Broxygen target in %s:%u: %s", + reporter->FatalError("malformed Zeexygen target in %s:%u: %s", file.c_str(), line_number, line.c_str()); Target* target = target_factory.Create(tokens[0], tokens[2], tokens[1]); if ( ! target ) - reporter->FatalError("unknown Broxygen target type: %s", + reporter->FatalError("unknown Zeexygen target type: %s", tokens[0].c_str()); targets.push_back(target); } if ( f.bad() ) - reporter->InternalError("error reading Broxygen config file '%s': %s", + reporter->InternalError("error reading Zeexygen config file '%s': %s", file.c_str(), strerror(errno)); } @@ -99,5 +99,5 @@ time_t Config::GetModificationTime() const if ( file.empty() ) return 0; - return broxygen::get_mtime(file); + return zeexygen::get_mtime(file); } diff --git a/src/broxygen/Configuration.h b/src/zeexygen/Configuration.h similarity index 80% rename from src/broxygen/Configuration.h rename to src/zeexygen/Configuration.h index d41deb2c71..a0da9761bc 100644 --- a/src/broxygen/Configuration.h +++ b/src/zeexygen/Configuration.h @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef BROXYGEN_CONFIGURATION_H -#define BROXYGEN_CONFIGURATION_H +#ifndef ZEEXYGEN_CONFIGURATION_H +#define ZEEXYGEN_CONFIGURATION_H #include "Info.h" #include "Target.h" @@ -9,7 +9,7 @@ #include #include -namespace broxygen { +namespace zeexygen { /** * Manages the generation of reStructuredText documents corresponding to @@ -22,8 +22,8 @@ class Config { public: /** - * Read a Broxygen configuration file, parsing all targets in it. - * @param file The file containing a list of Broxygen targets. If it's + * Read a Zeexygen configuration file, parsing all targets in it. + * @param file The file containing a list of Zeexygen targets. If it's * an empty string most methods are a no-op. * @param delim The delimiter between target fields. */ @@ -41,7 +41,7 @@ public: void FindDependencies(const std::vector& infos); /** - * Build each Broxygen target (i.e. write out the reST documents to disk). + * Build each Zeexygen target (i.e. write out the reST documents to disk). */ void GenerateDocs() const; @@ -58,6 +58,6 @@ private: TargetFactory target_factory; }; -} // namespace broxygen +} // namespace zeexygen #endif diff --git a/src/broxygen/IdentifierInfo.cc b/src/zeexygen/IdentifierInfo.cc similarity index 97% rename from src/broxygen/IdentifierInfo.cc rename to src/zeexygen/IdentifierInfo.cc index afc0cf751a..ebb15373bf 100644 --- a/src/broxygen/IdentifierInfo.cc +++ b/src/zeexygen/IdentifierInfo.cc @@ -7,7 +7,7 @@ #include "Val.h" using namespace std; -using namespace broxygen; +using namespace zeexygen; IdentifierInfo::IdentifierInfo(ID* arg_id, ScriptInfo* script) : Info(), @@ -128,7 +128,7 @@ string IdentifierInfo::DoReStructuredText(bool roles_only) const { string s = comments[i]; - if ( broxygen::prettify_params(s) ) + if ( zeexygen::prettify_params(s) ) d.NL(); d.Add(s.c_str()); diff --git a/src/broxygen/IdentifierInfo.h b/src/zeexygen/IdentifierInfo.h similarity index 92% rename from src/broxygen/IdentifierInfo.h rename to src/zeexygen/IdentifierInfo.h index be7e721838..a930f67feb 100644 --- a/src/broxygen/IdentifierInfo.h +++ b/src/zeexygen/IdentifierInfo.h @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef BROXYGEN_IDENTIFIERINFO_H -#define BROXYGEN_IDENTIFIERINFO_H +#ifndef ZEEXYGEN_IDENTIFIERINFO_H +#define ZEEXYGEN_IDENTIFIERINFO_H #include "Info.h" #include "ScriptInfo.h" @@ -14,7 +14,7 @@ #include #include -namespace broxygen { +namespace zeexygen { class ScriptInfo; @@ -42,7 +42,7 @@ public: * Add a comment associated with the identifier. If the identifier is a * record type and it's in the middle of parsing fields, the comment is * associated with the last field that was parsed. - * @param comment A string extracted from Broxygen-style comment. + * @param comment A string extracted from Zeexygen-style comment. */ void AddComment(const std::string& comment) { last_field_seen ? last_field_seen->comments.push_back(comment) @@ -102,13 +102,13 @@ public: std::string GetDeclaringScriptForField(const std::string& field) const; /** - * @return All Broxygen comments associated with the identifier. + * @return All Zeexygen comments associated with the identifier. */ std::vector GetComments() const; /** * @param field A record field name. - * @return All Broxygen comments associated with the record field. + * @return All Zeexygen comments associated with the record field. */ std::vector GetFieldComments(const std::string& field) const; @@ -118,7 +118,7 @@ public: struct Redefinition { std::string from_script; /**< Name of script doing the redef. */ std::string new_val_desc; /**< Description of new value bound to ID. */ - std::vector comments; /**< Broxygen comments on redef. */ + std::vector comments; /**< Zeexygen comments on redef. */ }; /** @@ -159,6 +159,6 @@ private: ScriptInfo* declaring_script; }; -} // namespace broxygen +} // namespace zeexygen #endif diff --git a/src/broxygen/Info.h b/src/zeexygen/Info.h similarity index 89% rename from src/broxygen/Info.h rename to src/zeexygen/Info.h index 9df73f899f..46fba7b7b6 100644 --- a/src/broxygen/Info.h +++ b/src/zeexygen/Info.h @@ -1,15 +1,15 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef BROXYGEN_INFO_H -#define BROXYGEN_INFO_H +#ifndef ZEEXYGEN_INFO_H +#define ZEEXYGEN_INFO_H #include #include -namespace broxygen { +namespace zeexygen { /** - * Abstract base class for any thing that Broxygen can document. + * Abstract base class for any thing that Zeexygen can document. */ class Info { @@ -68,6 +68,6 @@ private: { } }; -} // namespace broxygen +} // namespace zeexygen #endif diff --git a/src/broxygen/Manager.cc b/src/zeexygen/Manager.cc similarity index 87% rename from src/broxygen/Manager.cc rename to src/zeexygen/Manager.cc index c54b05754e..d638705d8b 100644 --- a/src/broxygen/Manager.cc +++ b/src/zeexygen/Manager.cc @@ -7,7 +7,7 @@ #include #include -using namespace broxygen; +using namespace zeexygen; using namespace std; static void DbgAndWarn(const char* msg) @@ -19,7 +19,7 @@ static void DbgAndWarn(const char* msg) return; reporter->Warning("%s", msg); - DBG_LOG(DBG_BROXYGEN, "%s", msg); + DBG_LOG(DBG_ZEEXYGEN, "%s", msg); } static void WarnMissingScript(const char* type, const ID* id, @@ -28,7 +28,7 @@ static void WarnMissingScript(const char* type, const ID* id, if ( script == "" ) return; - DbgAndWarn(fmt("Can't generate Broxygen doumentation for %s %s, " + DbgAndWarn(fmt("Can't generate Zeexygen doumentation for %s %s, " "lookup of %s failed", type, id->Name(), script.c_str())); } @@ -83,7 +83,7 @@ Manager::Manager(const string& arg_config, const string& bro_command) // a PATH component that starts with a tilde (such as "~/bin"). A simple // workaround is to just run bro with a relative or absolute path. if ( path_to_bro.empty() || stat(path_to_bro.c_str(), &s) < 0 ) - reporter->InternalError("Broxygen can't get mtime of bro binary %s (try again by specifying the absolute or relative path to Bro): %s", + reporter->InternalError("Zeexygen can't get mtime of bro binary %s (try again by specifying the absolute or relative path to Bro): %s", path_to_bro.c_str(), strerror(errno)); bro_mtime = s.st_mtime; @@ -129,7 +129,7 @@ void Manager::Script(const string& path) if ( scripts.GetInfo(name) ) { - DbgAndWarn(fmt("Duplicate Broxygen script documentation: %s", + DbgAndWarn(fmt("Duplicate Zeexygen script documentation: %s", name.c_str())); return; } @@ -137,7 +137,7 @@ void Manager::Script(const string& path) ScriptInfo* info = new ScriptInfo(name, path); scripts.map[name] = info; all_info.push_back(info); - DBG_LOG(DBG_BROXYGEN, "Made ScriptInfo %s", name.c_str()); + DBG_LOG(DBG_ZEEXYGEN, "Made ScriptInfo %s", name.c_str()); if ( ! info->IsPkgLoader() ) return; @@ -146,7 +146,7 @@ void Manager::Script(const string& path) if ( packages.GetInfo(name) ) { - DbgAndWarn(fmt("Duplicate Broxygen package documentation: %s", + DbgAndWarn(fmt("Duplicate Zeexygen package documentation: %s", name.c_str())); return; } @@ -154,7 +154,7 @@ void Manager::Script(const string& path) PackageInfo* pkginfo = new PackageInfo(name); packages.map[name] = pkginfo; all_info.push_back(pkginfo); - DBG_LOG(DBG_BROXYGEN, "Made PackageInfo %s", name.c_str()); + DBG_LOG(DBG_ZEEXYGEN, "Made PackageInfo %s", name.c_str()); } void Manager::ScriptDependency(const string& path, const string& dep) @@ -164,7 +164,7 @@ void Manager::ScriptDependency(const string& path, const string& dep) if ( dep.empty() ) { - DbgAndWarn(fmt("Empty Broxygen script doc dependency: %s", + DbgAndWarn(fmt("Empty Zeexygen script doc dependency: %s", path.c_str())); return; } @@ -175,17 +175,17 @@ void Manager::ScriptDependency(const string& path, const string& dep) if ( ! script_info ) { - DbgAndWarn(fmt("Failed to add Broxygen script doc dependency %s " + DbgAndWarn(fmt("Failed to add Zeexygen script doc dependency %s " "for %s", depname.c_str(), name.c_str())); return; } script_info->AddDependency(depname); - DBG_LOG(DBG_BROXYGEN, "Added script dependency %s for %s", + DBG_LOG(DBG_ZEEXYGEN, "Added script dependency %s for %s", depname.c_str(), name.c_str()); for ( size_t i = 0; i < comment_buffer.size(); ++i ) - DbgAndWarn(fmt("Discarded extraneous Broxygen comment: %s", + DbgAndWarn(fmt("Discarded extraneous Zeexygen comment: %s", comment_buffer[i].c_str())); } @@ -199,13 +199,13 @@ void Manager::ModuleUsage(const string& path, const string& module) if ( ! script_info ) { - DbgAndWarn(fmt("Failed to add Broxygen module usage %s in %s", + DbgAndWarn(fmt("Failed to add Zeexygen module usage %s in %s", module.c_str(), name.c_str())); return; } script_info->AddModule(module); - DBG_LOG(DBG_BROXYGEN, "Added module usage %s in %s", + DBG_LOG(DBG_ZEEXYGEN, "Added module usage %s in %s", module.c_str(), name.c_str()); } @@ -246,7 +246,7 @@ void Manager::StartType(ID* id) if ( id->GetLocationInfo() == &no_location ) { - DbgAndWarn(fmt("Can't generate broxygen doumentation for %s, " + DbgAndWarn(fmt("Can't generate zeexygen doumentation for %s, " "no location available", id->Name())); return; } @@ -261,7 +261,7 @@ void Manager::StartType(ID* id) } incomplete_type = CreateIdentifierInfo(id, script_info); - DBG_LOG(DBG_BROXYGEN, "Made IdentifierInfo (incomplete) %s, in %s", + DBG_LOG(DBG_ZEEXYGEN, "Made IdentifierInfo (incomplete) %s, in %s", id->Name(), script.c_str()); } @@ -279,7 +279,7 @@ void Manager::Identifier(ID* id) { if ( incomplete_type->Name() == id->Name() ) { - DBG_LOG(DBG_BROXYGEN, "Finished document for type %s", id->Name()); + DBG_LOG(DBG_ZEEXYGEN, "Finished document for type %s", id->Name()); incomplete_type->CompletedTypeDecl(); incomplete_type = 0; return; @@ -309,7 +309,7 @@ void Manager::Identifier(ID* id) { // Internally-created identifier (e.g. file/proto analyzer enum tags). // Handled specially since they don't have a script location. - DBG_LOG(DBG_BROXYGEN, "Made internal IdentifierInfo %s", + DBG_LOG(DBG_ZEEXYGEN, "Made internal IdentifierInfo %s", id->Name()); CreateIdentifierInfo(id, 0); return; @@ -325,7 +325,7 @@ void Manager::Identifier(ID* id) } CreateIdentifierInfo(id, script_info); - DBG_LOG(DBG_BROXYGEN, "Made IdentifierInfo %s, in script %s", + DBG_LOG(DBG_ZEEXYGEN, "Made IdentifierInfo %s, in script %s", id->Name(), script.c_str()); } @@ -339,7 +339,7 @@ void Manager::RecordField(const ID* id, const TypeDecl* field, if ( ! idd ) { - DbgAndWarn(fmt("Can't generate broxygen doumentation for " + DbgAndWarn(fmt("Can't generate zeexygen doumentation for " "record field %s, unknown record: %s", field->id, id->Name())); return; @@ -348,7 +348,7 @@ void Manager::RecordField(const ID* id, const TypeDecl* field, string script = NormalizeScriptPath(path); idd->AddRecordField(field, script, comment_buffer); comment_buffer.clear(); - DBG_LOG(DBG_BROXYGEN, "Document record field %s, identifier %s, script %s", + DBG_LOG(DBG_ZEEXYGEN, "Document record field %s, identifier %s, script %s", field->id, id->Name(), script.c_str()); } @@ -365,7 +365,7 @@ void Manager::Redef(const ID* id, const string& path) if ( ! id_info ) { - DbgAndWarn(fmt("Can't generate broxygen doumentation for " + DbgAndWarn(fmt("Can't generate zeexygen doumentation for " "redef of %s, identifier lookup failed", id->Name())); return; @@ -384,7 +384,7 @@ void Manager::Redef(const ID* id, const string& path) script_info->AddRedef(id_info); comment_buffer.clear(); last_identifier_seen = id_info; - DBG_LOG(DBG_BROXYGEN, "Added redef of %s from %s", + DBG_LOG(DBG_ZEEXYGEN, "Added redef of %s from %s", id->Name(), from_script.c_str()); } @@ -421,7 +421,7 @@ void Manager::PostComment(const string& comment, const string& id_hint) if ( last_identifier_seen ) last_identifier_seen->AddComment(RemoveLeadingSpace(comment)); else - DbgAndWarn(fmt("Discarded unassociated Broxygen comment %s", + DbgAndWarn(fmt("Discarded unassociated Zeexygen comment %s", comment.c_str())); return; diff --git a/src/broxygen/Manager.h b/src/zeexygen/Manager.h similarity index 89% rename from src/broxygen/Manager.h rename to src/zeexygen/Manager.h index 7978adc180..5b2142e047 100644 --- a/src/broxygen/Manager.h +++ b/src/zeexygen/Manager.h @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef BROXYGEN_MANAGER_H -#define BROXYGEN_MANAGER_H +#ifndef ZEEXYGEN_MANAGER_H +#define ZEEXYGEN_MANAGER_H #include "Configuration.h" #include "Info.h" @@ -21,7 +21,7 @@ #include #include -namespace broxygen { +namespace zeexygen { /** * Map of info objects. Just a wrapper around std::map to improve code @@ -54,7 +54,7 @@ public: /** * Ctor. - * @param config Path to a Broxygen config file if documentation is to be + * @param config Path to a Zeexygen config file if documentation is to be * written to disk. * @param bro_command The command used to invoke the bro process. * It's used when checking for out-of-date targets. If the bro binary is @@ -80,7 +80,7 @@ public: void InitPostScript(); /** - * Builds all Broxygen targets specified by config file and write out + * Builds all Zeexygen targets specified by config file and write out * documentation to disk. */ void GenerateDocs() const; @@ -140,24 +140,24 @@ public: void Redef(const ID* id, const std::string& path); /** - * Register Broxygen script summary content. + * Register Zeexygen script summary content. * @param path Absolute path to a Bro script. - * @param comment Broxygen-style summary comment ("##!") to associate with + * @param comment Zeexygen-style summary comment ("##!") to associate with * script given by \a path. */ void SummaryComment(const std::string& path, const std::string& comment); /** - * Register a Broxygen comment ("##") for an upcoming identifier (i.e. + * Register a Zeexygen comment ("##") for an upcoming identifier (i.e. * this content is buffered and consumed by next identifier/field * declaration. - * @param comment Content of the Broxygen comment. + * @param comment Content of the Zeexygen comment. */ void PreComment(const std::string& comment); /** - * Register a Broxygen comment ("##<") for the last identifier seen. - * @param comment Content of the Broxygen comment. + * Register a Zeexygen comment ("##<") for the last identifier seen. + * @param comment Content of the Zeexygen comment. * @param identifier_hint Expected name of identifier with which to * associate \a comment. */ @@ -197,11 +197,11 @@ public: { return packages.GetInfo(name); } /** - * Check if a Broxygen target is up-to-date. - * @param target_file output file of a Broxygen target. + * Check if a Zeexygen target is up-to-date. + * @param target_file output file of a Zeexygen target. * @param dependencies all dependencies of the target. * @return true if modification time of \a target_file is newer than - * modification time of Bro binary, Broxygen config file, and all + * modification time of Bro binary, Zeexygen config file, and all * dependencies, else false. */ template @@ -241,7 +241,7 @@ bool Manager::IsUpToDate(const string& target_file, // Doesn't exist. return false; - reporter->InternalError("Broxygen failed to stat target file '%s': %s", + reporter->InternalError("Zeexygen failed to stat target file '%s': %s", target_file.c_str(), strerror(errno)); } @@ -258,8 +258,8 @@ bool Manager::IsUpToDate(const string& target_file, return true; } -} // namespace broxygen +} // namespace zeexygen -extern broxygen::Manager* broxygen_mgr; +extern zeexygen::Manager* zeexygen_mgr; #endif diff --git a/src/broxygen/PackageInfo.cc b/src/zeexygen/PackageInfo.cc similarity index 85% rename from src/broxygen/PackageInfo.cc rename to src/zeexygen/PackageInfo.cc index 1cbff5a07f..1fd607fd08 100644 --- a/src/broxygen/PackageInfo.cc +++ b/src/zeexygen/PackageInfo.cc @@ -9,7 +9,7 @@ #include using namespace std; -using namespace broxygen; +using namespace zeexygen; PackageInfo::PackageInfo(const string& arg_name) : Info(), @@ -23,7 +23,7 @@ PackageInfo::PackageInfo(const string& arg_name) ifstream f(readme_file.c_str()); if ( ! f.is_open() ) - reporter->InternalWarning("Broxygen failed to open '%s': %s", + reporter->InternalWarning("Zeexygen failed to open '%s': %s", readme_file.c_str(), strerror(errno)); string line; @@ -32,7 +32,7 @@ PackageInfo::PackageInfo(const string& arg_name) readme.push_back(line); if ( f.bad() ) - reporter->InternalWarning("Broxygen error reading '%s': %s", + reporter->InternalWarning("Zeexygen error reading '%s': %s", readme_file.c_str(), strerror(errno)); } @@ -54,5 +54,5 @@ time_t PackageInfo::DoGetModificationTime() const if ( readme_file.empty() ) return 0; - return broxygen::get_mtime(readme_file); + return zeexygen::get_mtime(readme_file); } diff --git a/src/broxygen/PackageInfo.h b/src/zeexygen/PackageInfo.h similarity index 89% rename from src/broxygen/PackageInfo.h rename to src/zeexygen/PackageInfo.h index 967bbe3443..977f31fece 100644 --- a/src/broxygen/PackageInfo.h +++ b/src/zeexygen/PackageInfo.h @@ -1,14 +1,14 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef BROXYGEN_PACKAGEINFO_H -#define BROXYGEN_PACKAGEINFO_H +#ifndef ZEEXYGEN_PACKAGEINFO_H +#define ZEEXYGEN_PACKAGEINFO_H #include "Info.h" #include #include -namespace broxygen { +namespace zeexygen { /** * Information about a Bro script package. @@ -45,6 +45,6 @@ private: std::vector readme; }; -} // namespace broxygen +} // namespace zeexygen #endif diff --git a/src/broxygen/ReStructuredTextTable.cc b/src/zeexygen/ReStructuredTextTable.cc similarity index 98% rename from src/broxygen/ReStructuredTextTable.cc rename to src/zeexygen/ReStructuredTextTable.cc index 2cdb774224..c8306313e5 100644 --- a/src/broxygen/ReStructuredTextTable.cc +++ b/src/zeexygen/ReStructuredTextTable.cc @@ -5,7 +5,7 @@ #include using namespace std; -using namespace broxygen; +using namespace zeexygen; ReStructuredTextTable::ReStructuredTextTable(size_t arg_num_cols) : num_cols(arg_num_cols), rows(), longest_row_in_column() diff --git a/src/broxygen/ReStructuredTextTable.h b/src/zeexygen/ReStructuredTextTable.h similarity index 92% rename from src/broxygen/ReStructuredTextTable.h rename to src/zeexygen/ReStructuredTextTable.h index 34cc30c332..9a4059ca83 100644 --- a/src/broxygen/ReStructuredTextTable.h +++ b/src/zeexygen/ReStructuredTextTable.h @@ -1,12 +1,12 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef BROXYGEN_RESTTABLE_H -#define BROXYGEN_RESTTABLE_H +#ifndef ZEEXYGEN_RESTTABLE_H +#define ZEEXYGEN_RESTTABLE_H #include #include -namespace broxygen { +namespace zeexygen { /** * A reST table with arbitrary number of columns. @@ -48,6 +48,6 @@ private: std::vector longest_row_in_column; }; -} // namespace broxygen +} // namespace zeexygen #endif diff --git a/src/broxygen/ScriptInfo.cc b/src/zeexygen/ScriptInfo.cc similarity index 86% rename from src/broxygen/ScriptInfo.cc rename to src/zeexygen/ScriptInfo.cc index b13498bddb..47769c615a 100644 --- a/src/broxygen/ScriptInfo.cc +++ b/src/zeexygen/ScriptInfo.cc @@ -10,7 +10,7 @@ #include "Desc.h" using namespace std; -using namespace broxygen; +using namespace zeexygen; bool IdInfoComp::operator ()(const IdentifierInfo* lhs, const IdentifierInfo* rhs) const @@ -24,11 +24,11 @@ static vector summary_comment(const vector& cmnts) for ( size_t i = 0; i < cmnts.size(); ++i ) { - size_t end = broxygen::end_of_first_sentence(cmnts[i]); + size_t end = zeexygen::end_of_first_sentence(cmnts[i]); if ( end == string::npos ) { - if ( broxygen::is_all_whitespace(cmnts[i]) ) + if ( zeexygen::is_all_whitespace(cmnts[i]) ) break; rval.push_back(cmnts[i]); @@ -86,7 +86,7 @@ static string make_summary(const string& heading, char underline, char border, add_summary_rows(d, summary_comment((*it)->GetComments()), &table); } - return broxygen::make_heading(heading, underline) + table.AsString(border) + return zeexygen::make_heading(heading, underline) + table.AsString(border) + "\n"; } @@ -115,7 +115,7 @@ static string make_redef_summary(const string& heading, char underline, add_summary_rows(d, summary_comment(iit->comments), &table); } - return broxygen::make_heading(heading, underline) + table.AsString(border) + return zeexygen::make_heading(heading, underline) + table.AsString(border) + "\n"; } @@ -125,7 +125,7 @@ static string make_details(const string& heading, char underline, if ( id_list.empty() ) return ""; - string rval = broxygen::make_heading(heading, underline); + string rval = zeexygen::make_heading(heading, underline); for ( id_info_list::const_iterator it = id_list.begin(); it != id_list.end(); ++it ) @@ -143,7 +143,7 @@ static string make_redef_details(const string& heading, char underline, if ( id_set.empty() ) return ""; - string rval = broxygen::make_heading(heading, underline); + string rval = zeexygen::make_heading(heading, underline); for ( id_info_set::const_iterator it = id_set.begin(); it != id_set.end(); ++it ) @@ -178,13 +178,13 @@ void ScriptInfo::DoInitPostScript() IdentifierInfo* info = it->second; ID* id = info->GetID(); - if ( ! broxygen::is_public_api(id) ) + if ( ! zeexygen::is_public_api(id) ) continue; if ( id->AsType() ) { types.push_back(info); - DBG_LOG(DBG_BROXYGEN, "Filter id '%s' in '%s' as a type", + DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a type", id->Name(), name.c_str()); continue; } @@ -193,17 +193,17 @@ void ScriptInfo::DoInitPostScript() { switch ( id->Type()->AsFuncType()->Flavor() ) { case FUNC_FLAVOR_HOOK: - DBG_LOG(DBG_BROXYGEN, "Filter id '%s' in '%s' as a hook", + DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a hook", id->Name(), name.c_str()); hooks.push_back(info); break; case FUNC_FLAVOR_EVENT: - DBG_LOG(DBG_BROXYGEN, "Filter id '%s' in '%s' as a event", + DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a event", id->Name(), name.c_str()); events.push_back(info); break; case FUNC_FLAVOR_FUNCTION: - DBG_LOG(DBG_BROXYGEN, "Filter id '%s' in '%s' as a function", + DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a function", id->Name(), name.c_str()); functions.push_back(info); break; @@ -219,13 +219,13 @@ void ScriptInfo::DoInitPostScript() { if ( id->FindAttr(ATTR_REDEF) ) { - DBG_LOG(DBG_BROXYGEN, "Filter id '%s' in '%s' as a redef_option", + DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a redef_option", id->Name(), name.c_str()); redef_options.push_back(info); } else { - DBG_LOG(DBG_BROXYGEN, "Filter id '%s' in '%s' as a constant", + DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a constant", id->Name(), name.c_str()); constants.push_back(info); } @@ -234,7 +234,7 @@ void ScriptInfo::DoInitPostScript() } else if ( id->IsOption() ) { - DBG_LOG(DBG_BROXYGEN, "Filter id '%s' in '%s' as an runtime option", + DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as an runtime option", id->Name(), name.c_str()); options.push_back(info); @@ -246,7 +246,7 @@ void ScriptInfo::DoInitPostScript() // documentation. continue; - DBG_LOG(DBG_BROXYGEN, "Filter id '%s' in '%s' as a state variable", + DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a state variable", id->Name(), name.c_str()); state_vars.push_back(info); } @@ -275,11 +275,11 @@ string ScriptInfo::DoReStructuredText(bool roles_only) const string rval; rval += ":tocdepth: 3\n\n"; - rval += broxygen::make_heading(name, '='); + rval += zeexygen::make_heading(name, '='); for ( string_set::const_iterator it = module_usages.begin(); it != module_usages.end(); ++it ) - rval += ".. bro:namespace:: " + *it + "\n"; + rval += ".. zeek:namespace:: " + *it + "\n"; rval += "\n"; @@ -329,7 +329,7 @@ string ScriptInfo::DoReStructuredText(bool roles_only) const //rval += fmt(":Source File: :download:`/scripts/%s`\n", name.c_str()); rval += "\n"; - rval += broxygen::make_heading("Summary", '~'); + rval += zeexygen::make_heading("Summary", '~'); rval += make_summary("Runtime Options", '#', '=', options); rval += make_summary("Redefinable Options", '#', '=', redef_options); rval += make_summary("Constants", '#', '=', constants); @@ -340,7 +340,7 @@ string ScriptInfo::DoReStructuredText(bool roles_only) const rval += make_summary("Hooks", '#', '=', hooks); rval += make_summary("Functions", '#', '=', functions); rval += "\n"; - rval += broxygen::make_heading("Detailed Interface", '~'); + rval += zeexygen::make_heading("Detailed Interface", '~'); rval += make_details("Runtime Options", '#', options); rval += make_details("Redefinable Options", '#', redef_options); rval += make_details("Constants", '#', constants); @@ -356,25 +356,25 @@ string ScriptInfo::DoReStructuredText(bool roles_only) const time_t ScriptInfo::DoGetModificationTime() const { - time_t most_recent = broxygen::get_mtime(path); + time_t most_recent = zeexygen::get_mtime(path); for ( string_set::const_iterator it = dependencies.begin(); it != dependencies.end(); ++it ) { - Info* info = broxygen_mgr->GetScriptInfo(*it); + Info* info = zeexygen_mgr->GetScriptInfo(*it); if ( ! info ) { for (const string& ext : script_extensions) { string pkg_name = *it + "/__load__" + ext; - info = broxygen_mgr->GetScriptInfo(pkg_name); + info = zeexygen_mgr->GetScriptInfo(pkg_name); if ( info ) break; } if ( ! info ) - reporter->InternalWarning("Broxygen failed to get mtime of %s", + reporter->InternalWarning("Zeexygen failed to get mtime of %s", it->c_str()); continue; } diff --git a/src/broxygen/ScriptInfo.h b/src/zeexygen/ScriptInfo.h similarity index 92% rename from src/broxygen/ScriptInfo.h rename to src/zeexygen/ScriptInfo.h index dd43e15a4e..fb0f0c15ae 100644 --- a/src/broxygen/ScriptInfo.h +++ b/src/zeexygen/ScriptInfo.h @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef BROXYGEN_SCRIPTINFO_H -#define BROXYGEN_SCRIPTINFO_H +#ifndef ZEEXYGEN_SCRIPTINFO_H +#define ZEEXYGEN_SCRIPTINFO_H #include "Info.h" #include "IdentifierInfo.h" @@ -12,7 +12,7 @@ #include #include -namespace broxygen { +namespace zeexygen { class IdentifierInfo; @@ -39,7 +39,7 @@ public: ScriptInfo(const std::string& name, const std::string& path); /** - * Associate a Broxygen summary comment ("##!") with the script. + * Associate a Zeexygen summary comment ("##!") with the script. * @param comment String extracted from the comment. */ void AddComment(const std::string& comment) @@ -83,7 +83,7 @@ public: { return is_pkg_loader; } /** - * @return All the scripts Broxygen summary comments. + * @return All the scripts Zeexygen summary comments. */ std::vector GetComments() const; @@ -119,6 +119,6 @@ private: id_info_set redefs; }; -} // namespace broxygen +} // namespace zeexygen #endif diff --git a/src/broxygen/Target.cc b/src/zeexygen/Target.cc similarity index 89% rename from src/broxygen/Target.cc rename to src/zeexygen/Target.cc index 98b74ff8db..406f6ffe4d 100644 --- a/src/broxygen/Target.cc +++ b/src/zeexygen/Target.cc @@ -16,7 +16,7 @@ #include using namespace std; -using namespace broxygen; +using namespace zeexygen; static void write_plugin_section_heading(FILE* f, const plugin::Plugin* p) { @@ -38,7 +38,7 @@ static void write_analyzer_component(FILE* f, const analyzer::Component* c) if ( atag->Lookup("Analyzer", tag.c_str()) < 0 ) reporter->InternalError("missing analyzer tag for %s", tag.c_str()); - fprintf(f, ":bro:enum:`Analyzer::%s`\n\n", tag.c_str()); + fprintf(f, ":zeek:enum:`Analyzer::%s`\n\n", tag.c_str()); } static void write_analyzer_component(FILE* f, const file_analysis::Component* c) @@ -49,7 +49,7 @@ static void write_analyzer_component(FILE* f, const file_analysis::Component* c) if ( atag->Lookup("Files", tag.c_str()) < 0 ) reporter->InternalError("missing analyzer tag for %s", tag.c_str()); - fprintf(f, ":bro:enum:`Files::%s`\n\n", tag.c_str()); + fprintf(f, ":zeek:enum:`Files::%s`\n\n", tag.c_str()); } static void write_plugin_components(FILE* f, const plugin::Plugin* p) @@ -123,13 +123,13 @@ static void write_plugin_bif_items(FILE* f, const plugin::Plugin* p, for ( it = bifitems.begin(); it != bifitems.end(); ++it ) { - broxygen::IdentifierInfo* doc = broxygen_mgr->GetIdentifierInfo( + zeexygen::IdentifierInfo* doc = zeexygen_mgr->GetIdentifierInfo( it->GetID()); if ( doc ) fprintf(f, "%s\n\n", doc->ReStructuredText().c_str()); else - reporter->InternalWarning("Broxygen ID lookup failed: %s\n", + reporter->InternalWarning("Zeexygen ID lookup failed: %s\n", it->GetID().c_str()); } } @@ -138,10 +138,10 @@ static void WriteAnalyzerTagDefn(FILE* f, const string& module) { string tag_id = module + "::Tag"; - broxygen::IdentifierInfo* doc = broxygen_mgr->GetIdentifierInfo(tag_id); + zeexygen::IdentifierInfo* doc = zeexygen_mgr->GetIdentifierInfo(tag_id); if ( ! doc ) - reporter->InternalError("Broxygen failed analyzer tag lookup: %s", + reporter->InternalError("Zeexygen failed analyzer tag lookup: %s", tag_id.c_str()); fprintf(f, "%s\n", doc->ReStructuredText().c_str()); @@ -177,7 +177,7 @@ static vector filter_matches(const vector& from, Target* t) if ( t->MatchesPattern(d) ) { - DBG_LOG(DBG_BROXYGEN, "'%s' matched pattern for target '%s'", + DBG_LOG(DBG_ZEEXYGEN, "'%s' matched pattern for target '%s'", d->Name().c_str(), t->Name().c_str()); rval.push_back(d); } @@ -194,14 +194,14 @@ TargetFile::TargetFile(const string& arg_name) string dir = SafeDirname(name).result; if ( ! ensure_intermediate_dirs(dir.c_str()) ) - reporter->FatalError("Broxygen failed to make dir %s", + reporter->FatalError("Zeexygen failed to make dir %s", dir.c_str()); } f = fopen(name.c_str(), "w"); if ( ! f ) - reporter->FatalError("Broxygen failed to open '%s' for writing: %s", + reporter->FatalError("Zeexygen failed to open '%s' for writing: %s", name.c_str(), strerror(errno)); } @@ -210,7 +210,7 @@ TargetFile::~TargetFile() if ( f ) fclose(f); - DBG_LOG(DBG_BROXYGEN, "Wrote out-of-date target '%s'", name.c_str()); + DBG_LOG(DBG_ZEEXYGEN, "Wrote out-of-date target '%s'", name.c_str()); } @@ -245,11 +245,11 @@ void AnalyzerTarget::DoFindDependencies(const std::vector& infos) void AnalyzerTarget::DoGenerate() const { - if ( broxygen_mgr->IsUpToDate(Name(), vector()) ) + if ( zeexygen_mgr->IsUpToDate(Name(), vector()) ) return; if ( Pattern() != "*" ) - reporter->InternalWarning("Broxygen only implements analyzer target" + reporter->InternalWarning("Zeexygen only implements analyzer target" " pattern '*'"); TargetFile file(Name()); @@ -313,7 +313,7 @@ void PackageTarget::DoFindDependencies(const vector& infos) pkg_deps = filter_matches(infos, this); if ( pkg_deps.empty() ) - reporter->FatalError("No match for Broxygen target '%s' pattern '%s'", + reporter->FatalError("No match for Zeexygen target '%s' pattern '%s'", Name().c_str(), Pattern().c_str()); for ( size_t i = 0; i < infos.size(); ++i ) @@ -329,7 +329,7 @@ void PackageTarget::DoFindDependencies(const vector& infos) pkg_deps[j]->Name().size())) continue; - DBG_LOG(DBG_BROXYGEN, "Script %s associated with package %s", + DBG_LOG(DBG_ZEEXYGEN, "Script %s associated with package %s", script->Name().c_str(), pkg_deps[j]->Name().c_str()); pkg_manifest[pkg_deps[j]].push_back(script); script_deps.push_back(script); @@ -339,8 +339,8 @@ void PackageTarget::DoFindDependencies(const vector& infos) void PackageTarget::DoGenerate() const { - if ( broxygen_mgr->IsUpToDate(Name(), script_deps) && - broxygen_mgr->IsUpToDate(Name(), pkg_deps) ) + if ( zeexygen_mgr->IsUpToDate(Name(), script_deps) && + zeexygen_mgr->IsUpToDate(Name(), pkg_deps) ) return; TargetFile file(Name()); @@ -382,13 +382,13 @@ void PackageIndexTarget::DoFindDependencies(const vector& infos) pkg_deps = filter_matches(infos, this); if ( pkg_deps.empty() ) - reporter->FatalError("No match for Broxygen target '%s' pattern '%s'", + reporter->FatalError("No match for Zeexygen target '%s' pattern '%s'", Name().c_str(), Pattern().c_str()); } void PackageIndexTarget::DoGenerate() const { - if ( broxygen_mgr->IsUpToDate(Name(), pkg_deps) ) + if ( zeexygen_mgr->IsUpToDate(Name(), pkg_deps) ) return; TargetFile file(Name()); @@ -402,7 +402,7 @@ void ScriptTarget::DoFindDependencies(const vector& infos) script_deps = filter_matches(infos, this); if ( script_deps.empty() ) - reporter->FatalError("No match for Broxygen target '%s' pattern '%s'", + reporter->FatalError("No match for Zeexygen target '%s' pattern '%s'", Name().c_str(), Pattern().c_str()); if ( ! IsDir() ) @@ -483,7 +483,7 @@ void ScriptTarget::DoGenerate() const vector dep; dep.push_back(script_deps[i]); - if ( broxygen_mgr->IsUpToDate(target_filename, dep) ) + if ( zeexygen_mgr->IsUpToDate(target_filename, dep) ) continue; TargetFile file(target_filename); @@ -508,7 +508,7 @@ void ScriptTarget::DoGenerate() const reporter->Warning("Failed to unlink %s: %s", f.c_str(), strerror(errno)); - DBG_LOG(DBG_BROXYGEN, "Delete stale script file %s", f.c_str()); + DBG_LOG(DBG_ZEEXYGEN, "Delete stale script file %s", f.c_str()); } return; @@ -516,7 +516,7 @@ void ScriptTarget::DoGenerate() const // Target is a single file, all matching scripts get written there. - if ( broxygen_mgr->IsUpToDate(Name(), script_deps) ) + if ( zeexygen_mgr->IsUpToDate(Name(), script_deps) ) return; TargetFile file(Name()); @@ -527,7 +527,7 @@ void ScriptTarget::DoGenerate() const void ScriptSummaryTarget::DoGenerate() const { - if ( broxygen_mgr->IsUpToDate(Name(), script_deps) ) + if ( zeexygen_mgr->IsUpToDate(Name(), script_deps) ) return; TargetFile file(Name()); @@ -552,7 +552,7 @@ void ScriptSummaryTarget::DoGenerate() const void ScriptIndexTarget::DoGenerate() const { - if ( broxygen_mgr->IsUpToDate(Name(), script_deps) ) + if ( zeexygen_mgr->IsUpToDate(Name(), script_deps) ) return; TargetFile file(Name()); @@ -577,13 +577,13 @@ void IdentifierTarget::DoFindDependencies(const vector& infos) id_deps = filter_matches(infos, this); if ( id_deps.empty() ) - reporter->FatalError("No match for Broxygen target '%s' pattern '%s'", + reporter->FatalError("No match for Zeexygen target '%s' pattern '%s'", Name().c_str(), Pattern().c_str()); } void IdentifierTarget::DoGenerate() const { - if ( broxygen_mgr->IsUpToDate(Name(), id_deps) ) + if ( zeexygen_mgr->IsUpToDate(Name(), id_deps) ) return; TargetFile file(Name()); diff --git a/src/broxygen/Target.h b/src/zeexygen/Target.h similarity index 96% rename from src/broxygen/Target.h rename to src/zeexygen/Target.h index 7f18697eaf..ef3c8b2e00 100644 --- a/src/broxygen/Target.h +++ b/src/zeexygen/Target.h @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef BROXYGEN_TARGET_H -#define BROXYGEN_TARGET_H +#ifndef ZEEXYGEN_TARGET_H +#define ZEEXYGEN_TARGET_H #include "Info.h" #include "PackageInfo.h" @@ -13,7 +13,7 @@ #include #include -namespace broxygen { +namespace zeexygen { /** * Helper class to create files in arbitrary file paths and automatically @@ -39,7 +39,7 @@ struct TargetFile { }; /** - * A Broxygen target abstract base class. A target is generally any portion of + * A Zeexygen target abstract base class. A target is generally any portion of * documentation that Bro can build. It's identified by a type (e.g. script, * identifier, package), a pattern (e.g. "example.zeek", "HTTP::Info"), and * a path to an output file. @@ -125,7 +125,7 @@ public: /** * Register a new target type. - * @param type_name The target type name as it will appear in Broxygen + * @param type_name The target type name as it will appear in Zeexygen * config files. */ template @@ -136,7 +136,7 @@ public: /** * Instantiate a target. - * @param type_name The target type name as it appears in Broxygen config + * @param type_name The target type name as it appears in Zeexygen config * files. * @param name The output file name of the target. * @param pattern The dependency pattern of the target. @@ -384,6 +384,6 @@ private: std::vector id_deps; }; -} // namespace broxygen +} // namespace zeexygen #endif diff --git a/src/broxygen/utils.cc b/src/zeexygen/utils.cc similarity index 83% rename from src/broxygen/utils.cc rename to src/zeexygen/utils.cc index 93f822b846..5cf76c1af6 100644 --- a/src/broxygen/utils.cc +++ b/src/zeexygen/utils.cc @@ -7,10 +7,10 @@ #include #include -using namespace broxygen; +using namespace zeexygen; using namespace std; -bool broxygen::prettify_params(string& s) +bool zeexygen::prettify_params(string& s) { size_t identifier_start_pos = 0; bool in_identifier = false; @@ -76,29 +76,29 @@ bool broxygen::prettify_params(string& s) return false; } -bool broxygen::is_public_api(const ID* id) +bool zeexygen::is_public_api(const ID* id) { return (id->Scope() == SCOPE_GLOBAL) || (id->Scope() == SCOPE_MODULE && id->IsExport()); } -time_t broxygen::get_mtime(const string& filename) +time_t zeexygen::get_mtime(const string& filename) { struct stat s; if ( stat(filename.c_str(), &s) < 0 ) - reporter->InternalError("Broxygen failed to stat file '%s': %s", + reporter->InternalError("Zeexygen failed to stat file '%s': %s", filename.c_str(), strerror(errno)); return s.st_mtime; } -string broxygen::make_heading(const string& heading, char underline) +string zeexygen::make_heading(const string& heading, char underline) { return heading + "\n" + string(heading.size(), underline) + "\n"; } -size_t broxygen::end_of_first_sentence(const string& s) +size_t zeexygen::end_of_first_sentence(const string& s) { size_t rval = 0; @@ -119,7 +119,7 @@ size_t broxygen::end_of_first_sentence(const string& s) return rval; } -bool broxygen::is_all_whitespace(const string& s) +bool zeexygen::is_all_whitespace(const string& s) { for ( size_t i = 0; i < s.size(); ++i ) if ( ! isspace(s[i]) ) @@ -128,7 +128,7 @@ bool broxygen::is_all_whitespace(const string& s) return true; } -string broxygen::redef_indication(const string& from_script) +string zeexygen::redef_indication(const string& from_script) { return fmt("(present if :doc:`/scripts/%s` is loaded)", from_script.c_str()); diff --git a/src/broxygen/utils.h b/src/zeexygen/utils.h similarity index 88% rename from src/broxygen/utils.h rename to src/zeexygen/utils.h index 7e11019a3d..b9a99a71f7 100644 --- a/src/broxygen/utils.h +++ b/src/zeexygen/utils.h @@ -1,18 +1,18 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef BROXYGEN_UTILS_H -#define BROXYGEN_UTILS_H +#ifndef ZEEXYGEN_UTILS_H +#define ZEEXYGEN_UTILS_H #include "ID.h" #include -namespace broxygen { +namespace zeexygen { /** - * Transform content of a Broxygen comment which may contain function + * Transform content of a Zeexygen comment which may contain function * parameter or return value documentation to a prettier reST format. - * @param s Content from a Broxygen comment to transform. "id: ..." and + * @param s Content from a Zeexygen comment to transform. "id: ..." and * "Returns: ..." change to ":id: ..." and ":returns: ...". * @return Whether any content in \a s was transformed. */ @@ -62,6 +62,6 @@ bool is_all_whitespace(const std::string& s); */ std::string redef_indication(const std::string& from_script); -} // namespace broxygen +} // namespace zeexygen #endif diff --git a/src/broxygen/broxygen.bif b/src/zeexygen/zeexygen.bif similarity index 81% rename from src/broxygen/broxygen.bif rename to src/zeexygen/zeexygen.bif index 4b2f5653b2..f7ce04d292 100644 --- a/src/broxygen/broxygen.bif +++ b/src/zeexygen/zeexygen.bif @@ -3,7 +3,7 @@ ##! Functions for querying script, package, or variable documentation. %%{ -#include "broxygen/Manager.h" +#include "zeexygen/Manager.h" #include "util.h" static StringVal* comments_to_val(const vector& comments) @@ -12,7 +12,7 @@ static StringVal* comments_to_val(const vector& comments) } %%} -## Retrieve the Broxygen-style comments (``##``) associated with an identifier +## Retrieve the Zeexygen-style comments (``##``) associated with an identifier ## (e.g. a variable or type). ## ## name: a script-level identifier for which to retrieve comments. @@ -21,8 +21,8 @@ static StringVal* comments_to_val(const vector& comments) ## identifier, an empty string is returned. function get_identifier_comments%(name: string%): string %{ - using namespace broxygen; - IdentifierInfo* d = broxygen_mgr->GetIdentifierInfo(name->CheckString()); + using namespace zeexygen; + IdentifierInfo* d = zeexygen_mgr->GetIdentifierInfo(name->CheckString()); if ( ! d ) return val_mgr->GetEmptyString(); @@ -30,7 +30,7 @@ function get_identifier_comments%(name: string%): string return comments_to_val(d->GetComments()); %} -## Retrieve the Broxygen-style summary comments (``##!``) associated with +## Retrieve the Zeexygen-style summary comments (``##!``) associated with ## a Bro script. ## ## name: the name of a Bro script. It must be a relative path to where @@ -41,8 +41,8 @@ function get_identifier_comments%(name: string%): string ## *name* is not a known script, an empty string is returned. function get_script_comments%(name: string%): string %{ - using namespace broxygen; - ScriptInfo* d = broxygen_mgr->GetScriptInfo(name->CheckString()); + using namespace zeexygen; + ScriptInfo* d = zeexygen_mgr->GetScriptInfo(name->CheckString()); if ( ! d ) return val_mgr->GetEmptyString(); @@ -59,8 +59,8 @@ function get_script_comments%(name: string%): string ## package, an empty string is returned. function get_package_readme%(name: string%): string %{ - using namespace broxygen; - PackageInfo* d = broxygen_mgr->GetPackageInfo(name->CheckString()); + using namespace zeexygen; + PackageInfo* d = zeexygen_mgr->GetPackageInfo(name->CheckString()); if ( ! d ) return val_mgr->GetEmptyString(); @@ -68,7 +68,7 @@ function get_package_readme%(name: string%): string return comments_to_val(d->GetReadme()); %} -## Retrieve the Broxygen-style comments (``##``) associated with a record field. +## Retrieve the Zeexygen-style comments (``##``) associated with a record field. ## ## name: the name of a record type and a field within it formatted like ## a typical record field access: "$". @@ -78,7 +78,7 @@ function get_package_readme%(name: string%): string ## type, an empty string is returned. function get_record_field_comments%(name: string%): string %{ - using namespace broxygen; + using namespace zeexygen; string accessor = name->CheckString(); size_t i = accessor.find('$'); @@ -87,7 +87,7 @@ function get_record_field_comments%(name: string%): string string id = accessor.substr(0, i); - IdentifierInfo* d = broxygen_mgr->GetIdentifierInfo(id); + IdentifierInfo* d = zeexygen_mgr->GetIdentifierInfo(id); if ( ! d ) return val_mgr->GetEmptyString(); diff --git a/testing/btest/Baseline/core.plugins.hooks/output b/testing/btest/Baseline/core.plugins.hooks/output index f030cb0af2..2725e48507 100644 --- a/testing/btest/Baseline/core.plugins.hooks/output +++ b/testing/btest/Baseline/core.plugins.hooks/output @@ -275,7 +275,7 @@ 0.000000 MetaHookPost LoadFile(./average) -> -1 0.000000 MetaHookPost LoadFile(./bloom-filter.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(./bro.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(./broxygen.bif.bro) -> -1 +0.000000 MetaHookPost LoadFile(./zeexygen.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(./cardinality-counter.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(./const.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(./consts) -> -1 @@ -855,7 +855,7 @@ 0.000000 MetaHookPre LoadFile(./average) 0.000000 MetaHookPre LoadFile(./bloom-filter.bif.bro) 0.000000 MetaHookPre LoadFile(./bro.bif.bro) -0.000000 MetaHookPre LoadFile(./broxygen.bif.bro) +0.000000 MetaHookPre LoadFile(./zeexygen.bif.bro) 0.000000 MetaHookPre LoadFile(./cardinality-counter.bif.bro) 0.000000 MetaHookPre LoadFile(./const.bif.bro) 0.000000 MetaHookPre LoadFile(./consts) @@ -1435,7 +1435,7 @@ 0.000000 | HookLoadFile ./average.bro/bro 0.000000 | HookLoadFile ./bloom-filter.bif.bro/bro 0.000000 | HookLoadFile ./bro.bif.bro/bro -0.000000 | HookLoadFile ./broxygen.bif.bro/bro +0.000000 | HookLoadFile ./zeexygen.bif.bro/bro 0.000000 | HookLoadFile ./cardinality-counter.bif.bro/bro 0.000000 | HookLoadFile ./const.bif.bro/bro 0.000000 | HookLoadFile ./consts.bif.bro/bro diff --git a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log index 55c2c7c9f3..1976784e41 100644 --- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log @@ -55,7 +55,7 @@ scripts/base/init-frameworks-and-bifs.zeek scripts/base/utils/patterns.zeek scripts/base/frameworks/files/magic/__load__.zeek build/scripts/base/bif/__load__.zeek - build/scripts/base/bif/broxygen.bif.zeek + build/scripts/base/bif/zeexygen.bif.zeek build/scripts/base/bif/pcap.bif.zeek build/scripts/base/bif/bloom-filter.bif.zeek build/scripts/base/bif/cardinality-counter.bif.zeek diff --git a/testing/btest/Baseline/coverage.bare-mode-errors/errors b/testing/btest/Baseline/coverage.bare-mode-errors/errors index 68129bbab6..6595a63eb3 100644 --- a/testing/btest/Baseline/coverage.bare-mode-errors/errors +++ b/testing/btest/Baseline/coverage.bare-mode-errors/errors @@ -6,7 +6,7 @@ warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_ warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 260: deprecated (dhcp_nak) warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 263: deprecated (dhcp_release) warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 266: deprecated (dhcp_inform) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from /Users/jon/projects/bro/bro/testing/btest/../../scripts//broxygen/__load__.zeek:10 "Use '@load base/protocols/smb' instead" +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from /Users/jon/projects/bro/bro/testing/btest/../../scripts//zeexygen/__load__.zeek:10 "Use '@load base/protocols/smb' instead" warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 245: deprecated (dhcp_discover) warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 248: deprecated (dhcp_offer) warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 251: deprecated (dhcp_request) diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log index 6c7f592b5f..7951d68e2b 100644 --- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log @@ -55,7 +55,7 @@ scripts/base/init-frameworks-and-bifs.zeek scripts/base/utils/patterns.zeek scripts/base/frameworks/files/magic/__load__.zeek build/scripts/base/bif/__load__.zeek - build/scripts/base/bif/broxygen.bif.zeek + build/scripts/base/bif/zeexygen.bif.zeek build/scripts/base/bif/pcap.bif.zeek build/scripts/base/bif/bloom-filter.bif.zeek build/scripts/base/bif/cardinality-counter.bif.zeek diff --git a/testing/btest/Baseline/doc.broxygen.example/example.rst b/testing/btest/Baseline/doc.broxygen.example/example.rst deleted file mode 100644 index e012c20051..0000000000 --- a/testing/btest/Baseline/doc.broxygen.example/example.rst +++ /dev/null @@ -1,248 +0,0 @@ -:tocdepth: 3 - -broxygen/example.zeek -===================== -.. bro:namespace:: BroxygenExample - -This is an example script that demonstrates Broxygen-style -documentation. It generally will make most sense when viewing -the script's raw source code and comparing to the HTML-rendered -version. - -Comments in the from ``##!`` are meant to summarize the script's -purpose. They are transferred directly in to the generated -`reStructuredText `_ -(reST) document associated with the script. - -.. tip:: You can embed directives and roles within ``##``-stylized comments. - -There's also a custom role to reference any identifier node in -the Bro Sphinx domain that's good for "see alsos", e.g. - -See also: :bro:see:`BroxygenExample::a_var`, -:bro:see:`BroxygenExample::ONE`, :bro:see:`SSH::Info` - -And a custom directive does the equivalent references: - -.. bro:see:: BroxygenExample::a_var BroxygenExample::ONE SSH::Info - -:Namespace: BroxygenExample -:Imports: :doc:`base/frameworks/notice `, :doc:`base/protocols/http `, :doc:`policy/frameworks/software/vulnerable.zeek ` - -Summary -~~~~~~~ -Redefinable Options -################### -==================================================================================== ======================================================= -:bro:id:`BroxygenExample::an_option`: :bro:type:`set` :bro:attr:`&redef` Add documentation for "an_option" here. -:bro:id:`BroxygenExample::option_with_init`: :bro:type:`interval` :bro:attr:`&redef` Default initialization will be generated automatically. -==================================================================================== ======================================================= - -State Variables -############### -======================================================================== ======================================================================== -:bro:id:`BroxygenExample::a_var`: :bro:type:`bool` Put some documentation for "a_var" here. -:bro:id:`BroxygenExample::summary_test`: :bro:type:`string` The first sentence for a particular identifier's summary text ends here. -:bro:id:`BroxygenExample::var_without_explicit_type`: :bro:type:`string` Types are inferred, that information is self-documenting. -======================================================================== ======================================================================== - -Types -##### -================================================================================= =========================================================== -:bro:type:`BroxygenExample::ComplexRecord`: :bro:type:`record` :bro:attr:`&redef` General documentation for a type "ComplexRecord" goes here. -:bro:type:`BroxygenExample::Info`: :bro:type:`record` An example record to be used with a logging stream. -:bro:type:`BroxygenExample::SimpleEnum`: :bro:type:`enum` Documentation for the "SimpleEnum" type goes here. -:bro:type:`BroxygenExample::SimpleRecord`: :bro:type:`record` General documentation for a type "SimpleRecord" goes here. -================================================================================= =========================================================== - -Redefinitions -############# -============================================================= ==================================================================== -:bro:type:`BroxygenExample::SimpleEnum`: :bro:type:`enum` Document the "SimpleEnum" redef here with any special info regarding - the *redef* itself. -:bro:type:`BroxygenExample::SimpleRecord`: :bro:type:`record` Document the record extension *redef* itself here. -:bro:type:`Log::ID`: :bro:type:`enum` -:bro:type:`Notice::Type`: :bro:type:`enum` -============================================================= ==================================================================== - -Events -###### -====================================================== ========================== -:bro:id:`BroxygenExample::an_event`: :bro:type:`event` Summarize "an_event" here. -====================================================== ========================== - -Functions -######### -=========================================================== ======================================= -:bro:id:`BroxygenExample::a_function`: :bro:type:`function` Summarize purpose of "a_function" here. -=========================================================== ======================================= - - -Detailed Interface -~~~~~~~~~~~~~~~~~~ -Redefinable Options -################### -.. bro:id:: BroxygenExample::an_option - - :Type: :bro:type:`set` [:bro:type:`addr`, :bro:type:`addr`, :bro:type:`string`] - :Attributes: :bro:attr:`&redef` - :Default: ``{}`` - - Add documentation for "an_option" here. - The type/attribute information is all generated automatically. - -.. bro:id:: BroxygenExample::option_with_init - - :Type: :bro:type:`interval` - :Attributes: :bro:attr:`&redef` - :Default: ``10.0 msecs`` - - Default initialization will be generated automatically. - More docs can be added here. - -State Variables -############### -.. bro:id:: BroxygenExample::a_var - - :Type: :bro:type:`bool` - - Put some documentation for "a_var" here. Any global/non-const that - isn't a function/event/hook is classified as a "state variable" - in the generated docs. - -.. bro:id:: BroxygenExample::summary_test - - :Type: :bro:type:`string` - - The first sentence for a particular identifier's summary text ends here. - And this second sentence doesn't show in the short description provided - by the table of all identifiers declared by this script. - -.. bro:id:: BroxygenExample::var_without_explicit_type - - :Type: :bro:type:`string` - :Default: ``"this works"`` - - Types are inferred, that information is self-documenting. - -Types -##### -.. bro:type:: BroxygenExample::ComplexRecord - - :Type: :bro:type:`record` - - field1: :bro:type:`count` - Counts something. - - field2: :bro:type:`bool` - Toggles something. - - field3: :bro:type:`BroxygenExample::SimpleRecord` - Broxygen automatically tracks types - and cross-references are automatically - inserted in to generated docs. - - msg: :bro:type:`string` :bro:attr:`&default` = ``"blah"`` :bro:attr:`&optional` - Attributes are self-documenting. - :Attributes: :bro:attr:`&redef` - - General documentation for a type "ComplexRecord" goes here. - -.. bro:type:: BroxygenExample::Info - - :Type: :bro:type:`record` - - ts: :bro:type:`time` :bro:attr:`&log` - - uid: :bro:type:`string` :bro:attr:`&log` - - status: :bro:type:`count` :bro:attr:`&log` :bro:attr:`&optional` - - An example record to be used with a logging stream. - Nothing special about it. If another script redefs this type - to add fields, the generated documentation will show all original - fields plus the extensions and the scripts which contributed to it - (provided they are also @load'ed). - -.. bro:type:: BroxygenExample::SimpleEnum - - :Type: :bro:type:`enum` - - .. bro:enum:: BroxygenExample::ONE BroxygenExample::SimpleEnum - - Documentation for particular enum values is added like this. - And can also span multiple lines. - - .. bro:enum:: BroxygenExample::TWO BroxygenExample::SimpleEnum - - Or this style is valid to document the preceding enum value. - - .. bro:enum:: BroxygenExample::THREE BroxygenExample::SimpleEnum - - .. bro:enum:: BroxygenExample::FOUR BroxygenExample::SimpleEnum - - And some documentation for "FOUR". - - .. bro:enum:: BroxygenExample::FIVE BroxygenExample::SimpleEnum - - Also "FIVE". - - Documentation for the "SimpleEnum" type goes here. - It can span multiple lines. - -.. bro:type:: BroxygenExample::SimpleRecord - - :Type: :bro:type:`record` - - field1: :bro:type:`count` - Counts something. - - field2: :bro:type:`bool` - Toggles something. - - field_ext: :bro:type:`string` :bro:attr:`&optional` - Document the extending field like this. - Or here, like this. - - General documentation for a type "SimpleRecord" goes here. - The way fields can be documented is similar to what's already seen - for enums. - -Events -###### -.. bro:id:: BroxygenExample::an_event - - :Type: :bro:type:`event` (name: :bro:type:`string`) - - Summarize "an_event" here. - Give more details about "an_event" here. - - BroxygenExample::a_function should not be confused as a parameter - in the generated docs, but it also doesn't generate a cross-reference - link. Use the see role instead: :bro:see:`BroxygenExample::a_function`. - - - :name: Describe the argument here. - -Functions -######### -.. bro:id:: BroxygenExample::a_function - - :Type: :bro:type:`function` (tag: :bro:type:`string`, msg: :bro:type:`string`) : :bro:type:`string` - - Summarize purpose of "a_function" here. - Give more details about "a_function" here. - Separating the documentation of the params/return values with - empty comments is optional, but improves readability of script. - - - :tag: Function arguments can be described - like this. - - - :msg: Another param. - - - :returns: Describe the return type here. - - diff --git a/testing/btest/Baseline/doc.broxygen.func-params/autogen-reST-func-params.rst b/testing/btest/Baseline/doc.broxygen.func-params/autogen-reST-func-params.rst deleted file mode 100644 index 06f196b73c..0000000000 --- a/testing/btest/Baseline/doc.broxygen.func-params/autogen-reST-func-params.rst +++ /dev/null @@ -1,30 +0,0 @@ -.. bro:id:: test_func_params_func - - :Type: :bro:type:`function` (i: :bro:type:`int`, j: :bro:type:`int`) : :bro:type:`string` - - This is a global function declaration. - - - :i: First param. - - :j: Second param. - - - :returns: A string. - -.. bro:type:: test_func_params_rec - - :Type: :bro:type:`record` - - field_func: :bro:type:`function` (i: :bro:type:`int`, j: :bro:type:`int`) : :bro:type:`string` - This is a record field function. - - - :i: First param. - - :j: Second param. - - - :returns: A string. - - diff --git a/testing/btest/Baseline/doc.broxygen.identifier/test.rst b/testing/btest/Baseline/doc.broxygen.identifier/test.rst deleted file mode 100644 index 0c7c44581d..0000000000 --- a/testing/btest/Baseline/doc.broxygen.identifier/test.rst +++ /dev/null @@ -1,230 +0,0 @@ -.. bro:id:: BroxygenExample::Broxygen_One - - :Type: :bro:type:`Notice::Type` - - Any number of this type of comment - will document "Broxygen_One". - -.. bro:id:: BroxygenExample::Broxygen_Two - - :Type: :bro:type:`Notice::Type` - - Any number of this type of comment - will document "BROXYGEN_TWO". - -.. bro:id:: BroxygenExample::Broxygen_Three - - :Type: :bro:type:`Notice::Type` - - -.. bro:id:: BroxygenExample::Broxygen_Four - - :Type: :bro:type:`Notice::Type` - - Omitting comments is fine, and so is mixing ``##`` and ``##<``, but - it's probably best to use only one style consistently. - -.. bro:id:: BroxygenExample::LOG - - :Type: :bro:type:`Log::ID` - - -.. bro:type:: BroxygenExample::SimpleEnum - - :Type: :bro:type:`enum` - - .. bro:enum:: BroxygenExample::ONE BroxygenExample::SimpleEnum - - Documentation for particular enum values is added like this. - And can also span multiple lines. - - .. bro:enum:: BroxygenExample::TWO BroxygenExample::SimpleEnum - - Or this style is valid to document the preceding enum value. - - .. bro:enum:: BroxygenExample::THREE BroxygenExample::SimpleEnum - - .. bro:enum:: BroxygenExample::FOUR BroxygenExample::SimpleEnum - - And some documentation for "FOUR". - - .. bro:enum:: BroxygenExample::FIVE BroxygenExample::SimpleEnum - - Also "FIVE". - - Documentation for the "SimpleEnum" type goes here. - It can span multiple lines. - -.. bro:id:: BroxygenExample::ONE - - :Type: :bro:type:`BroxygenExample::SimpleEnum` - - Documentation for particular enum values is added like this. - And can also span multiple lines. - -.. bro:id:: BroxygenExample::TWO - - :Type: :bro:type:`BroxygenExample::SimpleEnum` - - Or this style is valid to document the preceding enum value. - -.. bro:id:: BroxygenExample::THREE - - :Type: :bro:type:`BroxygenExample::SimpleEnum` - - -.. bro:id:: BroxygenExample::FOUR - - :Type: :bro:type:`BroxygenExample::SimpleEnum` - - And some documentation for "FOUR". - -.. bro:id:: BroxygenExample::FIVE - - :Type: :bro:type:`BroxygenExample::SimpleEnum` - - Also "FIVE". - -.. bro:type:: BroxygenExample::SimpleRecord - - :Type: :bro:type:`record` - - field1: :bro:type:`count` - Counts something. - - field2: :bro:type:`bool` - Toggles something. - - field_ext: :bro:type:`string` :bro:attr:`&optional` - Document the extending field like this. - Or here, like this. - - General documentation for a type "SimpleRecord" goes here. - The way fields can be documented is similar to what's already seen - for enums. - -.. bro:type:: BroxygenExample::ComplexRecord - - :Type: :bro:type:`record` - - field1: :bro:type:`count` - Counts something. - - field2: :bro:type:`bool` - Toggles something. - - field3: :bro:type:`BroxygenExample::SimpleRecord` - Broxygen automatically tracks types - and cross-references are automatically - inserted in to generated docs. - - msg: :bro:type:`string` :bro:attr:`&default` = ``"blah"`` :bro:attr:`&optional` - Attributes are self-documenting. - :Attributes: :bro:attr:`&redef` - - General documentation for a type "ComplexRecord" goes here. - -.. bro:type:: BroxygenExample::Info - - :Type: :bro:type:`record` - - ts: :bro:type:`time` :bro:attr:`&log` - - uid: :bro:type:`string` :bro:attr:`&log` - - status: :bro:type:`count` :bro:attr:`&log` :bro:attr:`&optional` - - An example record to be used with a logging stream. - Nothing special about it. If another script redefs this type - to add fields, the generated documentation will show all original - fields plus the extensions and the scripts which contributed to it - (provided they are also @load'ed). - -.. bro:id:: BroxygenExample::an_option - - :Type: :bro:type:`set` [:bro:type:`addr`, :bro:type:`addr`, :bro:type:`string`] - :Attributes: :bro:attr:`&redef` - :Default: ``{}`` - - Add documentation for "an_option" here. - The type/attribute information is all generated automatically. - -.. bro:id:: BroxygenExample::option_with_init - - :Type: :bro:type:`interval` - :Attributes: :bro:attr:`&redef` - :Default: ``10.0 msecs`` - - Default initialization will be generated automatically. - More docs can be added here. - -.. bro:id:: BroxygenExample::a_var - - :Type: :bro:type:`bool` - - Put some documentation for "a_var" here. Any global/non-const that - isn't a function/event/hook is classified as a "state variable" - in the generated docs. - -.. bro:id:: BroxygenExample::var_without_explicit_type - - :Type: :bro:type:`string` - :Default: ``"this works"`` - - Types are inferred, that information is self-documenting. - -.. bro:id:: BroxygenExample::summary_test - - :Type: :bro:type:`string` - - The first sentence for a particular identifier's summary text ends here. - And this second sentence doesn't show in the short description provided - by the table of all identifiers declared by this script. - -.. bro:id:: BroxygenExample::a_function - - :Type: :bro:type:`function` (tag: :bro:type:`string`, msg: :bro:type:`string`) : :bro:type:`string` - - Summarize purpose of "a_function" here. - Give more details about "a_function" here. - Separating the documentation of the params/return values with - empty comments is optional, but improves readability of script. - - - :tag: Function arguments can be described - like this. - - - :msg: Another param. - - - :returns: Describe the return type here. - -.. bro:id:: BroxygenExample::an_event - - :Type: :bro:type:`event` (name: :bro:type:`string`) - - Summarize "an_event" here. - Give more details about "an_event" here. - - BroxygenExample::a_function should not be confused as a parameter - in the generated docs, but it also doesn't generate a cross-reference - link. Use the see role instead: :bro:see:`BroxygenExample::a_function`. - - - :name: Describe the argument here. - -.. bro:id:: BroxygenExample::function_without_proto - - :Type: :bro:type:`function` (tag: :bro:type:`string`) : :bro:type:`string` - - -.. bro:type:: BroxygenExample::PrivateRecord - - :Type: :bro:type:`record` - - field1: :bro:type:`bool` - - field2: :bro:type:`count` - - diff --git a/testing/btest/Baseline/doc.broxygen.package_index/test.rst b/testing/btest/Baseline/doc.broxygen.package_index/test.rst deleted file mode 100644 index f551ab1cd3..0000000000 --- a/testing/btest/Baseline/doc.broxygen.package_index/test.rst +++ /dev/null @@ -1,7 +0,0 @@ -:doc:`broxygen ` - - This package is loaded during the process which automatically generates - reference documentation for all Bro scripts (i.e. "Broxygen"). Its only - purpose is to provide an easy way to load all known Bro scripts plus any - extra scripts needed or used by the documentation process. - diff --git a/testing/btest/Baseline/doc.broxygen.records/autogen-reST-records.rst b/testing/btest/Baseline/doc.broxygen.records/autogen-reST-records.rst deleted file mode 100644 index 60d80f6b07..0000000000 --- a/testing/btest/Baseline/doc.broxygen.records/autogen-reST-records.rst +++ /dev/null @@ -1,28 +0,0 @@ -.. bro:type:: TestRecord1 - - :Type: :bro:type:`record` - - field1: :bro:type:`bool` - - field2: :bro:type:`count` - - -.. bro:type:: TestRecord2 - - :Type: :bro:type:`record` - - A: :bro:type:`count` - document ``A`` - - B: :bro:type:`bool` - document ``B`` - - C: :bro:type:`TestRecord1` - and now ``C`` - is a declared type - - D: :bro:type:`set` [:bro:type:`count`, :bro:type:`bool`] - sets/tables should show the index types - - Here's the ways records and record fields can be documented. - diff --git a/testing/btest/Baseline/doc.broxygen.script_index/test.rst b/testing/btest/Baseline/doc.broxygen.script_index/test.rst deleted file mode 100644 index 30d849c2e0..0000000000 --- a/testing/btest/Baseline/doc.broxygen.script_index/test.rst +++ /dev/null @@ -1,5 +0,0 @@ -.. toctree:: - :maxdepth: 1 - - broxygen/__load__.zeek - broxygen/example.zeek diff --git a/testing/btest/Baseline/doc.broxygen.type-aliases/autogen-reST-type-aliases.rst b/testing/btest/Baseline/doc.broxygen.type-aliases/autogen-reST-type-aliases.rst deleted file mode 100644 index 3a26b8adc6..0000000000 --- a/testing/btest/Baseline/doc.broxygen.type-aliases/autogen-reST-type-aliases.rst +++ /dev/null @@ -1,44 +0,0 @@ -.. bro:type:: BroxygenTest::TypeAlias - - :Type: :bro:type:`bool` - - This is just an alias for a builtin type ``bool``. - -.. bro:type:: BroxygenTest::NotTypeAlias - - :Type: :bro:type:`bool` - - This type should get its own comments, not associated w/ TypeAlias. - -.. bro:type:: BroxygenTest::OtherTypeAlias - - :Type: :bro:type:`bool` - - This cross references ``bool`` in the description of its type - instead of ``TypeAlias`` just because it seems more useful -- - one doesn't have to click through the full type alias chain to - find out what the actual type is... - -.. bro:id:: BroxygenTest::a - - :Type: :bro:type:`BroxygenTest::TypeAlias` - - But this should reference a type of ``TypeAlias``. - -.. bro:id:: BroxygenTest::b - - :Type: :bro:type:`BroxygenTest::OtherTypeAlias` - - And this should reference a type of ``OtherTypeAlias``. - -.. bro:type:: BroxygenTest::MyRecord - - :Type: :bro:type:`record` - - f1: :bro:type:`BroxygenTest::TypeAlias` - - f2: :bro:type:`BroxygenTest::OtherTypeAlias` - - f3: :bro:type:`bool` - - diff --git a/testing/btest/Baseline/doc.broxygen.all_scripts/.stderr b/testing/btest/Baseline/doc.zeexygen.all_scripts/.stderr similarity index 100% rename from testing/btest/Baseline/doc.broxygen.all_scripts/.stderr rename to testing/btest/Baseline/doc.zeexygen.all_scripts/.stderr diff --git a/testing/btest/Baseline/doc.broxygen.all_scripts/.stdout b/testing/btest/Baseline/doc.zeexygen.all_scripts/.stdout similarity index 100% rename from testing/btest/Baseline/doc.broxygen.all_scripts/.stdout rename to testing/btest/Baseline/doc.zeexygen.all_scripts/.stdout diff --git a/testing/btest/Baseline/doc.broxygen.command_line/output b/testing/btest/Baseline/doc.zeexygen.command_line/output similarity index 100% rename from testing/btest/Baseline/doc.broxygen.command_line/output rename to testing/btest/Baseline/doc.zeexygen.command_line/output diff --git a/testing/btest/Baseline/doc.broxygen.comment_retrieval_bifs/out b/testing/btest/Baseline/doc.zeexygen.comment_retrieval_bifs/out similarity index 100% rename from testing/btest/Baseline/doc.broxygen.comment_retrieval_bifs/out rename to testing/btest/Baseline/doc.zeexygen.comment_retrieval_bifs/out diff --git a/testing/btest/Baseline/doc.broxygen.enums/autogen-reST-enums.rst b/testing/btest/Baseline/doc.zeexygen.enums/autogen-reST-enums.rst similarity index 51% rename from testing/btest/Baseline/doc.broxygen.enums/autogen-reST-enums.rst rename to testing/btest/Baseline/doc.zeexygen.enums/autogen-reST-enums.rst index c98d2792df..1cc82fbbe7 100644 --- a/testing/btest/Baseline/doc.broxygen.enums/autogen-reST-enums.rst +++ b/testing/btest/Baseline/doc.zeexygen.enums/autogen-reST-enums.rst @@ -1,47 +1,47 @@ -.. bro:type:: TestEnum1 +.. zeek:type:: TestEnum1 - :Type: :bro:type:`enum` + :Type: :zeek:type:`enum` - .. bro:enum:: ONE TestEnum1 + .. zeek:enum:: ONE TestEnum1 like this - .. bro:enum:: TWO TestEnum1 + .. zeek:enum:: TWO TestEnum1 or like this - .. bro:enum:: THREE TestEnum1 + .. zeek:enum:: THREE TestEnum1 multiple comments and even more comments - .. bro:enum:: FOUR TestEnum1 + .. zeek:enum:: FOUR TestEnum1 adding another value - .. bro:enum:: FIVE TestEnum1 + .. zeek:enum:: FIVE TestEnum1 adding another value There's tons of ways an enum can look... -.. bro:type:: TestEnum2 +.. zeek:type:: TestEnum2 - :Type: :bro:type:`enum` + :Type: :zeek:type:`enum` - .. bro:enum:: A TestEnum2 + .. zeek:enum:: A TestEnum2 like this - .. bro:enum:: B TestEnum2 + .. zeek:enum:: B TestEnum2 or like this - .. bro:enum:: C TestEnum2 + .. zeek:enum:: C TestEnum2 multiple comments @@ -50,10 +50,10 @@ The final comma is optional -.. bro:id:: TestEnumVal +.. zeek:id:: TestEnumVal - :Type: :bro:type:`TestEnum1` - :Attributes: :bro:attr:`&redef` + :Type: :zeek:type:`TestEnum1` + :Attributes: :zeek:attr:`&redef` :Default: ``ONE`` this should reference the TestEnum1 type and not a generic "enum" type diff --git a/testing/btest/Baseline/doc.zeexygen.example/example.rst b/testing/btest/Baseline/doc.zeexygen.example/example.rst new file mode 100644 index 0000000000..4ea8dfe0c3 --- /dev/null +++ b/testing/btest/Baseline/doc.zeexygen.example/example.rst @@ -0,0 +1,248 @@ +:tocdepth: 3 + +zeexygen/example.zeek +===================== +.. zeek:namespace:: ZeexygenExample + +This is an example script that demonstrates Zeexygen-style +documentation. It generally will make most sense when viewing +the script's raw source code and comparing to the HTML-rendered +version. + +Comments in the from ``##!`` are meant to summarize the script's +purpose. They are transferred directly in to the generated +`reStructuredText `_ +(reST) document associated with the script. + +.. tip:: You can embed directives and roles within ``##``-stylized comments. + +There's also a custom role to reference any identifier node in +the Zeek Sphinx domain that's good for "see alsos", e.g. + +See also: :zeek:see:`ZeexygenExample::a_var`, +:zeek:see:`ZeexygenExample::ONE`, :zeek:see:`SSH::Info` + +And a custom directive does the equivalent references: + +.. zeek:see:: ZeexygenExample::a_var ZeexygenExample::ONE SSH::Info + +:Namespace: ZeexygenExample +:Imports: :doc:`base/frameworks/notice `, :doc:`base/protocols/http `, :doc:`policy/frameworks/software/vulnerable.zeek ` + +Summary +~~~~~~~ +Redefinable Options +################### +======================================================================================= ======================================================= +:zeek:id:`ZeexygenExample::an_option`: :zeek:type:`set` :zeek:attr:`&redef` Add documentation for "an_option" here. +:zeek:id:`ZeexygenExample::option_with_init`: :zeek:type:`interval` :zeek:attr:`&redef` Default initialization will be generated automatically. +======================================================================================= ======================================================= + +State Variables +############### +========================================================================== ======================================================================== +:zeek:id:`ZeexygenExample::a_var`: :zeek:type:`bool` Put some documentation for "a_var" here. +:zeek:id:`ZeexygenExample::summary_test`: :zeek:type:`string` The first sentence for a particular identifier's summary text ends here. +:zeek:id:`ZeexygenExample::var_without_explicit_type`: :zeek:type:`string` Types are inferred, that information is self-documenting. +========================================================================== ======================================================================== + +Types +##### +==================================================================================== =========================================================== +:zeek:type:`ZeexygenExample::ComplexRecord`: :zeek:type:`record` :zeek:attr:`&redef` General documentation for a type "ComplexRecord" goes here. +:zeek:type:`ZeexygenExample::Info`: :zeek:type:`record` An example record to be used with a logging stream. +:zeek:type:`ZeexygenExample::SimpleEnum`: :zeek:type:`enum` Documentation for the "SimpleEnum" type goes here. +:zeek:type:`ZeexygenExample::SimpleRecord`: :zeek:type:`record` General documentation for a type "SimpleRecord" goes here. +==================================================================================== =========================================================== + +Redefinitions +############# +=============================================================== ==================================================================== +:zeek:type:`Log::ID`: :zeek:type:`enum` +:zeek:type:`Notice::Type`: :zeek:type:`enum` +:zeek:type:`ZeexygenExample::SimpleEnum`: :zeek:type:`enum` Document the "SimpleEnum" redef here with any special info regarding + the *redef* itself. +:zeek:type:`ZeexygenExample::SimpleRecord`: :zeek:type:`record` Document the record extension *redef* itself here. +=============================================================== ==================================================================== + +Events +###### +======================================================== ========================== +:zeek:id:`ZeexygenExample::an_event`: :zeek:type:`event` Summarize "an_event" here. +======================================================== ========================== + +Functions +######### +============================================================= ======================================= +:zeek:id:`ZeexygenExample::a_function`: :zeek:type:`function` Summarize purpose of "a_function" here. +============================================================= ======================================= + + +Detailed Interface +~~~~~~~~~~~~~~~~~~ +Redefinable Options +################### +.. zeek:id:: ZeexygenExample::an_option + + :Type: :zeek:type:`set` [:zeek:type:`addr`, :zeek:type:`addr`, :zeek:type:`string`] + :Attributes: :zeek:attr:`&redef` + :Default: ``{}`` + + Add documentation for "an_option" here. + The type/attribute information is all generated automatically. + +.. zeek:id:: ZeexygenExample::option_with_init + + :Type: :zeek:type:`interval` + :Attributes: :zeek:attr:`&redef` + :Default: ``10.0 msecs`` + + Default initialization will be generated automatically. + More docs can be added here. + +State Variables +############### +.. zeek:id:: ZeexygenExample::a_var + + :Type: :zeek:type:`bool` + + Put some documentation for "a_var" here. Any global/non-const that + isn't a function/event/hook is classified as a "state variable" + in the generated docs. + +.. zeek:id:: ZeexygenExample::summary_test + + :Type: :zeek:type:`string` + + The first sentence for a particular identifier's summary text ends here. + And this second sentence doesn't show in the short description provided + by the table of all identifiers declared by this script. + +.. zeek:id:: ZeexygenExample::var_without_explicit_type + + :Type: :zeek:type:`string` + :Default: ``"this works"`` + + Types are inferred, that information is self-documenting. + +Types +##### +.. zeek:type:: ZeexygenExample::ComplexRecord + + :Type: :zeek:type:`record` + + field1: :zeek:type:`count` + Counts something. + + field2: :zeek:type:`bool` + Toggles something. + + field3: :zeek:type:`ZeexygenExample::SimpleRecord` + Zeexygen automatically tracks types + and cross-references are automatically + inserted in to generated docs. + + msg: :zeek:type:`string` :zeek:attr:`&default` = ``"blah"`` :zeek:attr:`&optional` + Attributes are self-documenting. + :Attributes: :zeek:attr:`&redef` + + General documentation for a type "ComplexRecord" goes here. + +.. zeek:type:: ZeexygenExample::Info + + :Type: :zeek:type:`record` + + ts: :zeek:type:`time` :zeek:attr:`&log` + + uid: :zeek:type:`string` :zeek:attr:`&log` + + status: :zeek:type:`count` :zeek:attr:`&log` :zeek:attr:`&optional` + + An example record to be used with a logging stream. + Nothing special about it. If another script redefs this type + to add fields, the generated documentation will show all original + fields plus the extensions and the scripts which contributed to it + (provided they are also @load'ed). + +.. zeek:type:: ZeexygenExample::SimpleEnum + + :Type: :zeek:type:`enum` + + .. zeek:enum:: ZeexygenExample::ONE ZeexygenExample::SimpleEnum + + Documentation for particular enum values is added like this. + And can also span multiple lines. + + .. zeek:enum:: ZeexygenExample::TWO ZeexygenExample::SimpleEnum + + Or this style is valid to document the preceding enum value. + + .. zeek:enum:: ZeexygenExample::THREE ZeexygenExample::SimpleEnum + + .. zeek:enum:: ZeexygenExample::FOUR ZeexygenExample::SimpleEnum + + And some documentation for "FOUR". + + .. zeek:enum:: ZeexygenExample::FIVE ZeexygenExample::SimpleEnum + + Also "FIVE". + + Documentation for the "SimpleEnum" type goes here. + It can span multiple lines. + +.. zeek:type:: ZeexygenExample::SimpleRecord + + :Type: :zeek:type:`record` + + field1: :zeek:type:`count` + Counts something. + + field2: :zeek:type:`bool` + Toggles something. + + field_ext: :zeek:type:`string` :zeek:attr:`&optional` + Document the extending field like this. + Or here, like this. + + General documentation for a type "SimpleRecord" goes here. + The way fields can be documented is similar to what's already seen + for enums. + +Events +###### +.. zeek:id:: ZeexygenExample::an_event + + :Type: :zeek:type:`event` (name: :zeek:type:`string`) + + Summarize "an_event" here. + Give more details about "an_event" here. + + ZeexygenExample::a_function should not be confused as a parameter + in the generated docs, but it also doesn't generate a cross-reference + link. Use the see role instead: :zeek:see:`ZeexygenExample::a_function`. + + + :name: Describe the argument here. + +Functions +######### +.. zeek:id:: ZeexygenExample::a_function + + :Type: :zeek:type:`function` (tag: :zeek:type:`string`, msg: :zeek:type:`string`) : :zeek:type:`string` + + Summarize purpose of "a_function" here. + Give more details about "a_function" here. + Separating the documentation of the params/return values with + empty comments is optional, but improves readability of script. + + + :tag: Function arguments can be described + like this. + + + :msg: Another param. + + + :returns: Describe the return type here. + + diff --git a/testing/btest/Baseline/doc.zeexygen.func-params/autogen-reST-func-params.rst b/testing/btest/Baseline/doc.zeexygen.func-params/autogen-reST-func-params.rst new file mode 100644 index 0000000000..cd0b7871d4 --- /dev/null +++ b/testing/btest/Baseline/doc.zeexygen.func-params/autogen-reST-func-params.rst @@ -0,0 +1,30 @@ +.. zeek:id:: test_func_params_func + + :Type: :zeek:type:`function` (i: :zeek:type:`int`, j: :zeek:type:`int`) : :zeek:type:`string` + + This is a global function declaration. + + + :i: First param. + + :j: Second param. + + + :returns: A string. + +.. zeek:type:: test_func_params_rec + + :Type: :zeek:type:`record` + + field_func: :zeek:type:`function` (i: :zeek:type:`int`, j: :zeek:type:`int`) : :zeek:type:`string` + This is a record field function. + + + :i: First param. + + :j: Second param. + + + :returns: A string. + + diff --git a/testing/btest/Baseline/doc.zeexygen.identifier/test.rst b/testing/btest/Baseline/doc.zeexygen.identifier/test.rst new file mode 100644 index 0000000000..128e1c6a5f --- /dev/null +++ b/testing/btest/Baseline/doc.zeexygen.identifier/test.rst @@ -0,0 +1,230 @@ +.. zeek:id:: ZeexygenExample::Zeexygen_One + + :Type: :zeek:type:`Notice::Type` + + Any number of this type of comment + will document "Zeexygen_One". + +.. zeek:id:: ZeexygenExample::Zeexygen_Two + + :Type: :zeek:type:`Notice::Type` + + Any number of this type of comment + will document "ZEEXYGEN_TWO". + +.. zeek:id:: ZeexygenExample::Zeexygen_Three + + :Type: :zeek:type:`Notice::Type` + + +.. zeek:id:: ZeexygenExample::Zeexygen_Four + + :Type: :zeek:type:`Notice::Type` + + Omitting comments is fine, and so is mixing ``##`` and ``##<``, but + it's probably best to use only one style consistently. + +.. zeek:id:: ZeexygenExample::LOG + + :Type: :zeek:type:`Log::ID` + + +.. zeek:type:: ZeexygenExample::SimpleEnum + + :Type: :zeek:type:`enum` + + .. zeek:enum:: ZeexygenExample::ONE ZeexygenExample::SimpleEnum + + Documentation for particular enum values is added like this. + And can also span multiple lines. + + .. zeek:enum:: ZeexygenExample::TWO ZeexygenExample::SimpleEnum + + Or this style is valid to document the preceding enum value. + + .. zeek:enum:: ZeexygenExample::THREE ZeexygenExample::SimpleEnum + + .. zeek:enum:: ZeexygenExample::FOUR ZeexygenExample::SimpleEnum + + And some documentation for "FOUR". + + .. zeek:enum:: ZeexygenExample::FIVE ZeexygenExample::SimpleEnum + + Also "FIVE". + + Documentation for the "SimpleEnum" type goes here. + It can span multiple lines. + +.. zeek:id:: ZeexygenExample::ONE + + :Type: :zeek:type:`ZeexygenExample::SimpleEnum` + + Documentation for particular enum values is added like this. + And can also span multiple lines. + +.. zeek:id:: ZeexygenExample::TWO + + :Type: :zeek:type:`ZeexygenExample::SimpleEnum` + + Or this style is valid to document the preceding enum value. + +.. zeek:id:: ZeexygenExample::THREE + + :Type: :zeek:type:`ZeexygenExample::SimpleEnum` + + +.. zeek:id:: ZeexygenExample::FOUR + + :Type: :zeek:type:`ZeexygenExample::SimpleEnum` + + And some documentation for "FOUR". + +.. zeek:id:: ZeexygenExample::FIVE + + :Type: :zeek:type:`ZeexygenExample::SimpleEnum` + + Also "FIVE". + +.. zeek:type:: ZeexygenExample::SimpleRecord + + :Type: :zeek:type:`record` + + field1: :zeek:type:`count` + Counts something. + + field2: :zeek:type:`bool` + Toggles something. + + field_ext: :zeek:type:`string` :zeek:attr:`&optional` + Document the extending field like this. + Or here, like this. + + General documentation for a type "SimpleRecord" goes here. + The way fields can be documented is similar to what's already seen + for enums. + +.. zeek:type:: ZeexygenExample::ComplexRecord + + :Type: :zeek:type:`record` + + field1: :zeek:type:`count` + Counts something. + + field2: :zeek:type:`bool` + Toggles something. + + field3: :zeek:type:`ZeexygenExample::SimpleRecord` + Zeexygen automatically tracks types + and cross-references are automatically + inserted in to generated docs. + + msg: :zeek:type:`string` :zeek:attr:`&default` = ``"blah"`` :zeek:attr:`&optional` + Attributes are self-documenting. + :Attributes: :zeek:attr:`&redef` + + General documentation for a type "ComplexRecord" goes here. + +.. zeek:type:: ZeexygenExample::Info + + :Type: :zeek:type:`record` + + ts: :zeek:type:`time` :zeek:attr:`&log` + + uid: :zeek:type:`string` :zeek:attr:`&log` + + status: :zeek:type:`count` :zeek:attr:`&log` :zeek:attr:`&optional` + + An example record to be used with a logging stream. + Nothing special about it. If another script redefs this type + to add fields, the generated documentation will show all original + fields plus the extensions and the scripts which contributed to it + (provided they are also @load'ed). + +.. zeek:id:: ZeexygenExample::an_option + + :Type: :zeek:type:`set` [:zeek:type:`addr`, :zeek:type:`addr`, :zeek:type:`string`] + :Attributes: :zeek:attr:`&redef` + :Default: ``{}`` + + Add documentation for "an_option" here. + The type/attribute information is all generated automatically. + +.. zeek:id:: ZeexygenExample::option_with_init + + :Type: :zeek:type:`interval` + :Attributes: :zeek:attr:`&redef` + :Default: ``10.0 msecs`` + + Default initialization will be generated automatically. + More docs can be added here. + +.. zeek:id:: ZeexygenExample::a_var + + :Type: :zeek:type:`bool` + + Put some documentation for "a_var" here. Any global/non-const that + isn't a function/event/hook is classified as a "state variable" + in the generated docs. + +.. zeek:id:: ZeexygenExample::var_without_explicit_type + + :Type: :zeek:type:`string` + :Default: ``"this works"`` + + Types are inferred, that information is self-documenting. + +.. zeek:id:: ZeexygenExample::summary_test + + :Type: :zeek:type:`string` + + The first sentence for a particular identifier's summary text ends here. + And this second sentence doesn't show in the short description provided + by the table of all identifiers declared by this script. + +.. zeek:id:: ZeexygenExample::a_function + + :Type: :zeek:type:`function` (tag: :zeek:type:`string`, msg: :zeek:type:`string`) : :zeek:type:`string` + + Summarize purpose of "a_function" here. + Give more details about "a_function" here. + Separating the documentation of the params/return values with + empty comments is optional, but improves readability of script. + + + :tag: Function arguments can be described + like this. + + + :msg: Another param. + + + :returns: Describe the return type here. + +.. zeek:id:: ZeexygenExample::an_event + + :Type: :zeek:type:`event` (name: :zeek:type:`string`) + + Summarize "an_event" here. + Give more details about "an_event" here. + + ZeexygenExample::a_function should not be confused as a parameter + in the generated docs, but it also doesn't generate a cross-reference + link. Use the see role instead: :zeek:see:`ZeexygenExample::a_function`. + + + :name: Describe the argument here. + +.. zeek:id:: ZeexygenExample::function_without_proto + + :Type: :zeek:type:`function` (tag: :zeek:type:`string`) : :zeek:type:`string` + + +.. zeek:type:: ZeexygenExample::PrivateRecord + + :Type: :zeek:type:`record` + + field1: :zeek:type:`bool` + + field2: :zeek:type:`count` + + diff --git a/testing/btest/Baseline/doc.broxygen.package/test.rst b/testing/btest/Baseline/doc.zeexygen.package/test.rst similarity index 58% rename from testing/btest/Baseline/doc.broxygen.package/test.rst rename to testing/btest/Baseline/doc.zeexygen.package/test.rst index 7c1f32dd44..345b2b6847 100644 --- a/testing/btest/Baseline/doc.broxygen.package/test.rst +++ b/testing/btest/Baseline/doc.zeexygen.package/test.rst @@ -1,19 +1,19 @@ :orphan: -Package: broxygen +Package: zeexygen ================= This package is loaded during the process which automatically generates -reference documentation for all Bro scripts (i.e. "Broxygen"). Its only -purpose is to provide an easy way to load all known Bro scripts plus any +reference documentation for all Zeek scripts (i.e. "Zeexygen"). Its only +purpose is to provide an easy way to load all known Zeek scripts plus any extra scripts needed or used by the documentation process. -:doc:`/scripts/broxygen/__load__.zeek` +:doc:`/scripts/zeexygen/__load__.zeek` -:doc:`/scripts/broxygen/example.zeek` +:doc:`/scripts/zeexygen/example.zeek` - This is an example script that demonstrates Broxygen-style + This is an example script that demonstrates Zeexygen-style documentation. It generally will make most sense when viewing the script's raw source code and comparing to the HTML-rendered version. @@ -26,12 +26,12 @@ extra scripts needed or used by the documentation process. .. tip:: You can embed directives and roles within ``##``-stylized comments. There's also a custom role to reference any identifier node in - the Bro Sphinx domain that's good for "see alsos", e.g. + the Zeek Sphinx domain that's good for "see alsos", e.g. - See also: :bro:see:`BroxygenExample::a_var`, - :bro:see:`BroxygenExample::ONE`, :bro:see:`SSH::Info` + See also: :zeek:see:`ZeexygenExample::a_var`, + :zeek:see:`ZeexygenExample::ONE`, :zeek:see:`SSH::Info` And a custom directive does the equivalent references: - .. bro:see:: BroxygenExample::a_var BroxygenExample::ONE SSH::Info + .. zeek:see:: ZeexygenExample::a_var ZeexygenExample::ONE SSH::Info diff --git a/testing/btest/Baseline/doc.zeexygen.package_index/test.rst b/testing/btest/Baseline/doc.zeexygen.package_index/test.rst new file mode 100644 index 0000000000..4a854e9736 --- /dev/null +++ b/testing/btest/Baseline/doc.zeexygen.package_index/test.rst @@ -0,0 +1,7 @@ +:doc:`zeexygen ` + + This package is loaded during the process which automatically generates + reference documentation for all Zeek scripts (i.e. "Zeexygen"). Its only + purpose is to provide an easy way to load all known Zeek scripts plus any + extra scripts needed or used by the documentation process. + diff --git a/testing/btest/Baseline/doc.zeexygen.records/autogen-reST-records.rst b/testing/btest/Baseline/doc.zeexygen.records/autogen-reST-records.rst new file mode 100644 index 0000000000..a9b671623a --- /dev/null +++ b/testing/btest/Baseline/doc.zeexygen.records/autogen-reST-records.rst @@ -0,0 +1,28 @@ +.. zeek:type:: TestRecord1 + + :Type: :zeek:type:`record` + + field1: :zeek:type:`bool` + + field2: :zeek:type:`count` + + +.. zeek:type:: TestRecord2 + + :Type: :zeek:type:`record` + + A: :zeek:type:`count` + document ``A`` + + B: :zeek:type:`bool` + document ``B`` + + C: :zeek:type:`TestRecord1` + and now ``C`` + is a declared type + + D: :zeek:type:`set` [:zeek:type:`count`, :zeek:type:`bool`] + sets/tables should show the index types + + Here's the ways records and record fields can be documented. + diff --git a/testing/btest/Baseline/doc.zeexygen.script_index/test.rst b/testing/btest/Baseline/doc.zeexygen.script_index/test.rst new file mode 100644 index 0000000000..eab6c439b2 --- /dev/null +++ b/testing/btest/Baseline/doc.zeexygen.script_index/test.rst @@ -0,0 +1,5 @@ +.. toctree:: + :maxdepth: 1 + + zeexygen/__load__.zeek + zeexygen/example.zeek diff --git a/testing/btest/Baseline/doc.broxygen.script_summary/test.rst b/testing/btest/Baseline/doc.zeexygen.script_summary/test.rst similarity index 64% rename from testing/btest/Baseline/doc.broxygen.script_summary/test.rst rename to testing/btest/Baseline/doc.zeexygen.script_summary/test.rst index 509f2c9286..3dd189ca77 100644 --- a/testing/btest/Baseline/doc.broxygen.script_summary/test.rst +++ b/testing/btest/Baseline/doc.zeexygen.script_summary/test.rst @@ -1,5 +1,5 @@ -:doc:`/scripts/broxygen/example.zeek` - This is an example script that demonstrates Broxygen-style +:doc:`/scripts/zeexygen/example.zeek` + This is an example script that demonstrates Zeexygen-style documentation. It generally will make most sense when viewing the script's raw source code and comparing to the HTML-rendered version. @@ -12,12 +12,12 @@ .. tip:: You can embed directives and roles within ``##``-stylized comments. There's also a custom role to reference any identifier node in - the Bro Sphinx domain that's good for "see alsos", e.g. + the Zeek Sphinx domain that's good for "see alsos", e.g. - See also: :bro:see:`BroxygenExample::a_var`, - :bro:see:`BroxygenExample::ONE`, :bro:see:`SSH::Info` + See also: :zeek:see:`ZeexygenExample::a_var`, + :zeek:see:`ZeexygenExample::ONE`, :zeek:see:`SSH::Info` And a custom directive does the equivalent references: - .. bro:see:: BroxygenExample::a_var BroxygenExample::ONE SSH::Info + .. zeek:see:: ZeexygenExample::a_var ZeexygenExample::ONE SSH::Info diff --git a/testing/btest/Baseline/doc.zeexygen.type-aliases/autogen-reST-type-aliases.rst b/testing/btest/Baseline/doc.zeexygen.type-aliases/autogen-reST-type-aliases.rst new file mode 100644 index 0000000000..7f60859a5a --- /dev/null +++ b/testing/btest/Baseline/doc.zeexygen.type-aliases/autogen-reST-type-aliases.rst @@ -0,0 +1,44 @@ +.. zeek:type:: ZeexygenTest::TypeAlias + + :Type: :zeek:type:`bool` + + This is just an alias for a builtin type ``bool``. + +.. zeek:type:: ZeexygenTest::NotTypeAlias + + :Type: :zeek:type:`bool` + + This type should get its own comments, not associated w/ TypeAlias. + +.. zeek:type:: ZeexygenTest::OtherTypeAlias + + :Type: :zeek:type:`bool` + + This cross references ``bool`` in the description of its type + instead of ``TypeAlias`` just because it seems more useful -- + one doesn't have to click through the full type alias chain to + find out what the actual type is... + +.. zeek:id:: ZeexygenTest::a + + :Type: :zeek:type:`ZeexygenTest::TypeAlias` + + But this should reference a type of ``TypeAlias``. + +.. zeek:id:: ZeexygenTest::b + + :Type: :zeek:type:`ZeexygenTest::OtherTypeAlias` + + And this should reference a type of ``OtherTypeAlias``. + +.. zeek:type:: ZeexygenTest::MyRecord + + :Type: :zeek:type:`record` + + f1: :zeek:type:`ZeexygenTest::TypeAlias` + + f2: :zeek:type:`ZeexygenTest::OtherTypeAlias` + + f3: :zeek:type:`bool` + + diff --git a/testing/btest/Baseline/doc.broxygen.vectors/autogen-reST-vectors.rst b/testing/btest/Baseline/doc.zeexygen.vectors/autogen-reST-vectors.rst similarity index 50% rename from testing/btest/Baseline/doc.broxygen.vectors/autogen-reST-vectors.rst rename to testing/btest/Baseline/doc.zeexygen.vectors/autogen-reST-vectors.rst index 37eabb9419..48b7204b60 100644 --- a/testing/btest/Baseline/doc.broxygen.vectors/autogen-reST-vectors.rst +++ b/testing/btest/Baseline/doc.zeexygen.vectors/autogen-reST-vectors.rst @@ -1,6 +1,6 @@ -.. bro:id:: test_vector0 +.. zeek:id:: test_vector0 - :Type: :bro:type:`vector` of :bro:type:`string` + :Type: :zeek:type:`vector` of :zeek:type:`string` :Default: :: @@ -9,9 +9,9 @@ Yield type is documented/cross-referenced for primitize types. -.. bro:id:: test_vector1 +.. zeek:id:: test_vector1 - :Type: :bro:type:`vector` of :bro:type:`TestRecord` + :Type: :zeek:type:`vector` of :zeek:type:`TestRecord` :Default: :: @@ -20,9 +20,9 @@ Yield type is documented/cross-referenced for composite types. -.. bro:id:: test_vector2 +.. zeek:id:: test_vector2 - :Type: :bro:type:`vector` of :bro:type:`vector` of :bro:type:`TestRecord` + :Type: :zeek:type:`vector` of :zeek:type:`vector` of :zeek:type:`TestRecord` :Default: :: diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output index 27edb2b682..aa27d73819 100644 --- a/testing/btest/Baseline/plugins.hooks/output +++ b/testing/btest/Baseline/plugins.hooks/output @@ -277,7 +277,7 @@ 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> -0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1555694513.545387, node=bro, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1555986109.036092, node=bro, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Broker::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Cluster::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Config::LOG)) -> @@ -462,7 +462,7 @@ 0.000000 MetaHookPost CallFunction(Log::create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> -0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1555694513.545387, node=bro, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1555986109.036092, node=bro, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(NetControl::check_plugins, , ()) -> 0.000000 MetaHookPost CallFunction(NetControl::init, , ()) -> 0.000000 MetaHookPost CallFunction(Notice::want_pp, , ()) -> @@ -707,7 +707,6 @@ 0.000000 MetaHookPost LoadFile(0, .<...>/bloom-filter.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/bro.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/broker.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/broxygen.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/cardinality-counter.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/catch-and-release.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/comm.bif.zeek) -> -1 @@ -786,6 +785,7 @@ 0.000000 MetaHookPost LoadFile(0, .<...>/utils.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/variance.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/weird.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/zeexygen.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, <...>/__load__.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, <...>/__preload__.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, <...>/hooks.zeek) -> -1 @@ -1180,7 +1180,7 @@ 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1555694513.545387, node=bro, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1555986109.036092, node=bro, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Broker::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Cluster::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Config::LOG)) @@ -1365,7 +1365,7 @@ 0.000000 MetaHookPre CallFunction(Log::create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1555694513.545387, node=bro, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1555986109.036092, node=bro, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(NetControl::check_plugins, , ()) 0.000000 MetaHookPre CallFunction(NetControl::init, , ()) 0.000000 MetaHookPre CallFunction(Notice::want_pp, , ()) @@ -1610,7 +1610,6 @@ 0.000000 MetaHookPre LoadFile(0, .<...>/bloom-filter.bif.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/bro.bif.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/broker.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/broxygen.bif.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/cardinality-counter.bif.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/catch-and-release.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/comm.bif.zeek) @@ -1689,6 +1688,7 @@ 0.000000 MetaHookPre LoadFile(0, .<...>/utils.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/variance.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/weird.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/zeexygen.bif.zeek) 0.000000 MetaHookPre LoadFile(0, <...>/__load__.zeek) 0.000000 MetaHookPre LoadFile(0, <...>/__preload__.zeek) 0.000000 MetaHookPre LoadFile(0, <...>/hooks.zeek) @@ -2082,7 +2082,7 @@ 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]) 0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]) 0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]) -0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1555694513.545387, node=bro, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1555986109.036092, node=bro, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Config::LOG) @@ -2267,7 +2267,7 @@ 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]) 0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]) 0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]) -0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1555694513.545387, node=bro, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1555986109.036092, node=bro, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction NetControl::check_plugins() 0.000000 | HookCallFunction NetControl::init() 0.000000 | HookCallFunction Notice::want_pp() @@ -2514,7 +2514,6 @@ 0.000000 | HookLoadFile .<...>/bloom-filter.bif.zeek 0.000000 | HookLoadFile .<...>/bro.bif.zeek 0.000000 | HookLoadFile .<...>/broker.zeek -0.000000 | HookLoadFile .<...>/broxygen.bif.zeek 0.000000 | HookLoadFile .<...>/cardinality-counter.bif.zeek 0.000000 | HookLoadFile .<...>/catch-and-release.zeek 0.000000 | HookLoadFile .<...>/comm.bif.zeek @@ -2600,6 +2599,7 @@ 0.000000 | HookLoadFile .<...>/variance.zeek 0.000000 | HookLoadFile .<...>/video.sig 0.000000 | HookLoadFile .<...>/weird.zeek +0.000000 | HookLoadFile .<...>/zeexygen.bif.zeek 0.000000 | HookLoadFile <...>/__load__.zeek 0.000000 | HookLoadFile <...>/__preload__.zeek 0.000000 | HookLoadFile <...>/hooks.zeek @@ -2702,7 +2702,7 @@ 0.000000 | HookLoadFile base<...>/x509 0.000000 | HookLoadFile base<...>/xmpp 0.000000 | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)} -0.000000 | HookLogWrite packet_filter [ts=1555694513.545387, node=bro, filter=ip or not ip, init=T, success=T] +0.000000 | HookLogWrite packet_filter [ts=1555986109.036092, node=bro, filter=ip or not ip, init=T, success=T] 0.000000 | HookQueueEvent NetControl::init() 0.000000 | HookQueueEvent filter_change_tracking() 0.000000 | HookQueueEvent zeek_init() diff --git a/testing/btest/coverage/broxygen.sh b/testing/btest/coverage/broxygen.sh index eee4575738..4dd12f27fe 100644 --- a/testing/btest/coverage/broxygen.sh +++ b/testing/btest/coverage/broxygen.sh @@ -1,12 +1,12 @@ -# This check piggy-backs on the test-all-policy.bro test, assuming that every +# This check piggy-backs on the test-all-policy.zeek test, assuming that every # loadable script is referenced there. The only additional check here is -# that the broxygen package should even load scripts that are commented -# out in test-all-policy.bro because the broxygen package is only loaded +# that the zeexygen package should even load scripts that are commented +# out in test-all-policy.zeek because the zeexygen package is only loaded # when generated documentation and will terminate has soon as zeek_init -# is handled, even if a script will e.g. put Bro into listen mode or otherwise +# is handled, even if a script will e.g. put Zeek into listen mode or otherwise # cause it to not terminate after scripts are parsed. -# @TEST-EXEC: bash %INPUT $DIST/scripts/test-all-policy.bro $DIST/scripts/broxygen/__load__.bro +# @TEST-EXEC: bash %INPUT $DIST/scripts/test-all-policy.zeek $DIST/scripts/zeexygen/__load__.zeek error_count=0 @@ -22,10 +22,10 @@ if [ $# -ne 2 ]; then fi all_loads=$(egrep "#[[:space:]]*@load.*" $1 | sed 's/#[[:space:]]*@load[[:space:]]*//g') -broxygen_loads=$(egrep "@load.*" $2 | sed 's/@load[[:space:]]*//g') +zeexygen_loads=$(egrep "@load.*" $2 | sed 's/@load[[:space:]]*//g') for f in $all_loads; do - echo "$broxygen_loads" | grep -q $f || error_msg "$f not loaded in broxygen/__load__.bro" + echo "$zeexygen_loads" | grep -q $f || error_msg "$f not loaded in zeexygen/__load__.zeek" done if [ $error_count -gt 0 ]; then diff --git a/testing/btest/coverage/sphinx-broxygen-docs.sh b/testing/btest/coverage/sphinx-broxygen-docs.sh index ab194cb027..d508a8361f 100644 --- a/testing/btest/coverage/sphinx-broxygen-docs.sh +++ b/testing/btest/coverage/sphinx-broxygen-docs.sh @@ -1,11 +1,11 @@ -# This script checks whether the reST docs generated by broxygen are stale. +# This script checks whether the reST docs generated by zeexygen are stale. # If this test fails when testing the master branch, then simply run: # -# testing/scripts/gen-broxygen-docs.sh +# testing/scripts/gen-zeexygen-docs.sh # # and then commit the changes. # -# @TEST-EXEC: bash $SCRIPTS/gen-broxygen-docs.sh ./doc +# @TEST-EXEC: bash $SCRIPTS/gen-zeexygen-docs.sh ./doc # @TEST-EXEC: bash %INPUT if [ -n "$TRAVIS_PULL_REQUEST" ]; then @@ -33,7 +33,7 @@ function check_diff echo "If this fails in the master branch or when merging to master," 1>&2 echo "re-run the following command:" 1>&2 echo "" 1>&2 - echo " $SCRIPTS/gen-broxygen-docs.sh" 1>&2 + echo " $SCRIPTS/gen-zeexygen-docs.sh" 1>&2 echo "" 1>&2 echo "Then commit/push the changes in the zeek-docs repo" 1>&2 echo "(the doc/ directory in the zeek repo)." 1>&2 diff --git a/testing/btest/doc/broxygen/example.zeek b/testing/btest/doc/broxygen/example.zeek deleted file mode 100644 index 7a7d30c92a..0000000000 --- a/testing/btest/doc/broxygen/example.zeek +++ /dev/null @@ -1,8 +0,0 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -X broxygen.config %INPUT -# @TEST-EXEC: btest-diff example.rst - -@TEST-START-FILE broxygen.config -script broxygen/example.zeek example.rst -@TEST-END-FILE - -@load broxygen/example diff --git a/testing/btest/doc/broxygen/identifier.zeek b/testing/btest/doc/broxygen/identifier.zeek deleted file mode 100644 index ae49d812a0..0000000000 --- a/testing/btest/doc/broxygen/identifier.zeek +++ /dev/null @@ -1,9 +0,0 @@ -# @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X broxygen.config %INPUT Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-diff test.rst - -@TEST-START-FILE broxygen.config -identifier BroxygenExample::* test.rst -@TEST-END-FILE - -@load broxygen diff --git a/testing/btest/doc/broxygen/package.zeek b/testing/btest/doc/broxygen/package.zeek deleted file mode 100644 index 6a9957804a..0000000000 --- a/testing/btest/doc/broxygen/package.zeek +++ /dev/null @@ -1,9 +0,0 @@ -# @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X broxygen.config %INPUT Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-diff test.rst - -@TEST-START-FILE broxygen.config -package broxygen test.rst -@TEST-END-FILE - -@load broxygen diff --git a/testing/btest/doc/broxygen/package_index.zeek b/testing/btest/doc/broxygen/package_index.zeek deleted file mode 100644 index 49c367aa48..0000000000 --- a/testing/btest/doc/broxygen/package_index.zeek +++ /dev/null @@ -1,9 +0,0 @@ -# @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X broxygen.config %INPUT Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-diff test.rst - -@TEST-START-FILE broxygen.config -package_index broxygen test.rst -@TEST-END-FILE - -@load broxygen diff --git a/testing/btest/doc/broxygen/script_index.zeek b/testing/btest/doc/broxygen/script_index.zeek deleted file mode 100644 index ab257ad35d..0000000000 --- a/testing/btest/doc/broxygen/script_index.zeek +++ /dev/null @@ -1,9 +0,0 @@ -# @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X broxygen.config %INPUT Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-diff test.rst - -@TEST-START-FILE broxygen.config -script_index broxygen/* test.rst -@TEST-END-FILE - -@load broxygen diff --git a/testing/btest/doc/broxygen/script_summary.zeek b/testing/btest/doc/broxygen/script_summary.zeek deleted file mode 100644 index 6ea5e95576..0000000000 --- a/testing/btest/doc/broxygen/script_summary.zeek +++ /dev/null @@ -1,9 +0,0 @@ -# @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X broxygen.config %INPUT Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-diff test.rst - -@TEST-START-FILE broxygen.config -script_summary broxygen/example.zeek test.rst -@TEST-END-FILE - -@load broxygen diff --git a/testing/btest/doc/broxygen/command_line.zeek b/testing/btest/doc/zeexygen/command_line.zeek similarity index 100% rename from testing/btest/doc/broxygen/command_line.zeek rename to testing/btest/doc/zeexygen/command_line.zeek diff --git a/testing/btest/doc/broxygen/comment_retrieval_bifs.zeek b/testing/btest/doc/zeexygen/comment_retrieval_bifs.zeek similarity index 100% rename from testing/btest/doc/broxygen/comment_retrieval_bifs.zeek rename to testing/btest/doc/zeexygen/comment_retrieval_bifs.zeek diff --git a/testing/btest/doc/broxygen/enums.zeek b/testing/btest/doc/zeexygen/enums.zeek similarity index 89% rename from testing/btest/doc/broxygen/enums.zeek rename to testing/btest/doc/zeexygen/enums.zeek index 8fbdb11ab6..a385a36a6c 100644 --- a/testing/btest/doc/broxygen/enums.zeek +++ b/testing/btest/doc/zeexygen/enums.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X broxygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-enums.rst -@TEST-START-FILE broxygen.config +@TEST-START-FILE zeexygen.config identifier TestEnum* autogen-reST-enums.rst @TEST-END-FILE diff --git a/testing/btest/doc/zeexygen/example.zeek b/testing/btest/doc/zeexygen/example.zeek new file mode 100644 index 0000000000..53179dac39 --- /dev/null +++ b/testing/btest/doc/zeexygen/example.zeek @@ -0,0 +1,8 @@ +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -X zeexygen.config %INPUT +# @TEST-EXEC: btest-diff example.rst + +@TEST-START-FILE zeexygen.config +script zeexygen/example.zeek example.rst +@TEST-END-FILE + +@load zeexygen/example diff --git a/testing/btest/doc/broxygen/func-params.zeek b/testing/btest/doc/zeexygen/func-params.zeek similarity index 83% rename from testing/btest/doc/broxygen/func-params.zeek rename to testing/btest/doc/zeexygen/func-params.zeek index e53ca475f1..5facba3e05 100644 --- a/testing/btest/doc/broxygen/func-params.zeek +++ b/testing/btest/doc/zeexygen/func-params.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X broxygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-func-params.rst -@TEST-START-FILE broxygen.config +@TEST-START-FILE zeexygen.config identifier test_func_params* autogen-reST-func-params.rst @TEST-END-FILE diff --git a/testing/btest/doc/zeexygen/identifier.zeek b/testing/btest/doc/zeexygen/identifier.zeek new file mode 100644 index 0000000000..38a4f274ad --- /dev/null +++ b/testing/btest/doc/zeexygen/identifier.zeek @@ -0,0 +1,9 @@ +# @TEST-PORT: BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-diff test.rst + +@TEST-START-FILE zeexygen.config +identifier ZeexygenExample::* test.rst +@TEST-END-FILE + +@load zeexygen diff --git a/testing/btest/doc/zeexygen/package.zeek b/testing/btest/doc/zeexygen/package.zeek new file mode 100644 index 0000000000..7038b5b50a --- /dev/null +++ b/testing/btest/doc/zeexygen/package.zeek @@ -0,0 +1,9 @@ +# @TEST-PORT: BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-diff test.rst + +@TEST-START-FILE zeexygen.config +package zeexygen test.rst +@TEST-END-FILE + +@load zeexygen diff --git a/testing/btest/doc/zeexygen/package_index.zeek b/testing/btest/doc/zeexygen/package_index.zeek new file mode 100644 index 0000000000..3a0c92ca71 --- /dev/null +++ b/testing/btest/doc/zeexygen/package_index.zeek @@ -0,0 +1,9 @@ +# @TEST-PORT: BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-diff test.rst + +@TEST-START-FILE zeexygen.config +package_index zeexygen test.rst +@TEST-END-FILE + +@load zeexygen diff --git a/testing/btest/doc/broxygen/records.zeek b/testing/btest/doc/zeexygen/records.zeek similarity index 84% rename from testing/btest/doc/broxygen/records.zeek rename to testing/btest/doc/zeexygen/records.zeek index fbaa957a9f..0c1f668df9 100644 --- a/testing/btest/doc/broxygen/records.zeek +++ b/testing/btest/doc/zeexygen/records.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X broxygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-records.rst -@TEST-START-FILE broxygen.config +@TEST-START-FILE zeexygen.config identifier TestRecord* autogen-reST-records.rst @TEST-END-FILE diff --git a/testing/btest/doc/zeexygen/script_index.zeek b/testing/btest/doc/zeexygen/script_index.zeek new file mode 100644 index 0000000000..f92513d632 --- /dev/null +++ b/testing/btest/doc/zeexygen/script_index.zeek @@ -0,0 +1,9 @@ +# @TEST-PORT: BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-diff test.rst + +@TEST-START-FILE zeexygen.config +script_index zeexygen/* test.rst +@TEST-END-FILE + +@load zeexygen diff --git a/testing/btest/doc/zeexygen/script_summary.zeek b/testing/btest/doc/zeexygen/script_summary.zeek new file mode 100644 index 0000000000..9378417f08 --- /dev/null +++ b/testing/btest/doc/zeexygen/script_summary.zeek @@ -0,0 +1,9 @@ +# @TEST-PORT: BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-diff test.rst + +@TEST-START-FILE zeexygen.config +script_summary zeexygen/example.zeek test.rst +@TEST-END-FILE + +@load zeexygen diff --git a/testing/btest/doc/broxygen/type-aliases.zeek b/testing/btest/doc/zeexygen/type-aliases.zeek similarity index 81% rename from testing/btest/doc/broxygen/type-aliases.zeek rename to testing/btest/doc/zeexygen/type-aliases.zeek index 0971327c2b..40a6e24417 100644 --- a/testing/btest/doc/broxygen/type-aliases.zeek +++ b/testing/btest/doc/zeexygen/type-aliases.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X broxygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-type-aliases.rst -@TEST-START-FILE broxygen.config -identifier BroxygenTest::* autogen-reST-type-aliases.rst +@TEST-START-FILE zeexygen.config +identifier ZeexygenTest::* autogen-reST-type-aliases.rst @TEST-END-FILE -module BroxygenTest; +module ZeexygenTest; export { ## This is just an alias for a builtin type ``bool``. diff --git a/testing/btest/doc/broxygen/vectors.zeek b/testing/btest/doc/zeexygen/vectors.zeek similarity index 83% rename from testing/btest/doc/broxygen/vectors.zeek rename to testing/btest/doc/zeexygen/vectors.zeek index 7c18225357..8a16a58149 100644 --- a/testing/btest/doc/broxygen/vectors.zeek +++ b/testing/btest/doc/zeexygen/vectors.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X broxygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-vectors.rst -@TEST-START-FILE broxygen.config +@TEST-START-FILE zeexygen.config identifier test_vector* autogen-reST-vectors.rst @TEST-END-FILE diff --git a/testing/scripts/gen-broxygen-docs.sh b/testing/scripts/gen-zeexygen-docs.sh similarity index 81% rename from testing/scripts/gen-broxygen-docs.sh rename to testing/scripts/gen-zeexygen-docs.sh index 11f1cb066e..66287b01aa 100755 --- a/testing/scripts/gen-broxygen-docs.sh +++ b/testing/scripts/gen-zeexygen-docs.sh @@ -11,9 +11,9 @@ unset BRO_DEFAULT_CONNECT_RETRY dir="$( cd "$( dirname "$0" )" && pwd )" source_dir="$( cd $dir/../.. && pwd )" build_dir=$source_dir/build -conf_file=$build_dir/broxygen-test.conf +conf_file=$build_dir/zeexygen-test.conf output_dir=$source_dir/doc -bro_error_file=$build_dir/broxygen-test-stderr.txt +zeek_error_file=$build_dir/zeexygen-test-stderr.txt if [ -n "$1" ]; then output_dir=$1 @@ -28,13 +28,13 @@ cd $build_dir . bro-path-dev.sh export BRO_SEED_FILE=$source_dir/testing/btest/random.seed -function run_bro +function run_zeek { - ZEEK_ALLOW_INIT_ERRORS=1 bro -X $conf_file broxygen >/dev/null 2>$bro_error_file + ZEEK_ALLOW_INIT_ERRORS=1 bro -X $conf_file zeexygen >/dev/null 2>$zeek_error_file if [ $? -ne 0 ]; then - echo "Failed running bro with broxygen config file $conf_file" - echo "See stderr in $bro_error_file" + echo "Failed running zeek with zeexygen config file $conf_file" + echo "See stderr in $zeek_error_file" exit 1 fi } @@ -43,7 +43,7 @@ scripts_output_dir=$output_dir/scripts rm -rf $scripts_output_dir printf "script\t*\t$scripts_output_dir/" > $conf_file echo "Generating $scripts_output_dir/" -run_bro +run_zeek script_ref_dir=$output_dir/script-reference mkdir -p $script_ref_dir @@ -52,7 +52,7 @@ function generate_index { echo "Generating $script_ref_dir/$2" printf "$1\t*\t$script_ref_dir/$2\n" > $conf_file - run_bro + run_zeek } generate_index "script_index" "autogenerated-script-index.rst" From 85acdc14e43a9f69b04e60f74bc10515afb3af1b Mon Sep 17 00:00:00 2001 From: Vern Paxson Date: Tue, 23 Apr 2019 16:40:58 -0700 Subject: [PATCH 038/247] expose some TCP analyzer utility functions for use by derived classes --- src/analyzer/protocol/tcp/TCP.cc | 8 ++++---- src/analyzer/protocol/tcp/TCP.h | 8 ++++++++ 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/src/analyzer/protocol/tcp/TCP.cc b/src/analyzer/protocol/tcp/TCP.cc index 1f5309a1b9..7c9c3b09a2 100644 --- a/src/analyzer/protocol/tcp/TCP.cc +++ b/src/analyzer/protocol/tcp/TCP.cc @@ -1019,9 +1019,9 @@ void TCP_Analyzer::CheckPIA_FirstPacket(int is_orig, const IP_Hdr* ip) } } -static uint64 get_relative_seq(const TCP_Endpoint* endpoint, - uint32 cur_base, uint32 last, uint32 wraps, - bool* underflow = 0) +uint64 TCP_Analyzer::get_relative_seq(const TCP_Endpoint* endpoint, + uint32 cur_base, uint32 last, + uint32 wraps, bool* underflow) { int32 delta = seq_delta(cur_base, last); @@ -1052,7 +1052,7 @@ static uint64 get_relative_seq(const TCP_Endpoint* endpoint, return endpoint->ToRelativeSeqSpace(cur_base, wraps); } -static int get_segment_len(int payload_len, TCP_Flags flags) +int TCP_Analyzer::get_segment_len(int payload_len, TCP_Flags flags) { int seg_len = payload_len; diff --git a/src/analyzer/protocol/tcp/TCP.h b/src/analyzer/protocol/tcp/TCP.h index 69f3482ae0..c699abf62c 100644 --- a/src/analyzer/protocol/tcp/TCP.h +++ b/src/analyzer/protocol/tcp/TCP.h @@ -174,6 +174,14 @@ protected: const u_char* option, TCP_Analyzer* analyzer, bool is_orig, void* cookie); + // A couple of handle utility functions that we make available + // to any derived analyzers. + static uint64 get_relative_seq(const TCP_Endpoint* endpoint, + uint32 cur_base, uint32 last, + uint32 wraps, bool* underflow = 0); + + static int get_segment_len(int payload_len, TCP_Flags flags); + private: TCP_Endpoint* orig; TCP_Endpoint* resp; From 05b4d2a26c792dfd136eedbe703753a0d2322886 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 25 Apr 2019 10:22:11 -0700 Subject: [PATCH 039/247] Add Zeexygen cross-reference links for some events --- CHANGES | 4 ++++ VERSION | 2 +- doc | 2 +- src/event.bif | 12 +++--------- 4 files changed, 9 insertions(+), 11 deletions(-) diff --git a/CHANGES b/CHANGES index 40ebd17464..87f5e1b2ce 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.6-246 | 2019-04-25 10:22:11 -0700 + + * Add Zeexygen cross-reference links for some events (Jon Siwek, Corelight) + 2.6-245 | 2019-04-23 18:42:02 -0700 * Expose TCP analyzer utility functions to derived classes (Vern Paxson, Corelight) diff --git a/VERSION b/VERSION index c6645ac507..b439e78817 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-245 +2.6-246 diff --git a/doc b/doc index dc37959938..07b9bd4f59 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit dc37959938b9a70a642e7be48693d5c5fd3d5e80 +Subproject commit 07b9bd4f59d6656b3488a17329d58f67cd797fcd diff --git a/src/event.bif b/src/event.bif index 3932618188..3505c686a5 100644 --- a/src/event.bif +++ b/src/event.bif @@ -48,9 +48,7 @@ ## event zeek_init%(%); -## Deprecated synonym for ``zeek_init``. -## -## .. zeek:see: zeek_init +## Deprecated synonym for :zeek:see:`zeek_init`. event bro_init%(%) &deprecated; ## Generated at Zeek termination time. The event engine generates this event when @@ -66,9 +64,7 @@ event bro_init%(%) &deprecated; ## is not generated. event zeek_done%(%); -## Deprecated synonym for ``zeek_done``. -## -## .. zeek:see: zeek_done +## Deprecated synonym for :zeek:see:`zeek_done`. event bro_done%(%) &deprecated; ## Generated for every new connection. This event is raised with the first @@ -876,9 +872,7 @@ event reporter_error%(t: time, msg: string, location: string%) &error_handler; ## recursively for each ``@load``. event zeek_script_loaded%(path: string, level: count%); -## Deprecated synonym for ``zeek_script_loaded``. -## -## .. zeek:see: zeek_script_loaded +## Deprecated synonym for :zeek:see:`zeek_script_loaded`. event bro_script_loaded%(path: string, level: count%) &deprecated; ## Generated each time Bro's script interpreter opens a file. This event is From a93e9317d5d3537214b39f1929003f40adda0df1 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 25 Apr 2019 12:00:21 -0700 Subject: [PATCH 040/247] Updating submodule(s). [nomail] --- doc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc b/doc index 07b9bd4f59..073bb08473 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit 07b9bd4f59d6656b3488a17329d58f67cd797fcd +Subproject commit 073bb08473b8172b8bb175e0702204f15f522392 From cc83b8ce8ec5133a5111df6f2351755349e79c6b Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 26 Apr 2019 09:43:57 -0700 Subject: [PATCH 041/247] Updating submodule(s). [nomail] --- aux/bifcl | 2 +- aux/binpac | 2 +- aux/broccoli | 2 +- aux/broctl | 2 +- aux/broker | 2 +- aux/zeek-aux | 2 +- cmake | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/aux/bifcl b/aux/bifcl index 1dea95dd78..1b5375e9f8 160000 --- a/aux/bifcl +++ b/aux/bifcl @@ -1 +1 @@ -Subproject commit 1dea95dd7819cb6b80291d5830e2b7d04b14abd0 +Subproject commit 1b5375e9f81ecec59f983e6abe86300c6bbbcb8f diff --git a/aux/binpac b/aux/binpac index f648419d79..04c7e27a22 160000 --- a/aux/binpac +++ b/aux/binpac @@ -1 +1 @@ -Subproject commit f648419d796f8ab9f36991062ae790174e084aee +Subproject commit 04c7e27a22491a91ee309877253da0922d0822bc diff --git a/aux/broccoli b/aux/broccoli index 0ec42e5f54..8668422406 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit 0ec42e5f54b7f0a65e35213d709ae19499526647 +Subproject commit 8668422406cb74f4f0c574a0c9b6365a21f3e81a diff --git a/aux/broctl b/aux/broctl index 5698525ae4..39ae4a469d 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 5698525ae41c397c18eba1d5350cca18fa081665 +Subproject commit 39ae4a469d6ae86c12b49020b361da4fcab24b5b diff --git a/aux/broker b/aux/broker index 1ab04b7bd8..56408c5582 160000 --- a/aux/broker +++ b/aux/broker @@ -1 +1 @@ -Subproject commit 1ab04b7bd893f65c1339b2ac92596dca6ed66412 +Subproject commit 56408c5582c80db6774c8b25642149dfb542345a diff --git a/aux/zeek-aux b/aux/zeek-aux index 0ec8103a69..ba482418c4 160000 --- a/aux/zeek-aux +++ b/aux/zeek-aux @@ -1 +1 @@ -Subproject commit 0ec8103a698ae71ff23d4dfa9e38b624c22ae718 +Subproject commit ba482418c4e16551fd7b9128a4082348ef2842f0 diff --git a/cmake b/cmake index 8554b602ee..5521da04df 160000 --- a/cmake +++ b/cmake @@ -1 +1 @@ -Subproject commit 8554b602eed13076484fdac18fbdd934b061bed7 +Subproject commit 5521da04df0190e3362e4c5164df5c2c8884dd2c From 49908ac865ad2c556677718e951eee71a85bd8f4 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 26 Apr 2019 19:26:44 -0700 Subject: [PATCH 042/247] Fix parsing of hybrid IPv6-IPv4 addr literals with no zero compression --- CHANGES | 4 ++++ VERSION | 2 +- src/scan.l | 2 +- testing/btest/language/addr.zeek | 1 + 4 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 87f5e1b2ce..18e2d85a74 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.6-249 | 2019-04-26 19:26:44 -0700 + + * Fix parsing of hybrid IPv6-IPv4 addr literals with no zero compression (Jon Siwek, Corelight) + 2.6-246 | 2019-04-25 10:22:11 -0700 * Add Zeexygen cross-reference links for some events (Jon Siwek, Corelight) diff --git a/VERSION b/VERSION index b439e78817..acde488fd3 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-246 +2.6-249 diff --git a/src/scan.l b/src/scan.l index 0b9a019cc8..4da90394e7 100644 --- a/src/scan.l +++ b/src/scan.l @@ -152,7 +152,7 @@ D [0-9]+ HEX [0-9a-fA-F]+ IDCOMPONENT [A-Za-z_][A-Za-z_0-9]* ID {IDCOMPONENT}(::{IDCOMPONENT})* -IP6 ("["({HEX}:){7}{HEX}"]")|("["0x{HEX}({HEX}|:)*"::"({HEX}|:)*"]")|("["({HEX}|:)*"::"({HEX}|:)*"]")|("["({HEX}|:)*"::"({HEX}|:)*({D}"."){3}{D}"]") +IP6 ("["({HEX}:){7}{HEX}"]")|("["0x{HEX}({HEX}|:)*"::"({HEX}|:)*"]")|("["({HEX}|:)*"::"({HEX}|:)*"]")|("["({HEX}:){6}({D}"."){3}{D}"]")|("["({HEX}|:)*"::"({HEX}|:)*({D}"."){3}{D}"]") FILE [^ \t\n]+ PREFIX [^ \t\n]+ FLOAT (({D}*"."?{D})|({D}"."?{D}*))([eE][-+]?{D})? diff --git a/testing/btest/language/addr.zeek b/testing/btest/language/addr.zeek index dff376ec4a..8829c20da2 100644 --- a/testing/btest/language/addr.zeek +++ b/testing/btest/language/addr.zeek @@ -31,6 +31,7 @@ event zeek_init() local b6: addr = [aaaa:bbbb:cccc:dddd:eeee:ffff:1111:2222]; local b7: addr = [AAAA:BBBB:CCCC:DDDD:EEEE:FFFF:1111:2222]; local b8 = [a::b]; + local b9 = [2001:db8:0:0:0:FFFF:192.168.0.5]; test_case( "IPv6 address inequality", b1 != b2 ); test_case( "IPv6 address equality", b1 == b5 ); From 4dc6ac538247e5d3b7535a6b8781cb23f2ef1cca Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Mon, 29 Apr 2019 15:25:47 -0400 Subject: [PATCH 043/247] Include all data of the server-hello random Before we cut the first 4 bytes, which makes it impossible to recognize several newer packets (like the hello retry). --- src/analyzer/protocol/ssl/events.bif | 6 ++- .../protocol/ssl/proc-server-hello.pac | 6 ++- src/analyzer/protocol/ssl/ssl-analyzer.pac | 2 +- .../protocol/ssl/tls-handshake-analyzer.pac | 2 +- .../protocol/ssl/tls-handshake-protocol.pac | 3 +- .../ssl-all.log | 40 +++++++++---------- .../.stdout | 2 +- .../all-events.log | 2 +- 8 files changed, 34 insertions(+), 29 deletions(-) diff --git a/src/analyzer/protocol/ssl/events.bif b/src/analyzer/protocol/ssl/events.bif index 4e7b7113eb..25813031dd 100644 --- a/src/analyzer/protocol/ssl/events.bif +++ b/src/analyzer/protocol/ssl/events.bif @@ -56,13 +56,15 @@ event ssl_client_hello%(c: connection, version: count, record_version: count, po ## ## possible_ts: The current time as sent by the server. Note that SSL/TLS does ## not require clocks to be set correctly, so treat with care. This value -## is not sent in TLSv1.3. +## is meaningless in SSLv2 and TLSv1.3. ## ## session_id: The session ID as sent back by the server (if any). This value is not ## sent in TLSv1.3. ## ## server_random: The random value sent by the server. For version 2 connections, -## the connection-id is returned. +## the connection-id is returned. Note - the full 32 bytes are included in +## server_random. This means that the 4 bytes present in possible_ts are repeated; +## if you do not want this behavior ignore the first 4 bytes. ## ## cipher: The cipher chosen by the server. The values are standardized as part ## of the SSL/TLS protocol. The :zeek:id:`SSL::cipher_desc` table maps diff --git a/src/analyzer/protocol/ssl/proc-server-hello.pac b/src/analyzer/protocol/ssl/proc-server-hello.pac index 3fbf688e5d..efce02b329 100644 --- a/src/analyzer/protocol/ssl/proc-server-hello.pac +++ b/src/analyzer/protocol/ssl/proc-server-hello.pac @@ -1,5 +1,5 @@ function proc_server_hello( - version : uint16, ts : double, + version : uint16, v2 : bool, server_random : bytestring, session_id : uint8[], cipher_suites16 : uint16[], @@ -21,6 +21,10 @@ else std::transform(cipher_suites24->begin(), cipher_suites24->end(), std::back_inserter(*ciphers), to_int()); + uint32 ts = 0; + if ( v2 == 0 && server_random.length() >= 4 ) + ts |= server_random[3] | server_random[2] << 8 | server_random[1] << 16 | server_random[0] << 24; + BifEvent::generate_ssl_server_hello(bro_analyzer(), bro_analyzer()->Conn(), version, record_version(), ts, new StringVal(server_random.length(), diff --git a/src/analyzer/protocol/ssl/ssl-analyzer.pac b/src/analyzer/protocol/ssl/ssl-analyzer.pac index bf35218873..06a5767955 100644 --- a/src/analyzer/protocol/ssl/ssl-analyzer.pac +++ b/src/analyzer/protocol/ssl/ssl-analyzer.pac @@ -44,7 +44,7 @@ refine typeattr V2ClientHello += &let { refine typeattr V2ServerHello += &let { check_v2 : bool = $context.connection.proc_check_v2_server_hello_version(server_version); - proc : bool = $context.connection.proc_server_hello(server_version, 0, + proc : bool = $context.connection.proc_server_hello(server_version, 1, conn_id_data, 0, 0, ciphers, 0) &requires(check_v2) &if(check_v2 == true); cert : bool = $context.connection.proc_v2_certificate(rec.is_orig, cert_data) diff --git a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac index 8e0ae84455..085a8710f9 100644 --- a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac +++ b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac @@ -465,7 +465,7 @@ refine typeattr ClientHello += &let { refine typeattr ServerHello += &let { proc : bool = $context.connection.proc_server_hello(server_version, - gmt_unix_time, random_bytes, session_id, cipher_suite, 0, + 0, random_bytes, session_id, cipher_suite, 0, compression_method); }; diff --git a/src/analyzer/protocol/ssl/tls-handshake-protocol.pac b/src/analyzer/protocol/ssl/tls-handshake-protocol.pac index e3b2b88aeb..1ed6816f45 100644 --- a/src/analyzer/protocol/ssl/tls-handshake-protocol.pac +++ b/src/analyzer/protocol/ssl/tls-handshake-protocol.pac @@ -116,8 +116,7 @@ type ServerHelloChoice(rec: HandshakeRecord) = record { }; type ServerHello(rec: HandshakeRecord, server_version: uint16) = record { - gmt_unix_time : uint32; - random_bytes : bytestring &length = 28; + random_bytes : bytestring &length = 32; session_len : uint8; session_id : uint8[session_len]; cipher_suite : uint16[1]; diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.keyexchange/ssl-all.log b/testing/btest/Baseline/scripts.base.protocols.ssl.keyexchange/ssl-all.log index 7d15c707b3..506c3a5945 100644 --- a/testing/btest/Baseline/scripts.base.protocols.ssl.keyexchange/ssl-all.log +++ b/testing/btest/Baseline/scripts.base.protocols.ssl.keyexchange/ssl-all.log @@ -3,60 +3,60 @@ #empty_field (empty) #unset_field - #path ssl -#open 2018-08-27-22-38-51 +#open 2019-04-29-19-23-03 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer client_record_version client_random client_cipher_suites server_record_version server_random server_dh_p server_dh_q server_dh_Ys server_ecdh_point server_signature_sig_alg server_signature_hash_alg server_signature server_cert_sha1 client_rsa_pms client_dh_Yc client_ecdh_point #types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string string string string string string string string string string count count string string string string string -1398558136.319509 CHhAvVGS1DHFjwGM9 192.168.18.50 62277 162.219.2.166 443 TLSv12 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - - F - - T F6fLv13PBYz8MNqx68,F8cTDl1penwXxGu4K7 (empty) emailAddress=denicadmmail@arcor.de,CN=www.lilawelt.net,C=US CN=StartCom Class 1 Primary Intermediate Server CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL - - TLSv10 1f7f8ae4d8dd45f31ed2e158f5f9ee676b7cb2c92585d8a3e1c2da7e TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV TLSv12 5c3660849d1ba4081e9c5863f11c64233c045d58380ea393bdca5322 bbbc2dcad84674907c43fcf580e9cfdbd958a3f568b42d4b08eed4eb0fb3504c6c030276e710800c5ccbbaa8922614c5beeca565a5fdf1d287a2bc049be6778060e91a92a757e3048f68b076f7d36cc8f29ba5df81dc2ca725ece66270cc9a5035d8ceceef9ea0274a63ab1e58fafd4988d0f65d146757da071df045cfe16b9b 02 af5e4cde6c7ac4ad3f62f9df82e6a378a1c80fccf26abcbd13120339707baae172c0381abde73c3d607c14706bb8ab4d09dd39c5961ea86114c37f6b803554925a3e4c64c54ed1ba171e52f97fa2df2ef7e52725c62635e4c3ab625a018bfa75b266446f24b8e0c13dcc258db35b52e8ed5add68ca54de905395304cf3e1eeac - 1 6 18fd31815d4c5316d23bddb61ada198272ffa76ab0a4f7505b2a232150bd79874a9e5aabd7e39aef8cccdd2eba9cfcef6cc77842c7b359899b976f930e671d9308c3a07eeb6eaf1411a4c91a3523e4a8a4ccf523df2b70d56da5173e862643ad894495f14a94bda7115cedda87d520e524f917197dec625ffa1283d156e39f2daa49424a42aba2e0d0e43ebd537f348db770fe6c901a17432c7dd1a9146a2039c383f293cab5b04cb653332454883396863dd419b63745cc65bfc905c06a5d4283f5ff33a1d59584610293a1b08da9a6884c8e67675568e2c357b3d040350694c8b1c74c4be16e76eafeb8efe69dc501154fd36347d04ffc0c6e9a5646a1902a c3d48226a8f94d3bbb49918ac02187493258e74e - 0080545ca1e5a9978e411a23f7ce3b50d2919cb7da2dfd4c97d1dd20db9535d6240b684751b08845d44b780750371c5f229903cf59216bcfbe255de370f9a801177fa0dd11061a0173cd7fe4d740e3a74cc594a8c2510d03039126388730c2c73ca0db5fdad2a2021e9ea025b86dc0ba87aea5629246a4cf0f98726fcda9c89d4483 - -#close 2018-08-27-22-38-51 +1398558136.319509 CHhAvVGS1DHFjwGM9 192.168.18.50 62277 162.219.2.166 443 TLSv12 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - - F - - T F6fLv13PBYz8MNqx68,F8cTDl1penwXxGu4K7 (empty) emailAddress=denicadmmail@arcor.de,CN=www.lilawelt.net,C=US CN=StartCom Class 1 Primary Intermediate Server CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL - - TLSv10 1f7f8ae4d8dd45f31ed2e158f5f9ee676b7cb2c92585d8a3e1c2da7e TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV TLSv12 535c4db35c3660849d1ba4081e9c5863f11c64233c045d58380ea393bdca5322 bbbc2dcad84674907c43fcf580e9cfdbd958a3f568b42d4b08eed4eb0fb3504c6c030276e710800c5ccbbaa8922614c5beeca565a5fdf1d287a2bc049be6778060e91a92a757e3048f68b076f7d36cc8f29ba5df81dc2ca725ece66270cc9a5035d8ceceef9ea0274a63ab1e58fafd4988d0f65d146757da071df045cfe16b9b 02 af5e4cde6c7ac4ad3f62f9df82e6a378a1c80fccf26abcbd13120339707baae172c0381abde73c3d607c14706bb8ab4d09dd39c5961ea86114c37f6b803554925a3e4c64c54ed1ba171e52f97fa2df2ef7e52725c62635e4c3ab625a018bfa75b266446f24b8e0c13dcc258db35b52e8ed5add68ca54de905395304cf3e1eeac - 1 6 18fd31815d4c5316d23bddb61ada198272ffa76ab0a4f7505b2a232150bd79874a9e5aabd7e39aef8cccdd2eba9cfcef6cc77842c7b359899b976f930e671d9308c3a07eeb6eaf1411a4c91a3523e4a8a4ccf523df2b70d56da5173e862643ad894495f14a94bda7115cedda87d520e524f917197dec625ffa1283d156e39f2daa49424a42aba2e0d0e43ebd537f348db770fe6c901a17432c7dd1a9146a2039c383f293cab5b04cb653332454883396863dd419b63745cc65bfc905c06a5d4283f5ff33a1d59584610293a1b08da9a6884c8e67675568e2c357b3d040350694c8b1c74c4be16e76eafeb8efe69dc501154fd36347d04ffc0c6e9a5646a1902a c3d48226a8f94d3bbb49918ac02187493258e74e - 0080545ca1e5a9978e411a23f7ce3b50d2919cb7da2dfd4c97d1dd20db9535d6240b684751b08845d44b780750371c5f229903cf59216bcfbe255de370f9a801177fa0dd11061a0173cd7fe4d740e3a74cc594a8c2510d03039126388730c2c73ca0db5fdad2a2021e9ea025b86dc0ba87aea5629246a4cf0f98726fcda9c89d4483 - +#close 2019-04-29-19-23-03 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path ssl -#open 2018-08-27-22-38-52 +#open 2019-04-29-19-23-03 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer client_record_version client_random client_cipher_suites server_record_version server_random server_dh_p server_dh_q server_dh_Ys server_ecdh_point server_signature_sig_alg server_signature_hash_alg server_signature server_cert_sha1 client_rsa_pms client_dh_Yc client_ecdh_point #types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string string string string string string string string string string count count string string string string string -1398529018.678827 CHhAvVGS1DHFjwGM9 192.168.18.50 56981 74.125.239.97 443 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA secp256r1 - F - - T FDy6ve1m58lwPRfhE9,FnGjwc1EVGk5x0WZk5,F2T07R1XZFCmeWafv2 (empty) CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US - - TLSv10 d170a048a025925479f1a573610851d30a1f3e7267836932797def95 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV TLSv12 5cb1fbd2e5c1f3605984d826eca11a8562b3c36d1f70fa44ba2f723c - - - 04c177ab173fed188d8455b2bd0eeac7c1fc334b5d9d38e651b6a31cbda4a7b62a4a222493711e6aec7590d27292ba300d722841ca52795ca55b9b26d12730b807 1 6 bb8ed698a89f33367af245236d1483c2caa406f61a6e3639a6483c8ed3baadaf18bfdfd967697ad29497dd7f16fde1b5d8933b6f5d72e63f0e0dfd416785a3ee3ad7b6d65e71c67c219740723695136678feaca0db5f1cd00a2f2c5b1a0b83098e796bb6539b486639ab02a288d0f0bf68123151437e1b2ef610af17993a107acfcb3791d00b509a5271ddcf60b31b202571c06ceaf51b846a0ff8fd85cf1bc99f82bb936bae69a13f81727f0810280306abb942fd80e0fdf93a51e7e036c26e429295aa60e36506ab1762d49e31152d02bd7850fcaa251219b3dde81ea5fc61c4c63b940120fa6847ccc43fad0a2ac252153254baa03b0baebb6db899ade45e e2fb0771ee6fc0d0e324bc863c02b57921257c86 - - 4104a92b630b25f4404c632dcf9cf454d1cf685a95f4d7c34e1bed244d1051c6bf9fda52edd0c840620b6ddf7941f9ee8a2684eec11a5a2131a0a3389d1e49122472 -#close 2018-08-27-22-38-52 +1398529018.678827 CHhAvVGS1DHFjwGM9 192.168.18.50 56981 74.125.239.97 443 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA secp256r1 - F - - T FDy6ve1m58lwPRfhE9,FnGjwc1EVGk5x0WZk5,F2T07R1XZFCmeWafv2 (empty) CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US - - TLSv10 d170a048a025925479f1a573610851d30a1f3e7267836932797def95 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV TLSv12 535bdbf95cb1fbd2e5c1f3605984d826eca11a8562b3c36d1f70fa44ba2f723c - - - 04c177ab173fed188d8455b2bd0eeac7c1fc334b5d9d38e651b6a31cbda4a7b62a4a222493711e6aec7590d27292ba300d722841ca52795ca55b9b26d12730b807 1 6 bb8ed698a89f33367af245236d1483c2caa406f61a6e3639a6483c8ed3baadaf18bfdfd967697ad29497dd7f16fde1b5d8933b6f5d72e63f0e0dfd416785a3ee3ad7b6d65e71c67c219740723695136678feaca0db5f1cd00a2f2c5b1a0b83098e796bb6539b486639ab02a288d0f0bf68123151437e1b2ef610af17993a107acfcb3791d00b509a5271ddcf60b31b202571c06ceaf51b846a0ff8fd85cf1bc99f82bb936bae69a13f81727f0810280306abb942fd80e0fdf93a51e7e036c26e429295aa60e36506ab1762d49e31152d02bd7850fcaa251219b3dde81ea5fc61c4c63b940120fa6847ccc43fad0a2ac252153254baa03b0baebb6db899ade45e e2fb0771ee6fc0d0e324bc863c02b57921257c86 - - 4104a92b630b25f4404c632dcf9cf454d1cf685a95f4d7c34e1bed244d1051c6bf9fda52edd0c840620b6ddf7941f9ee8a2684eec11a5a2131a0a3389d1e49122472 +#close 2019-04-29-19-23-03 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path ssl -#open 2018-08-27-22-38-52 +#open 2019-04-29-19-23-04 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer client_record_version client_random client_cipher_suites server_record_version server_random server_dh_p server_dh_q server_dh_Ys server_ecdh_point server_signature_sig_alg server_signature_hash_alg server_signature server_cert_sha1 client_rsa_pms client_dh_Yc client_ecdh_point #types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string string string string string string string string string string count count string string string string string -1170717505.549109 CHhAvVGS1DHFjwGM9 192.150.187.164 58868 194.127.84.106 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T FeCwNK3rzqPnZ7eBQ5,FfqS7r3rymnsSKq0m2 (empty) CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\\, Inc.,O=VeriSign Trust Network - - unknown-0 e6b8efdf91cf44f7eae43c83398fdcb2 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_DES_CBC_SHA,TLS_DHE_DSS_WITH_DES_CBC_SHA,SSL_RSA_FIPS_WITH_DES_CBC_SHA,TLS_RSA_WITH_DES_CBC_SHA,TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,TLS_RSA_EXPORT_WITH_RC4_40_MD5,TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLSv10 2b658d5183bbaedbf35e8f126ff926b14979cd703d242aea996a5fda - - - - - - - 2c322ae2b7fe91391345e070b63668978bb1c9da 008057aaeea52e6d030e54fa9328781fda6f8de80ed8531946bfa8adc4b51ca7502cbce62bae6949f6b865d7125e256643b5ede4dd4cf42107cfa73c418f10881edf38a75f968b507f08f9c1089ef26bfd322cf44c0b746b8e3dff731f2585dcf26abb048d55e661e1d2868ccc9c338e451c30431239f96a00e4843b6aa00ba51785 - - -1170717508.697180 ClEkJM2Vm5giqnMf4h 192.150.187.164 58869 194.127.84.106 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T FjkLnG4s34DVZlaBNc,FpMjNF4snD7UDqI5sk (empty) CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\\, Inc.,O=VeriSign Trust Network - - TLSv10 a8a2ab739a64abb4e68cfcfc3470ff6269b1a86858501fbbd1327ed8 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_DES_CBC_SHA,TLS_DHE_DSS_WITH_DES_CBC_SHA,SSL_RSA_FIPS_WITH_DES_CBC_SHA,TLS_RSA_WITH_DES_CBC_SHA,TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,TLS_RSA_EXPORT_WITH_RC4_40_MD5,TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLSv10 0fac7f7823587c68438c87876533af7b0baa2a8f1078eb8d182247e9 - - - - - - - 2c322ae2b7fe91391345e070b63668978bb1c9da 0080891c1b6b5f0ec9da1b38d5ba6efe9c0380219d1ac4e63a0e8993306cddc6944a57c9292beb5652794181f747d0e868b84dca7dfe9783d1baa2ef3bb68d929b2818c5b58b8f47663220f9781fa469fea7e7d17d410d3979aa15a7be651c9f16fbf1a04f87a95e742c3fe20ca6faf0d2e950708533fd3346e17e410f0f86c01f52 - - -1170717511.722913 C4J4Th3PJpwUYZZ6gc 192.150.187.164 58870 194.127.84.106 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T FQXAWgI2FB5STbrff,FUmSiM3TCtsyMGhcd (empty) CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\\, Inc.,O=VeriSign Trust Network - - TLSv10 240604be2f5644c8dfd2e51cc2b3a30171bd58853ed7c6e3fcd18846 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_DES_CBC_SHA,TLS_DHE_DSS_WITH_DES_CBC_SHA,SSL_RSA_FIPS_WITH_DES_CBC_SHA,TLS_RSA_WITH_DES_CBC_SHA,TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,TLS_RSA_EXPORT_WITH_RC4_40_MD5,TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLSv10 fd1b8c1308a2caac010fcb76e9bd21987d897cb6c028cdb3176d5904 - - - - - - - 2c322ae2b7fe91391345e070b63668978bb1c9da 008032a6f5fd530f342e4d5b4043765005ba018f488800f897c259b005ad2a544f5800e99812d9a6336e84b07e4595d1b8ae00a582d91804fe715c132d1bdb112e66361db80a57a441fc8ea784ea76ec44b9f3a0f9ddc29be68010ff3bcfffc285a294511991d7952cbbfee88a869818bae31f32f7099b0754d9ce75b8fea887e1b8 - - -#close 2018-08-27-22-38-52 +1170717505.549109 CHhAvVGS1DHFjwGM9 192.150.187.164 58868 194.127.84.106 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T FeCwNK3rzqPnZ7eBQ5,FfqS7r3rymnsSKq0m2 (empty) CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\\, Inc.,O=VeriSign Trust Network - - unknown-0 e6b8efdf91cf44f7eae43c83398fdcb2 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_DES_CBC_SHA,TLS_DHE_DSS_WITH_DES_CBC_SHA,SSL_RSA_FIPS_WITH_DES_CBC_SHA,TLS_RSA_WITH_DES_CBC_SHA,TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,TLS_RSA_EXPORT_WITH_RC4_40_MD5,TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLSv10 45c7bb492b658d5183bbaedbf35e8f126ff926b14979cd703d242aea996a5fda - - - - - - - 2c322ae2b7fe91391345e070b63668978bb1c9da 008057aaeea52e6d030e54fa9328781fda6f8de80ed8531946bfa8adc4b51ca7502cbce62bae6949f6b865d7125e256643b5ede4dd4cf42107cfa73c418f10881edf38a75f968b507f08f9c1089ef26bfd322cf44c0b746b8e3dff731f2585dcf26abb048d55e661e1d2868ccc9c338e451c30431239f96a00e4843b6aa00ba51785 - - +1170717508.697180 ClEkJM2Vm5giqnMf4h 192.150.187.164 58869 194.127.84.106 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T FjkLnG4s34DVZlaBNc,FpMjNF4snD7UDqI5sk (empty) CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\\, Inc.,O=VeriSign Trust Network - - TLSv10 a8a2ab739a64abb4e68cfcfc3470ff6269b1a86858501fbbd1327ed8 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_DES_CBC_SHA,TLS_DHE_DSS_WITH_DES_CBC_SHA,SSL_RSA_FIPS_WITH_DES_CBC_SHA,TLS_RSA_WITH_DES_CBC_SHA,TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,TLS_RSA_EXPORT_WITH_RC4_40_MD5,TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLSv10 45c7bb4c0fac7f7823587c68438c87876533af7b0baa2a8f1078eb8d182247e9 - - - - - - - 2c322ae2b7fe91391345e070b63668978bb1c9da 0080891c1b6b5f0ec9da1b38d5ba6efe9c0380219d1ac4e63a0e8993306cddc6944a57c9292beb5652794181f747d0e868b84dca7dfe9783d1baa2ef3bb68d929b2818c5b58b8f47663220f9781fa469fea7e7d17d410d3979aa15a7be651c9f16fbf1a04f87a95e742c3fe20ca6faf0d2e950708533fd3346e17e410f0f86c01f52 - - +1170717511.722913 C4J4Th3PJpwUYZZ6gc 192.150.187.164 58870 194.127.84.106 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T FQXAWgI2FB5STbrff,FUmSiM3TCtsyMGhcd (empty) CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\\, Inc.,O=VeriSign Trust Network - - TLSv10 240604be2f5644c8dfd2e51cc2b3a30171bd58853ed7c6e3fcd18846 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_DES_CBC_SHA,TLS_DHE_DSS_WITH_DES_CBC_SHA,SSL_RSA_FIPS_WITH_DES_CBC_SHA,TLS_RSA_WITH_DES_CBC_SHA,TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,TLS_RSA_EXPORT_WITH_RC4_40_MD5,TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLSv10 45c7bb4ffd1b8c1308a2caac010fcb76e9bd21987d897cb6c028cdb3176d5904 - - - - - - - 2c322ae2b7fe91391345e070b63668978bb1c9da 008032a6f5fd530f342e4d5b4043765005ba018f488800f897c259b005ad2a544f5800e99812d9a6336e84b07e4595d1b8ae00a582d91804fe715c132d1bdb112e66361db80a57a441fc8ea784ea76ec44b9f3a0f9ddc29be68010ff3bcfffc285a294511991d7952cbbfee88a869818bae31f32f7099b0754d9ce75b8fea887e1b8 - - +#close 2019-04-29-19-23-04 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path ssl -#open 2018-08-27-22-38-53 +#open 2019-04-29-19-23-05 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer client_record_version client_random client_cipher_suites server_record_version server_random server_dh_p server_dh_q server_dh_Ys server_ecdh_point server_signature_sig_alg server_signature_hash_alg server_signature server_cert_sha1 client_rsa_pms client_dh_Yc client_ecdh_point #types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string string string string string string string string string string count count string string string string string -1512072318.429417 CHhAvVGS1DHFjwGM9 192.168.17.58 62987 216.58.192.14 443 TLSv11 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA secp256r1 - F - - T F1uIRd10FHM79akjJ1,FBy2pg1ix88ibHSEEf,FlfUEZ3rbay3xxsd9i (empty) CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US - - TLSv10 ae1b693f91b97315fc38b4b19f600e2aff7f24ce9b11bf538b1667e5 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DH_RSA_WITH_AES_256_CBC_SHA,TLS_DH_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DH_RSA_WITH_AES_128_CBC_SHA,TLS_DH_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_SEED_CBC_SHA,TLS_DHE_DSS_WITH_SEED_CBC_SHA,TLS_DH_RSA_WITH_SEED_CBC_SHA,TLS_DH_DSS_WITH_SEED_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_SEED_CBC_SHA,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_RSA_WITH_IDEA_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDH_RSA_WITH_RC4_128_SHA,TLS_ECDH_ECDSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV TLSv11 0bdeb3f9e87d53e65a458a89d647f40fab7658f9d4a6ac93a5a65d71 - - - 04c8dd2cfb5dce034588f47acea36d8a0443857ec302c7be2974ce2a5a6d8db18e6161b1ee657dacc3b6ceb92f52dd122f0d466e01f21a39dfe35d48143e41d3cb 256 256 72abf64adf8d025394e3dddab15681f669efc25301458e20a35d2c0c8aa696992c49baca5096656dbae6acd79374aaec2c0be0b85614d8d647f4e56e956d52d959761f3a18ef80a695e6cd549ba4f2802e44983382b07d0fde27296bbb1fa72bb7ceb1b0ae1959bbcf9e4560d9771c2267518b44b9e6f472fa6b9fe6c60d41a57dc0de81d9cc57706a80e0818170e503dd44f221160096593ea2f83bd8755e0ae4a3380b5c52811eb33d95944535148bed5f16817df4b9938be40b4bc8f55f86ded30efe48a0f37fd66316fba484f62dd2f7e1c0825b59b84aa5cbee6c0fd09779023f3e5ea6e7ec337d9acc1cb831c5df5f6499ed97c1f454d31e5a323b541a b453697b78df7c522c3e2bfc889b7fa6674903ca - - 4104887d740719eb306e32bf94ba4b9bf31ecabf9cca860e12f7fa55ac95c6676b0da90513aa453b18b82bf424bf2654a72a46b8d3d19210502a88381ba146533792 -#close 2018-08-27-22-38-53 +1512072318.429417 CHhAvVGS1DHFjwGM9 192.168.17.58 62987 216.58.192.14 443 TLSv11 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA secp256r1 - F - - T F1uIRd10FHM79akjJ1,FBy2pg1ix88ibHSEEf,FlfUEZ3rbay3xxsd9i (empty) CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US - - TLSv10 ae1b693f91b97315fc38b4b19f600e2aff7f24ce9b11bf538b1667e5 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DH_RSA_WITH_AES_256_CBC_SHA,TLS_DH_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DH_RSA_WITH_AES_128_CBC_SHA,TLS_DH_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_SEED_CBC_SHA,TLS_DHE_DSS_WITH_SEED_CBC_SHA,TLS_DH_RSA_WITH_SEED_CBC_SHA,TLS_DH_DSS_WITH_SEED_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_SEED_CBC_SHA,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_RSA_WITH_IDEA_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDH_RSA_WITH_RC4_128_SHA,TLS_ECDH_ECDSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV TLSv11 5a20647e0bdeb3f9e87d53e65a458a89d647f40fab7658f9d4a6ac93a5a65d71 - - - 04c8dd2cfb5dce034588f47acea36d8a0443857ec302c7be2974ce2a5a6d8db18e6161b1ee657dacc3b6ceb92f52dd122f0d466e01f21a39dfe35d48143e41d3cb 256 256 72abf64adf8d025394e3dddab15681f669efc25301458e20a35d2c0c8aa696992c49baca5096656dbae6acd79374aaec2c0be0b85614d8d647f4e56e956d52d959761f3a18ef80a695e6cd549ba4f2802e44983382b07d0fde27296bbb1fa72bb7ceb1b0ae1959bbcf9e4560d9771c2267518b44b9e6f472fa6b9fe6c60d41a57dc0de81d9cc57706a80e0818170e503dd44f221160096593ea2f83bd8755e0ae4a3380b5c52811eb33d95944535148bed5f16817df4b9938be40b4bc8f55f86ded30efe48a0f37fd66316fba484f62dd2f7e1c0825b59b84aa5cbee6c0fd09779023f3e5ea6e7ec337d9acc1cb831c5df5f6499ed97c1f454d31e5a323b541a b453697b78df7c522c3e2bfc889b7fa6674903ca - - 4104887d740719eb306e32bf94ba4b9bf31ecabf9cca860e12f7fa55ac95c6676b0da90513aa453b18b82bf424bf2654a72a46b8d3d19210502a88381ba146533792 +#close 2019-04-29-19-23-05 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path ssl -#open 2018-08-27-22-38-54 +#open 2019-04-29-19-23-06 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer client_record_version client_random client_cipher_suites server_record_version server_random server_dh_p server_dh_q server_dh_Ys server_ecdh_point server_signature_sig_alg server_signature_hash_alg server_signature server_cert_sha1 client_rsa_pms client_dh_Yc client_ecdh_point #types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string string string string string string string string string string count count string string string string string -1425932016.520029 CHhAvVGS1DHFjwGM9 192.168.6.86 63721 104.236.167.107 4433 DTLSv10 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA secp256r1 - F - - T FZi2Ct2AcCswhiIjKe (empty) CN=bro CN=bro - - DTLSv10 543f24d1a377e53b63d935157e76c81e2067b1333bccaad6c24ce92d TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DH_RSA_WITH_AES_256_CBC_SHA,TLS_DH_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DH_RSA_WITH_AES_128_CBC_SHA,TLS_DH_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_SEED_CBC_SHA,TLS_DHE_DSS_WITH_SEED_CBC_SHA,TLS_DH_RSA_WITH_SEED_CBC_SHA,TLS_DH_DSS_WITH_SEED_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_SEED_CBC_SHA,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_RSA_WITH_IDEA_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_DES_CBC_SHA,TLS_DHE_DSS_WITH_DES_CBC_SHA,TLS_DH_RSA_WITH_DES_CBC_SHA,TLS_DH_DSS_WITH_DES_CBC_SHA,TLS_RSA_WITH_DES_CBC_SHA,TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,TLS_EMPTY_RENEGOTIATION_INFO_SCSV DTLSv10 e29e9780bd73e567dba0ae66ed5b7fb1ee86efba4b09f98bd7b03ad2 - - - 043c5e4b4508b840ef8ac34f592fba8716445aeb9ab2028695541ea62eb79b735da9dbfdbdd01a7beab2c832a633b7fd1ce278659355d7b8a1c88503bfb938b7ef 256 256 17569f292088d5383ffa009ffd5ae4a34b5aec68a206d68eea910b808831c098e5385b2fcf49bbd5df914d2b9d7efcd67a493c324daf48c929bdb3838e56fef25d67f45d6f03f7b195a9d688ec5efe96f1ffe0d88e73458b87175fac7073ca8d8e340657e805cb1e91db02ee687fe5ce37c57fb177368bf3ac787971591a67eaf1880eabac8307ec74e269539b9894781c0026ea61101dafbac1995bc32d39584a03ef82d413731df06dae085dc5984b7fcbedd860715fb84ebb75e74406b88bee23533eba46fe5b3f0936c130e262dcc48d3809f5e208719a70a2a918c0e9fe60b4e992ac555048ff6c2cd077ca2afdc0c36cde432a38c1058fb6bd9cb2cc39 fa6d780625219f5e1ae0b4c863e8321328241134 - - 4104093d316a7b6bdfdbc28c02516e145b8f52881cbb7a5f327e3d0967fc4303617d03d423277420024e6f89b9ab16414681d47a221998a2ba85c4e2f625a0ad7c49 -#close 2018-08-27-22-38-54 +1425932016.520029 CHhAvVGS1DHFjwGM9 192.168.6.86 63721 104.236.167.107 4433 DTLSv10 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA secp256r1 - F - - T FZi2Ct2AcCswhiIjKe (empty) CN=bro CN=bro - - DTLSv10 543f24d1a377e53b63d935157e76c81e2067b1333bccaad6c24ce92d TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DH_RSA_WITH_AES_256_CBC_SHA,TLS_DH_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DH_RSA_WITH_AES_128_CBC_SHA,TLS_DH_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_SEED_CBC_SHA,TLS_DHE_DSS_WITH_SEED_CBC_SHA,TLS_DH_RSA_WITH_SEED_CBC_SHA,TLS_DH_DSS_WITH_SEED_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_SEED_CBC_SHA,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_RSA_WITH_IDEA_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_DES_CBC_SHA,TLS_DHE_DSS_WITH_DES_CBC_SHA,TLS_DH_RSA_WITH_DES_CBC_SHA,TLS_DH_DSS_WITH_DES_CBC_SHA,TLS_RSA_WITH_DES_CBC_SHA,TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,TLS_EMPTY_RENEGOTIATION_INFO_SCSV DTLSv10 54fdfee7e29e9780bd73e567dba0ae66ed5b7fb1ee86efba4b09f98bd7b03ad2 - - - 043c5e4b4508b840ef8ac34f592fba8716445aeb9ab2028695541ea62eb79b735da9dbfdbdd01a7beab2c832a633b7fd1ce278659355d7b8a1c88503bfb938b7ef 256 256 17569f292088d5383ffa009ffd5ae4a34b5aec68a206d68eea910b808831c098e5385b2fcf49bbd5df914d2b9d7efcd67a493c324daf48c929bdb3838e56fef25d67f45d6f03f7b195a9d688ec5efe96f1ffe0d88e73458b87175fac7073ca8d8e340657e805cb1e91db02ee687fe5ce37c57fb177368bf3ac787971591a67eaf1880eabac8307ec74e269539b9894781c0026ea61101dafbac1995bc32d39584a03ef82d413731df06dae085dc5984b7fcbedd860715fb84ebb75e74406b88bee23533eba46fe5b3f0936c130e262dcc48d3809f5e208719a70a2a918c0e9fe60b4e992ac555048ff6c2cd077ca2afdc0c36cde432a38c1058fb6bd9cb2cc39 fa6d780625219f5e1ae0b4c863e8321328241134 - - 4104093d316a7b6bdfdbc28c02516e145b8f52881cbb7a5f327e3d0967fc4303617d03d423277420024e6f89b9ab16414681d47a221998a2ba85c4e2f625a0ad7c49 +#close 2019-04-29-19-23-06 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path ssl -#open 2018-08-27-22-38-54 +#open 2019-04-29-19-23-07 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer client_record_version client_random client_cipher_suites server_record_version server_random server_dh_p server_dh_q server_dh_Ys server_ecdh_point server_signature_sig_alg server_signature_hash_alg server_signature server_cert_sha1 client_rsa_pms client_dh_Yc client_ecdh_point #types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string string string string string string string string string string count count string string string string string -1512070268.982498 CHhAvVGS1DHFjwGM9 192.168.17.58 60934 165.227.57.17 4400 DTLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 secp256r1 - F - - T Fox0Fc3MY8kLKfhNK6 (empty) O=Internet Widgits Pty Ltd,ST=Some-State,C=AU O=Internet Widgits Pty Ltd,ST=Some-State,C=AU - - DTLSv12 e701fd74cac15bdb8d0fb735dca354f8e4cc1e65944f8d443a1af9b2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_DH_DSS_WITH_AES_256_GCM_SHA384,TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,TLS_DH_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_DH_RSA_WITH_AES_256_CBC_SHA256,TLS_DH_DSS_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DH_RSA_WITH_AES_256_CBC_SHA,TLS_DH_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_DH_DSS_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_DH_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DH_RSA_WITH_AES_128_CBC_SHA256,TLS_DH_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DH_RSA_WITH_AES_128_CBC_SHA,TLS_DH_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_SEED_CBC_SHA,TLS_DHE_DSS_WITH_SEED_CBC_SHA,TLS_DH_RSA_WITH_SEED_CBC_SHA,TLS_DH_DSS_WITH_SEED_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_SEED_CBC_SHA,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_RSA_WITH_IDEA_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV DTLSv12 1fea3e397e8a4533a9f4fd6e82cd650533269d28dc7b2d62496dc490 - - - 049e5bb8781f90c66cae6b86d7a74977bccd02963bb55631fe7d916ba91c9af9a9562dec1c71b66005503523fbb72a95874bc77394aed429093ad69d7971fb13a9 1 6 e55f866f29d42c23dc5e87acaccff3fd5da17f001fbfcc1060188cc4351101bb53355ee7015edec32874dad840669578101ec98f898b87d1ce5f045ed990e1655dc9562dc83193ec2b6fbcb9410af9efd6d04c434d29cf809ee0be4bde51674ccfc2c662f76a6c2092cae471c0560f3cc358ed4211b8c6da4f2350ed479f82da84ec6d072e2b31cc0b982c2181af2066b502f5cb1b2e6becdd1e8bbd897a1038939121491c39294e3b584b618d5f9ae7dbc4b36b1a6ac99b92799ab2c8600f1698423bdde64e7476db84afaef919655f6b3dda48400995cf9334564ba70606004d805f4d9aeb4f0df42cea6034d42261d03544efeee721204c30de62268a217c 1cb43b5f1de3fe36d595da76210bbf5572a721be - - 41049c7a642fbbd5847c306ee295360442e353d78aef43297523f92be70b68b882ac708aefcb7a224b34130d6c6041030e5b62fc3def72d7774fd61043a0a430a416 -#close 2018-08-27-22-38-54 +1512070268.982498 CHhAvVGS1DHFjwGM9 192.168.17.58 60934 165.227.57.17 4400 DTLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 secp256r1 - F - - T Fox0Fc3MY8kLKfhNK6 (empty) O=Internet Widgits Pty Ltd,ST=Some-State,C=AU O=Internet Widgits Pty Ltd,ST=Some-State,C=AU - - DTLSv12 e701fd74cac15bdb8d0fb735dca354f8e4cc1e65944f8d443a1af9b2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_DH_DSS_WITH_AES_256_GCM_SHA384,TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,TLS_DH_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_DH_RSA_WITH_AES_256_CBC_SHA256,TLS_DH_DSS_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DH_RSA_WITH_AES_256_CBC_SHA,TLS_DH_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_DH_DSS_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_DH_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DH_RSA_WITH_AES_128_CBC_SHA256,TLS_DH_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DH_RSA_WITH_AES_128_CBC_SHA,TLS_DH_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_SEED_CBC_SHA,TLS_DHE_DSS_WITH_SEED_CBC_SHA,TLS_DH_RSA_WITH_SEED_CBC_SHA,TLS_DH_DSS_WITH_SEED_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_SEED_CBC_SHA,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_RSA_WITH_IDEA_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV DTLSv12 07c5aefa1fea3e397e8a4533a9f4fd6e82cd650533269d28dc7b2d62496dc490 - - - 049e5bb8781f90c66cae6b86d7a74977bccd02963bb55631fe7d916ba91c9af9a9562dec1c71b66005503523fbb72a95874bc77394aed429093ad69d7971fb13a9 1 6 e55f866f29d42c23dc5e87acaccff3fd5da17f001fbfcc1060188cc4351101bb53355ee7015edec32874dad840669578101ec98f898b87d1ce5f045ed990e1655dc9562dc83193ec2b6fbcb9410af9efd6d04c434d29cf809ee0be4bde51674ccfc2c662f76a6c2092cae471c0560f3cc358ed4211b8c6da4f2350ed479f82da84ec6d072e2b31cc0b982c2181af2066b502f5cb1b2e6becdd1e8bbd897a1038939121491c39294e3b584b618d5f9ae7dbc4b36b1a6ac99b92799ab2c8600f1698423bdde64e7476db84afaef919655f6b3dda48400995cf9334564ba70606004d805f4d9aeb4f0df42cea6034d42261d03544efeee721204c30de62268a217c 1cb43b5f1de3fe36d595da76210bbf5572a721be - - 41049c7a642fbbd5847c306ee295360442e353d78aef43297523f92be70b68b882ac708aefcb7a224b34130d6c6041030e5b62fc3def72d7774fd61043a0a430a416 +#close 2019-04-29-19-23-07 diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2-random/.stdout b/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2-random/.stdout index 85bc19633e..7482c0c3b4 100644 --- a/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2-random/.stdout +++ b/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2-random/.stdout @@ -1,2 +1,2 @@ 8\xd0U@\xf1\xaamI\xb5SE\x0b\x82\xa4\xe0\x9eG\xf3\xdd\x1f\xeey\xa6[\xcc\xd7\x04\x90 -\xa7\x02\xf4'&\x05]|c\x83KN\xb0\x0e6F\xbez\xbb\x0ey\xbf\x0f\x85p\x83\x8dX +R\xc1\xf4\xef\xa7\x02\xf4'&\x05]|c\x83KN\xb0\x0e6F\xbez\xbb\x0ey\xbf\x0f\x85p\x83\x8dX diff --git a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log index 9182b8f999..3c02e20a80 100644 --- a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log +++ b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log @@ -834,7 +834,7 @@ [1] version: count = 771 [2] record_version: count = 771 [3] possible_ts: time = 1437831799.0 - [4] server_random: string = \xe2RB\xdds\x11\xa9\xd4\x1d\xbc\x8e\xe2]\x09\xc5\xfc\xb1\xedl\xed\x17\xb2?a\xac\x81QM + [4] server_random: string = U\xb3\x92w\xe2RB\xdds\x11\xa9\xd4\x1d\xbc\x8e\xe2]\x09\xc5\xfc\xb1\xedl\xed\x17\xb2?a\xac\x81QM [5] session_id: string = \x17x\xe5j\x19T\x12vWY\xcf\xf3\xeai\\xdf\x09[]\xb7\xdf.[\x0e\x04\xa8\x89bJ\x94\xa7\x0c [6] cipher: count = 4 [7] comp_method: count = 0 From b9dad026150a74d145fe5fd1450301ffcd038cda Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 14 Jun 2017 07:23:37 -0700 Subject: [PATCH 044/247] Reimplement copy(). The old implementation used the serialization framework, which is going away. This is a new standalone implementation that should also be quite a bit faster. WIP: Not fully implemented and tested yet. --- src/Val.cc | 203 ++++++++++++++++++--- src/Val.h | 38 +++- testing/btest/language/copy-all-types.zeek | 27 +++ 3 files changed, 244 insertions(+), 24 deletions(-) create mode 100644 testing/btest/language/copy-all-types.zeek diff --git a/src/Val.cc b/src/Val.cc index 340cef6bb5..fe83c8d583 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -72,31 +72,59 @@ Val::~Val() #endif } -Val* Val::Clone() const +Val* Val::Clone() { - SerializationFormat* form = new BinarySerializationFormat(); - form->StartWrite(); - - CloneSerializer ss(form); - SerialInfo sinfo(&ss); - sinfo.cache = false; - sinfo.include_locations = false; - - if ( ! this->Serialize(&sinfo) ) - return 0; - - char* data; - uint32 len = form->EndWrite(&data); - form->StartRead(data, len); - - UnserialInfo uinfo(&ss); - uinfo.cache = false; - Val* clone = Unserialize(&uinfo, type); - - free(data); - return clone; + Val::CloneState state; + return Clone(&state); } +Val* Val::Clone(CloneState* state) + { + auto i = state->clones.find(this); + + if ( i != state->clones.end() ) + return i->second->Ref(); + + auto c = DoClone(state); + assert(c); + + state->clones.insert(std::make_pair(this, c)); + return c; + } + +Val* Val::DoClone(CloneState* state) + { + switch ( type->InternalType() ) { + case TYPE_INTERNAL_INT: + case TYPE_INTERNAL_UNSIGNED: + case TYPE_INTERNAL_DOUBLE: + // Immutable. + return Ref(); + + case TYPE_INTERNAL_OTHER: + // Derived classes are responsible for this. Exception: + // Functions and files. There aren't any derived classes. + if ( type->Tag() == TYPE_FUNC ) + // Immutable. + return Ref(); + + if ( type->Tag() == TYPE_FILE ) + { + auto f = AsFile(); + ::Ref(f); + return new Val(f); + } + + // Fall-through. + + default: + reporter->InternalError("cloning illegal base type"); + } + + reporter->InternalError("cannot be reached"); + return nullptr; + } + bool Val::Serialize(SerialInfo* info) const { return SerialObj::Serialize(info); @@ -862,6 +890,12 @@ void PortVal::ValDescribe(ODesc* d) const d->Add("/unknown"); } +Val* PortVal::DoClone(CloneState* state) + { + // Immutable. + return Ref(); + } + IMPLEMENT_SERIAL(PortVal, SER_PORT_VAL); bool PortVal::DoSerialize(SerialInfo* info) const @@ -920,6 +954,12 @@ Val* AddrVal::SizeVal() const return val_mgr->GetCount(128); } +Val* AddrVal::DoClone(CloneState* state) + { + // Immutable. + return Ref(); + } + IMPLEMENT_SERIAL(AddrVal, SER_ADDR_VAL); bool AddrVal::DoSerialize(SerialInfo* info) const @@ -1044,6 +1084,12 @@ bool SubNetVal::Contains(const IPAddr& addr) const return val.subnet_val->Contains(a); } +Val* SubNetVal::DoClone(CloneState* state) + { + // Immutable. + return Ref(); + } + IMPLEMENT_SERIAL(SubNetVal, SER_SUBNET_VAL); bool SubNetVal::DoSerialize(SerialInfo* info) const @@ -1100,6 +1146,11 @@ unsigned int StringVal::MemoryAllocation() const return padded_sizeof(*this) + val.string_val->MemoryAllocation(); } +Val* StringVal::DoClone(CloneState* state) + { + return new StringVal(new BroString((u_char*) val.string_val->Bytes(), val.string_val->Len(), 1)); + } + IMPLEMENT_SERIAL(StringVal, SER_STRING_VAL); bool StringVal::DoSerialize(SerialInfo* info) const @@ -1162,6 +1213,13 @@ unsigned int PatternVal::MemoryAllocation() const return padded_sizeof(*this) + val.re_val->MemoryAllocation(); } +Val* PatternVal::DoClone(CloneState* state) + { + // TODO: Double-check + auto re = new RE_Matcher(val.re_val->PatternText(), val.re_val->AnywherePatternText()); + return new PatternVal(re); + } + IMPLEMENT_SERIAL(PatternVal, SER_PATTERN_VAL); bool PatternVal::DoSerialize(SerialInfo* info) const @@ -1260,6 +1318,16 @@ void ListVal::Describe(ODesc* d) const } } +Val* ListVal::DoClone(CloneState* state) + { + auto lv = new ListVal(tag); + + loop_over_list(vals, i) + lv->Append(vals[i]->Clone(state)); + + return lv; + } + IMPLEMENT_SERIAL(ListVal, SER_LIST_VAL); bool ListVal::DoSerialize(SerialInfo* info) const @@ -2498,6 +2566,55 @@ void TableVal::ReadOperation(Val* index, TableEntryVal* v) } } +Val* TableVal::DoClone(CloneState* state) + { + auto tv = new TableVal(table_type); + + const PDict(TableEntryVal)* tbl = AsTable(); + IterCookie* cookie = tbl->InitForIteration(); + + HashKey* key; + TableEntryVal* val; + while ( (val = tbl->NextEntry(key, cookie)) ) + { + Val* idx = RecoverIndex(key); + TableEntryVal* nval = val ? new TableEntryVal(*val) : nullptr; + tv->AsNonConstTable()->Insert(key, nval); + + if ( subnets ) + { + tv->subnets->Insert(idx, nval); + Unref(idx); + } + + delete key; + } + + if ( attrs ) + { + ::Ref(attrs); + tv->attrs = attrs; + } + + if ( expire_time ) + { + tv->expire_time = expire_time->Ref(); + + // As network_time is not necessarily initialized yet, we set + // a timer which fires immediately. + timer = new TableValTimer(this, 1); + timer_mgr->Add(timer); + } + + if ( expire_func ) + tv->expire_func = expire_func->Ref(); + + if ( def_val ) + tv->def_val = def_val->Ref(); + + return tv; + } + IMPLEMENT_SERIAL(TableVal, SER_TABLE_VAL); // This is getting rather complex due to the ability to suspend even within @@ -3052,7 +3169,7 @@ void RecordVal::Describe(ODesc* d) const void RecordVal::DescribeReST(ODesc* d) const { const val_list* vl = AsRecord(); - int n = vl->length(); + int n = vl->length(); d->Add("{"); d->PushIndent(); @@ -3077,6 +3194,21 @@ void RecordVal::DescribeReST(ODesc* d) const d->Add("}"); } +Val* RecordVal::DoClone(CloneState* state) + { + // TODO: We leave origin unset, ok? + ::Ref(record_type); + auto rv = new RecordVal(record_type); + + loop_over_list(*val.val_list_val, i) + { + Val* v = (*val.val_list_val)[i]->Clone(state); + rv->val.val_list_val->append(v); + } + + return nullptr; + } + IMPLEMENT_SERIAL(RecordVal, SER_RECORD_VAL); bool RecordVal::DoSerialize(SerialInfo* info) const @@ -3193,6 +3325,12 @@ void EnumVal::ValDescribe(ODesc* d) const d->Add(ename); } +Val* EnumVal::DoClone(CloneState* state) + { + // Immutable. + return Ref(); + } + IMPLEMENT_SERIAL(EnumVal, SER_ENUM_VAL); bool EnumVal::DoSerialize(SerialInfo* info) const @@ -3378,6 +3516,19 @@ bool VectorVal::RemoveProperties(Properties arg_props) return true; } + +Val* VectorVal::DoClone(CloneState* state) + { + auto vv = new VectorVal(vector_type); + for ( unsigned int i = 0; i < val.vector_val->size(); ++i ) + { + auto v = (*val.vector_val)[i]->Clone(state); + vv->val.vector_val->push_back(v); + } + + return vv; + } + IMPLEMENT_SERIAL(VectorVal, SER_VECTOR_VAL); bool VectorVal::DoSerialize(SerialInfo* info) const @@ -3450,6 +3601,12 @@ OpaqueVal::~OpaqueVal() { } +Val* OpaqueVal::DoClone(CloneState* state) + { + // TODO + return nullptr; + } + IMPLEMENT_SERIAL(OpaqueVal, SER_OPAQUE_VAL); bool OpaqueVal::DoSerialize(SerialInfo* info) const diff --git a/src/Val.h b/src/Val.h index 63e790848d..5104c1933e 100644 --- a/src/Val.h +++ b/src/Val.h @@ -172,7 +172,7 @@ public: ~Val() override; Val* Ref() { ::Ref(this); return this; } - virtual Val* Clone() const; + Val* Clone(); int IsZero() const; int IsOne() const; @@ -370,6 +370,9 @@ public: protected: friend class EnumType; + friend class ListVal; + friend class RecordVal; + friend class VectorVal; friend class ValManager; virtual void ValDescribe(ODesc* d) const; @@ -419,6 +422,14 @@ protected: static Val* Unserialize(UnserialInfo* info, TypeTag type, const BroType* exact_type); + // For internal use by the Val::Clone() methods. + struct CloneState { + std::unordered_map clones; + }; + + Val* Clone(CloneState* state); + virtual Val* DoClone(CloneState* state); + BroValUnion val; BroType* type; @@ -639,6 +650,7 @@ protected: PortVal(uint32 p, bool unused); void ValDescribe(ODesc* d) const override; + Val* DoClone(CloneState* state) override; DECLARE_SERIAL(PortVal); }; @@ -664,6 +676,8 @@ protected: explicit AddrVal(TypeTag t) : Val(t) { } explicit AddrVal(BroType* t) : Val(t) { } + Val* DoClone(CloneState* state) override; + DECLARE_SERIAL(AddrVal); }; @@ -692,6 +706,7 @@ protected: SubNetVal() {} void ValDescribe(ODesc* d) const override; + Val* DoClone(CloneState* state) override; DECLARE_SERIAL(SubNetVal); }; @@ -724,6 +739,7 @@ protected: StringVal() {} void ValDescribe(ODesc* d) const override; + Val* DoClone(CloneState* state) override; DECLARE_SERIAL(StringVal); }; @@ -744,6 +760,7 @@ protected: PatternVal() {} void ValDescribe(ODesc* d) const override; + Val* DoClone(CloneState* state) override; DECLARE_SERIAL(PatternVal); }; @@ -789,6 +806,8 @@ protected: friend class Val; ListVal() {} + Val* DoClone(CloneState* state) override; + DECLARE_SERIAL(ListVal); val_list vals; @@ -806,6 +825,15 @@ public: expire_access_time = last_read_update = int(network_time - bro_start_network_time); } + + TableEntryVal(const TableEntryVal& other) + { + val = other.val->Ref(); + last_access_time = other.last_access_time; + expire_access_time = other.expire_access_time; + last_read_update = other.last_read_update; + } + ~TableEntryVal() { } Val* Value() { return val; } @@ -997,6 +1025,8 @@ protected: // Propagates a read operation if necessary. void ReadOperation(Val* index, TableEntryVal *v); + Val* DoClone(CloneState* state) override; + DECLARE_SERIAL(TableVal); TableType* table_type; @@ -1069,6 +1099,8 @@ protected: bool AddProperties(Properties arg_state) override; bool RemoveProperties(Properties arg_state) override; + Val* DoClone(CloneState* state) override; + DECLARE_SERIAL(RecordVal); RecordType* record_type; @@ -1100,6 +1132,7 @@ protected: EnumVal() {} void ValDescribe(ODesc* d) const override; + Val* DoClone(CloneState* state) override; DECLARE_SERIAL(EnumVal); }; @@ -1160,6 +1193,7 @@ protected: bool AddProperties(Properties arg_state) override; bool RemoveProperties(Properties arg_state) override; void ValDescribe(ODesc* d) const override; + Val* DoClone(CloneState* state) override; DECLARE_SERIAL(VectorVal); @@ -1178,6 +1212,8 @@ protected: friend class Val; OpaqueVal() { } + Val* DoClone(CloneState* state) override; + DECLARE_SERIAL(OpaqueVal); }; diff --git a/testing/btest/language/copy-all-types.zeek b/testing/btest/language/copy-all-types.zeek new file mode 100644 index 0000000000..e39308b8e0 --- /dev/null +++ b/testing/btest/language/copy-all-types.zeek @@ -0,0 +1,27 @@ +# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: btest-diff out + +function check(o1: any, o2: any, equal: bool, expect_same: bool) + { + local expect_msg = (equal ? "ok" : "FAIL0"); + local same = same_object(o1, o2); + + if ( expect_same && ! same ) + expect_msg = "FAIL1"; + + if ( ! expect_same && same ) + expect_msg = "FAIL2"; + + print fmt("orig=%s (%s) clone=%s (%s) equal=%s same_object=%s (%s)", o1, type_name(o1), o2, type_name(o2), equal, same, expect_msg); + } + +event zeek_init() + { + local i1 = -42; + local i2 = copy(i1); + check(i1, i2, i1 == i2, T); + + local s1 = "Foo"; + local s2 = copy(s1); + check(s1, s2, s1 == s2, F); + } From f7c1cde7c7fe05eda68bfc24e7f0873c53d84315 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 29 Apr 2019 18:09:29 -0700 Subject: [PATCH 045/247] Remove 'dns_resolver' option, replace w/ ZEEK_DNS_RESOLVER env. var. The later simply doesn't work well in conjunction with hostname literals. i.e. "google.com" (without quotes) needs to be resolved to a set of addresses at parse-time, so if a user wishes to use a custom resolver, we need that to be configured independently from the order in which scripts get parsed. Configuring 'dns_resolver' via scripting "redef" is clearly dependent on parse order. Note 'dns_resolver' hasn't been in any release version yet, so I'm removing it outright, no deprecation. The ZEEK_DNS_RESOLVER environment variable now serves the original purpose. --- doc | 2 +- scripts/base/init-bare.zeek | 6 ---- src/DNS_Mgr.cc | 55 ++++++++++++++++++------------------- src/DNS_Mgr.h | 1 + src/main.cc | 1 + 5 files changed, 29 insertions(+), 36 deletions(-) diff --git a/doc b/doc index 073bb08473..856db2bb40 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit 073bb08473b8172b8bb175e0702204f15f522392 +Subproject commit 856db2bb4014d15a94cb336d7e5e8ca1d4627b1e diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek index 86e3317931..7c4fe2e5b8 100644 --- a/scripts/base/init-bare.zeek +++ b/scripts/base/init-bare.zeek @@ -3743,12 +3743,6 @@ global dns_skip_all_addl = T &redef; ## traffic and do not process it. Set to 0 to turn off this functionality. global dns_max_queries = 25 &redef; -## The address of the DNS resolver to use. If not changed from the -## unspecified address, ``[::]``, the first nameserver from /etc/resolv.conf -## gets used (IPv6 is currently only supported if set via this option, not -## when parsed from the file). -const dns_resolver = [::] &redef; - ## HTTP session statistics. ## ## .. zeek:see:: http_stats diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index 2fff6903b0..aa5bbdc849 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -388,6 +388,7 @@ DNS_Mgr::DNS_Mgr(DNS_MgrMode arg_mode) num_requests = 0; successful = 0; failed = 0; + nb_dns = nullptr; } DNS_Mgr::~DNS_Mgr() @@ -399,16 +400,21 @@ DNS_Mgr::~DNS_Mgr() delete [] dir; } -void DNS_Mgr::InitPostScript() +void DNS_Mgr::Init() { if ( did_init ) return; - auto dns_resolver_id = global_scope()->Lookup("dns_resolver"); - auto dns_resolver_addr = dns_resolver_id->ID_Val()->AsAddr(); + // Note that Init() may be called by way of LookupHost() during the act of + // parsing a hostname literal (e.g. google.com), so we can't use a + // script-layer option to configure the DNS resolver as it may not be + // configured to the user's desired address at the time when we need to to + // the lookup. + auto dns_resolver = getenv("ZEEK_DNS_RESOLVER"); + auto dns_resolver_addr = dns_resolver ? IPAddr(dns_resolver) : IPAddr(); char err[NB_DNS_ERRSIZE]; - if ( dns_resolver_addr == IPAddr("::") ) + if ( dns_resolver_addr == IPAddr() ) nb_dns = nb_dns_init(err); else { @@ -433,19 +439,11 @@ void DNS_Mgr::InitPostScript() if ( ! nb_dns ) reporter->Warning("problem initializing NB-DNS: %s", err); - const char* cache_dir = dir ? dir : "."; - - if ( mode == DNS_PRIME && ! ensure_dir(cache_dir) ) - { - did_init = 0; - return; - } - - cache_name = new char[strlen(cache_dir) + 64]; - sprintf(cache_name, "%s/%s", cache_dir, ".bro-dns-cache"); - - LoadCache(fopen(cache_name, "r")); + did_init = true; + } +void DNS_Mgr::InitPostScript() + { dns_mapping_valid = internal_handler("dns_mapping_valid"); dns_mapping_unverified = internal_handler("dns_mapping_unverified"); dns_mapping_new_name = internal_handler("dns_mapping_new_name"); @@ -455,14 +453,18 @@ void DNS_Mgr::InitPostScript() dm_rec = internal_type("dns_mapping")->AsRecordType(); - did_init = 1; - + // Registering will call Init() iosource_mgr->Register(this, true); // We never set idle to false, having the main loop only calling us from // time to time. If we're issuing more DNS requests than we can handle // in this way, we are having problems anyway ... SetIdle(true); + + const char* cache_dir = dir ? dir : "."; + cache_name = new char[strlen(cache_dir) + 64]; + sprintf(cache_name, "%s/%s", cache_dir, ".bro-dns-cache"); + LoadCache(fopen(cache_name, "r")); } static TableVal* fake_name_lookup_result(const char* name) @@ -497,12 +499,11 @@ TableVal* DNS_Mgr::LookupHost(const char* name) if ( mode == DNS_FAKE ) return fake_name_lookup_result(name); + Init(); + if ( ! nb_dns ) return empty_addr_set(); - if ( ! did_init ) - Init(); - if ( mode != DNS_PRIME ) { HostMap::iterator it = host_mappings.find(name); @@ -553,8 +554,7 @@ TableVal* DNS_Mgr::LookupHost(const char* name) Val* DNS_Mgr::LookupAddr(const IPAddr& addr) { - if ( ! did_init ) - Init(); + Init(); if ( mode != DNS_PRIME ) { @@ -1072,8 +1072,7 @@ static void resolve_lookup_cb(DNS_Mgr::LookupCallback* callback, void DNS_Mgr::AsyncLookupAddr(const IPAddr& host, LookupCallback* callback) { - if ( ! did_init ) - Init(); + Init(); if ( mode == DNS_FAKE ) { @@ -1111,8 +1110,7 @@ void DNS_Mgr::AsyncLookupAddr(const IPAddr& host, LookupCallback* callback) void DNS_Mgr::AsyncLookupName(const string& name, LookupCallback* callback) { - if ( ! did_init ) - Init(); + Init(); if ( mode == DNS_FAKE ) { @@ -1150,8 +1148,7 @@ void DNS_Mgr::AsyncLookupName(const string& name, LookupCallback* callback) void DNS_Mgr::AsyncLookupNameText(const string& name, LookupCallback* callback) { - if ( ! did_init ) - Init(); + Init(); if ( mode == DNS_FAKE ) { diff --git a/src/DNS_Mgr.h b/src/DNS_Mgr.h index 0358ceba18..8da64097e4 100644 --- a/src/DNS_Mgr.h +++ b/src/DNS_Mgr.h @@ -136,6 +136,7 @@ protected: iosource::FD_Set* except) override; double NextTimestamp(double* network_time) override; void Process() override; + void Init() override; const char* Tag() override { return "DNS_Mgr"; } DNS_MgrMode mode; diff --git a/src/main.cc b/src/main.cc index af29b1e7d7..6a29756bc7 100644 --- a/src/main.cc +++ b/src/main.cc @@ -215,6 +215,7 @@ void usage(int code = 1) fprintf(stderr, " $BRO_LOG_SUFFIX | ASCII log file extension (.%s)\n", logging::writer::Ascii::LogExt().c_str()); fprintf(stderr, " $BRO_PROFILER_FILE | Output file for script execution statistics (not set)\n"); fprintf(stderr, " $BRO_DISABLE_BROXYGEN | Disable Zeexygen documentation support (%s)\n", getenv("BRO_DISABLE_BROXYGEN") ? "set" : "not set"); + fprintf(stderr, " $ZEEK_DNS_RESOLVER | IPv4/IPv6 address of DNS resolver to use (%s)\n", getenv("ZEEK_DNS_RESOLVER") ? getenv("ZEEK_DNS_RESOLVER") : "not set, will use first IPv4 address from /etc/resolv.conf"); fprintf(stderr, "\n"); From 9a461d26e41f42a3f8f461743120f4d06eb9e6ca Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 29 Apr 2019 18:32:13 -0700 Subject: [PATCH 046/247] Updating CHANGES and VERSION. --- CHANGES | 4 ++++ NEWS | 4 ++++ VERSION | 2 +- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 18e2d85a74..d082638796 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.6-250 | 2019-04-29 18:09:29 -0700 + + * Remove 'dns_resolver' option, replace w/ ZEEK_DNS_RESOLVER env. var. (Jon Siwek, Corelight) + 2.6-249 | 2019-04-26 19:26:44 -0700 * Fix parsing of hybrid IPv6-IPv4 addr literals with no zero compression (Jon Siwek, Corelight) diff --git a/NEWS b/NEWS index b93aa2300b..ac489af4e8 100644 --- a/NEWS +++ b/NEWS @@ -72,6 +72,10 @@ New Functionality (capital for originator, lowercase responder) to indicate a content gap in the TCP stream. These are recorded logarithmically. +- The ``ZEEK_DNS_RESOLVER`` environment variable now controls + the DNS resolver to use by setting it to an IPv4 or IPv6 address. If + not set, then the first IPv4 address from /etc/resolv.conf gets used. + Changed Functionality --------------------- diff --git a/VERSION b/VERSION index acde488fd3..eaa5476a06 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-249 +2.6-250 From c67da0a3cbe9ac73ba46cec780976b537603dc79 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 29 Apr 2019 19:21:18 -0700 Subject: [PATCH 047/247] Add comments to QueueEvent() and ConnectionEvent() And also their "Fast" variants. --- src/Conn.h | 30 ++++++++++++++++++++++++++++-- src/Event.h | 18 ++++++++++++++++++ 2 files changed, 46 insertions(+), 2 deletions(-) diff --git a/src/Conn.h b/src/Conn.h index d19501ff13..fc1baf4b07 100644 --- a/src/Conn.h +++ b/src/Conn.h @@ -174,13 +174,39 @@ public: int UnparsedVersionFoundEvent(const IPAddr& addr, const char* full_descr, int len, analyzer::Analyzer* analyzer); + // If a handler exists for 'f', an event will be generated. If 'name' is + // given that event's first argument will be it, and it's second will be + // the connection value. If 'name' is null, then the event's first + // argument is the connection value. void Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, const char* name = 0); + + // If a handler exists for 'f', an event will be generated. In any case, + // 'v1' and 'v2' reference counts get decremented. The event's first + // argument is the connection value, second argument is 'v1', and if 'v2' + // is given that will be it's third argument. void Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, Val* v1, Val* v2 = 0); - void ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* analyzer, - val_list* vl); + // If a handler exists for 'f', an event will be generated. In any case, + // reference count for each element in the 'vl' list are decremented. The + // arguments used for the event are whatevever is provided in 'vl'. void ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* analyzer, val_list vl); + + // Same as ConnectionEvent, except taking the event's argument list via a + // pointer instead of by value. This function takes ownership of the + // memory pointed to by 'vl' and also for decrementing the reference count + // of each of its elements. + void ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* analyzer, + val_list* vl); + + // Queues an event without first checking if there's any available event + // handlers (or remote consumes). If it turns out there's actually nothing + // that will consume the event, then this may leak memory due to failing to + // decrement the reference count of each element in 'vl'. i.e. use this + // function instead of ConnectionEvent() if you've already guarded against + // the case where there's no handlers (one usually also does that because + // it would be a waste of effort to construct all the event arguments when + // there's no handlers to consume them). void ConnectionEventFast(EventHandlerPtr f, analyzer::Analyzer* analyzer, val_list vl); diff --git a/src/Event.h b/src/Event.h index 258b680d49..1b23f304f2 100644 --- a/src/Event.h +++ b/src/Event.h @@ -58,6 +58,14 @@ public: EventMgr(); ~EventMgr() override; + // Queues an event without first checking if there's any available event + // handlers (or remote consumers). If it turns out there's actually + // nothing that will consume the event, then this may leak memory due to + // failing to decrement the reference count of each element in 'vl'. i.e. + // use this function instead of QueueEvent() if you've already guarded + // against the case where there's no handlers (one usually also does that + // because it would be a waste of effort to construct all the event + // arguments when there's no handlers to consume them). void QueueEventFast(const EventHandlerPtr &h, val_list vl, SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, TimerMgr* mgr = 0, BroObj* obj = 0) @@ -65,6 +73,12 @@ public: QueueEvent(new Event(h, std::move(vl), src, aid, mgr, obj)); } + // Queues an event if there's an event handler (or remote consumer). This + // function always takes ownership of decrementing the reference count of + // each element of 'vl', even if there's no event handler. If you've + // checked for event handler existence, you may wish to call + // QueueEventFast() instead of this function to prevent the redundant + // existence check. void QueueEvent(const EventHandlerPtr &h, val_list vl, SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, TimerMgr* mgr = 0, BroObj* obj = 0) @@ -78,6 +92,10 @@ public: } } + // Same as QueueEvent, except taking the event's argument list via a + // pointer instead of by value. This function takes ownership of the + // memory pointed to by 'vl' as well as decrementing the reference count of + // each of its elements. void QueueEvent(const EventHandlerPtr &h, val_list* vl, SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, TimerMgr* mgr = 0, BroObj* obj = 0) From 32473b85b0ce84246cccf516627a0e2d8c6b200b Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 30 Apr 2019 20:53:38 -0700 Subject: [PATCH 048/247] Force the Broker IOSource to idle periodically Previously, if there was always input in each Process() call, then the Broker IOSource would never go idle and could completely starve out a packet IOSource since it would always report readiness with a timestamp value of the last known network_time (which prevents selecting a packet IOSource for processing, due to incoming packets likely having timestamps that are later). --- src/broker/Manager.cc | 28 +++++++++++++++++++++++++++- src/broker/Manager.h | 1 + 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc index ec69308790..bfaa35b2d0 100644 --- a/src/broker/Manager.cc +++ b/src/broker/Manager.cc @@ -140,6 +140,7 @@ Manager::Manager(bool arg_reading_pcaps) reading_pcaps = arg_reading_pcaps; after_zeek_init = false; peer_count = 0; + times_processed_without_idle = 0; log_topic_func = nullptr; vector_of_data_type = nullptr; log_id_type = nullptr; @@ -942,7 +943,32 @@ void Manager::Process() } } - SetIdle(! had_input); + if ( had_input ) + { + ++times_processed_without_idle; + + // The max number of Process calls allowed to happen in a row without + // idling is chosen a bit arbitrarily, except 12 is around half of the + // SELECT_FREQUENCY (25). + // + // But probably the general idea should be for it to have some relation + // to the SELECT_FREQUENCY: less than it so other busy IOSources can + // fit several Process loops in before the next poll event (e.g. the + // select() call ), but still large enough such that we don't have to + // wait long before the next poll ourselves after being forced to idle. + if ( times_processed_without_idle > 12 ) + { + times_processed_without_idle = 0; + SetIdle(true); + } + else + SetIdle(false); + } + else + { + times_processed_without_idle = 0; + SetIdle(true); + } } diff --git a/src/broker/Manager.h b/src/broker/Manager.h index a0520698da..2310189418 100644 --- a/src/broker/Manager.h +++ b/src/broker/Manager.h @@ -382,6 +382,7 @@ private: bool reading_pcaps; bool after_zeek_init; int peer_count; + int times_processed_without_idle; Func* log_topic_func; VectorType* vector_of_data_type; From 375b151a4bcc9cdec32aab953b4b7127095a3aad Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 1 May 2019 14:18:05 -0700 Subject: [PATCH 049/247] Update external pointer to zeek-testing repo --- testing/external/commit-hash.zeek-testing | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testing/external/commit-hash.zeek-testing b/testing/external/commit-hash.zeek-testing index 8322309e89..201a295539 100644 --- a/testing/external/commit-hash.zeek-testing +++ b/testing/external/commit-hash.zeek-testing @@ -1 +1 @@ -1ab5538b8cdb0ef78616d665e02343321f269f3d +050560f19c41650c80fb9a9186ceb3fcac412d80 From 789cb376fdc9375893be5e356f0b580e267f34b6 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 23 Apr 2019 14:25:56 +0200 Subject: [PATCH 050/247] GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. This also installs symlinks from "zeek" and "bro-config" to a wrapper script that prints a deprecation warning. The btests pass, but this is still WIP. broctl renaming is still missing. #239 --- CMakeLists.txt | 41 +++++++++++-------- doc | 2 +- man/{bro.8 => zeek.8} | 0 .../policy/frameworks/control/controllee.zeek | 2 +- .../policy/frameworks/control/controller.zeek | 2 +- src/Attr.cc | 2 +- src/Base64.cc | 2 +- src/BroString.cc | 2 +- src/CCL.cc | 2 +- src/CMakeLists.txt | 28 +++++++------ src/ChunkedIO.cc | 2 +- src/ChunkedIO.h | 2 +- src/CompHash.cc | 2 +- src/Conn.cc | 2 +- src/DFA.cc | 2 +- src/DNS_Mgr.cc | 2 +- src/DbgBreakpoint.cc | 2 +- src/DbgHelp.cc | 2 +- src/DbgWatch.cc | 2 +- src/Debug.cc | 2 +- src/DebugCmds.cc | 2 +- src/Desc.cc | 2 +- src/Dict.cc | 2 +- src/Discard.cc | 2 +- src/EquivClass.cc | 2 +- src/Event.cc | 2 +- src/Expr.cc | 2 +- src/File.cc | 2 +- src/Frag.cc | 2 +- src/Frame.cc | 2 +- src/Func.cc | 2 +- src/Hash.cc | 2 +- src/ID.cc | 2 +- src/IP.h | 2 +- src/IntSet.cc | 2 +- src/List.cc | 2 +- src/NFA.cc | 2 +- src/Net.cc | 2 +- src/NetVar.cc | 2 +- src/Obj.cc | 2 +- src/PacketDumper.cc | 2 +- src/PolicyFile.cc | 2 +- src/PriorityQueue.cc | 2 +- src/Queue.cc | 2 +- src/RE.cc | 2 +- src/Reassem.cc | 2 +- src/RemoteSerializer.cc | 2 +- src/Reporter.cc | 2 +- src/Rule.cc | 2 +- src/RuleAction.cc | 2 +- src/RuleCondition.cc | 2 +- src/RuleMatcher.cc | 2 +- src/Scope.cc | 2 +- src/SerialObj.h | 2 +- src/Sessions.cc | 2 +- src/SmithWaterman.cc | 2 +- src/Stmt.cc | 2 +- src/Tag.h | 2 +- src/Timer.cc | 2 +- src/TunnelEncapsulation.h | 2 +- src/Type.cc | 2 +- src/Val.cc | 2 +- src/Var.cc | 2 +- src/analyzer/Component.h | 2 +- src/analyzer/Tag.h | 2 +- src/analyzer/protocol/arp/ARP.h | 2 +- src/analyzer/protocol/backdoor/BackDoor.cc | 2 +- src/analyzer/protocol/dce-rpc/DCE_RPC.cc | 2 +- src/analyzer/protocol/dns/DNS.cc | 2 +- src/analyzer/protocol/finger/Finger.cc | 2 +- src/analyzer/protocol/ftp/FTP.cc | 2 +- src/analyzer/protocol/gnutella/Gnutella.cc | 2 +- src/analyzer/protocol/http/HTTP.cc | 2 +- src/analyzer/protocol/icmp/ICMP.cc | 2 +- src/analyzer/protocol/ident/Ident.cc | 2 +- src/analyzer/protocol/interconn/InterConn.cc | 2 +- src/analyzer/protocol/login/Login.cc | 2 +- src/analyzer/protocol/login/NVT.cc | 2 +- src/analyzer/protocol/login/RSH.cc | 2 +- src/analyzer/protocol/login/Rlogin.cc | 2 +- src/analyzer/protocol/login/Telnet.cc | 2 +- src/analyzer/protocol/mime/MIME.cc | 2 +- src/analyzer/protocol/ncp/NCP.cc | 2 +- src/analyzer/protocol/netbios/NetbiosSSN.cc | 2 +- src/analyzer/protocol/ntp/NTP.cc | 2 +- src/analyzer/protocol/pop3/POP3.cc | 2 +- src/analyzer/protocol/rpc/MOUNT.cc | 2 +- src/analyzer/protocol/rpc/NFS.cc | 2 +- src/analyzer/protocol/rpc/Portmap.cc | 2 +- src/analyzer/protocol/rpc/RPC.cc | 2 +- src/analyzer/protocol/rpc/XDR.cc | 2 +- src/analyzer/protocol/smtp/SMTP.cc | 2 +- .../protocol/stepping-stone/SteppingStone.cc | 2 +- src/analyzer/protocol/udp/UDP.cc | 2 +- src/analyzer/protocol/zip/ZIP.h | 2 +- src/bsd-getopt-long.c | 2 +- src/file_analysis/Component.h | 2 +- src/file_analysis/Tag.h | 2 +- src/input/Tag.h | 2 +- src/input/readers/sqlite/SQLite.cc | 2 +- src/input/readers/sqlite/SQLite.h | 2 +- src/iosource/BPF_Program.cc | 2 +- src/iosource/PktDumper.cc | 2 +- src/iosource/PktSrc.cc | 2 +- src/iosource/pcap/Source.cc | 2 +- src/logging/Tag.h | 2 +- src/logging/writers/sqlite/SQLite.cc | 2 +- src/logging/writers/sqlite/SQLite.h | 2 +- src/main.cc | 2 +- src/nb_dns.c | 2 +- src/net_util.cc | 2 +- src/net_util.h | 2 +- src/plugin/Plugin.h | 2 +- src/rule-parse.y | 2 +- src/setsignal.c | 2 +- src/strsep.c | 2 +- src/threading/BasicThread.cc | 2 +- src/threading/Formatter.cc | 2 +- src/threading/formatters/Ascii.cc | 2 +- src/threading/formatters/JSON.cc | 2 +- src/util.cc | 2 +- src/util.h | 2 +- src/version.c.in | 2 +- testing/btest/Baseline/bifs.lookup_ID/out | 2 +- .../{bro..stdout => zeek..stdout} | 0 .../{bro.output => zeek.output} | 0 .../{bro..stdout => zeek..stdout} | 0 .../{bro..stderr => zeek..stderr} | 0 .../{bro.config.log => zeek.config.log} | 0 .../{bro.config.log => zeek.config.log} | 0 .../{bro.config.log => zeek.config.log} | 0 .../{bro.config.log => zeek.config.log} | 0 .../{bro..stdout => zeek..stdout} | 0 .../{bro..stdout => zeek..stdout} | 0 .../{bro..stderr => zeek..stderr} | 0 .../{bro..stdout => zeek..stdout} | 0 .../{bro..stderr => zeek..stderr} | 0 .../{bro..stdout => zeek..stdout} | 0 .../{bro..stderr => zeek..stderr} | 0 .../{bro..stderr => zeek..stderr} | 0 .../{bro..stdout => zeek..stdout} | 0 .../{bro..stdout => zeek..stdout} | 0 .../{bro..stdout => zeek..stdout} | 0 .../Baseline/scripts.base.utils.paths/output | 16 ++++---- ...o.weird_stats.log => zeek.weird_stats.log} | 0 testing/btest/bifs/addr_count_conversion.zeek | 2 +- testing/btest/bifs/addr_to_ptr_name.zeek | 2 +- testing/btest/bifs/addr_version.zeek | 2 +- testing/btest/bifs/all_set.zeek | 2 +- testing/btest/bifs/analyzer_name.zeek | 2 +- testing/btest/bifs/any_set.zeek | 2 +- testing/btest/bifs/bloomfilter-seed.zeek | 4 +- testing/btest/bifs/bloomfilter.zeek | 2 +- testing/btest/bifs/bro_version.zeek | 2 +- testing/btest/bifs/bytestring_to_count.zeek | 2 +- testing/btest/bifs/bytestring_to_double.zeek | 2 +- testing/btest/bifs/bytestring_to_hexstr.zeek | 2 +- testing/btest/bifs/capture_state_updates.zeek | 2 +- testing/btest/bifs/cat.zeek | 2 +- testing/btest/bifs/cat_string_array.zeek | 2 +- testing/btest/bifs/check_subnet.zeek | 2 +- testing/btest/bifs/checkpoint_state.zeek | 2 +- testing/btest/bifs/clear_table.zeek | 2 +- testing/btest/bifs/convert_for_pattern.zeek | 2 +- testing/btest/bifs/count_to_addr.zeek | 2 +- testing/btest/bifs/create_file.zeek | 2 +- testing/btest/bifs/current_analyzer.zeek | 2 +- testing/btest/bifs/current_time.zeek | 2 +- testing/btest/bifs/decode_base64.zeek | 2 +- testing/btest/bifs/decode_base64_conn.zeek | 2 +- testing/btest/bifs/directory_operations.zeek | 2 +- testing/btest/bifs/dump_current_packet.zeek | 2 +- testing/btest/bifs/edit.zeek | 2 +- testing/btest/bifs/enable_raw_output.test | 2 +- testing/btest/bifs/encode_base64.zeek | 2 +- testing/btest/bifs/entropy_test.zeek | 2 +- testing/btest/bifs/enum_to_int.zeek | 2 +- testing/btest/bifs/escape_string.zeek | 2 +- testing/btest/bifs/exit.zeek | 2 +- testing/btest/bifs/file_mode.zeek | 2 +- testing/btest/bifs/filter_subnet_table.zeek | 2 +- testing/btest/bifs/find_all.zeek | 2 +- testing/btest/bifs/find_entropy.zeek | 2 +- testing/btest/bifs/find_last.zeek | 2 +- testing/btest/bifs/fmt.zeek | 2 +- testing/btest/bifs/fmt_ftp_port.zeek | 2 +- .../btest/bifs/get_current_packet_header.zeek | 2 +- testing/btest/bifs/get_matcher_stats.zeek | 2 +- .../btest/bifs/get_port_transport_proto.zeek | 2 +- testing/btest/bifs/gethostname.zeek | 2 +- testing/btest/bifs/getpid.zeek | 2 +- testing/btest/bifs/getsetenv.zeek | 2 +- testing/btest/bifs/global_ids.zeek | 2 +- testing/btest/bifs/global_sizes.zeek | 2 +- testing/btest/bifs/haversine_distance.zeek | 2 +- testing/btest/bifs/hexdump.zeek | 2 +- testing/btest/bifs/hexstr_to_bytestring.zeek | 2 +- testing/btest/bifs/hll_cardinality.zeek | 2 +- testing/btest/bifs/hll_large_estimate.zeek | 4 +- testing/btest/bifs/identify_data.zeek | 2 +- .../btest/bifs/install_src_addr_filter.test | 2 +- testing/btest/bifs/is_ascii.zeek | 2 +- testing/btest/bifs/is_local_interface.zeek | 2 +- testing/btest/bifs/is_port.zeek | 2 +- testing/btest/bifs/join_string.zeek | 2 +- testing/btest/bifs/levenshtein_distance.zeek | 2 +- testing/btest/bifs/lookup_ID.zeek | 4 +- testing/btest/bifs/lowerupper.zeek | 2 +- testing/btest/bifs/lstrip.zeek | 2 +- testing/btest/bifs/mask_addr.zeek | 2 +- testing/btest/bifs/matching_subnets.zeek | 2 +- testing/btest/bifs/math.zeek | 2 +- testing/btest/bifs/md5.test | 2 +- testing/btest/bifs/merge_pattern.zeek | 2 +- testing/btest/bifs/net_stats_trace.test | 2 +- testing/btest/bifs/netbios-functions.zeek | 2 +- testing/btest/bifs/order.zeek | 2 +- testing/btest/bifs/parse_ftp.zeek | 2 +- testing/btest/bifs/piped_exec.zeek | 4 +- testing/btest/bifs/ptr_name_to_addr.zeek | 2 +- testing/btest/bifs/rand.zeek | 4 +- testing/btest/bifs/raw_bytes_to_v4_addr.zeek | 2 +- testing/btest/bifs/reading_traces.zeek | 4 +- testing/btest/bifs/record_type_to_vector.zeek | 2 +- testing/btest/bifs/records_fields.zeek | 2 +- testing/btest/bifs/remask_addr.zeek | 2 +- testing/btest/bifs/resize.zeek | 2 +- testing/btest/bifs/reverse.zeek | 2 +- testing/btest/bifs/rotate_file.zeek | 2 +- testing/btest/bifs/rotate_file_by_name.zeek | 2 +- .../btest/bifs/routing0_data_to_addrs.test | 2 +- testing/btest/bifs/rstrip.zeek | 2 +- testing/btest/bifs/safe_shell_quote.zeek | 2 +- testing/btest/bifs/same_object.zeek | 2 +- testing/btest/bifs/sha1.test | 2 +- testing/btest/bifs/sha256.test | 2 +- testing/btest/bifs/sort.zeek | 2 +- testing/btest/bifs/sort_string_array.zeek | 2 +- testing/btest/bifs/split.zeek | 2 +- testing/btest/bifs/split_string.zeek | 2 +- testing/btest/bifs/str_shell_escape.zeek | 2 +- testing/btest/bifs/strcmp.zeek | 2 +- testing/btest/bifs/strftime.zeek | 2 +- testing/btest/bifs/string_fill.zeek | 2 +- testing/btest/bifs/string_to_pattern.zeek | 2 +- testing/btest/bifs/strip.zeek | 2 +- testing/btest/bifs/strptime.zeek | 2 +- testing/btest/bifs/strstr.zeek | 2 +- testing/btest/bifs/sub.zeek | 2 +- testing/btest/bifs/subnet_to_addr.zeek | 2 +- testing/btest/bifs/subnet_version.zeek | 2 +- testing/btest/bifs/subst_string.zeek | 2 +- testing/btest/bifs/system.zeek | 2 +- testing/btest/bifs/system_env.zeek | 2 +- testing/btest/bifs/to_addr.zeek | 2 +- testing/btest/bifs/to_count.zeek | 2 +- testing/btest/bifs/to_double.zeek | 2 +- testing/btest/bifs/to_double_from_string.zeek | 2 +- testing/btest/bifs/to_int.zeek | 2 +- testing/btest/bifs/to_interval.zeek | 2 +- testing/btest/bifs/to_port.zeek | 2 +- testing/btest/bifs/to_subnet.zeek | 2 +- testing/btest/bifs/to_time.zeek | 2 +- testing/btest/bifs/topk.zeek | 2 +- testing/btest/bifs/type_name.zeek | 2 +- testing/btest/bifs/unique_id-pools.zeek | 4 +- testing/btest/bifs/unique_id-rnd.zeek | 4 +- testing/btest/bifs/unique_id.zeek | 2 +- testing/btest/bifs/uuid_to_string.zeek | 2 +- testing/btest/bifs/val_size.zeek | 2 +- testing/btest/bifs/x509_verify.zeek | 2 +- testing/btest/broker/connect-on-retry.zeek | 4 +- testing/btest/broker/disconnect.zeek | 6 +-- testing/btest/broker/error.zeek | 2 +- testing/btest/broker/remote_event.zeek | 4 +- testing/btest/broker/remote_event_any.zeek | 4 +- testing/btest/broker/remote_event_auto.zeek | 4 +- .../btest/broker/remote_event_ssl_auth.zeek | 4 +- .../btest/broker/remote_event_vector_any.zeek | 4 +- testing/btest/broker/remote_id.zeek | 4 +- testing/btest/broker/remote_log.zeek | 4 +- .../btest/broker/remote_log_late_join.zeek | 4 +- testing/btest/broker/remote_log_types.zeek | 4 +- testing/btest/broker/ssl_auth_failure.zeek | 4 +- testing/btest/broker/store/clone.zeek | 4 +- testing/btest/broker/store/local.zeek | 2 +- testing/btest/broker/store/ops.zeek | 2 +- testing/btest/broker/store/record.zeek | 2 +- testing/btest/broker/store/set.zeek | 2 +- testing/btest/broker/store/sqlite.zeek | 4 +- testing/btest/broker/store/table.zeek | 2 +- .../btest/broker/store/type-conversion.zeek | 2 +- testing/btest/broker/store/vector.zeek | 2 +- testing/btest/broker/unpeer.zeek | 4 +- testing/btest/btest.cfg | 5 ++- testing/btest/core/bits_per_uid.zeek | 10 ++--- .../core/check-unused-event-handlers.test | 2 +- testing/btest/core/checksums.test | 38 ++++++++--------- testing/btest/core/cisco-fabric-path.zeek | 2 +- testing/btest/core/conn-size-threshold.zeek | 2 +- testing/btest/core/conn-uid.zeek | 4 +- testing/btest/core/connection_flip_roles.zeek | 2 +- testing/btest/core/disable-mobile-ipv6.test | 2 +- testing/btest/core/discarder.zeek | 8 ++-- testing/btest/core/div-by-zero.zeek | 2 +- testing/btest/core/dns-init.zeek | 2 +- testing/btest/core/embedded-null.zeek | 2 +- testing/btest/core/enum-redef-exists.zeek | 2 +- testing/btest/core/erspan.zeek | 2 +- testing/btest/core/erspanII.zeek | 2 +- testing/btest/core/erspanIII.zeek | 2 +- testing/btest/core/ether-addrs.zeek | 4 +- testing/btest/core/event-arg-reuse.zeek | 2 +- testing/btest/core/expr-exception.zeek | 2 +- testing/btest/core/fake_dns.zeek | 2 +- .../core/file-caching-serialization.test | 4 +- testing/btest/core/global_opaque_val.zeek | 2 +- testing/btest/core/history-flip.zeek | 2 +- testing/btest/core/icmp/icmp-context.test | 6 +-- testing/btest/core/icmp/icmp-events.test | 6 +-- testing/btest/core/icmp/icmp6-context.test | 8 ++-- testing/btest/core/icmp/icmp6-events.test | 20 ++++----- testing/btest/core/icmp/icmp6-nd-options.test | 4 +- testing/btest/core/icmp/icmp_sent.zeek | 2 +- testing/btest/core/init-error.zeek | 2 +- testing/btest/core/ip-broken-header.zeek | 2 +- testing/btest/core/ipv6-atomic-frag.test | 2 +- testing/btest/core/ipv6-flow-labels.test | 2 +- testing/btest/core/ipv6-frag.test | 2 +- testing/btest/core/ipv6_esp.test | 2 +- testing/btest/core/ipv6_ext_headers.test | 2 +- testing/btest/core/ipv6_zero_len_ah.test | 2 +- testing/btest/core/leaks/ayiya.test | 4 +- testing/btest/core/leaks/basic-cluster.zeek | 8 ++-- testing/btest/core/leaks/bloomfilter.zeek | 4 +- .../btest/core/leaks/broker/clone_store.zeek | 6 +-- testing/btest/core/leaks/broker/data.zeek | 6 +-- .../btest/core/leaks/broker/master_store.zeek | 4 +- .../btest/core/leaks/broker/remote_event.test | 6 +-- .../btest/core/leaks/broker/remote_log.test | 6 +-- testing/btest/core/leaks/dns-nsec3.zeek | 4 +- testing/btest/core/leaks/dns-txt.zeek | 4 +- testing/btest/core/leaks/dns.zeek | 4 +- testing/btest/core/leaks/dtls.zeek | 4 +- testing/btest/core/leaks/exec.test | 4 +- .../core/leaks/file-analysis-http-get.zeek | 4 +- testing/btest/core/leaks/gridftp.test | 4 +- testing/btest/core/leaks/gtp_opt_header.test | 4 +- testing/btest/core/leaks/hll_cluster.zeek | 10 ++--- testing/btest/core/leaks/hook.zeek | 4 +- testing/btest/core/leaks/http-connect.zeek | 4 +- testing/btest/core/leaks/incr-vec-expr.test | 4 +- testing/btest/core/leaks/input-basic.zeek | 4 +- testing/btest/core/leaks/input-errors.zeek | 4 +- .../btest/core/leaks/input-missing-enum.zeek | 4 +- .../core/leaks/input-optional-event.zeek | 4 +- .../core/leaks/input-optional-table.zeek | 4 +- testing/btest/core/leaks/input-raw.zeek | 8 ++-- testing/btest/core/leaks/input-reread.zeek | 12 +++--- testing/btest/core/leaks/input-sqlite.zeek | 4 +- .../btest/core/leaks/input-with-remove.zeek | 4 +- testing/btest/core/leaks/ip-in-ip.test | 8 ++-- .../btest/core/leaks/ipv6_ext_headers.test | 4 +- testing/btest/core/leaks/irc.test | 4 +- .../btest/core/leaks/krb-service-name.test | 4 +- testing/btest/core/leaks/krb.test | 4 +- testing/btest/core/leaks/kv-iteration.zeek | 4 +- testing/btest/core/leaks/mysql.test | 4 +- testing/btest/core/leaks/pattern.zeek | 4 +- testing/btest/core/leaks/pe.test | 4 +- testing/btest/core/leaks/radius.test | 4 +- testing/btest/core/leaks/returnwhen.zeek | 4 +- testing/btest/core/leaks/set.zeek | 4 +- testing/btest/core/leaks/sip.test | 4 +- testing/btest/core/leaks/smtp_attachment.test | 4 +- testing/btest/core/leaks/snmp.test | 4 +- testing/btest/core/leaks/ssh.test | 4 +- testing/btest/core/leaks/stats.zeek | 4 +- testing/btest/core/leaks/string-indexing.zeek | 4 +- .../btest/core/leaks/switch-statement.zeek | 4 +- testing/btest/core/leaks/teredo.zeek | 4 +- testing/btest/core/leaks/test-all.zeek | 4 +- testing/btest/core/leaks/vector-val-bifs.test | 4 +- testing/btest/core/leaks/while.zeek | 4 +- .../btest/core/leaks/x509_ocsp_verify.zeek | 4 +- testing/btest/core/leaks/x509_verify.zeek | 4 +- testing/btest/core/load-duplicates.zeek | 12 +++--- .../load-explicit-bro-suffix-fallback.zeek | 2 +- testing/btest/core/load-file-extension.zeek | 18 ++++---- testing/btest/core/load-pkg.zeek | 6 +-- testing/btest/core/load-prefixes.zeek | 2 +- testing/btest/core/load-relative.zeek | 2 +- testing/btest/core/load-unload.zeek | 4 +- testing/btest/core/mobile-ipv6-home-addr.test | 2 +- testing/btest/core/mobile-ipv6-routing.test | 2 +- testing/btest/core/mobility-checksums.test | 12 +++--- testing/btest/core/mobility_msg.test | 16 ++++---- testing/btest/core/mpls-in-vlan.zeek | 2 +- testing/btest/core/negative-time.test | 2 +- testing/btest/core/nflog.zeek | 2 +- testing/btest/core/nop.zeek | 2 +- testing/btest/core/old_comm_usage.zeek | 2 +- testing/btest/core/option-errors.zeek | 2 +- testing/btest/core/option-priorities.zeek | 2 +- testing/btest/core/option-redef.zeek | 2 +- testing/btest/core/option-runtime-errors.zeek | 2 +- testing/btest/core/pcap/dumper.zeek | 2 +- testing/btest/core/pcap/dynamic-filter.zeek | 2 +- testing/btest/core/pcap/filter-error.zeek | 4 +- testing/btest/core/pcap/input-error.zeek | 4 +- testing/btest/core/pcap/pseudo-realtime.zeek | 2 +- .../core/pcap/read-trace-with-filter.zeek | 2 +- testing/btest/core/pppoe-over-qinq.zeek | 2 +- testing/btest/core/pppoe.test | 2 +- testing/btest/core/print-bpf-filters.zeek | 10 ++--- testing/btest/core/q-in-q.zeek | 2 +- testing/btest/core/radiotap.zeek | 2 +- testing/btest/core/raw_packet.zeek | 4 +- testing/btest/core/reassembly.zeek | 10 ++--- testing/btest/core/recursive-event.zeek | 2 +- .../btest/core/reporter-error-in-handler.zeek | 2 +- testing/btest/core/reporter-fmt-strings.zeek | 2 +- testing/btest/core/reporter-parse-error.zeek | 2 +- .../btest/core/reporter-runtime-error.zeek | 2 +- .../core/reporter-shutdown-order-errors.zeek | 2 +- .../btest/core/reporter-type-mismatch.zeek | 2 +- .../core/reporter-weird-sampling-disable.zeek | 2 +- .../btest/core/reporter-weird-sampling.zeek | 2 +- testing/btest/core/reporter.zeek | 2 +- testing/btest/core/tcp/fin-retransmit.zeek | 2 +- .../btest/core/tcp/large-file-reassembly.zeek | 2 +- testing/btest/core/tcp/miss-end-data.zeek | 2 +- testing/btest/core/tcp/missing-syn.zeek | 2 +- testing/btest/core/tcp/quantum-insert.zeek | 2 +- testing/btest/core/tcp/rst-after-syn.zeek | 2 +- testing/btest/core/tcp/rxmit-history.zeek | 4 +- testing/btest/core/tcp/truncated-header.zeek | 2 +- testing/btest/core/truncation.test | 18 ++++---- testing/btest/core/tunnels/ayiya.test | 2 +- testing/btest/core/tunnels/false-teredo.zeek | 2 +- testing/btest/core/tunnels/gre-in-gre.test | 2 +- testing/btest/core/tunnels/gre-pptp.test | 2 +- testing/btest/core/tunnels/gre.test | 2 +- .../core/tunnels/gtp/different_dl_and_ul.test | 2 +- .../btest/core/tunnels/gtp/ext_header.test | 2 +- testing/btest/core/tunnels/gtp/false_gtp.test | 2 +- .../btest/core/tunnels/gtp/inner_ipv6.test | 2 +- .../btest/core/tunnels/gtp/inner_teredo.test | 2 +- .../btest/core/tunnels/gtp/non_recursive.test | 2 +- .../core/tunnels/gtp/not_user_plane_data.test | 2 +- .../btest/core/tunnels/gtp/opt_header.test | 2 +- .../btest/core/tunnels/gtp/outer_ip_frag.test | 2 +- .../core/tunnels/gtp/pdp_ctx_messages.test | 2 +- .../tunnels/gtp/unknown_or_too_short.test | 2 +- .../btest/core/tunnels/ip-in-ip-version.zeek | 4 +- testing/btest/core/tunnels/ip-in-ip.test | 12 +++--- testing/btest/core/tunnels/ip-tunnel-uid.test | 2 +- .../core/tunnels/teredo-known-services.test | 2 +- testing/btest/core/tunnels/teredo.zeek | 2 +- .../tunnels/teredo_bubble_with_payload.test | 2 +- testing/btest/core/tunnels/vxlan.zeek | 2 +- testing/btest/core/vector-assignment.zeek | 2 +- testing/btest/core/vlan-mpls.zeek | 2 +- .../core/when-interpreter-exceptions.zeek | 4 +- testing/btest/core/wlanmon.zeek | 2 +- testing/btest/core/x509-generalizedtime.zeek | 4 +- .../btest/coverage/bare-load-baseline.test | 2 +- testing/btest/coverage/bare-mode-errors.test | 6 +-- .../btest/coverage/coverage-blacklist.zeek | 2 +- .../btest/coverage/default-load-baseline.test | 2 +- testing/btest/coverage/find-bro-logs.test | 2 +- testing/btest/coverage/init-default.test | 6 +-- testing/btest/coverage/test-all-policy.test | 4 +- testing/btest/doc/record-add.zeek | 2 +- testing/btest/doc/record-attr-check.zeek | 2 +- testing/btest/doc/zeexygen/command_line.zeek | 2 +- .../doc/zeexygen/comment_retrieval_bifs.zeek | 2 +- testing/btest/doc/zeexygen/enums.zeek | 2 +- testing/btest/doc/zeexygen/example.zeek | 2 +- testing/btest/doc/zeexygen/func-params.zeek | 2 +- testing/btest/doc/zeexygen/identifier.zeek | 2 +- testing/btest/doc/zeexygen/package.zeek | 2 +- testing/btest/doc/zeexygen/package_index.zeek | 2 +- testing/btest/doc/zeexygen/records.zeek | 2 +- testing/btest/doc/zeexygen/script_index.zeek | 2 +- .../btest/doc/zeexygen/script_summary.zeek | 2 +- testing/btest/doc/zeexygen/type-aliases.zeek | 2 +- testing/btest/doc/zeexygen/vectors.zeek | 2 +- testing/btest/language/addr.zeek | 2 +- testing/btest/language/any.zeek | 2 +- testing/btest/language/at-deprecated.zeek | 2 +- testing/btest/language/at-dir.zeek | 4 +- testing/btest/language/at-filename.zeek | 2 +- testing/btest/language/at-if-event.zeek | 2 +- testing/btest/language/at-if-invalid.zeek | 2 +- testing/btest/language/at-if.zeek | 2 +- testing/btest/language/at-ifdef.zeek | 2 +- testing/btest/language/at-ifndef.zeek | 2 +- testing/btest/language/at-load.zeek | 4 +- .../btest/language/attr-default-coercion.zeek | 2 +- .../attr-default-global-set-error.zeek | 2 +- testing/btest/language/bool.zeek | 2 +- testing/btest/language/common-mistakes.zeek | 6 +-- .../language/conditional-expression.zeek | 2 +- testing/btest/language/const.zeek | 4 +- .../btest/language/container-ctor-scope.zeek | 2 +- testing/btest/language/copy.zeek | 2 +- testing/btest/language/count.zeek | 2 +- .../btest/language/cross-product-init.zeek | 2 +- testing/btest/language/default-params.zeek | 2 +- testing/btest/language/delete-field-set.zeek | 2 +- testing/btest/language/delete-field.zeek | 2 +- testing/btest/language/deprecated.zeek | 2 +- testing/btest/language/double.zeek | 2 +- testing/btest/language/enum-desc.zeek | 2 +- testing/btest/language/enum-scope.zeek | 2 +- testing/btest/language/enum.zeek | 2 +- testing/btest/language/eof-parse-errors.zeek | 4 +- testing/btest/language/event-local-var.zeek | 2 +- testing/btest/language/event.zeek | 2 +- testing/btest/language/expire-expr-error.zeek | 2 +- testing/btest/language/expire-func-undef.zeek | 2 +- testing/btest/language/expire-redef.zeek | 2 +- testing/btest/language/expire-type-error.zeek | 2 +- testing/btest/language/expire_func.test | 2 +- testing/btest/language/expire_func_mod.zeek | 2 +- testing/btest/language/expire_multiple.test | 2 +- testing/btest/language/expire_subnet.test | 2 +- testing/btest/language/file.zeek | 2 +- testing/btest/language/for.zeek | 2 +- testing/btest/language/func-assignment.zeek | 2 +- testing/btest/language/function.zeek | 2 +- testing/btest/language/hook.zeek | 2 +- testing/btest/language/hook_calls.zeek | 4 +- testing/btest/language/if.zeek | 2 +- testing/btest/language/incr-vec-expr.test | 2 +- .../language/index-assignment-invalid.zeek | 2 +- .../btest/language/init-in-anon-function.zeek | 2 +- testing/btest/language/int.zeek | 2 +- testing/btest/language/interval.zeek | 2 +- testing/btest/language/invalid_index.zeek | 2 +- testing/btest/language/ipv6-literals.zeek | 2 +- testing/btest/language/key-value-for.zeek | 2 +- testing/btest/language/module.zeek | 2 +- .../btest/language/named-record-ctors.zeek | 2 +- testing/btest/language/named-set-ctors.zeek | 2 +- testing/btest/language/named-table-ctors.zeek | 2 +- .../btest/language/named-vector-ctors.zeek | 2 +- testing/btest/language/nested-sets.zeek | 2 +- testing/btest/language/next-test.zeek | 2 +- testing/btest/language/no-module.zeek | 2 +- testing/btest/language/null-statement.zeek | 2 +- .../btest/language/outer_param_binding.zeek | 2 +- testing/btest/language/pattern.zeek | 2 +- testing/btest/language/port.zeek | 2 +- testing/btest/language/precedence.zeek | 4 +- testing/btest/language/raw_output_attr.test | 2 +- testing/btest/language/rec-comp-init.zeek | 2 +- testing/btest/language/rec-nested-opt.zeek | 2 +- testing/btest/language/rec-of-tbl.zeek | 2 +- testing/btest/language/rec-table-default.zeek | 2 +- testing/btest/language/record-bad-ctor.zeek | 2 +- testing/btest/language/record-bad-ctor2.zeek | 2 +- .../btest/language/record-ceorce-orphan.zeek | 2 +- .../btest/language/record-coerce-clash.zeek | 2 +- .../language/record-default-coercion.zeek | 2 +- .../language/record-default-set-mismatch.zeek | 2 +- testing/btest/language/record-extension.zeek | 2 +- .../language/record-function-recursion.zeek | 2 +- .../language/record-index-complex-fields.zeek | 2 +- .../language/record-recursive-coercion.zeek | 2 +- .../language/record-redef-after-init.zeek | 2 +- testing/btest/language/record-ref-assign.zeek | 2 +- .../btest/language/record-type-checking.zeek | 2 +- .../language/redef-same-prefixtable-idx.zeek | 2 +- testing/btest/language/redef-vector.zeek | 2 +- testing/btest/language/returnwhen.zeek | 4 +- .../btest/language/set-opt-record-index.zeek | 2 +- testing/btest/language/set-type-checking.zeek | 2 +- testing/btest/language/set.zeek | 2 +- testing/btest/language/short-circuit.zeek | 2 +- testing/btest/language/sizeof.zeek | 2 +- .../btest/language/smith-waterman-test.zeek | 2 +- testing/btest/language/string-indexing.zeek | 2 +- testing/btest/language/string.zeek | 2 +- testing/btest/language/strings.zeek | 2 +- testing/btest/language/subnet-errors.zeek | 2 +- testing/btest/language/subnet.zeek | 2 +- .../btest/language/switch-error-mixed.zeek | 2 +- testing/btest/language/switch-incomplete.zeek | 2 +- testing/btest/language/switch-statement.zeek | 2 +- .../switch-types-error-duplicate.zeek | 2 +- .../switch-types-error-unsupported.zeek | 2 +- testing/btest/language/switch-types-vars.zeek | 2 +- testing/btest/language/switch-types.zeek | 2 +- .../btest/language/table-default-record.zeek | 2 +- testing/btest/language/table-init-attrs.zeek | 2 +- .../language/table-init-container-ctors.zeek | 2 +- .../btest/language/table-init-record-idx.zeek | 2 +- testing/btest/language/table-init.zeek | 2 +- testing/btest/language/table-redef.zeek | 2 +- .../btest/language/table-type-checking.zeek | 2 +- testing/btest/language/table.zeek | 2 +- .../language/ternary-record-mismatch.zeek | 2 +- testing/btest/language/time.zeek | 2 +- testing/btest/language/timeout.zeek | 2 +- testing/btest/language/type-cast-any.zeek | 2 +- .../language/type-cast-error-dynamic.zeek | 2 +- .../language/type-cast-error-static.zeek | 2 +- testing/btest/language/type-cast-same.zeek | 2 +- testing/btest/language/type-check-any.zeek | 2 +- testing/btest/language/type-check-vector.zeek | 2 +- testing/btest/language/type-type-error.zeek | 2 +- .../language/undefined-delete-field.zeek | 2 +- .../btest/language/uninitialized-local.zeek | 2 +- .../btest/language/uninitialized-local2.zeek | 2 +- testing/btest/language/vector-any-append.zeek | 2 +- .../btest/language/vector-coerce-expr.zeek | 2 +- .../btest/language/vector-in-operator.zeek | 2 +- .../language/vector-list-init-records.zeek | 2 +- .../btest/language/vector-type-checking.zeek | 2 +- .../btest/language/vector-unspecified.zeek | 2 +- testing/btest/language/vector.zeek | 2 +- .../btest/language/when-unitialized-rhs.zeek | 2 +- testing/btest/language/when.zeek | 2 +- testing/btest/language/while.zeek | 2 +- .../btest/language/wrong-delete-field.zeek | 2 +- .../language/wrong-record-extension.zeek | 2 +- testing/btest/language/zeek_init.zeek | 2 +- .../btest/language/zeek_script_loaded.zeek | 2 +- .../btest/plugins/bifs-and-scripts-install.sh | 4 +- testing/btest/plugins/bifs-and-scripts.sh | 16 ++++---- testing/btest/plugins/file.zeek | 4 +- testing/btest/plugins/hooks.zeek | 2 +- testing/btest/plugins/init-plugin.zeek | 4 +- testing/btest/plugins/logging-hooks.zeek | 2 +- testing/btest/plugins/pktdumper.zeek | 4 +- testing/btest/plugins/pktsrc.zeek | 4 +- .../btest/plugins/plugin-nopatchversion.zeek | 2 +- .../plugins/plugin-withpatchversion.zeek | 2 +- testing/btest/plugins/protocol.zeek | 4 +- testing/btest/plugins/reader.zeek | 4 +- testing/btest/plugins/reporter-hook.zeek | 2 +- testing/btest/plugins/writer.zeek | 4 +- .../scripts/base/files/data_event/basic.zeek | 2 +- .../scripts/base/files/entropy/basic.test | 2 +- .../scripts/base/files/extract/limit.zeek | 6 +-- .../btest/scripts/base/files/pe/basic.test | 2 +- .../scripts/base/files/unified2/alert.zeek | 2 +- .../btest/scripts/base/files/x509/1999.test | 2 +- .../x509/signed_certificate_timestamp.test | 2 +- .../signed_certificate_timestamp_ocsp.test | 2 +- .../frameworks/analyzer/disable-analyzer.zeek | 6 +-- .../frameworks/analyzer/enable-analyzer.zeek | 4 +- .../analyzer/register-for-port.zeek | 8 ++-- .../analyzer/schedule-analyzer.zeek | 2 +- .../cluster/custom_pool_exclusivity.zeek | 6 +-- .../cluster/custom_pool_limits.zeek | 6 +-- .../base/frameworks/cluster/forwarding.zeek | 10 ++--- .../frameworks/cluster/log_distribution.zeek | 8 ++-- .../cluster/start-it-up-logger.zeek | 12 +++--- .../base/frameworks/cluster/start-it-up.zeek | 10 ++--- .../cluster/topic_distribution.zeek | 6 +-- .../cluster/topic_distribution_bifs.zeek | 6 +-- .../scripts/base/frameworks/config/basic.zeek | 6 +-- .../base/frameworks/config/basic_cluster.zeek | 6 +-- .../frameworks/config/cluster_resend.zeek | 6 +-- .../base/frameworks/config/read_config.zeek | 4 +- .../config/read_config_cluster.zeek | 6 +-- .../base/frameworks/config/several-files.zeek | 4 +- .../base/frameworks/config/updates.zeek | 10 ++--- .../scripts/base/frameworks/config/weird.zeek | 2 +- .../control/configuration_update.zeek | 4 +- .../base/frameworks/control/id_value.zeek | 4 +- .../base/frameworks/control/shutdown.zeek | 4 +- .../file-analysis/actions/data_event.zeek | 2 +- .../bifs/file_exists_lookup_file.zeek | 2 +- .../bifs/register_mime_type.zeek | 2 +- .../file-analysis/bifs/remove_action.zeek | 2 +- .../bifs/set_timeout_interval.zeek | 4 +- .../frameworks/file-analysis/bifs/stop.zeek | 2 +- .../file-analysis/big-bof-buffer.zeek | 2 +- .../frameworks/file-analysis/byteranges.zeek | 2 +- .../base/frameworks/file-analysis/ftp.zeek | 2 +- .../frameworks/file-analysis/http/get.zeek | 4 +- .../file-analysis/http/multipart.zeek | 2 +- .../file-analysis/http/partial-content.zeek | 6 +-- .../file-analysis/http/pipeline.zeek | 2 +- .../frameworks/file-analysis/http/post.zeek | 2 +- .../frameworks/file-analysis/input/basic.zeek | 6 +-- .../base/frameworks/file-analysis/irc.zeek | 2 +- .../frameworks/file-analysis/logging.zeek | 2 +- .../base/frameworks/file-analysis/smtp.zeek | 2 +- .../scripts/base/frameworks/input/basic.zeek | 2 +- .../base/frameworks/input/bignumber.zeek | 2 +- .../scripts/base/frameworks/input/binary.zeek | 2 +- .../base/frameworks/input/config/basic.zeek | 2 +- .../base/frameworks/input/config/errors.zeek | 2 +- .../base/frameworks/input/config/spaces.zeek | 2 +- .../base/frameworks/input/default.zeek | 2 +- .../input/empty-values-hashing.zeek | 4 +- .../base/frameworks/input/emptyvals.zeek | 2 +- .../scripts/base/frameworks/input/errors.zeek | 2 +- .../scripts/base/frameworks/input/event.zeek | 2 +- .../base/frameworks/input/invalid-lines.zeek | 2 +- .../base/frameworks/input/invalidnumbers.zeek | 2 +- .../base/frameworks/input/invalidset.zeek | 2 +- .../base/frameworks/input/invalidtext.zeek | 2 +- .../base/frameworks/input/missing-enum.zeek | 6 +-- .../input/missing-file-initially.zeek | 10 ++--- .../base/frameworks/input/missing-file.zeek | 4 +- .../frameworks/input/onecolumn-norecord.zeek | 2 +- .../frameworks/input/onecolumn-record.zeek | 2 +- .../base/frameworks/input/optional.zeek | 2 +- .../input/path-prefix/absolute-prefix.zeek | 4 +- .../input/path-prefix/absolute-source.zeek | 4 +- .../input/path-prefix/no-paths.zeek | 2 +- .../input/path-prefix/relative-prefix.zeek | 2 +- .../base/frameworks/input/port-embedded.zeek | 6 +-- .../scripts/base/frameworks/input/port.zeek | 2 +- .../frameworks/input/predicate-stream.zeek | 4 +- .../base/frameworks/input/predicate.zeek | 2 +- .../frameworks/input/predicatemodify.zeek | 2 +- .../input/predicatemodifyandreread.zeek | 10 ++--- .../predicaterefusesecondsamerecord.zeek | 2 +- .../base/frameworks/input/raw/basic.zeek | 2 +- .../base/frameworks/input/raw/execute.zeek | 2 +- .../frameworks/input/raw/executestdin.zeek | 2 +- .../frameworks/input/raw/executestream.zeek | 6 +-- .../base/frameworks/input/raw/long.zeek | 2 +- .../base/frameworks/input/raw/offset.zeek | 4 +- .../base/frameworks/input/raw/rereadraw.zeek | 2 +- .../base/frameworks/input/raw/stderr.zeek | 2 +- .../base/frameworks/input/raw/streamraw.zeek | 6 +-- .../scripts/base/frameworks/input/repeat.zeek | 2 +- .../scripts/base/frameworks/input/reread.zeek | 10 ++--- .../scripts/base/frameworks/input/set.zeek | 2 +- .../base/frameworks/input/setseparator.zeek | 2 +- .../frameworks/input/setspecialcases.zeek | 2 +- .../base/frameworks/input/sqlite/basic.zeek | 2 +- .../base/frameworks/input/sqlite/error.zeek | 2 +- .../base/frameworks/input/sqlite/port.zeek | 2 +- .../base/frameworks/input/sqlite/types.zeek | 2 +- .../scripts/base/frameworks/input/stream.zeek | 6 +-- .../frameworks/input/subrecord-event.zeek | 2 +- .../base/frameworks/input/subrecord.zeek | 2 +- .../base/frameworks/input/tableevent.zeek | 2 +- .../base/frameworks/input/twotables.zeek | 4 +- .../frameworks/input/unsupported_types.zeek | 2 +- .../base/frameworks/input/windows.zeek | 2 +- .../cluster-transparency-with-proxy.zeek | 8 ++-- .../intel/cluster-transparency.zeek | 6 +-- .../base/frameworks/intel/expire-item.zeek | 2 +- .../base/frameworks/intel/filter-item.zeek | 2 +- .../frameworks/intel/input-and-match.zeek | 2 +- .../base/frameworks/intel/match-subnet.zeek | 2 +- .../input-intel-absolute-prefixes.zeek | 4 +- .../input-intel-relative-prefixes.zeek | 2 +- .../intel/path-prefix/input-prefix.zeek | 2 +- .../intel/path-prefix/no-paths.zeek | 2 +- .../intel/read-file-dist-cluster.zeek | 6 +-- .../frameworks/intel/remove-item-cluster.zeek | 4 +- .../frameworks/intel/remove-non-existing.zeek | 2 +- .../base/frameworks/intel/updated-match.zeek | 10 ++--- .../base/frameworks/logging/adapt-filter.zeek | 2 +- .../base/frameworks/logging/ascii-binary.zeek | 2 +- .../base/frameworks/logging/ascii-double.zeek | 4 +- .../base/frameworks/logging/ascii-empty.zeek | 2 +- .../logging/ascii-escape-binary.zeek | 2 +- .../logging/ascii-escape-empty-str.zeek | 2 +- .../logging/ascii-escape-notset-str.zeek | 2 +- .../logging/ascii-escape-odd-url.zeek | 2 +- .../logging/ascii-escape-set-separator.zeek | 2 +- .../base/frameworks/logging/ascii-escape.zeek | 2 +- .../frameworks/logging/ascii-gz-rotate.zeek | 2 +- .../base/frameworks/logging/ascii-gz.zeek | 2 +- .../logging/ascii-json-iso-timestamps.zeek | 2 +- .../logging/ascii-json-optional.zeek | 2 +- .../base/frameworks/logging/ascii-json.zeek | 2 +- .../logging/ascii-line-like-comment.zeek | 2 +- .../frameworks/logging/ascii-options.zeek | 2 +- .../frameworks/logging/ascii-timestamps.zeek | 2 +- .../base/frameworks/logging/ascii-tsv.zeek | 2 +- .../base/frameworks/logging/attr-extend.zeek | 2 +- .../scripts/base/frameworks/logging/attr.zeek | 2 +- .../frameworks/logging/disable-stream.zeek | 2 +- .../base/frameworks/logging/empty-event.zeek | 2 +- .../frameworks/logging/enable-stream.zeek | 2 +- .../base/frameworks/logging/env-ext.test | 2 +- .../base/frameworks/logging/events.zeek | 2 +- .../base/frameworks/logging/exclude.zeek | 2 +- .../field-extension-cluster-error.zeek | 4 +- .../logging/field-extension-cluster.zeek | 4 +- .../logging/field-extension-complex.zeek | 2 +- .../logging/field-extension-invalid.zeek | 2 +- .../logging/field-extension-optional.zeek | 2 +- .../logging/field-extension-table.zeek | 2 +- .../frameworks/logging/field-extension.zeek | 2 +- .../frameworks/logging/field-name-map.zeek | 2 +- .../frameworks/logging/field-name-map2.zeek | 2 +- .../scripts/base/frameworks/logging/file.zeek | 2 +- .../base/frameworks/logging/include.zeek | 2 +- .../base/frameworks/logging/no-local.zeek | 2 +- .../base/frameworks/logging/none-debug.zeek | 2 +- .../logging/path-func-column-demote.zeek | 2 +- .../base/frameworks/logging/path-func.zeek | 2 +- .../scripts/base/frameworks/logging/pred.zeek | 2 +- .../base/frameworks/logging/remove.zeek | 2 +- .../frameworks/logging/rotate-custom.zeek | 2 +- .../base/frameworks/logging/rotate.zeek | 2 +- .../base/frameworks/logging/scope_sep.zeek | 2 +- .../logging/scope_sep_and_field_name_map.zeek | 2 +- .../base/frameworks/logging/sqlite/error.zeek | 2 +- .../base/frameworks/logging/sqlite/set.zeek | 2 +- .../logging/sqlite/simultaneous-writes.zeek | 2 +- .../base/frameworks/logging/sqlite/types.zeek | 2 +- .../frameworks/logging/sqlite/wikipedia.zeek | 2 +- .../base/frameworks/logging/stdout.zeek | 2 +- .../base/frameworks/logging/test-logging.zeek | 2 +- .../base/frameworks/logging/types.zeek | 2 +- .../base/frameworks/logging/unset-record.zeek | 2 +- .../scripts/base/frameworks/logging/vec.zeek | 2 +- .../logging/writer-path-conflict.zeek | 2 +- .../base/frameworks/netcontrol/acld-hook.zeek | 4 +- .../base/frameworks/netcontrol/acld.zeek | 4 +- .../frameworks/netcontrol/basic-cluster.zeek | 6 +-- .../base/frameworks/netcontrol/basic.zeek | 2 +- .../base/frameworks/netcontrol/broker.zeek | 4 +- .../catch-and-release-forgotten.zeek | 2 +- .../netcontrol/catch-and-release.zeek | 2 +- .../netcontrol/delete-internal-state.zeek | 2 +- .../base/frameworks/netcontrol/duplicate.zeek | 2 +- .../frameworks/netcontrol/find-rules.zeek | 2 +- .../base/frameworks/netcontrol/hook.zeek | 2 +- .../base/frameworks/netcontrol/multiple.zeek | 2 +- .../base/frameworks/netcontrol/openflow.zeek | 2 +- .../frameworks/netcontrol/packetfilter.zeek | 2 +- .../netcontrol/quarantine-openflow.zeek | 2 +- .../base/frameworks/netcontrol/timeout.zeek | 2 +- .../base/frameworks/notice/cluster.zeek | 6 +-- .../notice/default-policy-order.test | 6 +-- .../base/frameworks/notice/mail-alarms.zeek | 2 +- .../notice/suppression-cluster.zeek | 8 ++-- .../notice/suppression-disable.zeek | 2 +- .../base/frameworks/notice/suppression.zeek | 2 +- .../frameworks/openflow/broker-basic.zeek | 4 +- .../base/frameworks/openflow/log-basic.zeek | 2 +- .../base/frameworks/openflow/log-cluster.zeek | 4 +- .../base/frameworks/openflow/ryu-basic.zeek | 2 +- .../frameworks/packet-filter/bad-filter.test | 2 +- .../frameworks/reporter/disable-stderr.zeek | 2 +- .../base/frameworks/reporter/stderr.zeek | 2 +- .../frameworks/software/version-parsing.zeek | 2 +- .../frameworks/sumstats/basic-cluster.zeek | 6 +-- .../base/frameworks/sumstats/basic.zeek | 2 +- .../sumstats/cluster-intermediate-update.zeek | 6 +-- .../frameworks/sumstats/last-cluster.zeek | 4 +- .../sumstats/on-demand-cluster.zeek | 6 +-- .../base/frameworks/sumstats/on-demand.zeek | 2 +- .../frameworks/sumstats/sample-cluster.zeek | 6 +-- .../base/frameworks/sumstats/sample.zeek | 2 +- .../frameworks/sumstats/thresholding.zeek | 2 +- .../frameworks/sumstats/topk-cluster.zeek | 6 +-- .../base/frameworks/sumstats/topk.zeek | 2 +- .../base/misc/find-filtered-trace.test | 4 +- testing/btest/scripts/base/misc/version.zeek | 2 +- .../btest/scripts/base/protocols/arp/bad.test | 2 +- .../scripts/base/protocols/arp/basic.test | 2 +- .../scripts/base/protocols/arp/radiotap.test | 2 +- .../scripts/base/protocols/arp/wlanmon.test | 2 +- .../conn/contents-default-extract.test | 2 +- .../conn/new_connection_contents.zeek | 2 +- .../scripts/base/protocols/conn/polling.test | 4 +- .../base/protocols/conn/threshold.zeek | 2 +- .../base/protocols/dce-rpc/context.zeek | 2 +- .../scripts/base/protocols/dce-rpc/mapi.test | 2 +- .../protocols/dhcp/dhcp-ack-msg-types.btest | 2 +- .../protocols/dhcp/dhcp-all-msg-types.btest | 2 +- .../dhcp/dhcp-discover-msg-types.btest | 2 +- .../base/protocols/dhcp/dhcp-sub-opts.btest | 2 +- .../scripts/base/protocols/dhcp/inform.test | 2 +- .../base/protocols/dnp3/dnp3_del_measure.zeek | 2 +- .../base/protocols/dnp3/dnp3_en_spon.zeek | 2 +- .../base/protocols/dnp3/dnp3_file_del.zeek | 2 +- .../base/protocols/dnp3/dnp3_file_read.zeek | 2 +- .../base/protocols/dnp3/dnp3_file_write.zeek | 2 +- .../base/protocols/dnp3/dnp3_link_only.zeek | 2 +- .../base/protocols/dnp3/dnp3_read.zeek | 2 +- .../base/protocols/dnp3/dnp3_rec_time.zeek | 2 +- .../protocols/dnp3/dnp3_select_operate.zeek | 2 +- .../base/protocols/dnp3/dnp3_udp_en_spon.zeek | 2 +- .../base/protocols/dnp3/dnp3_udp_read.zeek | 2 +- .../dnp3/dnp3_udp_select_operate.zeek | 2 +- .../base/protocols/dnp3/dnp3_udp_write.zeek | 2 +- .../base/protocols/dnp3/dnp3_write.zeek | 2 +- .../scripts/base/protocols/dnp3/events.zeek | 2 +- .../btest/scripts/base/protocols/dns/caa.zeek | 2 +- .../scripts/base/protocols/dns/dns-key.zeek | 2 +- .../scripts/base/protocols/dns/dnskey.zeek | 2 +- .../btest/scripts/base/protocols/dns/ds.zeek | 2 +- .../protocols/dns/duplicate-reponses.zeek | 2 +- .../scripts/base/protocols/dns/flip.zeek | 2 +- .../scripts/base/protocols/dns/huge-ttl.zeek | 2 +- .../protocols/dns/multiple-txt-strings.zeek | 2 +- .../scripts/base/protocols/dns/nsec.zeek | 2 +- .../scripts/base/protocols/dns/nsec3.zeek | 2 +- .../scripts/base/protocols/dns/rrsig.zeek | 2 +- .../scripts/base/protocols/dns/tsig.zeek | 2 +- .../base/protocols/dns/zero-responses.zeek | 2 +- .../base/protocols/ftp/cwd-navigation.zeek | 2 +- .../base/protocols/ftp/ftp-get-file-size.zeek | 2 +- .../scripts/base/protocols/ftp/ftp-ipv4.zeek | 2 +- .../scripts/base/protocols/ftp/ftp-ipv6.zeek | 2 +- .../scripts/base/protocols/ftp/gridftp.test | 2 +- .../base/protocols/http/100-continue.zeek | 2 +- .../http/101-switching-protocols.zeek | 2 +- .../http/content-range-gap-skip.zeek | 2 +- .../protocols/http/content-range-gap.zeek | 2 +- .../http/content-range-less-than-len.zeek | 2 +- .../base/protocols/http/entity-gap.zeek | 2 +- .../base/protocols/http/entity-gap2.zeek | 2 +- .../protocols/http/fake-content-length.zeek | 2 +- .../http/http-bad-request-with-version.zeek | 2 +- .../http/http-connect-with-header.zeek | 2 +- .../base/protocols/http/http-connect.zeek | 2 +- .../base/protocols/http/http-filename.zeek | 2 +- .../base/protocols/http/http-header-crlf.zeek | 2 +- .../base/protocols/http/http-methods.zeek | 2 +- .../base/protocols/http/http-pipelining.zeek | 2 +- .../protocols/http/missing-zlib-header.zeek | 2 +- .../protocols/http/multipart-extract.zeek | 2 +- .../protocols/http/multipart-file-limit.zeek | 6 +-- .../scripts/base/protocols/http/no-uri.zeek | 2 +- .../base/protocols/http/no-version.zeek | 2 +- .../protocols/http/percent-end-of-line.zeek | 2 +- .../scripts/base/protocols/http/x-gzip.zeek | 2 +- .../http/zero-length-bodies-with-drops.zeek | 2 +- .../base/protocols/imap/capabilities.test | 2 +- .../scripts/base/protocols/imap/starttls.test | 2 +- .../scripts/base/protocols/irc/basic.test | 2 +- .../scripts/base/protocols/irc/events.test | 6 +-- .../scripts/base/protocols/irc/longline.test | 2 +- .../base/protocols/irc/names-weird.zeek | 2 +- .../scripts/base/protocols/irc/starttls.test | 2 +- .../scripts/base/protocols/krb/kinit.test | 2 +- .../scripts/base/protocols/krb/smb2_krb.test | 2 +- .../base/protocols/krb/smb2_krb_nokeytab.test | 2 +- .../base/protocols/krb/smb_gssapi.test | 2 +- .../btest/scripts/base/protocols/krb/tgs.test | 2 +- .../protocols/modbus/coil_parsing_big.zeek | 2 +- .../protocols/modbus/coil_parsing_small.zeek | 2 +- .../scripts/base/protocols/modbus/events.zeek | 2 +- .../protocols/modbus/exception_handling.test | 2 +- .../protocols/modbus/length_mismatch.zeek | 2 +- .../scripts/base/protocols/modbus/policy.zeek | 2 +- .../protocols/modbus/register_parsing.zeek | 2 +- .../scripts/base/protocols/mount/basic.test | 2 +- .../scripts/base/protocols/mysql/auth.test | 2 +- .../base/protocols/mysql/encrypted.test | 2 +- .../base/protocols/mysql/wireshark.test | 2 +- .../scripts/base/protocols/ncp/event.zeek | 2 +- .../base/protocols/ncp/frame_size_tuning.zeek | 2 +- .../scripts/base/protocols/nfs/basic.test | 2 +- .../scripts/base/protocols/pop3/starttls.zeek | 2 +- .../scripts/base/protocols/radius/auth.test | 2 +- .../radius/radius-multiple-attempts.test | 2 +- .../rdp/rdp-proprietary-encryption.zeek | 2 +- .../base/protocols/rdp/rdp-to-ssl.zeek | 2 +- .../scripts/base/protocols/rdp/rdp-x509.zeek | 2 +- .../rfb/rfb-apple-remote-desktop.test | 2 +- .../base/protocols/rfb/vnc-mac-to-linux.test | 2 +- .../scripts/base/protocols/sip/wireshark.test | 2 +- .../base/protocols/smb/disabled-dce-rpc.test | 2 +- .../scripts/base/protocols/smb/raw-ntlm.test | 2 +- .../smb/smb1-transaction-dcerpc.test | 2 +- .../smb/smb1-transaction-request.test | 2 +- .../smb/smb1-transaction-response.test | 2 +- .../smb1-transaction-secondary-request.test | 2 +- .../smb/smb1-transaction2-request.test | 2 +- .../smb1-transaction2-secondary-request.test | 2 +- .../scripts/base/protocols/smb/smb1.test | 2 +- .../base/protocols/smb/smb2-read-write.zeek | 2 +- .../protocols/smb/smb2-write-response.test | 2 +- .../scripts/base/protocols/smb/smb2.test | 2 +- .../scripts/base/protocols/smb/smb3.test | 2 +- .../scripts/base/protocols/smb/smb311.test | 2 +- .../base/protocols/smtp/attachment.test | 2 +- .../scripts/base/protocols/smtp/basic.test | 2 +- .../scripts/base/protocols/smtp/one-side.test | 2 +- .../scripts/base/protocols/smtp/starttls.test | 2 +- .../base/protocols/snmp/snmp-addr.zeek | 2 +- .../btest/scripts/base/protocols/snmp/v1.zeek | 8 ++-- .../btest/scripts/base/protocols/snmp/v2.zeek | 6 +-- .../btest/scripts/base/protocols/snmp/v3.zeek | 2 +- .../base/protocols/socks/socks-auth.zeek | 2 +- .../scripts/base/protocols/socks/trace1.test | 2 +- .../scripts/base/protocols/socks/trace2.test | 2 +- .../scripts/base/protocols/socks/trace3.test | 2 +- .../scripts/base/protocols/ssh/basic.test | 2 +- .../base/protocols/ssh/curve25519_kex.test | 2 +- .../protocols/ssh/one-auth-fail-only.test | 2 +- .../scripts/base/protocols/ssl/basic.test | 2 +- .../base/protocols/ssl/common_name.test | 4 +- .../base/protocols/ssl/comp_methods.test | 2 +- .../base/protocols/ssl/cve-2015-3194.test | 2 +- .../btest/scripts/base/protocols/ssl/dhe.test | 2 +- .../btest/scripts/base/protocols/ssl/dpd.test | 10 ++--- .../base/protocols/ssl/dtls-no-dtls.test | 2 +- .../base/protocols/ssl/dtls-stun-dpd.test | 2 +- .../scripts/base/protocols/ssl/dtls.test | 4 +- .../scripts/base/protocols/ssl/ecdhe.test | 2 +- .../scripts/base/protocols/ssl/ecdsa.test | 2 +- .../scripts/base/protocols/ssl/fragment.test | 2 +- .../base/protocols/ssl/handshake-events.test | 2 +- .../base/protocols/ssl/keyexchange.test | 12 +++--- .../base/protocols/ssl/ocsp-http-get.test | 2 +- .../base/protocols/ssl/ocsp-request-only.test | 2 +- .../protocols/ssl/ocsp-request-response.test | 2 +- .../protocols/ssl/ocsp-response-only.test | 2 +- .../base/protocols/ssl/ocsp-revoked.test | 2 +- .../base/protocols/ssl/ocsp-stapling.test | 2 +- .../ssl/signed_certificate_timestamp.test | 4 +- .../base/protocols/ssl/tls-1.2-ciphers.test | 2 +- .../ssl/tls-1.2-handshake-failure.test | 2 +- .../base/protocols/ssl/tls-1.2-random.test | 2 +- .../scripts/base/protocols/ssl/tls-1.2.test | 2 +- .../protocols/ssl/tls-extension-events.test | 4 +- .../base/protocols/ssl/tls13-experiment.test | 2 +- .../base/protocols/ssl/tls13-version.test | 2 +- .../scripts/base/protocols/ssl/tls13.test | 8 ++-- .../scripts/base/protocols/ssl/tls1_1.test | 2 +- .../protocols/ssl/x509-invalid-extension.test | 2 +- .../base/protocols/ssl/x509_extensions.test | 2 +- .../base/protocols/syslog/missing-pri.zeek | 2 +- .../scripts/base/protocols/syslog/trace.test | 2 +- .../scripts/base/protocols/tcp/pending.zeek | 2 +- .../base/protocols/xmpp/client-dpd.test | 2 +- .../protocols/xmpp/server-dialback-dpd.test | 2 +- .../scripts/base/protocols/xmpp/starttls.test | 2 +- .../btest/scripts/base/utils/active-http.test | 4 +- testing/btest/scripts/base/utils/addrs.test | 2 +- .../btest/scripts/base/utils/conn-ids.test | 2 +- .../scripts/base/utils/decompose_uri.zeek | 2 +- testing/btest/scripts/base/utils/dir.test | 8 ++-- .../base/utils/directions-and-hosts.test | 2 +- testing/btest/scripts/base/utils/exec.test | 4 +- testing/btest/scripts/base/utils/files.test | 2 +- .../btest/scripts/base/utils/hash_hrw.zeek | 2 +- testing/btest/scripts/base/utils/json.test | 2 +- testing/btest/scripts/base/utils/numbers.test | 2 +- testing/btest/scripts/base/utils/paths.test | 14 +++---- testing/btest/scripts/base/utils/pattern.test | 2 +- testing/btest/scripts/base/utils/queue.test | 2 +- testing/btest/scripts/base/utils/site.test | 2 +- testing/btest/scripts/base/utils/strings.test | 2 +- .../btest/scripts/base/utils/thresholds.test | 2 +- testing/btest/scripts/base/utils/urls.test | 2 +- .../btest/scripts/check-test-all-policy.zeek | 4 +- .../policy/frameworks/files/extract-all.zeek | 2 +- .../policy/frameworks/intel/removal.zeek | 2 +- .../policy/frameworks/intel/seen/certs.zeek | 4 +- .../policy/frameworks/intel/seen/smb.zeek | 2 +- .../policy/frameworks/intel/seen/smtp.zeek | 2 +- .../policy/frameworks/intel/whitelisting.zeek | 2 +- .../frameworks/software/version-changes.zeek | 2 +- .../frameworks/software/vulnerable.zeek | 2 +- .../scripts/policy/misc/dump-events.zeek | 6 +-- .../policy/misc/weird-stats-cluster.zeek | 6 +-- .../scripts/policy/misc/weird-stats.zeek | 4 +- .../policy/protocols/conn/known-hosts.zeek | 8 ++-- .../policy/protocols/conn/known-services.zeek | 8 ++-- .../policy/protocols/conn/mac-logging.zeek | 6 +-- .../policy/protocols/conn/vlan-logging.zeek | 2 +- .../policy/protocols/dns/inverse-request.zeek | 2 +- .../policy/protocols/http/flash-version.zeek | 2 +- .../policy/protocols/http/header-names.zeek | 2 +- .../http/test-sql-injection-regex.zeek | 2 +- .../policy/protocols/krb/ticket-logging.zeek | 2 +- .../protocols/ssh/detect-bruteforcing.zeek | 2 +- .../policy/protocols/ssl/expiring-certs.zeek | 2 +- .../protocols/ssl/extract-certs-pem.zeek | 2 +- .../policy/protocols/ssl/heartbleed.zeek | 10 ++--- .../policy/protocols/ssl/known-certs.zeek | 2 +- .../protocols/ssl/log-hostcerts-only.zeek | 2 +- .../ssl/validate-certs-no-cache.zeek | 2 +- .../policy/protocols/ssl/validate-certs.zeek | 4 +- .../policy/protocols/ssl/validate-ocsp.zeek | 6 +-- .../policy/protocols/ssl/validate-sct.zeek | 4 +- .../policy/protocols/ssl/weak-keys.zeek | 6 +-- testing/btest/scripts/site/local-compat.test | 4 +- testing/btest/scripts/site/local.test | 2 +- .../btest/signatures/bad-eval-condition.zeek | 2 +- testing/btest/signatures/dpd.zeek | 8 ++-- testing/btest/signatures/dst-ip-cidr-v4.zeek | 2 +- .../dst-ip-header-condition-v4-masks.zeek | 14 +++---- .../dst-ip-header-condition-v4.zeek | 14 +++---- .../dst-ip-header-condition-v6-masks.zeek | 14 +++---- .../dst-ip-header-condition-v6.zeek | 14 +++---- .../signatures/dst-port-header-condition.zeek | 36 ++++++++-------- .../eval-condition-no-return-value.zeek | 2 +- testing/btest/signatures/eval-condition.zeek | 2 +- .../signatures/header-header-condition.zeek | 16 ++++---- testing/btest/signatures/id-lookup.zeek | 2 +- .../signatures/ip-proto-header-condition.zeek | 14 +++---- testing/btest/signatures/load-sigs.zeek | 2 +- .../src-ip-header-condition-v4-masks.zeek | 14 +++---- .../src-ip-header-condition-v4.zeek | 14 +++---- .../src-ip-header-condition-v6-masks.zeek | 14 +++---- .../src-ip-header-condition-v6.zeek | 14 +++---- .../signatures/src-port-header-condition.zeek | 36 ++++++++-------- .../signatures/udp-packetwise-match.zeek | 2 +- .../btest/signatures/udp-payload-size.zeek | 2 +- testing/scripts/gen-zeexygen-docs.sh | 4 +- testing/scripts/has-writer | 4 +- testing/scripts/travis-job | 2 +- bro-config.h.in => zeek-config.h.in | 0 bro-config.in => zeek-config.in | 8 ++-- bro-path-dev.in => zeek-path-dev.in | 0 zeek-wrapper.in | 27 ++++++++++++ 1119 files changed, 1686 insertions(+), 1647 deletions(-) rename man/{bro.8 => zeek.8} (100%) rename testing/btest/Baseline/core.leaks.broker.data/{bro..stdout => zeek..stdout} (100%) rename testing/btest/Baseline/core.when-interpreter-exceptions/{bro.output => zeek.output} (100%) rename testing/btest/Baseline/language.returnwhen/{bro..stdout => zeek..stdout} (100%) rename testing/btest/Baseline/scripts.base.frameworks.config.basic/{bro..stderr => zeek..stderr} (100%) rename testing/btest/Baseline/scripts.base.frameworks.config.basic/{bro.config.log => zeek.config.log} (100%) rename testing/btest/Baseline/scripts.base.frameworks.config.read_config/{bro.config.log => zeek.config.log} (100%) rename testing/btest/Baseline/scripts.base.frameworks.config.several-files/{bro.config.log => zeek.config.log} (100%) rename testing/btest/Baseline/scripts.base.frameworks.config.updates/{bro.config.log => zeek.config.log} (100%) rename testing/btest/Baseline/scripts.base.frameworks.file-analysis.bifs.set_timeout_interval/{bro..stdout => zeek..stdout} (100%) rename testing/btest/Baseline/scripts.base.frameworks.file-analysis.input.basic/{bro..stdout => zeek..stdout} (100%) rename testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/{bro..stderr => zeek..stderr} (100%) rename testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/{bro..stdout => zeek..stdout} (100%) rename testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/{bro..stderr => zeek..stderr} (100%) rename testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/{bro..stdout => zeek..stdout} (100%) rename testing/btest/Baseline/scripts.base.frameworks.input.missing-file/{bro..stderr => zeek..stderr} (100%) rename testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/{bro..stderr => zeek..stderr} (100%) rename testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/{bro..stdout => zeek..stdout} (100%) rename testing/btest/Baseline/scripts.base.utils.dir/{bro..stdout => zeek..stdout} (100%) rename testing/btest/Baseline/scripts.base.utils.exec/{bro..stdout => zeek..stdout} (100%) rename testing/btest/Baseline/scripts.policy.misc.weird-stats/{bro.weird_stats.log => zeek.weird_stats.log} (100%) rename bro-config.h.in => zeek-config.h.in (100%) rename bro-config.in => zeek-config.in (80%) rename bro-path-dev.in => zeek-path-dev.in (100%) create mode 100755 zeek-wrapper.in diff --git a/CMakeLists.txt b/CMakeLists.txt index cfe0b29ed9..ac8f1b3a3b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -39,15 +39,15 @@ get_filename_component(BRO_SCRIPT_INSTALL_PATH ${BRO_SCRIPT_INSTALL_PATH} set(BRO_PLUGIN_INSTALL_PATH ${BRO_ROOT_DIR}/lib/bro/plugins CACHE STRING "Installation path for plugins" FORCE) -configure_file(bro-path-dev.in ${CMAKE_CURRENT_BINARY_DIR}/bro-path-dev) +configure_file(zeek-path-dev.in ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev) -file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/bro-path-dev.sh - "export BROPATH=`${CMAKE_CURRENT_BINARY_DIR}/bro-path-dev`\n" +file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev.sh + "export BROPATH=`${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev`\n" "export BRO_PLUGIN_PATH=\"${CMAKE_CURRENT_BINARY_DIR}/src\":${BRO_PLUGIN_PATH}\n" "export PATH=\"${CMAKE_CURRENT_BINARY_DIR}/src\":$PATH\n") -file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/bro-path-dev.csh - "setenv BROPATH `${CMAKE_CURRENT_BINARY_DIR}/bro-path-dev`\n" +file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev.csh + "setenv BROPATH `${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev`\n" "setenv BRO_PLUGIN_PATH \"${CMAKE_CURRENT_BINARY_DIR}/src\":${BRO_PLUGIN_PATH}\n" "setenv PATH \"${CMAKE_CURRENT_BINARY_DIR}/src\":$PATH\n") @@ -254,36 +254,43 @@ if ( NOT BINARY_PACKAGING_MODE ) endif () string(TOLOWER ${CMAKE_BUILD_TYPE} CMAKE_BUILD_TYPE_LOWER) -configure_file(${CMAKE_CURRENT_SOURCE_DIR}/bro-config.h.in - ${CMAKE_CURRENT_BINARY_DIR}/bro-config.h) +configure_file(${CMAKE_CURRENT_SOURCE_DIR}/zeek-config.h.in + ${CMAKE_CURRENT_BINARY_DIR}/zeek-config.h) include_directories(${CMAKE_CURRENT_BINARY_DIR}) -install(FILES ${CMAKE_CURRENT_BINARY_DIR}/bro-config.h DESTINATION include/bro) +install(FILES ${CMAKE_CURRENT_BINARY_DIR}/zeek-config.h DESTINATION include/bro) if ( CAF_ROOT_DIR ) - set(BRO_CONFIG_CAF_ROOT_DIR ${CAF_ROOT_DIR}) + set(ZEEK_CONFIG_CAF_ROOT_DIR ${CAF_ROOT_DIR}) else () - set(BRO_CONFIG_CAF_ROOT_DIR ${BRO_ROOT_DIR}) + set(ZEEK_CONFIG_CAF_ROOT_DIR ${BRO_ROOT_DIR}) endif () if ( BinPAC_ROOT_DIR ) - set(BRO_CONFIG_BINPAC_ROOT_DIR ${BinPAC_ROOT_DIR}) + set(ZEEK_CONFIG_BINPAC_ROOT_DIR ${BinPAC_ROOT_DIR}) else () - set(BRO_CONFIG_BINPAC_ROOT_DIR ${BRO_ROOT_DIR}) + set(ZEEK_CONFIG_BINPAC_ROOT_DIR ${BRO_ROOT_DIR}) endif () if ( BROKER_ROOT_DIR ) - set(BRO_CONFIG_BROKER_ROOT_DIR ${BROKER_ROOT_DIR}) + set(ZEEK_CONFIG_BROKER_ROOT_DIR ${BROKER_ROOT_DIR}) else () - set(BRO_CONFIG_BROKER_ROOT_DIR ${BRO_ROOT_DIR}) + set(ZEEK_CONFIG_BROKER_ROOT_DIR ${BRO_ROOT_DIR}) endif () -configure_file(${CMAKE_CURRENT_SOURCE_DIR}/bro-config.in - ${CMAKE_CURRENT_BINARY_DIR}/bro-config @ONLY) -install(PROGRAMS ${CMAKE_CURRENT_BINARY_DIR}/bro-config DESTINATION bin) +configure_file(${CMAKE_CURRENT_SOURCE_DIR}/zeek-config.in + ${CMAKE_CURRENT_BINARY_DIR}/zeek-config @ONLY) +install(PROGRAMS ${CMAKE_CURRENT_BINARY_DIR}/zeek-config DESTINATION bin) install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/cmake DESTINATION share/bro USE_SOURCE_PERMISSIONS) +# Install wrapper script for Bro-to-Zeek renaming. +include(InstallShellScript) +include(InstallSymlink) +InstallShellScript("bin" "zeek-wrapper.in" "zeek-wrapper") +InstallSymlink("${CMAKE_INSTALL_PREFIX}/bin/zeek-wrapper" "${CMAKE_INSTALL_PREFIX}/bin/bro-config") +InstallSymlink("${CMAKE_INSTALL_PREFIX}/include/bro/zeek-config.h" "${CMAKE_INSTALL_PREFIX}/include/bro/bro-config.h") + ######################################################################## ## Recurse on sub-directories diff --git a/doc b/doc index 856db2bb40..d9cf0d7a24 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit 856db2bb4014d15a94cb336d7e5e8ca1d4627b1e +Subproject commit d9cf0d7a242b6924797aea0a70bd87879b8f1e17 diff --git a/man/bro.8 b/man/zeek.8 similarity index 100% rename from man/bro.8 rename to man/zeek.8 diff --git a/scripts/policy/frameworks/control/controllee.zeek b/scripts/policy/frameworks/control/controllee.zeek index 89768ef997..784cad52f9 100644 --- a/scripts/policy/frameworks/control/controllee.zeek +++ b/scripts/policy/frameworks/control/controllee.zeek @@ -5,7 +5,7 @@ ##! to the specific analysis scripts desired. It may also need a node ##! configured as a controller node in the communications nodes configuration:: ##! -##! bro frameworks/control/controllee +##! zeek frameworks/control/controllee @load base/frameworks/control @load base/frameworks/broker diff --git a/scripts/policy/frameworks/control/controller.zeek b/scripts/policy/frameworks/control/controller.zeek index 6befe70fe8..1e58f68821 100644 --- a/scripts/policy/frameworks/control/controller.zeek +++ b/scripts/policy/frameworks/control/controller.zeek @@ -4,7 +4,7 @@ ##! ##! It's intended to be used from the command line like this:: ##! -##! bro frameworks/control/controller Control::host= Control::host_port= Control::cmd= [Control::arg=] +##! zeek frameworks/control/controller Control::host= Control::host_port= Control::cmd= [Control::arg=] @load base/frameworks/control @load base/frameworks/broker diff --git a/src/Attr.cc b/src/Attr.cc index d3a347e8d1..71b85f2c01 100644 --- a/src/Attr.cc +++ b/src/Attr.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "Attr.h" #include "Expr.h" diff --git a/src/Base64.cc b/src/Base64.cc index 3644740c7e..f7915d8678 100644 --- a/src/Base64.cc +++ b/src/Base64.cc @@ -1,4 +1,4 @@ -#include "bro-config.h" +#include "zeek-config.h" #include "Base64.h" #include diff --git a/src/BroString.cc b/src/BroString.cc index 3dca28439c..b7e93bdde9 100644 --- a/src/BroString.cc +++ b/src/BroString.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/CCL.cc b/src/CCL.cc index a725257c75..86ca2a03da 100644 --- a/src/CCL.cc +++ b/src/CCL.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "CCL.h" #include "RE.h" diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 94aca30eb9..f067c5ebc1 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -353,24 +353,28 @@ set(bro_SRCS collect_headers(bro_HEADERS ${bro_SRCS}) if ( bro_HAVE_OBJECT_LIBRARIES ) - add_executable(bro ${bro_SRCS} ${bro_HEADERS} ${bro_SUBDIRS}) - target_link_libraries(bro ${brodeps} ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS}) + add_executable(zeek ${bro_SRCS} ${bro_HEADERS} ${bro_SUBDIRS}) + target_link_libraries(zeek ${brodeps} ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS}) else () - add_executable(bro ${bro_SRCS} ${bro_HEADERS}) - target_link_libraries(bro ${bro_SUBDIRS} ${brodeps} ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS}) + add_executable(zeek ${bro_SRCS} ${bro_HEADERS}) + target_link_libraries(zeek ${bro_SUBDIRS} ${brodeps} ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS}) endif () if ( NOT "${bro_LINKER_FLAGS}" STREQUAL "" ) - set_target_properties(bro PROPERTIES LINK_FLAGS "${bro_LINKER_FLAGS}") + set_target_properties(zeek PROPERTIES LINK_FLAGS "${bro_LINKER_FLAGS}") endif () -install(TARGETS bro DESTINATION bin) +install(TARGETS zeek DESTINATION bin) -set(BRO_EXE bro - CACHE STRING "Bro executable binary" FORCE) +# Install wrapper script for Bro-to-Zeek renaming. +include(InstallSymlink) +InstallSymlink("${CMAKE_INSTALL_PREFIX}/bin/zeek-wrapper" "${CMAKE_INSTALL_PREFIX}/bin/bro") -set(BRO_EXE_PATH ${CMAKE_CURRENT_BINARY_DIR}/bro - CACHE STRING "Path to Bro executable binary" FORCE) +set(BRO_EXE zeek + CACHE STRING "Zeek executable binary" FORCE) + +set(BRO_EXE_PATH ${CMAKE_CURRENT_BINARY_DIR}/zeek + CACHE STRING "Path to Zeek executable binary" FORCE) # Target to create all the autogenerated files. add_custom_target(generate_outputs_stage1) @@ -389,12 +393,12 @@ add_dependencies(generate_outputs generate_outputs_stage2a generate_outputs_stag # Build __load__.zeek files for standard *.bif.zeek. bro_bif_create_loader(bif_loader "${bro_BASE_BIF_SCRIPTS}") add_dependencies(bif_loader ${bro_SUBDIRS}) -add_dependencies(bro bif_loader) +add_dependencies(zeek bif_loader) # Build __load__.zeek files for plugins/*.bif.zeek. bro_bif_create_loader(bif_loader_plugins "${bro_PLUGIN_BIF_SCRIPTS}") add_dependencies(bif_loader_plugins ${bro_SUBDIRS}) -add_dependencies(bro bif_loader_plugins) +add_dependencies(zeek bif_loader_plugins) # Install *.bif.zeek. install(DIRECTORY ${CMAKE_BINARY_DIR}/scripts/base/bif DESTINATION ${BRO_SCRIPT_INSTALL_PATH}/base) diff --git a/src/ChunkedIO.cc b/src/ChunkedIO.cc index d2cdbc6425..602342e759 100644 --- a/src/ChunkedIO.cc +++ b/src/ChunkedIO.cc @@ -11,7 +11,7 @@ #include -#include "bro-config.h" +#include "zeek-config.h" #include "ChunkedIO.h" #include "NetVar.h" #include "RemoteSerializer.h" diff --git a/src/ChunkedIO.h b/src/ChunkedIO.h index e9b41476df..24c7a489d2 100644 --- a/src/ChunkedIO.h +++ b/src/ChunkedIO.h @@ -3,7 +3,7 @@ #ifndef CHUNKEDIO_H #define CHUNKEDIO_H -#include "bro-config.h" +#include "zeek-config.h" #include "List.h" #include "util.h" #include "Flare.h" diff --git a/src/CompHash.cc b/src/CompHash.cc index cc3ad8cb72..ac2df02722 100644 --- a/src/CompHash.cc +++ b/src/CompHash.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "CompHash.h" #include "Val.h" diff --git a/src/Conn.cc b/src/Conn.cc index 83ad6c08f6..51125a5ef8 100644 --- a/src/Conn.cc +++ b/src/Conn.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/DFA.cc b/src/DFA.cc index 00f56ef16e..448307e3fe 100644 --- a/src/DFA.cc +++ b/src/DFA.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "EquivClass.h" #include "DFA.h" diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index b92c057eba..1e4d65bf8a 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/DbgBreakpoint.cc b/src/DbgBreakpoint.cc index c573a8d3b8..b1223486d3 100644 --- a/src/DbgBreakpoint.cc +++ b/src/DbgBreakpoint.cc @@ -1,6 +1,6 @@ // Implementation of breakpoints. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/DbgHelp.cc b/src/DbgHelp.cc index 6bbf9c6ecb..d7d11de3f0 100644 --- a/src/DbgHelp.cc +++ b/src/DbgHelp.cc @@ -1,5 +1,5 @@ // Bro Debugger Help -#include "bro-config.h" +#include "zeek-config.h" #include "Debug.h" diff --git a/src/DbgWatch.cc b/src/DbgWatch.cc index c34144dc1f..8ea7d96fa1 100644 --- a/src/DbgWatch.cc +++ b/src/DbgWatch.cc @@ -1,6 +1,6 @@ // Implementation of watches -#include "bro-config.h" +#include "zeek-config.h" #include "Debug.h" #include "DbgWatch.h" diff --git a/src/Debug.cc b/src/Debug.cc index a45c27888e..5493b20797 100644 --- a/src/Debug.cc +++ b/src/Debug.cc @@ -1,6 +1,6 @@ // Debugging support for Bro policy files. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/DebugCmds.cc b/src/DebugCmds.cc index 4e856b00f5..d11efb0390 100644 --- a/src/DebugCmds.cc +++ b/src/DebugCmds.cc @@ -1,7 +1,7 @@ // Support routines to help deal with Bro debugging commands and // implementation of most commands. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/Desc.cc b/src/Desc.cc index b64bcec8d8..f10f61fa77 100644 --- a/src/Desc.cc +++ b/src/Desc.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/Dict.cc b/src/Dict.cc index d639b0c912..02886c6d5d 100644 --- a/src/Dict.cc +++ b/src/Dict.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #ifdef HAVE_MEMORY_H #include diff --git a/src/Discard.cc b/src/Discard.cc index d1acd80b4d..f84e901143 100644 --- a/src/Discard.cc +++ b/src/Discard.cc @@ -2,7 +2,7 @@ #include -#include "bro-config.h" +#include "zeek-config.h" #include "Net.h" #include "Var.h" diff --git a/src/EquivClass.cc b/src/EquivClass.cc index 7f54f07060..6b2a7aa593 100644 --- a/src/EquivClass.cc +++ b/src/EquivClass.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "EquivClass.h" diff --git a/src/Event.cc b/src/Event.cc index 8b87caa9b1..252ca2195b 100644 --- a/src/Event.cc +++ b/src/Event.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "Event.h" #include "Func.h" diff --git a/src/Expr.cc b/src/Expr.cc index ff039ece35..25306b39d0 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "Expr.h" #include "Event.h" diff --git a/src/File.cc b/src/File.cc index d7a213237f..710693fe0b 100644 --- a/src/File.cc +++ b/src/File.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #ifdef TIME_WITH_SYS_TIME diff --git a/src/Frag.cc b/src/Frag.cc index 842059e218..c6a5b3ba0d 100644 --- a/src/Frag.cc +++ b/src/Frag.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "util.h" #include "Hash.h" diff --git a/src/Frame.cc b/src/Frame.cc index f30312aaec..d065fb440a 100644 --- a/src/Frame.cc +++ b/src/Frame.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "Frame.h" #include "Stmt.h" diff --git a/src/Func.cc b/src/Func.cc index cbbbef6fa5..3f7efc2018 100644 --- a/src/Func.cc +++ b/src/Func.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/Hash.cc b/src/Hash.cc index bb1c103677..1955684738 100644 --- a/src/Hash.cc +++ b/src/Hash.cc @@ -15,7 +15,7 @@ // for the adversary to construct conflicts, though I do not know if // HMAC/MD5 is provably universal. -#include "bro-config.h" +#include "zeek-config.h" #include "Hash.h" #include "Reporter.h" diff --git a/src/ID.cc b/src/ID.cc index 0ae1656533..754746b309 100644 --- a/src/ID.cc +++ b/src/ID.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "ID.h" #include "Expr.h" diff --git a/src/IP.h b/src/IP.h index 8be2d3e609..3d5c7bfe96 100644 --- a/src/IP.h +++ b/src/IP.h @@ -3,7 +3,7 @@ #ifndef ip_h #define ip_h -#include "bro-config.h" +#include "zeek-config.h" #include "net_util.h" #include "IPAddr.h" #include "Reporter.h" diff --git a/src/IntSet.cc b/src/IntSet.cc index f5b004666c..afc538d6ff 100644 --- a/src/IntSet.cc +++ b/src/IntSet.cc @@ -1,4 +1,4 @@ -#include "bro-config.h" +#include "zeek-config.h" #ifdef HAVE_MEMORY_H #include diff --git a/src/List.cc b/src/List.cc index 86129ccfa0..1b8c2fd5e5 100644 --- a/src/List.cc +++ b/src/List.cc @@ -1,4 +1,4 @@ -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/NFA.cc b/src/NFA.cc index c53aa4304b..cf2650b21d 100644 --- a/src/NFA.cc +++ b/src/NFA.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "NFA.h" #include "EquivClass.h" diff --git a/src/Net.cc b/src/Net.cc index b61d365a2a..c6b285c6c6 100644 --- a/src/Net.cc +++ b/src/Net.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #ifdef TIME_WITH_SYS_TIME diff --git a/src/NetVar.cc b/src/NetVar.cc index 57a5452123..3aded363c4 100644 --- a/src/NetVar.cc +++ b/src/NetVar.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "Var.h" #include "NetVar.h" diff --git a/src/Obj.cc b/src/Obj.cc index 023fa0d237..9c3b50a950 100644 --- a/src/Obj.cc +++ b/src/Obj.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/PacketDumper.cc b/src/PacketDumper.cc index 1a53550dfd..0d64c89290 100644 --- a/src/PacketDumper.cc +++ b/src/PacketDumper.cc @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/PolicyFile.cc b/src/PolicyFile.cc index 22f09e6970..a6f93c8d88 100644 --- a/src/PolicyFile.cc +++ b/src/PolicyFile.cc @@ -1,4 +1,4 @@ -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/PriorityQueue.cc b/src/PriorityQueue.cc index 5fe0cbef81..9d5278108b 100644 --- a/src/PriorityQueue.cc +++ b/src/PriorityQueue.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/Queue.cc b/src/Queue.cc index 587e37063f..90f63a85be 100644 --- a/src/Queue.cc +++ b/src/Queue.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/RE.cc b/src/RE.cc index 517fab4c91..b994f16cc2 100644 --- a/src/RE.cc +++ b/src/RE.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/Reassem.cc b/src/Reassem.cc index 0cdeadf80d..7fa70091e0 100644 --- a/src/Reassem.cc +++ b/src/Reassem.cc @@ -3,7 +3,7 @@ #include #include -#include "bro-config.h" +#include "zeek-config.h" #include "Reassem.h" #include "Serializer.h" diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc index 3abd8e6423..5f2d88b93a 100644 --- a/src/RemoteSerializer.cc +++ b/src/RemoteSerializer.cc @@ -159,7 +159,7 @@ #include #include -#include "bro-config.h" +#include "zeek-config.h" #ifdef TIME_WITH_SYS_TIME # include # include diff --git a/src/Reporter.cc b/src/Reporter.cc index cc0542eaac..09a4aa03b5 100644 --- a/src/Reporter.cc +++ b/src/Reporter.cc @@ -4,7 +4,7 @@ #include -#include "bro-config.h" +#include "zeek-config.h" #include "Reporter.h" #include "Event.h" #include "NetVar.h" diff --git a/src/Rule.cc b/src/Rule.cc index c483527c63..57cb82f65e 100644 --- a/src/Rule.cc +++ b/src/Rule.cc @@ -1,4 +1,4 @@ -#include "bro-config.h" +#include "zeek-config.h" #include "Rule.h" #include "RuleMatcher.h" diff --git a/src/RuleAction.cc b/src/RuleAction.cc index 3d22e3b56f..edfe2497a2 100644 --- a/src/RuleAction.cc +++ b/src/RuleAction.cc @@ -1,7 +1,7 @@ #include using std::string; -#include "bro-config.h" +#include "zeek-config.h" #include "RuleAction.h" #include "RuleMatcher.h" diff --git a/src/RuleCondition.cc b/src/RuleCondition.cc index fdb35f5d06..6cd2e9e4c1 100644 --- a/src/RuleCondition.cc +++ b/src/RuleCondition.cc @@ -1,4 +1,4 @@ -#include "bro-config.h" +#include "zeek-config.h" #include "RuleCondition.h" #include "analyzer/protocol/tcp/TCP.h" diff --git a/src/RuleMatcher.cc b/src/RuleMatcher.cc index 5b72264926..6fd13d2db7 100644 --- a/src/RuleMatcher.cc +++ b/src/RuleMatcher.cc @@ -1,7 +1,7 @@ #include #include -#include "bro-config.h" +#include "zeek-config.h" #include "analyzer/Analyzer.h" #include "RuleMatcher.h" diff --git a/src/Scope.cc b/src/Scope.cc index e260ea3ca7..5107bd8e9a 100644 --- a/src/Scope.cc +++ b/src/Scope.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "ID.h" #include "Val.h" diff --git a/src/SerialObj.h b/src/SerialObj.h index b502414f71..84334716de 100644 --- a/src/SerialObj.h +++ b/src/SerialObj.h @@ -37,7 +37,7 @@ #include "DebugLogger.h" #include "Continuation.h" #include "SerialTypes.h" -#include "bro-config.h" +#include "zeek-config.h" #if SIZEOF_LONG_LONG < 8 # error "Serialization requires that sizeof(long long) is at least 8. (Remove this message only if you know what you're doing.)" diff --git a/src/Sessions.cc b/src/Sessions.cc index 3507c46e53..04f8ddfa13 100644 --- a/src/Sessions.cc +++ b/src/Sessions.cc @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/SmithWaterman.cc b/src/SmithWaterman.cc index fba3abfc13..857e45bb9b 100644 --- a/src/SmithWaterman.cc +++ b/src/SmithWaterman.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/Stmt.cc b/src/Stmt.cc index 6dba9eb251..ca43db96d7 100644 --- a/src/Stmt.cc +++ b/src/Stmt.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "Expr.h" #include "Event.h" diff --git a/src/Tag.h b/src/Tag.h index efc3e359c2..78fe333e12 100644 --- a/src/Tag.h +++ b/src/Tag.h @@ -3,7 +3,7 @@ #ifndef TAG_H #define TAG_H -#include "bro-config.h" +#include "zeek-config.h" #include "util.h" #include "Type.h" diff --git a/src/Timer.cc b/src/Timer.cc index 101733028c..f6c9bf5894 100644 --- a/src/Timer.cc +++ b/src/Timer.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "util.h" #include "Timer.h" diff --git a/src/TunnelEncapsulation.h b/src/TunnelEncapsulation.h index 27729e56b7..5e83d91691 100644 --- a/src/TunnelEncapsulation.h +++ b/src/TunnelEncapsulation.h @@ -3,7 +3,7 @@ #ifndef TUNNELS_H #define TUNNELS_H -#include "bro-config.h" +#include "zeek-config.h" #include "NetVar.h" #include "IPAddr.h" #include "Val.h" diff --git a/src/Type.cc b/src/Type.cc index 78c75a12df..64af7db717 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "Type.h" #include "Attr.h" diff --git a/src/Val.cc b/src/Val.cc index 9bc53665fc..592daf7745 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/Var.cc b/src/Var.cc index fb27b7261f..b8f2b7b35d 100644 --- a/src/Var.cc +++ b/src/Var.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "Var.h" #include "Func.h" diff --git a/src/analyzer/Component.h b/src/analyzer/Component.h index c52bf05fc6..74224e4ba4 100644 --- a/src/analyzer/Component.h +++ b/src/analyzer/Component.h @@ -7,7 +7,7 @@ #include "plugin/Component.h" #include "plugin/TaggedComponent.h" -#include "../bro-config.h" +#include "../zeek-config.h" #include "../util.h" class Connection; diff --git a/src/analyzer/Tag.h b/src/analyzer/Tag.h index 926196c747..92aff38189 100644 --- a/src/analyzer/Tag.h +++ b/src/analyzer/Tag.h @@ -3,7 +3,7 @@ #ifndef ANALYZER_TAG_H #define ANALYZER_TAG_H -#include "bro-config.h" +#include "zeek-config.h" #include "util.h" #include "../Tag.h" #include "plugin/TaggedComponent.h" diff --git a/src/analyzer/protocol/arp/ARP.h b/src/analyzer/protocol/arp/ARP.h index 86ea14d694..34c944724a 100644 --- a/src/analyzer/protocol/arp/ARP.h +++ b/src/analyzer/protocol/arp/ARP.h @@ -3,7 +3,7 @@ #ifndef ANALYZER_PROTOCOL_ARP_ARP_H #define ANALYZER_PROTOCOL_ARP_ARP_H -#include "bro-config.h" +#include "zeek-config.h" #include #include #include diff --git a/src/analyzer/protocol/backdoor/BackDoor.cc b/src/analyzer/protocol/backdoor/BackDoor.cc index 81b4c0e9a5..2e8d47d1d0 100644 --- a/src/analyzer/protocol/backdoor/BackDoor.cc +++ b/src/analyzer/protocol/backdoor/BackDoor.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "BackDoor.h" #include "Event.h" diff --git a/src/analyzer/protocol/dce-rpc/DCE_RPC.cc b/src/analyzer/protocol/dce-rpc/DCE_RPC.cc index f7a96fbb6e..0f401d75de 100644 --- a/src/analyzer/protocol/dce-rpc/DCE_RPC.cc +++ b/src/analyzer/protocol/dce-rpc/DCE_RPC.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/analyzer/protocol/dns/DNS.cc b/src/analyzer/protocol/dns/DNS.cc index f99a7ca1e9..c9e2c61cd7 100644 --- a/src/analyzer/protocol/dns/DNS.cc +++ b/src/analyzer/protocol/dns/DNS.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/analyzer/protocol/finger/Finger.cc b/src/analyzer/protocol/finger/Finger.cc index fcc778f151..127ab048e1 100644 --- a/src/analyzer/protocol/finger/Finger.cc +++ b/src/analyzer/protocol/finger/Finger.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/analyzer/protocol/ftp/FTP.cc b/src/analyzer/protocol/ftp/FTP.cc index d4a659124e..a6f41a6b66 100644 --- a/src/analyzer/protocol/ftp/FTP.cc +++ b/src/analyzer/protocol/ftp/FTP.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/analyzer/protocol/gnutella/Gnutella.cc b/src/analyzer/protocol/gnutella/Gnutella.cc index 0b0ebadf03..7cc6285c8c 100644 --- a/src/analyzer/protocol/gnutella/Gnutella.cc +++ b/src/analyzer/protocol/gnutella/Gnutella.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/analyzer/protocol/http/HTTP.cc b/src/analyzer/protocol/http/HTTP.cc index cc6403cb3e..291990119a 100644 --- a/src/analyzer/protocol/http/HTTP.cc +++ b/src/analyzer/protocol/http/HTTP.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/analyzer/protocol/icmp/ICMP.cc b/src/analyzer/protocol/icmp/ICMP.cc index 0acbbd9731..3c65a2a831 100644 --- a/src/analyzer/protocol/icmp/ICMP.cc +++ b/src/analyzer/protocol/icmp/ICMP.cc @@ -2,7 +2,7 @@ #include -#include "bro-config.h" +#include "zeek-config.h" #include "Net.h" #include "NetVar.h" diff --git a/src/analyzer/protocol/ident/Ident.cc b/src/analyzer/protocol/ident/Ident.cc index ba00d9215b..b24675ee53 100644 --- a/src/analyzer/protocol/ident/Ident.cc +++ b/src/analyzer/protocol/ident/Ident.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/analyzer/protocol/interconn/InterConn.cc b/src/analyzer/protocol/interconn/InterConn.cc index 057280a0fa..e9a9378c90 100644 --- a/src/analyzer/protocol/interconn/InterConn.cc +++ b/src/analyzer/protocol/interconn/InterConn.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "InterConn.h" #include "Event.h" diff --git a/src/analyzer/protocol/login/Login.cc b/src/analyzer/protocol/login/Login.cc index 31aba64755..277bb752ff 100644 --- a/src/analyzer/protocol/login/Login.cc +++ b/src/analyzer/protocol/login/Login.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/analyzer/protocol/login/NVT.cc b/src/analyzer/protocol/login/NVT.cc index ea651ece42..9f2e6a2de4 100644 --- a/src/analyzer/protocol/login/NVT.cc +++ b/src/analyzer/protocol/login/NVT.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/analyzer/protocol/login/RSH.cc b/src/analyzer/protocol/login/RSH.cc index b3cca3f5c4..9485e6269e 100644 --- a/src/analyzer/protocol/login/RSH.cc +++ b/src/analyzer/protocol/login/RSH.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "NetVar.h" #include "Event.h" diff --git a/src/analyzer/protocol/login/Rlogin.cc b/src/analyzer/protocol/login/Rlogin.cc index 0c7386e59f..62b391849b 100644 --- a/src/analyzer/protocol/login/Rlogin.cc +++ b/src/analyzer/protocol/login/Rlogin.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "NetVar.h" #include "Event.h" diff --git a/src/analyzer/protocol/login/Telnet.cc b/src/analyzer/protocol/login/Telnet.cc index 78a3289931..5a187a8221 100644 --- a/src/analyzer/protocol/login/Telnet.cc +++ b/src/analyzer/protocol/login/Telnet.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "Telnet.h" #include "NVT.h" diff --git a/src/analyzer/protocol/mime/MIME.cc b/src/analyzer/protocol/mime/MIME.cc index 35b9832020..8fb027f8e8 100644 --- a/src/analyzer/protocol/mime/MIME.cc +++ b/src/analyzer/protocol/mime/MIME.cc @@ -1,4 +1,4 @@ -#include "bro-config.h" +#include "zeek-config.h" #include "NetVar.h" #include "MIME.h" diff --git a/src/analyzer/protocol/ncp/NCP.cc b/src/analyzer/protocol/ncp/NCP.cc index de13e4a6e7..e8407b9fc4 100644 --- a/src/analyzer/protocol/ncp/NCP.cc +++ b/src/analyzer/protocol/ncp/NCP.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/analyzer/protocol/netbios/NetbiosSSN.cc b/src/analyzer/protocol/netbios/NetbiosSSN.cc index c643f8ced7..94812d816c 100644 --- a/src/analyzer/protocol/netbios/NetbiosSSN.cc +++ b/src/analyzer/protocol/netbios/NetbiosSSN.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/analyzer/protocol/ntp/NTP.cc b/src/analyzer/protocol/ntp/NTP.cc index a4c147b464..61fd92ee84 100644 --- a/src/analyzer/protocol/ntp/NTP.cc +++ b/src/analyzer/protocol/ntp/NTP.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "NetVar.h" #include "NTP.h" diff --git a/src/analyzer/protocol/pop3/POP3.cc b/src/analyzer/protocol/pop3/POP3.cc index d8601ed3ba..62b57674e1 100644 --- a/src/analyzer/protocol/pop3/POP3.cc +++ b/src/analyzer/protocol/pop3/POP3.cc @@ -1,7 +1,7 @@ // This code contributed to Bro by Florian Schimandl, Hugh Dollman and // Robin Sommer. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/analyzer/protocol/rpc/MOUNT.cc b/src/analyzer/protocol/rpc/MOUNT.cc index 4473826830..643aa21891 100644 --- a/src/analyzer/protocol/rpc/MOUNT.cc +++ b/src/analyzer/protocol/rpc/MOUNT.cc @@ -3,7 +3,7 @@ #include #include -#include "bro-config.h" +#include "zeek-config.h" #include "NetVar.h" #include "XDR.h" diff --git a/src/analyzer/protocol/rpc/NFS.cc b/src/analyzer/protocol/rpc/NFS.cc index 089d89ea98..9eb9e88d95 100644 --- a/src/analyzer/protocol/rpc/NFS.cc +++ b/src/analyzer/protocol/rpc/NFS.cc @@ -3,7 +3,7 @@ #include #include -#include "bro-config.h" +#include "zeek-config.h" #include "NetVar.h" #include "XDR.h" diff --git a/src/analyzer/protocol/rpc/Portmap.cc b/src/analyzer/protocol/rpc/Portmap.cc index cb3944519f..eb26991921 100644 --- a/src/analyzer/protocol/rpc/Portmap.cc +++ b/src/analyzer/protocol/rpc/Portmap.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "NetVar.h" #include "XDR.h" diff --git a/src/analyzer/protocol/rpc/RPC.cc b/src/analyzer/protocol/rpc/RPC.cc index be0be02232..587050f897 100644 --- a/src/analyzer/protocol/rpc/RPC.cc +++ b/src/analyzer/protocol/rpc/RPC.cc @@ -4,7 +4,7 @@ #include -#include "bro-config.h" +#include "zeek-config.h" #include "NetVar.h" #include "XDR.h" diff --git a/src/analyzer/protocol/rpc/XDR.cc b/src/analyzer/protocol/rpc/XDR.cc index 9ae1ba1236..33973327ee 100644 --- a/src/analyzer/protocol/rpc/XDR.cc +++ b/src/analyzer/protocol/rpc/XDR.cc @@ -2,7 +2,7 @@ #include -#include "bro-config.h" +#include "zeek-config.h" #include "XDR.h" diff --git a/src/analyzer/protocol/smtp/SMTP.cc b/src/analyzer/protocol/smtp/SMTP.cc index aa049c994b..2ba011b8ef 100644 --- a/src/analyzer/protocol/smtp/SMTP.cc +++ b/src/analyzer/protocol/smtp/SMTP.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/analyzer/protocol/stepping-stone/SteppingStone.cc b/src/analyzer/protocol/stepping-stone/SteppingStone.cc index 29315faa74..d3844846b9 100644 --- a/src/analyzer/protocol/stepping-stone/SteppingStone.cc +++ b/src/analyzer/protocol/stepping-stone/SteppingStone.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/analyzer/protocol/udp/UDP.cc b/src/analyzer/protocol/udp/UDP.cc index 74375e673c..8cbb400b9f 100644 --- a/src/analyzer/protocol/udp/UDP.cc +++ b/src/analyzer/protocol/udp/UDP.cc @@ -2,7 +2,7 @@ #include -#include "bro-config.h" +#include "zeek-config.h" #include "Net.h" #include "NetVar.h" diff --git a/src/analyzer/protocol/zip/ZIP.h b/src/analyzer/protocol/zip/ZIP.h index de22803b26..89838729cd 100644 --- a/src/analyzer/protocol/zip/ZIP.h +++ b/src/analyzer/protocol/zip/ZIP.h @@ -3,7 +3,7 @@ #ifndef ANALYZER_PROTOCOL_ZIP_ZIP_H #define ANALYZER_PROTOCOL_ZIP_ZIP_H -#include "bro-config.h" +#include "zeek-config.h" #include "zlib.h" #include "analyzer/protocol/tcp/TCP.h" diff --git a/src/bsd-getopt-long.c b/src/bsd-getopt-long.c index 65a3d94093..dc880f87dd 100644 --- a/src/bsd-getopt-long.c +++ b/src/bsd-getopt-long.c @@ -54,7 +54,7 @@ #define IN_GETOPT_LONG_C 1 -#include +#include #include #include #include diff --git a/src/file_analysis/Component.h b/src/file_analysis/Component.h index b4bcbb9552..85e53a5cde 100644 --- a/src/file_analysis/Component.h +++ b/src/file_analysis/Component.h @@ -9,7 +9,7 @@ #include "Val.h" -#include "../bro-config.h" +#include "../zeek-config.h" #include "../util.h" namespace file_analysis { diff --git a/src/file_analysis/Tag.h b/src/file_analysis/Tag.h index 9d131fa808..a0f6634f64 100644 --- a/src/file_analysis/Tag.h +++ b/src/file_analysis/Tag.h @@ -3,7 +3,7 @@ #ifndef FILE_ANALYZER_TAG_H #define FILE_ANALYZER_TAG_H -#include "bro-config.h" +#include "zeek-config.h" #include "util.h" #include "../Tag.h" #include "plugin/TaggedComponent.h" diff --git a/src/input/Tag.h b/src/input/Tag.h index 91d7539a39..1d4bcc2f9f 100644 --- a/src/input/Tag.h +++ b/src/input/Tag.h @@ -3,7 +3,7 @@ #ifndef INPUT_TAG_H #define INPUT_TAG_H -#include "bro-config.h" +#include "zeek-config.h" #include "util.h" #include "../Tag.h" #include "plugin/TaggedComponent.h" diff --git a/src/input/readers/sqlite/SQLite.cc b/src/input/readers/sqlite/SQLite.cc index 40c0f8a063..1d016867b2 100644 --- a/src/input/readers/sqlite/SQLite.cc +++ b/src/input/readers/sqlite/SQLite.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/input/readers/sqlite/SQLite.h b/src/input/readers/sqlite/SQLite.h index 2aa01017e1..4255a2841f 100644 --- a/src/input/readers/sqlite/SQLite.h +++ b/src/input/readers/sqlite/SQLite.h @@ -3,7 +3,7 @@ #ifndef INPUT_READERS_SQLITE_H #define INPUT_READERS_SQLITE_H -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/iosource/BPF_Program.cc b/src/iosource/BPF_Program.cc index ca5a6eef54..901010e9bc 100644 --- a/src/iosource/BPF_Program.cc +++ b/src/iosource/BPF_Program.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "util.h" #include "BPF_Program.h" diff --git a/src/iosource/PktDumper.cc b/src/iosource/PktDumper.cc index 10c95e8021..863c46ec81 100644 --- a/src/iosource/PktDumper.cc +++ b/src/iosource/PktDumper.cc @@ -4,7 +4,7 @@ #include #include -#include "bro-config.h" +#include "zeek-config.h" #include "PktDumper.h" diff --git a/src/iosource/PktSrc.cc b/src/iosource/PktSrc.cc index 343801ab7d..faa12a020b 100644 --- a/src/iosource/PktSrc.cc +++ b/src/iosource/PktSrc.cc @@ -3,7 +3,7 @@ #include #include -#include "bro-config.h" +#include "zeek-config.h" #include "util.h" #include "PktSrc.h" diff --git a/src/iosource/pcap/Source.cc b/src/iosource/pcap/Source.cc index fb9954981c..119280f1e5 100644 --- a/src/iosource/pcap/Source.cc +++ b/src/iosource/pcap/Source.cc @@ -2,7 +2,7 @@ #include -#include "bro-config.h" +#include "zeek-config.h" #include "Source.h" #include "iosource/Packet.h" diff --git a/src/logging/Tag.h b/src/logging/Tag.h index ab0a702d47..07c45826b8 100644 --- a/src/logging/Tag.h +++ b/src/logging/Tag.h @@ -3,7 +3,7 @@ #ifndef LOGGING_TAG_H #define LOGGING_TAG_H -#include "bro-config.h" +#include "zeek-config.h" #include "util.h" #include "../Tag.h" #include "plugin/TaggedComponent.h" diff --git a/src/logging/writers/sqlite/SQLite.cc b/src/logging/writers/sqlite/SQLite.cc index 977a0c6089..3374c05c9c 100644 --- a/src/logging/writers/sqlite/SQLite.cc +++ b/src/logging/writers/sqlite/SQLite.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/logging/writers/sqlite/SQLite.h b/src/logging/writers/sqlite/SQLite.h index 3ad535e543..7e8ff739b3 100644 --- a/src/logging/writers/sqlite/SQLite.h +++ b/src/logging/writers/sqlite/SQLite.h @@ -5,7 +5,7 @@ #ifndef LOGGING_WRITER_SQLITE_H #define LOGGING_WRITER_SQLITE_H -#include "bro-config.h" +#include "zeek-config.h" #include "logging/WriterBackend.h" #include "threading/formatters/Ascii.h" diff --git a/src/main.cc b/src/main.cc index afd3106986..ae406ea1d9 100644 --- a/src/main.cc +++ b/src/main.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/nb_dns.c b/src/nb_dns.c index f8abc167b5..f8d939b4ab 100644 --- a/src/nb_dns.c +++ b/src/nb_dns.c @@ -11,7 +11,7 @@ * crack reply buffers is private. */ -#include "bro-config.h" /* must appear before first ifdef */ +#include "zeek-config.h" /* must appear before first ifdef */ #include #include diff --git a/src/net_util.cc b/src/net_util.cc index 9f93296d39..6f195a495f 100644 --- a/src/net_util.cc +++ b/src/net_util.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/net_util.h b/src/net_util.h index 52ee53f1dd..a5e11da74b 100644 --- a/src/net_util.h +++ b/src/net_util.h @@ -3,7 +3,7 @@ #ifndef netutil_h #define netutil_h -#include "bro-config.h" +#include "zeek-config.h" // Define first. typedef enum { diff --git a/src/plugin/Plugin.h b/src/plugin/Plugin.h index 369da09037..4ce2a87dc0 100644 --- a/src/plugin/Plugin.h +++ b/src/plugin/Plugin.h @@ -7,7 +7,7 @@ #include #include -#include "bro-config.h" +#include "zeek-config.h" #include "analyzer/Component.h" #include "file_analysis/Component.h" #include "iosource/Component.h" diff --git a/src/rule-parse.y b/src/rule-parse.y index 3e9c8d7ddf..769fb503e6 100644 --- a/src/rule-parse.y +++ b/src/rule-parse.y @@ -2,7 +2,7 @@ #include #include #include -#include "bro-config.h" +#include "zeek-config.h" #include "RuleMatcher.h" #include "Reporter.h" #include "IPAddr.h" diff --git a/src/setsignal.c b/src/setsignal.c index 6344820398..d740cc8215 100644 --- a/src/setsignal.c +++ b/src/setsignal.c @@ -2,7 +2,7 @@ * See the file "COPYING" in the main distribution directory for copyright. */ -#include "bro-config.h" /* must appear before first ifdef */ +#include "zeek-config.h" /* must appear before first ifdef */ #include diff --git a/src/strsep.c b/src/strsep.c index 8540ac3688..0c65402441 100644 --- a/src/strsep.c +++ b/src/strsep.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -#include "bro-config.h" +#include "zeek-config.h" #ifndef HAVE_STRSEP diff --git a/src/threading/BasicThread.cc b/src/threading/BasicThread.cc index 95bfd8acd0..67434957e5 100644 --- a/src/threading/BasicThread.cc +++ b/src/threading/BasicThread.cc @@ -1,7 +1,7 @@ #include -#include "bro-config.h" +#include "zeek-config.h" #include "BasicThread.h" #include "Manager.h" #include "pthread.h" diff --git a/src/threading/Formatter.cc b/src/threading/Formatter.cc index b881962732..395a7fefa6 100644 --- a/src/threading/Formatter.cc +++ b/src/threading/Formatter.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/threading/formatters/Ascii.cc b/src/threading/formatters/Ascii.cc index 94d450a86f..147305485b 100644 --- a/src/threading/formatters/Ascii.cc +++ b/src/threading/formatters/Ascii.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/threading/formatters/JSON.cc b/src/threading/formatters/JSON.cc index 73e9489dc5..a324a08530 100644 --- a/src/threading/formatters/JSON.cc +++ b/src/threading/formatters/JSON.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #ifndef __STDC_LIMIT_MACROS #define __STDC_LIMIT_MACROS diff --git a/src/util.cc b/src/util.cc index 0367700ffb..3279641138 100644 --- a/src/util.cc +++ b/src/util.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "util-config.h" #ifdef TIME_WITH_SYS_TIME diff --git a/src/util.h b/src/util.h index b63b74a3f7..d4ff325eda 100644 --- a/src/util.h +++ b/src/util.h @@ -34,7 +34,7 @@ #include #include -#include "bro-config.h" +#include "zeek-config.h" #include "siphash24.h" #ifdef DEBUG diff --git a/src/version.c.in b/src/version.c.in index 65df65da00..1b7676bf3a 100644 --- a/src/version.c.in +++ b/src/version.c.in @@ -1,5 +1,5 @@ -#include "bro-config.h" +#include "zeek-config.h" char version[] = "@VERSION@"; diff --git a/testing/btest/Baseline/bifs.lookup_ID/out b/testing/btest/Baseline/bifs.lookup_ID/out index 64b6379deb..40170b1f7c 100644 --- a/testing/btest/Baseline/bifs.lookup_ID/out +++ b/testing/btest/Baseline/bifs.lookup_ID/out @@ -1,4 +1,4 @@ -bro test +zeek test diff --git a/testing/btest/Baseline/core.leaks.broker.data/bro..stdout b/testing/btest/Baseline/core.leaks.broker.data/zeek..stdout similarity index 100% rename from testing/btest/Baseline/core.leaks.broker.data/bro..stdout rename to testing/btest/Baseline/core.leaks.broker.data/zeek..stdout diff --git a/testing/btest/Baseline/core.when-interpreter-exceptions/bro.output b/testing/btest/Baseline/core.when-interpreter-exceptions/zeek.output similarity index 100% rename from testing/btest/Baseline/core.when-interpreter-exceptions/bro.output rename to testing/btest/Baseline/core.when-interpreter-exceptions/zeek.output diff --git a/testing/btest/Baseline/language.returnwhen/bro..stdout b/testing/btest/Baseline/language.returnwhen/zeek..stdout similarity index 100% rename from testing/btest/Baseline/language.returnwhen/bro..stdout rename to testing/btest/Baseline/language.returnwhen/zeek..stdout diff --git a/testing/btest/Baseline/scripts.base.frameworks.config.basic/bro..stderr b/testing/btest/Baseline/scripts.base.frameworks.config.basic/zeek..stderr similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.config.basic/bro..stderr rename to testing/btest/Baseline/scripts.base.frameworks.config.basic/zeek..stderr diff --git a/testing/btest/Baseline/scripts.base.frameworks.config.basic/bro.config.log b/testing/btest/Baseline/scripts.base.frameworks.config.basic/zeek.config.log similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.config.basic/bro.config.log rename to testing/btest/Baseline/scripts.base.frameworks.config.basic/zeek.config.log diff --git a/testing/btest/Baseline/scripts.base.frameworks.config.read_config/bro.config.log b/testing/btest/Baseline/scripts.base.frameworks.config.read_config/zeek.config.log similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.config.read_config/bro.config.log rename to testing/btest/Baseline/scripts.base.frameworks.config.read_config/zeek.config.log diff --git a/testing/btest/Baseline/scripts.base.frameworks.config.several-files/bro.config.log b/testing/btest/Baseline/scripts.base.frameworks.config.several-files/zeek.config.log similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.config.several-files/bro.config.log rename to testing/btest/Baseline/scripts.base.frameworks.config.several-files/zeek.config.log diff --git a/testing/btest/Baseline/scripts.base.frameworks.config.updates/bro.config.log b/testing/btest/Baseline/scripts.base.frameworks.config.updates/zeek.config.log similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.config.updates/bro.config.log rename to testing/btest/Baseline/scripts.base.frameworks.config.updates/zeek.config.log diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.bifs.set_timeout_interval/bro..stdout b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.bifs.set_timeout_interval/zeek..stdout similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.file-analysis.bifs.set_timeout_interval/bro..stdout rename to testing/btest/Baseline/scripts.base.frameworks.file-analysis.bifs.set_timeout_interval/zeek..stdout diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.input.basic/bro..stdout b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.input.basic/zeek..stdout similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.file-analysis.input.basic/bro..stdout rename to testing/btest/Baseline/scripts.base.frameworks.file-analysis.input.basic/zeek..stdout diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/bro..stderr b/testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/zeek..stderr similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/bro..stderr rename to testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/zeek..stderr diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/bro..stdout b/testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/zeek..stdout similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/bro..stdout rename to testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/zeek..stdout diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/bro..stderr b/testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/zeek..stderr similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/bro..stderr rename to testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/zeek..stderr diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/bro..stdout b/testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/zeek..stdout similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/bro..stdout rename to testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/zeek..stdout diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.missing-file/bro..stderr b/testing/btest/Baseline/scripts.base.frameworks.input.missing-file/zeek..stderr similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.input.missing-file/bro..stderr rename to testing/btest/Baseline/scripts.base.frameworks.input.missing-file/zeek..stderr diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/bro..stderr b/testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/zeek..stderr similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/bro..stderr rename to testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/zeek..stderr diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/bro..stdout b/testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/zeek..stdout similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/bro..stdout rename to testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/zeek..stdout diff --git a/testing/btest/Baseline/scripts.base.utils.dir/bro..stdout b/testing/btest/Baseline/scripts.base.utils.dir/zeek..stdout similarity index 100% rename from testing/btest/Baseline/scripts.base.utils.dir/bro..stdout rename to testing/btest/Baseline/scripts.base.utils.dir/zeek..stdout diff --git a/testing/btest/Baseline/scripts.base.utils.exec/bro..stdout b/testing/btest/Baseline/scripts.base.utils.exec/zeek..stdout similarity index 100% rename from testing/btest/Baseline/scripts.base.utils.exec/bro..stdout rename to testing/btest/Baseline/scripts.base.utils.exec/zeek..stdout diff --git a/testing/btest/Baseline/scripts.base.utils.paths/output b/testing/btest/Baseline/scripts.base.utils.paths/output index e5693546da..1bf7f738a3 100644 --- a/testing/btest/Baseline/scripts.base.utils.paths/output +++ b/testing/btest/Baseline/scripts.base.utils.paths/output @@ -62,9 +62,9 @@ Expect: /this/is/a/dir\ is\ current\ directory Result: /this/is/a/dir\ is\ current\ directory Result: SUCCESS =============================== -Given : hey, /foo/bar/baz.bro is a cool script -Expect: /foo/bar/baz.bro -Result: /foo/bar/baz.bro +Given : hey, /foo/bar/baz.zeek is a cool script +Expect: /foo/bar/baz.zeek +Result: /foo/bar/baz.zeek Result: SUCCESS =============================== Given : here's two dirs: /foo/bar and /foo/baz @@ -74,11 +74,11 @@ Result: SUCCESS =============================== test build_path_compressed() =============================== -/home/bro/policy/somefile.bro -/usr/local/bro/share/bro/somefile.bro -/usr/local/bro/somefile.bro +/home/bro/policy/somefile.zeek +/usr/local/bro/share/bro/somefile.zeek +/usr/local/bro/somefile.zeek =============================== test build_full_path() =============================== -/home/bro//policy/somefile.bro -/usr/local/bro/share/bro/somefile.bro +/home/bro//policy/somefile.zeek +/usr/local/bro/share/bro/somefile.zeek diff --git a/testing/btest/Baseline/scripts.policy.misc.weird-stats/bro.weird_stats.log b/testing/btest/Baseline/scripts.policy.misc.weird-stats/zeek.weird_stats.log similarity index 100% rename from testing/btest/Baseline/scripts.policy.misc.weird-stats/bro.weird_stats.log rename to testing/btest/Baseline/scripts.policy.misc.weird-stats/zeek.weird_stats.log diff --git a/testing/btest/bifs/addr_count_conversion.zeek b/testing/btest/bifs/addr_count_conversion.zeek index fb87a0c6a3..c27d154932 100644 --- a/testing/btest/bifs/addr_count_conversion.zeek +++ b/testing/btest/bifs/addr_count_conversion.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output global v: index_vec; diff --git a/testing/btest/bifs/addr_to_ptr_name.zeek b/testing/btest/bifs/addr_to_ptr_name.zeek index ac2391cf9b..113750cb4e 100644 --- a/testing/btest/bifs/addr_to_ptr_name.zeek +++ b/testing/btest/bifs/addr_to_ptr_name.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output print addr_to_ptr_name([2607:f8b0:4009:802::1012]); diff --git a/testing/btest/bifs/addr_version.zeek b/testing/btest/bifs/addr_version.zeek index bf96c0d1f3..ca3e4a3100 100644 --- a/testing/btest/bifs/addr_version.zeek +++ b/testing/btest/bifs/addr_version.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out print is_v4_addr(1.2.3.4); diff --git a/testing/btest/bifs/all_set.zeek b/testing/btest/bifs/all_set.zeek index 86a56ed9fa..70a5ea0ecd 100644 --- a/testing/btest/bifs/all_set.zeek +++ b/testing/btest/bifs/all_set.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/analyzer_name.zeek b/testing/btest/bifs/analyzer_name.zeek index b763aabe08..fc896dc417 100644 --- a/testing/btest/bifs/analyzer_name.zeek +++ b/testing/btest/bifs/analyzer_name.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/any_set.zeek b/testing/btest/bifs/any_set.zeek index e19a467206..b64fbb461d 100644 --- a/testing/btest/bifs/any_set.zeek +++ b/testing/btest/bifs/any_set.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/bloomfilter-seed.zeek b/testing/btest/bifs/bloomfilter-seed.zeek index 24531de915..bfa0b0795f 100644 --- a/testing/btest/bifs/bloomfilter-seed.zeek +++ b/testing/btest/bifs/bloomfilter-seed.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -b %INPUT global_hash_seed="foo" >>output -# @TEST-EXEC: bro -b %INPUT global_hash_seed="my_seed" >>output +# @TEST-EXEC: zeek -b %INPUT global_hash_seed="foo" >>output +# @TEST-EXEC: zeek -b %INPUT global_hash_seed="my_seed" >>output # @TEST-EXEC: btest-diff output type Foo: record diff --git a/testing/btest/bifs/bloomfilter.zeek b/testing/btest/bifs/bloomfilter.zeek index dbad5acf5a..6b7abf3a17 100644 --- a/testing/btest/bifs/bloomfilter.zeek +++ b/testing/btest/bifs/bloomfilter.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output function test_basic_bloom_filter() diff --git a/testing/btest/bifs/bro_version.zeek b/testing/btest/bifs/bro_version.zeek index f4de22e09d..84d485a292 100644 --- a/testing/btest/bifs/bro_version.zeek +++ b/testing/btest/bifs/bro_version.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT event zeek_init() { diff --git a/testing/btest/bifs/bytestring_to_count.zeek b/testing/btest/bifs/bytestring_to_count.zeek index 5d15bde38b..2368533432 100644 --- a/testing/btest/bifs/bytestring_to_count.zeek +++ b/testing/btest/bifs/bytestring_to_count.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/bifs/bytestring_to_double.zeek b/testing/btest/bifs/bytestring_to_double.zeek index 6ebcbe503b..ef6890bd61 100644 --- a/testing/btest/bifs/bytestring_to_double.zeek +++ b/testing/btest/bifs/bytestring_to_double.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/bytestring_to_hexstr.zeek b/testing/btest/bifs/bytestring_to_hexstr.zeek index 0b3e8154ab..ec0e23005e 100644 --- a/testing/btest/bifs/bytestring_to_hexstr.zeek +++ b/testing/btest/bifs/bytestring_to_hexstr.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/capture_state_updates.zeek b/testing/btest/bifs/capture_state_updates.zeek index 17d015a661..b9a802a53d 100644 --- a/testing/btest/bifs/capture_state_updates.zeek +++ b/testing/btest/bifs/capture_state_updates.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: test -f testfile diff --git a/testing/btest/bifs/cat.zeek b/testing/btest/bifs/cat.zeek index 5e811f147e..5540ebf106 100644 --- a/testing/btest/bifs/cat.zeek +++ b/testing/btest/bifs/cat.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/cat_string_array.zeek b/testing/btest/bifs/cat_string_array.zeek index f9aa3f266d..70c1b78029 100644 --- a/testing/btest/bifs/cat_string_array.zeek +++ b/testing/btest/bifs/cat_string_array.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/check_subnet.zeek b/testing/btest/bifs/check_subnet.zeek index d476be1bc8..5dfe2c1f72 100644 --- a/testing/btest/bifs/check_subnet.zeek +++ b/testing/btest/bifs/check_subnet.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output global testt: set[subnet] = { diff --git a/testing/btest/bifs/checkpoint_state.zeek b/testing/btest/bifs/checkpoint_state.zeek index e9eeeccb75..dc49ab5e98 100644 --- a/testing/btest/bifs/checkpoint_state.zeek +++ b/testing/btest/bifs/checkpoint_state.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: test -f .state/state.bst event zeek_init() diff --git a/testing/btest/bifs/clear_table.zeek b/testing/btest/bifs/clear_table.zeek index a6c2e67341..08c91e9908 100644 --- a/testing/btest/bifs/clear_table.zeek +++ b/testing/btest/bifs/clear_table.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT > out +# @TEST-EXEC: zeek -b %INPUT > out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/convert_for_pattern.zeek b/testing/btest/bifs/convert_for_pattern.zeek index 1828284f37..0962abfe31 100644 --- a/testing/btest/bifs/convert_for_pattern.zeek +++ b/testing/btest/bifs/convert_for_pattern.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/count_to_addr.zeek b/testing/btest/bifs/count_to_addr.zeek index 4abbaf8d1e..8229f9a4a9 100644 --- a/testing/btest/bifs/count_to_addr.zeek +++ b/testing/btest/bifs/count_to_addr.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/create_file.zeek b/testing/btest/bifs/create_file.zeek index db7d38d087..0336f9ab33 100644 --- a/testing/btest/bifs/create_file.zeek +++ b/testing/btest/bifs/create_file.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff testfile # @TEST-EXEC: btest-diff testfile2 diff --git a/testing/btest/bifs/current_analyzer.zeek b/testing/btest/bifs/current_analyzer.zeek index 8678907320..14acc0d55c 100644 --- a/testing/btest/bifs/current_analyzer.zeek +++ b/testing/btest/bifs/current_analyzer.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT event zeek_init() { diff --git a/testing/btest/bifs/current_time.zeek b/testing/btest/bifs/current_time.zeek index 4d2712ae98..c29ae969f8 100644 --- a/testing/btest/bifs/current_time.zeek +++ b/testing/btest/bifs/current_time.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT event zeek_init() { diff --git a/testing/btest/bifs/decode_base64.zeek b/testing/btest/bifs/decode_base64.zeek index 2d552a2523..84336b1067 100644 --- a/testing/btest/bifs/decode_base64.zeek +++ b/testing/btest/bifs/decode_base64.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out global default_alphabet: string = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; diff --git a/testing/btest/bifs/decode_base64_conn.zeek b/testing/btest/bifs/decode_base64_conn.zeek index e515ed68ac..57d9af69c9 100644 --- a/testing/btest/bifs/decode_base64_conn.zeek +++ b/testing/btest/bifs/decode_base64_conn.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/smtp.trace %INPUT >out # @TEST-EXEC: btest-diff weird.log event connection_established(c: connection) diff --git a/testing/btest/bifs/directory_operations.zeek b/testing/btest/bifs/directory_operations.zeek index 0a5a8b0413..e5282eb47b 100644 --- a/testing/btest/bifs/directory_operations.zeek +++ b/testing/btest/bifs/directory_operations.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/dump_current_packet.zeek b/testing/btest/bifs/dump_current_packet.zeek index e61c9585cd..d78252edf4 100644 --- a/testing/btest/bifs/dump_current_packet.zeek +++ b/testing/btest/bifs/dump_current_packet.zeek @@ -1,5 +1,5 @@ # @TEST-REQUIRES: which hexdump -# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: hexdump -C 1.pcap >1.hex # @TEST-EXEC: hexdump -C 2.pcap >2.hex # @TEST-EXEC: btest-diff 1.hex diff --git a/testing/btest/bifs/edit.zeek b/testing/btest/bifs/edit.zeek index ba6ebdef38..c33289f0e5 100644 --- a/testing/btest/bifs/edit.zeek +++ b/testing/btest/bifs/edit.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/enable_raw_output.test b/testing/btest/bifs/enable_raw_output.test index 14bd2110ee..c46b6e317f 100644 --- a/testing/btest/bifs/enable_raw_output.test +++ b/testing/btest/bifs/enable_raw_output.test @@ -1,7 +1,7 @@ # Files which enable raw output via the BiF shouldn't interpret NUL characters # in strings that are `print`ed to it. -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: tr '\000' 'X' output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cmp myfile hookfile diff --git a/testing/btest/bifs/encode_base64.zeek b/testing/btest/bifs/encode_base64.zeek index bbad715ecc..435f735c70 100644 --- a/testing/btest/bifs/encode_base64.zeek +++ b/testing/btest/bifs/encode_base64.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out global default_alphabet: string = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; diff --git a/testing/btest/bifs/entropy_test.zeek b/testing/btest/bifs/entropy_test.zeek index 11effd1159..fe1d80cc21 100644 --- a/testing/btest/bifs/entropy_test.zeek +++ b/testing/btest/bifs/entropy_test.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/enum_to_int.zeek b/testing/btest/bifs/enum_to_int.zeek index b48c925c8f..17fd1ff8a9 100644 --- a/testing/btest/bifs/enum_to_int.zeek +++ b/testing/btest/bifs/enum_to_int.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out export { diff --git a/testing/btest/bifs/escape_string.zeek b/testing/btest/bifs/escape_string.zeek index 4ae79a869a..93c593d833 100644 --- a/testing/btest/bifs/escape_string.zeek +++ b/testing/btest/bifs/escape_string.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/exit.zeek b/testing/btest/bifs/exit.zeek index 03ea13efd3..e9a27f6379 100644 --- a/testing/btest/bifs/exit.zeek +++ b/testing/btest/bifs/exit.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out || test $? -eq 7 +# @TEST-EXEC: zeek -b %INPUT >out || test $? -eq 7 # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/file_mode.zeek b/testing/btest/bifs/file_mode.zeek index de43439080..8fe39b6404 100644 --- a/testing/btest/bifs/file_mode.zeek +++ b/testing/btest/bifs/file_mode.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/filter_subnet_table.zeek b/testing/btest/bifs/filter_subnet_table.zeek index 79829bc252..b11cbf0a8f 100644 --- a/testing/btest/bifs/filter_subnet_table.zeek +++ b/testing/btest/bifs/filter_subnet_table.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output global testa: set[subnet] = { diff --git a/testing/btest/bifs/find_all.zeek b/testing/btest/bifs/find_all.zeek index cb7e7b35d0..c51086ade0 100644 --- a/testing/btest/bifs/find_all.zeek +++ b/testing/btest/bifs/find_all.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/find_entropy.zeek b/testing/btest/bifs/find_entropy.zeek index 771a6221f7..d8be9c08a6 100644 --- a/testing/btest/bifs/find_entropy.zeek +++ b/testing/btest/bifs/find_entropy.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/find_last.zeek b/testing/btest/bifs/find_last.zeek index 0eab201464..1f986cc6cd 100644 --- a/testing/btest/bifs/find_last.zeek +++ b/testing/btest/bifs/find_last.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/fmt.zeek b/testing/btest/bifs/fmt.zeek index 979dbafe67..3f3b58073d 100644 --- a/testing/btest/bifs/fmt.zeek +++ b/testing/btest/bifs/fmt.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type color: enum { Red, Blue }; diff --git a/testing/btest/bifs/fmt_ftp_port.zeek b/testing/btest/bifs/fmt_ftp_port.zeek index b265c0ad67..956b223cf0 100644 --- a/testing/btest/bifs/fmt_ftp_port.zeek +++ b/testing/btest/bifs/fmt_ftp_port.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/get_current_packet_header.zeek b/testing/btest/bifs/get_current_packet_header.zeek index 24144545ef..8efa727e11 100644 --- a/testing/btest/bifs/get_current_packet_header.zeek +++ b/testing/btest/bifs/get_current_packet_header.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/icmp/icmp6-neighbor-solicit.pcap %INPUT > output +# @TEST-EXEC: zeek -C -r $TRACES/icmp/icmp6-neighbor-solicit.pcap %INPUT > output # @TEST-EXEC: btest-diff output event icmp_neighbor_solicitation(c: connection, icmp: icmp_conn, tgt: addr, options: icmp6_nd_options) diff --git a/testing/btest/bifs/get_matcher_stats.zeek b/testing/btest/bifs/get_matcher_stats.zeek index 76d019caca..5126f614dd 100644 --- a/testing/btest/bifs/get_matcher_stats.zeek +++ b/testing/btest/bifs/get_matcher_stats.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b -s mysig %INPUT +# @TEST-EXEC: zeek -b -s mysig %INPUT @TEST-START-FILE mysig.sig signature my_ftp_client { diff --git a/testing/btest/bifs/get_port_transport_proto.zeek b/testing/btest/bifs/get_port_transport_proto.zeek index 18dfdd4974..8ebbc3adaa 100644 --- a/testing/btest/bifs/get_port_transport_proto.zeek +++ b/testing/btest/bifs/get_port_transport_proto.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/gethostname.zeek b/testing/btest/bifs/gethostname.zeek index b30407190d..dd94b446c6 100644 --- a/testing/btest/bifs/gethostname.zeek +++ b/testing/btest/bifs/gethostname.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT event zeek_init() { diff --git a/testing/btest/bifs/getpid.zeek b/testing/btest/bifs/getpid.zeek index a7348d4743..a1fbcde8bf 100644 --- a/testing/btest/bifs/getpid.zeek +++ b/testing/btest/bifs/getpid.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT event zeek_init() { diff --git a/testing/btest/bifs/getsetenv.zeek b/testing/btest/bifs/getsetenv.zeek index 24fecb7800..63f973e36d 100644 --- a/testing/btest/bifs/getsetenv.zeek +++ b/testing/btest/bifs/getsetenv.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: TESTBRO=testvalue bro -b %INPUT >out +# @TEST-EXEC: TESTBRO=testvalue zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/global_ids.zeek b/testing/btest/bifs/global_ids.zeek index 8875065b3b..b3cf1d3645 100644 --- a/testing/btest/bifs/global_ids.zeek +++ b/testing/btest/bifs/global_ids.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/global_sizes.zeek b/testing/btest/bifs/global_sizes.zeek index 5705ae5e95..373cf74425 100644 --- a/testing/btest/bifs/global_sizes.zeek +++ b/testing/btest/bifs/global_sizes.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/haversine_distance.zeek b/testing/btest/bifs/haversine_distance.zeek index 0d2e7891c0..b1429b13c1 100644 --- a/testing/btest/bifs/haversine_distance.zeek +++ b/testing/btest/bifs/haversine_distance.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test(la1: double, lo1: double, la2: double, lo2: double) diff --git a/testing/btest/bifs/hexdump.zeek b/testing/btest/bifs/hexdump.zeek index 10e1855a19..eae0f58409 100644 --- a/testing/btest/bifs/hexdump.zeek +++ b/testing/btest/bifs/hexdump.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/hexstr_to_bytestring.zeek b/testing/btest/bifs/hexstr_to_bytestring.zeek index 0d41ca00a1..41ca6a4823 100644 --- a/testing/btest/bifs/hexstr_to_bytestring.zeek +++ b/testing/btest/bifs/hexstr_to_bytestring.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff .stderr diff --git a/testing/btest/bifs/hll_cardinality.zeek b/testing/btest/bifs/hll_cardinality.zeek index 6bb9c83708..5a919a9f2f 100644 --- a/testing/btest/bifs/hll_cardinality.zeek +++ b/testing/btest/bifs/hll_cardinality.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro %INPUT>out +# @TEST-EXEC: zeek %INPUT>out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff .stderr diff --git a/testing/btest/bifs/hll_large_estimate.zeek b/testing/btest/bifs/hll_large_estimate.zeek index 520b9633e3..9238e13b36 100644 --- a/testing/btest/bifs/hll_large_estimate.zeek +++ b/testing/btest/bifs/hll_large_estimate.zeek @@ -1,8 +1,8 @@ # # Test the quality of HLL once by checking adding a large number of IP entries. # -# @TEST-EXEC: bro -b %INPUT > out -# @TEST-EXEC: BRO_SEED_FILE="" bro -b %INPUT > out2 +# @TEST-EXEC: zeek -b %INPUT > out +# @TEST-EXEC: BRO_SEED_FILE="" zeek -b %INPUT > out2 # @TEST-EXEC: head -n1 out2 >> out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/bifs/identify_data.zeek b/testing/btest/bifs/identify_data.zeek index 283c50fc86..8ea6e267a1 100644 --- a/testing/btest/bifs/identify_data.zeek +++ b/testing/btest/bifs/identify_data.zeek @@ -1,5 +1,5 @@ # Text encodings may vary with libmagic version so don't test that part. -# @TEST-EXEC: bro -b %INPUT | sed 's/; charset=.*//g' >out +# @TEST-EXEC: zeek -b %INPUT | sed 's/; charset=.*//g' >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/install_src_addr_filter.test b/testing/btest/bifs/install_src_addr_filter.test index 0ee0c85c43..95d1f51d54 100644 --- a/testing/btest/bifs/install_src_addr_filter.test +++ b/testing/btest/bifs/install_src_addr_filter.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT >output +# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace %INPUT >output # @TEST-EXEC: btest-diff output event zeek_init() diff --git a/testing/btest/bifs/is_ascii.zeek b/testing/btest/bifs/is_ascii.zeek index 7930dafa58..505e21e715 100644 --- a/testing/btest/bifs/is_ascii.zeek +++ b/testing/btest/bifs/is_ascii.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/is_local_interface.zeek b/testing/btest/bifs/is_local_interface.zeek index 8667babb85..f1ee1e9990 100644 --- a/testing/btest/bifs/is_local_interface.zeek +++ b/testing/btest/bifs/is_local_interface.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/is_port.zeek b/testing/btest/bifs/is_port.zeek index 709c142070..28f63f63b6 100644 --- a/testing/btest/bifs/is_port.zeek +++ b/testing/btest/bifs/is_port.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/join_string.zeek b/testing/btest/bifs/join_string.zeek index 1ea1afa5c2..410ac6e9f0 100644 --- a/testing/btest/bifs/join_string.zeek +++ b/testing/btest/bifs/join_string.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/levenshtein_distance.zeek b/testing/btest/bifs/levenshtein_distance.zeek index b877a68a22..14aaa78264 100644 --- a/testing/btest/bifs/levenshtein_distance.zeek +++ b/testing/btest/bifs/levenshtein_distance.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/lookup_ID.zeek b/testing/btest/bifs/lookup_ID.zeek index 1d11d1a8cb..534e678729 100644 --- a/testing/btest/bifs/lookup_ID.zeek +++ b/testing/btest/bifs/lookup_ID.zeek @@ -1,8 +1,8 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out -global a = "bro test"; +global a = "zeek test"; event zeek_init() { diff --git a/testing/btest/bifs/lowerupper.zeek b/testing/btest/bifs/lowerupper.zeek index 2cb04bfdaa..dfda21d39e 100644 --- a/testing/btest/bifs/lowerupper.zeek +++ b/testing/btest/bifs/lowerupper.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/lstrip.zeek b/testing/btest/bifs/lstrip.zeek index 850ec90d3f..6674b2a49c 100644 --- a/testing/btest/bifs/lstrip.zeek +++ b/testing/btest/bifs/lstrip.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/mask_addr.zeek b/testing/btest/bifs/mask_addr.zeek index e69a55f590..36ac6d91dd 100644 --- a/testing/btest/bifs/mask_addr.zeek +++ b/testing/btest/bifs/mask_addr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output const one_to_32: vector of count = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32}; diff --git a/testing/btest/bifs/matching_subnets.zeek b/testing/btest/bifs/matching_subnets.zeek index 3d38d32182..c51915ec0d 100644 --- a/testing/btest/bifs/matching_subnets.zeek +++ b/testing/btest/bifs/matching_subnets.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output global testt: set[subnet] = { diff --git a/testing/btest/bifs/math.zeek b/testing/btest/bifs/math.zeek index 288838ffc1..353704f0f9 100644 --- a/testing/btest/bifs/math.zeek +++ b/testing/btest/bifs/math.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/md5.test b/testing/btest/bifs/md5.test index b022302c59..1d00d3f173 100644 --- a/testing/btest/bifs/md5.test +++ b/testing/btest/bifs/md5.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output print md5_hash("one"); diff --git a/testing/btest/bifs/merge_pattern.zeek b/testing/btest/bifs/merge_pattern.zeek index 2d99137b56..2699d58452 100644 --- a/testing/btest/bifs/merge_pattern.zeek +++ b/testing/btest/bifs/merge_pattern.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/net_stats_trace.test b/testing/btest/bifs/net_stats_trace.test index 1cc1ba5567..0b593c11e4 100644 --- a/testing/btest/bifs/net_stats_trace.test +++ b/testing/btest/bifs/net_stats_trace.test @@ -1,5 +1,5 @@ # Checks that accurate stats are returned when reading from a trace file. -# @TEST-EXEC: bro -r $TRACES/wikipedia.trace >output %INPUT +# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace >output %INPUT # @TEST-EXEC: btest-diff output event zeek_done() diff --git a/testing/btest/bifs/netbios-functions.zeek b/testing/btest/bifs/netbios-functions.zeek index 8e65f1d5ec..c3e951ffa8 100644 --- a/testing/btest/bifs/netbios-functions.zeek +++ b/testing/btest/bifs/netbios-functions.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/order.zeek b/testing/btest/bifs/order.zeek index 34c8e8c101..b989bb6095 100644 --- a/testing/btest/bifs/order.zeek +++ b/testing/btest/bifs/order.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function myfunc1(a: addr, b: addr): int diff --git a/testing/btest/bifs/parse_ftp.zeek b/testing/btest/bifs/parse_ftp.zeek index 1e982def27..47b53284e6 100644 --- a/testing/btest/bifs/parse_ftp.zeek +++ b/testing/btest/bifs/parse_ftp.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/piped_exec.zeek b/testing/btest/bifs/piped_exec.zeek index 70f8d70523..469803735e 100644 --- a/testing/btest/bifs/piped_exec.zeek +++ b/testing/btest/bifs/piped_exec.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff test.txt global cmds = "print \"hello world\";"; cmds = string_cat(cmds, "\nprint \"foobar\";"); -if ( piped_exec("bro", cmds) != T ) +if ( piped_exec("zeek", cmds) != T ) exit(1); # Test null output. diff --git a/testing/btest/bifs/ptr_name_to_addr.zeek b/testing/btest/bifs/ptr_name_to_addr.zeek index d1a7878e3d..7779ec7772 100644 --- a/testing/btest/bifs/ptr_name_to_addr.zeek +++ b/testing/btest/bifs/ptr_name_to_addr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output global v6 = ptr_name_to_addr("2.1.0.1.0.0.0.0.0.0.0.0.0.0.0.0.2.0.8.0.9.0.0.4.0.b.8.f.7.0.6.2.ip6.arpa"); diff --git a/testing/btest/bifs/rand.zeek b/testing/btest/bifs/rand.zeek index 591f0bf035..b4b0facabc 100644 --- a/testing/btest/bifs/rand.zeek +++ b/testing/btest/bifs/rand.zeek @@ -1,6 +1,6 @@ # -# @TEST-EXEC: bro -b %INPUT >out -# @TEST-EXEC: bro -b %INPUT do_seed=F >out.2 +# @TEST-EXEC: zeek -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT do_seed=F >out.2 # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out.2 diff --git a/testing/btest/bifs/raw_bytes_to_v4_addr.zeek b/testing/btest/bifs/raw_bytes_to_v4_addr.zeek index 9ac266a0bd..1229ac6135 100644 --- a/testing/btest/bifs/raw_bytes_to_v4_addr.zeek +++ b/testing/btest/bifs/raw_bytes_to_v4_addr.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/reading_traces.zeek b/testing/btest/bifs/reading_traces.zeek index e6fa21999e..11d1e2a3f7 100644 --- a/testing/btest/bifs/reading_traces.zeek +++ b/testing/btest/bifs/reading_traces.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: bro -b %INPUT >out1 +# @TEST-EXEC: zeek -b %INPUT >out1 # @TEST-EXEC: btest-diff out1 -# @TEST-EXEC: bro -r $TRACES/web.trace %INPUT >out2 +# @TEST-EXEC: zeek -r $TRACES/web.trace %INPUT >out2 # @TEST-EXEC: btest-diff out2 event zeek_init() diff --git a/testing/btest/bifs/record_type_to_vector.zeek b/testing/btest/bifs/record_type_to_vector.zeek index e5e79a4f49..3b45af835b 100644 --- a/testing/btest/bifs/record_type_to_vector.zeek +++ b/testing/btest/bifs/record_type_to_vector.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type myrecord: record { diff --git a/testing/btest/bifs/records_fields.zeek b/testing/btest/bifs/records_fields.zeek index a130a63267..632bcb2fcf 100644 --- a/testing/btest/bifs/records_fields.zeek +++ b/testing/btest/bifs/records_fields.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type myrec: record { diff --git a/testing/btest/bifs/remask_addr.zeek b/testing/btest/bifs/remask_addr.zeek index 7b7e89c018..1014b22550 100644 --- a/testing/btest/bifs/remask_addr.zeek +++ b/testing/btest/bifs/remask_addr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output const one_to_32: vector of count = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32}; diff --git a/testing/btest/bifs/resize.zeek b/testing/btest/bifs/resize.zeek index 97c3b8c20b..483564ef1f 100644 --- a/testing/btest/bifs/resize.zeek +++ b/testing/btest/bifs/resize.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/reverse.zeek b/testing/btest/bifs/reverse.zeek index b6831ef3a7..9a87704cc0 100644 --- a/testing/btest/bifs/reverse.zeek +++ b/testing/btest/bifs/reverse.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/rotate_file.zeek b/testing/btest/bifs/rotate_file.zeek index a7c3bf3971..028b374653 100644 --- a/testing/btest/bifs/rotate_file.zeek +++ b/testing/btest/bifs/rotate_file.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/rotate_file_by_name.zeek b/testing/btest/bifs/rotate_file_by_name.zeek index b02d4011be..985084e6ed 100644 --- a/testing/btest/bifs/rotate_file_by_name.zeek +++ b/testing/btest/bifs/rotate_file_by_name.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/routing0_data_to_addrs.test b/testing/btest/bifs/routing0_data_to_addrs.test index a20bb3bf59..1c81eb0cd1 100644 --- a/testing/btest/bifs/routing0_data_to_addrs.test +++ b/testing/btest/bifs/routing0_data_to_addrs.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/ipv6-hbh-routing0.trace %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/ipv6-hbh-routing0.trace %INPUT >output # @TEST-EXEC: btest-diff output event ipv6_ext_headers(c: connection, p: pkt_hdr) diff --git a/testing/btest/bifs/rstrip.zeek b/testing/btest/bifs/rstrip.zeek index f99ebd5f8d..2f19af4207 100644 --- a/testing/btest/bifs/rstrip.zeek +++ b/testing/btest/bifs/rstrip.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/safe_shell_quote.zeek b/testing/btest/bifs/safe_shell_quote.zeek index 9f43fe4089..46940a0976 100644 --- a/testing/btest/bifs/safe_shell_quote.zeek +++ b/testing/btest/bifs/safe_shell_quote.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/same_object.zeek b/testing/btest/bifs/same_object.zeek index 8e38912f58..0afc362f04 100644 --- a/testing/btest/bifs/same_object.zeek +++ b/testing/btest/bifs/same_object.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/sha1.test b/testing/btest/bifs/sha1.test index 7bbd8b002e..1e9396b602 100644 --- a/testing/btest/bifs/sha1.test +++ b/testing/btest/bifs/sha1.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output print sha1_hash("one"); diff --git a/testing/btest/bifs/sha256.test b/testing/btest/bifs/sha256.test index a1c17f7113..83c937029a 100644 --- a/testing/btest/bifs/sha256.test +++ b/testing/btest/bifs/sha256.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output print sha256_hash("one"); diff --git a/testing/btest/bifs/sort.zeek b/testing/btest/bifs/sort.zeek index 2f3789c8a9..8bfd1c5f5d 100644 --- a/testing/btest/bifs/sort.zeek +++ b/testing/btest/bifs/sort.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function myfunc1(a: addr, b: addr): int diff --git a/testing/btest/bifs/sort_string_array.zeek b/testing/btest/bifs/sort_string_array.zeek index 3d3949d89b..ab783f8150 100644 --- a/testing/btest/bifs/sort_string_array.zeek +++ b/testing/btest/bifs/sort_string_array.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/split.zeek b/testing/btest/bifs/split.zeek index 2485c3af1f..deaa18ed1c 100644 --- a/testing/btest/bifs/split.zeek +++ b/testing/btest/bifs/split.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/split_string.zeek b/testing/btest/bifs/split_string.zeek index 2f67921a04..9692f32da5 100644 --- a/testing/btest/bifs/split_string.zeek +++ b/testing/btest/bifs/split_string.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function print_string_vector(v: string_vec) diff --git a/testing/btest/bifs/str_shell_escape.zeek b/testing/btest/bifs/str_shell_escape.zeek index 9079ef3953..f3f08b0072 100644 --- a/testing/btest/bifs/str_shell_escape.zeek +++ b/testing/btest/bifs/str_shell_escape.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/strcmp.zeek b/testing/btest/bifs/strcmp.zeek index 6893656e69..93528ed8f1 100644 --- a/testing/btest/bifs/strcmp.zeek +++ b/testing/btest/bifs/strcmp.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/strftime.zeek b/testing/btest/bifs/strftime.zeek index 8a9f42d8b3..5a68892a22 100644 --- a/testing/btest/bifs/strftime.zeek +++ b/testing/btest/bifs/strftime.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/string_fill.zeek b/testing/btest/bifs/string_fill.zeek index 81a447ed47..9398588b2a 100644 --- a/testing/btest/bifs/string_fill.zeek +++ b/testing/btest/bifs/string_fill.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/string_to_pattern.zeek b/testing/btest/bifs/string_to_pattern.zeek index 089cc3c557..d7e36f7fa8 100644 --- a/testing/btest/bifs/string_to_pattern.zeek +++ b/testing/btest/bifs/string_to_pattern.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/strip.zeek b/testing/btest/bifs/strip.zeek index ae80811a30..caed076f2c 100644 --- a/testing/btest/bifs/strip.zeek +++ b/testing/btest/bifs/strip.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/strptime.zeek b/testing/btest/bifs/strptime.zeek index c8f57b1dfc..3923ced4c0 100644 --- a/testing/btest/bifs/strptime.zeek +++ b/testing/btest/bifs/strptime.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out 2>&1 +# @TEST-EXEC: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/strstr.zeek b/testing/btest/bifs/strstr.zeek index 75a362375a..23f8c871ed 100644 --- a/testing/btest/bifs/strstr.zeek +++ b/testing/btest/bifs/strstr.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/sub.zeek b/testing/btest/bifs/sub.zeek index f83113ad19..1ad4e60137 100644 --- a/testing/btest/bifs/sub.zeek +++ b/testing/btest/bifs/sub.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/subnet_to_addr.zeek b/testing/btest/bifs/subnet_to_addr.zeek index 02bb6254e0..45cac551d2 100644 --- a/testing/btest/bifs/subnet_to_addr.zeek +++ b/testing/btest/bifs/subnet_to_addr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>error +# @TEST-EXEC: zeek -b %INPUT >output 2>error # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff error diff --git a/testing/btest/bifs/subnet_version.zeek b/testing/btest/bifs/subnet_version.zeek index 1efd633f68..a01bc77dd3 100644 --- a/testing/btest/bifs/subnet_version.zeek +++ b/testing/btest/bifs/subnet_version.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out print is_v4_subnet(1.2.3.4/16); diff --git a/testing/btest/bifs/subst_string.zeek b/testing/btest/bifs/subst_string.zeek index 186ca7f921..7ceb8040a2 100644 --- a/testing/btest/bifs/subst_string.zeek +++ b/testing/btest/bifs/subst_string.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/system.zeek b/testing/btest/bifs/system.zeek index e488601ee5..7dab420ed0 100644 --- a/testing/btest/bifs/system.zeek +++ b/testing/btest/bifs/system.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/system_env.zeek b/testing/btest/bifs/system_env.zeek index beece2e2c6..7332990fa2 100644 --- a/testing/btest/bifs/system_env.zeek +++ b/testing/btest/bifs/system_env.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff testfile event zeek_init() diff --git a/testing/btest/bifs/to_addr.zeek b/testing/btest/bifs/to_addr.zeek index 3a43438bb7..bbef484f72 100644 --- a/testing/btest/bifs/to_addr.zeek +++ b/testing/btest/bifs/to_addr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>error +# @TEST-EXEC: zeek -b %INPUT >output 2>error # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff error diff --git a/testing/btest/bifs/to_count.zeek b/testing/btest/bifs/to_count.zeek index dc87fe94b9..7489ca8b79 100644 --- a/testing/btest/bifs/to_count.zeek +++ b/testing/btest/bifs/to_count.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/to_double.zeek b/testing/btest/bifs/to_double.zeek index b2d2d65f4d..d62d30d5af 100644 --- a/testing/btest/bifs/to_double.zeek +++ b/testing/btest/bifs/to_double.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/to_double_from_string.zeek b/testing/btest/bifs/to_double_from_string.zeek index 781261084f..106a987eb4 100644 --- a/testing/btest/bifs/to_double_from_string.zeek +++ b/testing/btest/bifs/to_double_from_string.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>error +# @TEST-EXEC: zeek -b %INPUT >output 2>error # @TEST-EXEC: btest-diff output # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff error diff --git a/testing/btest/bifs/to_int.zeek b/testing/btest/bifs/to_int.zeek index fe7d530835..23e74030ba 100644 --- a/testing/btest/bifs/to_int.zeek +++ b/testing/btest/bifs/to_int.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/to_interval.zeek b/testing/btest/bifs/to_interval.zeek index b877cedacc..a9bab7b675 100644 --- a/testing/btest/bifs/to_interval.zeek +++ b/testing/btest/bifs/to_interval.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/to_port.zeek b/testing/btest/bifs/to_port.zeek index 9c53de7297..b1e220f982 100644 --- a/testing/btest/bifs/to_port.zeek +++ b/testing/btest/bifs/to_port.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/to_subnet.zeek b/testing/btest/bifs/to_subnet.zeek index 59064893e1..ebce392c98 100644 --- a/testing/btest/bifs/to_subnet.zeek +++ b/testing/btest/bifs/to_subnet.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>error +# @TEST-EXEC: zeek -b %INPUT >output 2>error # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff error diff --git a/testing/btest/bifs/to_time.zeek b/testing/btest/bifs/to_time.zeek index b286d92ea4..f2e9032176 100644 --- a/testing/btest/bifs/to_time.zeek +++ b/testing/btest/bifs/to_time.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/topk.zeek b/testing/btest/bifs/topk.zeek index 06246da4ac..667107cbc0 100644 --- a/testing/btest/bifs/topk.zeek +++ b/testing/btest/bifs/topk.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT > out +# @TEST-EXEC: zeek -b %INPUT > out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff .stderr diff --git a/testing/btest/bifs/type_name.zeek b/testing/btest/bifs/type_name.zeek index 6f9f9c6f32..e78f52af3c 100644 --- a/testing/btest/bifs/type_name.zeek +++ b/testing/btest/bifs/type_name.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type color: enum { Red, Blue }; diff --git a/testing/btest/bifs/unique_id-pools.zeek b/testing/btest/bifs/unique_id-pools.zeek index ba31485dc3..7e615d6625 100644 --- a/testing/btest/bifs/unique_id-pools.zeek +++ b/testing/btest/bifs/unique_id-pools.zeek @@ -1,6 +1,6 @@ # -# @TEST-EXEC: bro order_rand | sort >out.1 -# @TEST-EXEC: bro order_base | sort >out.2 +# @TEST-EXEC: zeek order_rand | sort >out.1 +# @TEST-EXEC: zeek order_base | sort >out.2 # @TEST-EXEC: cmp out.1 out.2 @TEST-START-FILE order_rand.zeek diff --git a/testing/btest/bifs/unique_id-rnd.zeek b/testing/btest/bifs/unique_id-rnd.zeek index 02be9fcb92..6a694ae588 100644 --- a/testing/btest/bifs/unique_id-rnd.zeek +++ b/testing/btest/bifs/unique_id-rnd.zeek @@ -1,6 +1,6 @@ # -# @TEST-EXEC: BRO_SEED_FILE= bro -b %INPUT >out -# @TEST-EXEC: BRO_SEED_FILE= bro -b %INPUT >>out +# @TEST-EXEC: BRO_SEED_FILE= zeek -b %INPUT >out +# @TEST-EXEC: BRO_SEED_FILE= zeek -b %INPUT >>out # @TEST-EXEC: cat out | sort | uniq | wc -l | sed 's/ //g' >count # @TEST-EXEC: btest-diff count diff --git a/testing/btest/bifs/unique_id.zeek b/testing/btest/bifs/unique_id.zeek index d87c757f3f..db640a6081 100644 --- a/testing/btest/bifs/unique_id.zeek +++ b/testing/btest/bifs/unique_id.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out print unique_id("A-"); diff --git a/testing/btest/bifs/uuid_to_string.zeek b/testing/btest/bifs/uuid_to_string.zeek index 2df9d2f0f0..21c29eb3e6 100644 --- a/testing/btest/bifs/uuid_to_string.zeek +++ b/testing/btest/bifs/uuid_to_string.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/val_size.zeek b/testing/btest/bifs/val_size.zeek index 8757bde285..b375c94551 100644 --- a/testing/btest/bifs/val_size.zeek +++ b/testing/btest/bifs/val_size.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT event zeek_init() { diff --git a/testing/btest/bifs/x509_verify.zeek b/testing/btest/bifs/x509_verify.zeek index 2afc735172..2786ee04b4 100644 --- a/testing/btest/bifs/x509_verify.zeek +++ b/testing/btest/bifs/x509_verify.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/tls-expired-cert.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls-expired-cert.trace %INPUT # This is a hack: the results of OpenSSL 1.1's vs 1.0's # X509_verify_cert() -> X509_STORE_CTX_get1_chain() calls diff --git a/testing/btest/broker/connect-on-retry.zeek b/testing/btest/broker/connect-on-retry.zeek index ac5caffb69..55e98cb27d 100644 --- a/testing/btest/broker/connect-on-retry.zeek +++ b/testing/btest/broker/connect-on-retry.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -B broker -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/disconnect.zeek b/testing/btest/broker/disconnect.zeek index 7b4d2f7540..c5ad155193 100644 --- a/testing/btest/broker/disconnect.zeek +++ b/testing/btest/broker/disconnect.zeek @@ -1,11 +1,11 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -B broker -b ../send.zeek >send.out" # @TEST-EXEC: $SCRIPTS/wait-for-pid $(cat recv/.pid) 45 || (btest-bg-wait -k 1 && false) -# @TEST-EXEC: btest-bg-run recv2 "bro -B broker -b ../recv.zeek >recv2.out" +# @TEST-EXEC: btest-bg-run recv2 "zeek -B broker -b ../recv.zeek >recv2.out" # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff send/send.out diff --git a/testing/btest/broker/error.zeek b/testing/btest/broker/error.zeek index e6b902e6bb..dec46bbbe3 100644 --- a/testing/btest/broker/error.zeek +++ b/testing/btest/broker/error.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -B main-loop,broker -b send.zeek >send.out +# @TEST-EXEC: zeek -B main-loop,broker -b send.zeek >send.out # @TEST-EXEC: btest-diff send.out # diff --git a/testing/btest/broker/remote_event.zeek b/testing/btest/broker/remote_event.zeek index b160506f8f..0fec6e4628 100644 --- a/testing/btest/broker/remote_event.zeek +++ b/testing/btest/broker/remote_event.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -B broker -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/remote_event_any.zeek b/testing/btest/broker/remote_event_any.zeek index b4df830195..d45dcfdee2 100644 --- a/testing/btest/broker/remote_event_any.zeek +++ b/testing/btest/broker/remote_event_any.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -B broker -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/remote_event_auto.zeek b/testing/btest/broker/remote_event_auto.zeek index dde153d2ad..77d98c389a 100644 --- a/testing/btest/broker/remote_event_auto.zeek +++ b/testing/btest/broker/remote_event_auto.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/remote_event_ssl_auth.zeek b/testing/btest/broker/remote_event_ssl_auth.zeek index 3e80a98b1e..e5fdfa8fbb 100644 --- a/testing/btest/broker/remote_event_ssl_auth.zeek +++ b/testing/btest/broker/remote_event_ssl_auth.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -B broker -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/remote_event_vector_any.zeek b/testing/btest/broker/remote_event_vector_any.zeek index 93f667791d..4736600429 100644 --- a/testing/btest/broker/remote_event_vector_any.zeek +++ b/testing/btest/broker/remote_event_vector_any.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -B broker -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/remote_id.zeek b/testing/btest/broker/remote_id.zeek index a41675e5e8..faa0980414 100644 --- a/testing/btest/broker/remote_id.zeek +++ b/testing/btest/broker/remote_id.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek test_var=newval >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -B broker -b ../send.zeek test_var=newval >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/remote_log.zeek b/testing/btest/broker/remote_log.zeek index 2ab5d71343..fa80475f6f 100644 --- a/testing/btest/broker/remote_log.zeek +++ b/testing/btest/broker/remote_log.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -B broker -b ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/remote_log_late_join.zeek b/testing/btest/broker/remote_log_late_join.zeek index c199c19dcf..86b9a54935 100644 --- a/testing/btest/broker/remote_log_late_join.zeek +++ b/testing/btest/broker/remote_log_late_join.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -b ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/remote_log_types.zeek b/testing/btest/broker/remote_log_types.zeek index 153c1c27b3..beff5e997d 100644 --- a/testing/btest/broker/remote_log_types.zeek +++ b/testing/btest/broker/remote_log_types.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -b ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/ssl_auth_failure.zeek b/testing/btest/broker/ssl_auth_failure.zeek index 737a8deccc..45c091c1fb 100644 --- a/testing/btest/broker/ssl_auth_failure.zeek +++ b/testing/btest/broker/ssl_auth_failure.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -B broker -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/store/clone.zeek b/testing/btest/broker/store/clone.zeek index 2d68380ba1..8730b017d2 100644 --- a/testing/btest/broker/store/clone.zeek +++ b/testing/btest/broker/store/clone.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run clone "bro -B broker -b ../clone-main.zeek >clone.out" -# @TEST-EXEC: btest-bg-run master "bro -B broker -b ../master-main.zeek >master.out" +# @TEST-EXEC: btest-bg-run clone "zeek -B broker -b ../clone-main.zeek >clone.out" +# @TEST-EXEC: btest-bg-run master "zeek -B broker -b ../master-main.zeek >master.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff clone/clone.out diff --git a/testing/btest/broker/store/local.zeek b/testing/btest/broker/store/local.zeek index 1846d8c2c3..9ec3140c10 100644 --- a/testing/btest/broker/store/local.zeek +++ b/testing/btest/broker/store/local.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run master "bro -b %INPUT >out" +# @TEST-EXEC: btest-bg-run master "zeek -b %INPUT >out" # @TEST-EXEC: btest-bg-wait 60 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff master/out diff --git a/testing/btest/broker/store/ops.zeek b/testing/btest/broker/store/ops.zeek index 4e89f365bf..aed9ab5d9a 100644 --- a/testing/btest/broker/store/ops.zeek +++ b/testing/btest/broker/store/ops.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run master "bro -B broker -b %INPUT >out" +# @TEST-EXEC: btest-bg-run master "zeek -B broker -b %INPUT >out" # @TEST-EXEC: btest-bg-wait 60 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff master/out diff --git a/testing/btest/broker/store/record.zeek b/testing/btest/broker/store/record.zeek index 62ee4735ba..374fb7cab3 100644 --- a/testing/btest/broker/store/record.zeek +++ b/testing/btest/broker/store/record.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run master "bro -b %INPUT >out" +# @TEST-EXEC: btest-bg-run master "zeek -b %INPUT >out" # @TEST-EXEC: btest-bg-wait 60 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff master/out diff --git a/testing/btest/broker/store/set.zeek b/testing/btest/broker/store/set.zeek index c2524cec6a..8e4b29b1da 100644 --- a/testing/btest/broker/store/set.zeek +++ b/testing/btest/broker/store/set.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run master "bro -b %INPUT >out" +# @TEST-EXEC: btest-bg-run master "zeek -b %INPUT >out" # @TEST-EXEC: btest-bg-wait 60 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff master/out diff --git a/testing/btest/broker/store/sqlite.zeek b/testing/btest/broker/store/sqlite.zeek index 8adde597f5..613f348550 100644 --- a/testing/btest/broker/store/sqlite.zeek +++ b/testing/btest/broker/store/sqlite.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -b %INPUT RUN=1 >out -# @TEST-EXEC: bro -b %INPUT RUN=2 >>out +# @TEST-EXEC: zeek -b %INPUT RUN=1 >out +# @TEST-EXEC: zeek -b %INPUT RUN=2 >>out # @TEST-EXEC: btest-diff out global RUN = 0 &redef; diff --git a/testing/btest/broker/store/table.zeek b/testing/btest/broker/store/table.zeek index 6fdf7615a6..acedef0318 100644 --- a/testing/btest/broker/store/table.zeek +++ b/testing/btest/broker/store/table.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run master "bro -b %INPUT >out" +# @TEST-EXEC: btest-bg-run master "zeek -b %INPUT >out" # @TEST-EXEC: btest-bg-wait 60 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff master/out diff --git a/testing/btest/broker/store/type-conversion.zeek b/testing/btest/broker/store/type-conversion.zeek index fa9e16d587..919bfd91ca 100644 --- a/testing/btest/broker/store/type-conversion.zeek +++ b/testing/btest/broker/store/type-conversion.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run master "bro -b %INPUT >out" +# @TEST-EXEC: btest-bg-run master "zeek -b %INPUT >out" # @TEST-EXEC: btest-bg-wait 60 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff master/out diff --git a/testing/btest/broker/store/vector.zeek b/testing/btest/broker/store/vector.zeek index 7c44640334..b896524ea8 100644 --- a/testing/btest/broker/store/vector.zeek +++ b/testing/btest/broker/store/vector.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run master "bro -b %INPUT >out" +# @TEST-EXEC: btest-bg-run master "zeek -b %INPUT >out" # @TEST-EXEC: btest-bg-wait 60 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff master/out diff --git a/testing/btest/broker/unpeer.zeek b/testing/btest/broker/unpeer.zeek index b03d53925e..dc4f589d4b 100644 --- a/testing/btest/broker/unpeer.zeek +++ b/testing/btest/broker/unpeer.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/btest.cfg b/testing/btest/btest.cfg index 5a570d9021..8c457afee0 100644 --- a/testing/btest/btest.cfg +++ b/testing/btest/btest.cfg @@ -6,13 +6,13 @@ IgnoreDirs = .svn CVS .tmp IgnoreFiles = *.tmp *.swp #* *.trace .DS_Store [environment] -BROPATH=`bash -c %(testbase)s/../../build/bro-path-dev` +BROPATH=`bash -c %(testbase)s/../../build/zeek-path-dev` BRO_SEED_FILE=%(testbase)s/random.seed BRO_PLUGIN_PATH= TZ=UTC LC_ALL=C BTEST_PATH=%(testbase)s/../../aux/btest -PATH=%(testbase)s/../../build/src:%(testbase)s/../scripts:%(testbase)s/../../aux/btest:%(testbase)s/../../build/aux/bro-aux/bro-cut:%(testbase)s/../../aux/btest/sphinx:%(default_path)s:/sbin +PATH=%(testbase)s/../../build/src:%(testbase)s/../scripts:%(testbase)s/../../aux/btest:%(testbase)s/../../build/aux/bro-aux/zeek-cut:%(testbase)s/../../aux/btest/sphinx:%(default_path)s:/sbin TRACES=%(testbase)s/Traces FILES=%(testbase)s/Files SCRIPTS=%(testbase)s/../scripts @@ -29,3 +29,4 @@ BRO_DEFAULT_LISTEN_RETRY=1 BRO_DEFAULT_CONNECT_RETRY=1 BRO_DISABLE_BROXYGEN=1 ZEEK_ALLOW_INIT_ERRORS=1 +DYLD_LIBRARY_PATH=/opt/local/lib diff --git a/testing/btest/core/bits_per_uid.zeek b/testing/btest/core/bits_per_uid.zeek index 6e997907de..d252eefe23 100644 --- a/testing/btest/core/bits_per_uid.zeek +++ b/testing/btest/core/bits_per_uid.zeek @@ -1,12 +1,12 @@ -# @TEST-EXEC: bro -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=32 >32 +# @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=32 >32 # @TEST-EXEC: btest-diff 32 -# @TEST-EXEC: bro -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=64 >64 +# @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=64 >64 # @TEST-EXEC: btest-diff 64 -# @TEST-EXEC: bro -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=96 >96 +# @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=96 >96 # @TEST-EXEC: btest-diff 96 -# @TEST-EXEC: bro -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=128 >128 +# @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=128 >128 # @TEST-EXEC: btest-diff 128 -# @TEST-EXEC: bro -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=256 >256 +# @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=256 >256 # @TEST-EXEC: btest-diff 256 # @TEST-EXEC: cmp 128 256 diff --git a/testing/btest/core/check-unused-event-handlers.test b/testing/btest/core/check-unused-event-handlers.test index 3836414054..7d3a581d6c 100644 --- a/testing/btest/core/check-unused-event-handlers.test +++ b/testing/btest/core/check-unused-event-handlers.test @@ -1,5 +1,5 @@ # This test should print a warning that the event handler is never invoked. -# @TEST-EXEC: bro -b %INPUT check_for_unused_event_handlers=T +# @TEST-EXEC: zeek -b %INPUT check_for_unused_event_handlers=T # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff .stderr event this_is_never_used() diff --git a/testing/btest/core/checksums.test b/testing/btest/core/checksums.test index 77fe2a62d3..6d5d286097 100644 --- a/testing/btest/core/checksums.test +++ b/testing/btest/core/checksums.test @@ -1,41 +1,41 @@ -# @TEST-EXEC: bro -r $TRACES/chksums/ip4-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip4-bad-chksum.pcap # @TEST-EXEC: mv weird.log bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip4-tcp-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip4-tcp-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip4-udp-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip4-udp-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip4-icmp-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip4-icmp-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-tcp-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-route0-tcp-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-udp-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-route0-udp-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-icmp6-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-route0-icmp6-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-tcp-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-tcp-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-udp-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-udp-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-icmp6-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-icmp6-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip4-tcp-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip4-tcp-good-chksum.pcap # @TEST-EXEC: mv weird.log good.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip4-udp-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip4-udp-good-chksum.pcap # @TEST-EXEC: test ! -e weird.log -# @TEST-EXEC: bro -r $TRACES/chksums/ip4-icmp-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip4-icmp-good-chksum.pcap # @TEST-EXEC: test ! -e weird.log -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-tcp-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-route0-tcp-good-chksum.pcap # @TEST-EXEC: cat weird.log >> good.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-udp-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-route0-udp-good-chksum.pcap # @TEST-EXEC: cat weird.log >> good.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-icmp6-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-route0-icmp6-good-chksum.pcap # @TEST-EXEC: cat weird.log >> good.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-tcp-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-tcp-good-chksum.pcap # @TEST-EXEC: cat weird.log >> good.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-udp-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-udp-good-chksum.pcap # @TEST-EXEC: cat weird.log >> good.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap # @TEST-EXEC: cat weird.log >> good.out # @TEST-EXEC: btest-diff bad.out diff --git a/testing/btest/core/cisco-fabric-path.zeek b/testing/btest/core/cisco-fabric-path.zeek index ff7fa298e3..183c16f84d 100644 --- a/testing/btest/core/cisco-fabric-path.zeek +++ b/testing/btest/core/cisco-fabric-path.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -C -r $TRACES/cisco-fabric-path.pcap +# @TEST-EXEC: zeek -C -r $TRACES/cisco-fabric-path.pcap # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/conn-size-threshold.zeek b/testing/btest/core/conn-size-threshold.zeek index ce83e5939d..d886846df5 100644 --- a/testing/btest/core/conn-size-threshold.zeek +++ b/testing/btest/core/conn-size-threshold.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/irc-dcc-send.trace %INPUT # @TEST-EXEC: btest-diff .stdout event connection_established(c: connection) diff --git a/testing/btest/core/conn-uid.zeek b/testing/btest/core/conn-uid.zeek index 52ff8fc4d3..40626e27c9 100644 --- a/testing/btest/core/conn-uid.zeek +++ b/testing/btest/core/conn-uid.zeek @@ -1,12 +1,12 @@ # # In "normal" test mode, connection uids should be determistic. # -# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT >output +# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace %INPUT >output # @TEST-EXEC: btest-diff output # # Without a seed, they should differ each time: # -# @TEST-EXEC: unset BRO_SEED_FILE && bro -C -r $TRACES/wikipedia.trace %INPUT >output2 +# @TEST-EXEC: unset BRO_SEED_FILE && zeek -C -r $TRACES/wikipedia.trace %INPUT >output2 # @TEST-EXEC: cat output output2 | sort | uniq -c | wc -l | sed 's/ //g' >counts # @TEST-EXEC: btest-diff counts diff --git a/testing/btest/core/connection_flip_roles.zeek b/testing/btest/core/connection_flip_roles.zeek index e68d94c5fe..e5e52671eb 100644 --- a/testing/btest/core/connection_flip_roles.zeek +++ b/testing/btest/core/connection_flip_roles.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/tcp/handshake-reorder.trace %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/tcp/handshake-reorder.trace %INPUT >out # @TEST-EXEC: btest-diff out # This tests the Connection::FlipRoles code path (SYN/SYN-ACK reversal). diff --git a/testing/btest/core/disable-mobile-ipv6.test b/testing/btest/core/disable-mobile-ipv6.test index 88eb2b853f..b9914f260f 100644 --- a/testing/btest/core/disable-mobile-ipv6.test +++ b/testing/btest/core/disable-mobile-ipv6.test @@ -1,5 +1,5 @@ # @TEST-REQUIRES: grep -q "#undef ENABLE_MOBILE_IPV6" $BUILD/bro-config.h -# @TEST-EXEC: bro -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT # @TEST-EXEC: btest-diff weird.log event mobile_ipv6_message(p: pkt_hdr) diff --git a/testing/btest/core/discarder.zeek b/testing/btest/core/discarder.zeek index 454d5a0de1..21bae33541 100644 --- a/testing/btest/core/discarder.zeek +++ b/testing/btest/core/discarder.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: bro -b -C -r $TRACES/wikipedia.trace discarder-ip.zeek >output -# @TEST-EXEC: bro -b -C -r $TRACES/wikipedia.trace discarder-tcp.zeek >>output -# @TEST-EXEC: bro -b -C -r $TRACES/wikipedia.trace discarder-udp.zeek >>output -# @TEST-EXEC: bro -b -C -r $TRACES/icmp/icmp-destunreach-udp.pcap discarder-icmp.zeek >>output +# @TEST-EXEC: zeek -b -C -r $TRACES/wikipedia.trace discarder-ip.zeek >output +# @TEST-EXEC: zeek -b -C -r $TRACES/wikipedia.trace discarder-tcp.zeek >>output +# @TEST-EXEC: zeek -b -C -r $TRACES/wikipedia.trace discarder-udp.zeek >>output +# @TEST-EXEC: zeek -b -C -r $TRACES/icmp/icmp-destunreach-udp.pcap discarder-icmp.zeek >>output # @TEST-EXEC: btest-diff output @TEST-START-FILE discarder-ip.zeek diff --git a/testing/btest/core/div-by-zero.zeek b/testing/btest/core/div-by-zero.zeek index da06569c2f..d1c95db88c 100644 --- a/testing/btest/core/div-by-zero.zeek +++ b/testing/btest/core/div-by-zero.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out 2>&1 +# @TEST-EXEC: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out event div_int(a: int, b: int) diff --git a/testing/btest/core/dns-init.zeek b/testing/btest/core/dns-init.zeek index 5a7efff6fb..0372bbf7b8 100644 --- a/testing/btest/core/dns-init.zeek +++ b/testing/btest/core/dns-init.zeek @@ -1,6 +1,6 @@ # We once had a bug where DNS lookups at init time lead to an immediate crash. # -# @TEST-EXEC: bro %INPUT >output 2>&1 +# @TEST-EXEC: zeek %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output const foo: set[addr] = { diff --git a/testing/btest/core/embedded-null.zeek b/testing/btest/core/embedded-null.zeek index c85da21541..bae3767d8c 100644 --- a/testing/btest/core/embedded-null.zeek +++ b/testing/btest/core/embedded-null.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT 2>&1 +# @TEST-EXEC: zeek -b %INPUT 2>&1 # @TEST-EXEC: btest-diff .stdout event zeek_init() diff --git a/testing/btest/core/enum-redef-exists.zeek b/testing/btest/core/enum-redef-exists.zeek index 69c331c74d..d9b1cc2415 100644 --- a/testing/btest/core/enum-redef-exists.zeek +++ b/testing/btest/core/enum-redef-exists.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output module SSH; diff --git a/testing/btest/core/erspan.zeek b/testing/btest/core/erspan.zeek index eb05cdcf5a..379afb55fb 100644 --- a/testing/btest/core/erspan.zeek +++ b/testing/btest/core/erspan.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -b -r $TRACES/erspan.trace %INPUT +# @TEST-EXEC: zeek -C -b -r $TRACES/erspan.trace %INPUT # @TEST-EXEC: btest-diff tunnel.log @load base/frameworks/tunnels diff --git a/testing/btest/core/erspanII.zeek b/testing/btest/core/erspanII.zeek index b59c0ecf08..945a8ff3d2 100644 --- a/testing/btest/core/erspanII.zeek +++ b/testing/btest/core/erspanII.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -b -r $TRACES/erspanII.pcap %INPUT +# @TEST-EXEC: zeek -C -b -r $TRACES/erspanII.pcap %INPUT # @TEST-EXEC: btest-diff tunnel.log # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/erspanIII.zeek b/testing/btest/core/erspanIII.zeek index 3215f4b9da..de3072e022 100644 --- a/testing/btest/core/erspanIII.zeek +++ b/testing/btest/core/erspanIII.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -b -r $TRACES/erspanIII.pcap %INPUT +# @TEST-EXEC: zeek -C -b -r $TRACES/erspanIII.pcap %INPUT # @TEST-EXEC: btest-diff tunnel.log # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/ether-addrs.zeek b/testing/btest/core/ether-addrs.zeek index 2cb1d42b6f..d905d97baa 100644 --- a/testing/btest/core/ether-addrs.zeek +++ b/testing/btest/core/ether-addrs.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -C -b -r $TRACES/wikipedia.trace %INPUT >>output -# @TEST-EXEC: bro -C -b -r $TRACES/radiotap.pcap %INPUT >>output +# @TEST-EXEC: zeek -C -b -r $TRACES/wikipedia.trace %INPUT >>output +# @TEST-EXEC: zeek -C -b -r $TRACES/radiotap.pcap %INPUT >>output # @TEST-EXEC: btest-diff output event new_connection(c: connection) diff --git a/testing/btest/core/event-arg-reuse.zeek b/testing/btest/core/event-arg-reuse.zeek index 3ad5f82cab..b96f4a5a18 100644 --- a/testing/btest/core/event-arg-reuse.zeek +++ b/testing/btest/core/event-arg-reuse.zeek @@ -1,6 +1,6 @@ # @TEST-DOC: Check that assignment to event parameters isn't visible to other handlers. # -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output event f(a: int) &priority=5 diff --git a/testing/btest/core/expr-exception.zeek b/testing/btest/core/expr-exception.zeek index 9e84717935..58eee4a07d 100644 --- a/testing/btest/core/expr-exception.zeek +++ b/testing/btest/core/expr-exception.zeek @@ -1,7 +1,7 @@ # Expressions in an event handler that raise interpreter exceptions # shouldn't abort Bro entirely, but just return from the function body. # -# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace %INPUT >output # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps" btest-diff reporter.log # @TEST-EXEC: btest-diff output diff --git a/testing/btest/core/fake_dns.zeek b/testing/btest/core/fake_dns.zeek index f5cd4d2067..d16152cb7b 100644 --- a/testing/btest/core/fake_dns.zeek +++ b/testing/btest/core/fake_dns.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: BRO_DNS_FAKE=1 bro -b %INPUT >out +# @TEST-EXEC: BRO_DNS_FAKE=1 zeek -b %INPUT >out # @TEST-EXEC: btest-diff out redef exit_only_after_terminate = T; diff --git a/testing/btest/core/file-caching-serialization.test b/testing/btest/core/file-caching-serialization.test index c6edeb55c2..6588dc96e4 100644 --- a/testing/btest/core/file-caching-serialization.test +++ b/testing/btest/core/file-caching-serialization.test @@ -4,11 +4,11 @@ # second case, files are eventually forced out of the cache and # undergo serialization, which requires re-opening. -# @TEST-EXEC: bro -b %INPUT "test_file_prefix=one" +# @TEST-EXEC: zeek -b %INPUT "test_file_prefix=one" # @TEST-EXEC: btest-diff one0 # @TEST-EXEC: btest-diff one1 # @TEST-EXEC: btest-diff one2 -# @TEST-EXEC: bro -b %INPUT "test_file_prefix=two" "max_files_in_cache=2" +# @TEST-EXEC: zeek -b %INPUT "test_file_prefix=two" "max_files_in_cache=2" # @TEST-EXEC: btest-diff two0 # @TEST-EXEC: btest-diff two1 # @TEST-EXEC: btest-diff two2 diff --git a/testing/btest/core/global_opaque_val.zeek b/testing/btest/core/global_opaque_val.zeek index 0232271ced..4bc0607029 100644 --- a/testing/btest/core/global_opaque_val.zeek +++ b/testing/btest/core/global_opaque_val.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output global test = md5_hash_init(); diff --git a/testing/btest/core/history-flip.zeek b/testing/btest/core/history-flip.zeek index e9769d99b5..3895c3e2c6 100644 --- a/testing/btest/core/history-flip.zeek +++ b/testing/btest/core/history-flip.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tcp/missing-syn.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tcp/missing-syn.pcap %INPUT # @TEST-EXEC: btest-diff conn.log @load policy/protocols/conn/mac-logging diff --git a/testing/btest/core/icmp/icmp-context.test b/testing/btest/core/icmp/icmp-context.test index ca7a34c5aa..58e696cf9c 100644 --- a/testing/btest/core/icmp/icmp-context.test +++ b/testing/btest/core/icmp/icmp-context.test @@ -1,8 +1,8 @@ # These tests all check that IPv6 context packet construction for ICMP6 works. -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp-destunreach-no-context.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp-destunreach-ip.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp-destunreach-udp.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp-destunreach-no-context.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp-destunreach-ip.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp-destunreach-udp.pcap %INPUT >>output 2>&1 # @TEST-EXEC: btest-diff output event icmp_unreachable(c: connection, icmp: icmp_conn, code: count, context: icmp_context) diff --git a/testing/btest/core/icmp/icmp-events.test b/testing/btest/core/icmp/icmp-events.test index 1a54f05fba..3aa0ee1177 100644 --- a/testing/btest/core/icmp/icmp-events.test +++ b/testing/btest/core/icmp/icmp-events.test @@ -1,8 +1,8 @@ # These tests all check that ICMP6 events get raised with correct arguments. -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp-destunreach-udp.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp-timeexceeded.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp-ping.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp-destunreach-udp.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp-timeexceeded.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp-ping.pcap %INPUT >>output 2>&1 # @TEST-EXEC: btest-diff output diff --git a/testing/btest/core/icmp/icmp6-context.test b/testing/btest/core/icmp/icmp6-context.test index dfa8271cbc..66d57b527b 100644 --- a/testing/btest/core/icmp/icmp6-context.test +++ b/testing/btest/core/icmp/icmp6-context.test @@ -1,9 +1,9 @@ # These tests all check that IPv6 context packet construction for ICMP6 works. -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-destunreach-no-context.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-destunreach-ip6ext-trunc.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-destunreach-ip6ext-udp.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-destunreach-ip6ext.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-destunreach-no-context.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-destunreach-ip6ext-trunc.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-destunreach-ip6ext-udp.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-destunreach-ip6ext.pcap %INPUT >>output 2>&1 # @TEST-EXEC: btest-diff output event icmp_unreachable(c: connection, icmp: icmp_conn, code: count, context: icmp_context) diff --git a/testing/btest/core/icmp/icmp6-events.test b/testing/btest/core/icmp/icmp6-events.test index 5263dd6e7f..6174e697fd 100644 --- a/testing/btest/core/icmp/icmp6-events.test +++ b/testing/btest/core/icmp/icmp6-events.test @@ -1,15 +1,15 @@ # These tests all check that ICMP6 events get raised with correct arguments. -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-destunreach-ip6ext-udp.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-toobig.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-timeexceeded.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-paramprob.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-ping.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-redirect.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-router-advert.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-neighbor-advert.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-router-solicit.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-neighbor-solicit.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-destunreach-ip6ext-udp.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-toobig.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-timeexceeded.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-paramprob.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-ping.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-redirect.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-router-advert.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-neighbor-advert.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-router-solicit.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-neighbor-solicit.pcap %INPUT >>output 2>&1 # @TEST-EXEC: btest-diff output diff --git a/testing/btest/core/icmp/icmp6-nd-options.test b/testing/btest/core/icmp/icmp6-nd-options.test index 64543852a3..93f1931524 100644 --- a/testing/btest/core/icmp/icmp6-nd-options.test +++ b/testing/btest/core/icmp/icmp6-nd-options.test @@ -1,7 +1,7 @@ # These tests all check that ICMP6 events get raised with correct arguments. -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-redirect-hdr-opt.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-nd-options.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-redirect-hdr-opt.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-nd-options.pcap %INPUT >>output 2>&1 # @TEST-EXEC: btest-diff output diff --git a/testing/btest/core/icmp/icmp_sent.zeek b/testing/btest/core/icmp/icmp_sent.zeek index 406ca637ba..72e6ab543b 100644 --- a/testing/btest/core/icmp/icmp_sent.zeek +++ b/testing/btest/core/icmp/icmp_sent.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp_sent.pcap %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp_sent.pcap %INPUT >out # @TEST-EXEC: btest-diff out event icmp_sent(c: connection, icmp: icmp_conn) diff --git a/testing/btest/core/init-error.zeek b/testing/btest/core/init-error.zeek index 858fad4eb1..82226e9dfa 100644 --- a/testing/btest/core/init-error.zeek +++ b/testing/btest/core/init-error.zeek @@ -1,6 +1,6 @@ # The default is for an initialization error to be a hard failure. -# @TEST-EXEC-FAIL: unset ZEEK_ALLOW_INIT_ERRORS && bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: unset ZEEK_ALLOW_INIT_ERRORS && zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out event zeek_init() &priority=10 diff --git a/testing/btest/core/ip-broken-header.zeek b/testing/btest/core/ip-broken-header.zeek index a539628829..1e2d8c95c6 100644 --- a/testing/btest/core/ip-broken-header.zeek +++ b/testing/btest/core/ip-broken-header.zeek @@ -1,7 +1,7 @@ # This test has a trace that was generated from fuzzing which used to cause # OOB reads in Bro. It has a number of packets broken in weird ways. # -# @TEST-EXEC: gunzip -c $TRACES/trunc/mpls-6in6-broken.pcap.gz | bro -C -b -r - %INPUT +# @TEST-EXEC: gunzip -c $TRACES/trunc/mpls-6in6-broken.pcap.gz | zeek -C -b -r - %INPUT # @TEST-EXEC: btest-diff weird.log @load base/frameworks/notice/weird diff --git a/testing/btest/core/ipv6-atomic-frag.test b/testing/btest/core/ipv6-atomic-frag.test index 8c8fe6ca64..a247d50cec 100644 --- a/testing/btest/core/ipv6-atomic-frag.test +++ b/testing/btest/core/ipv6-atomic-frag.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/ipv6-http-atomic-frag.trace %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/ipv6-http-atomic-frag.trace %INPUT >output # @TEST-EXEC: btest-diff output event new_connection(c: connection) diff --git a/testing/btest/core/ipv6-flow-labels.test b/testing/btest/core/ipv6-flow-labels.test index 2265cd55d4..332a684cc9 100644 --- a/testing/btest/core/ipv6-flow-labels.test +++ b/testing/btest/core/ipv6-flow-labels.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/ftp/ipv6.trace %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/ftp/ipv6.trace %INPUT >output # @TEST-EXEC: btest-diff output function print_connection(c: connection, event_name: string) diff --git a/testing/btest/core/ipv6-frag.test b/testing/btest/core/ipv6-frag.test index 32c7c0a8c1..815dd9910b 100644 --- a/testing/btest/core/ipv6-frag.test +++ b/testing/btest/core/ipv6-frag.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/ipv6-fragmented-dns.trace %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/ipv6-fragmented-dns.trace %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff dns.log diff --git a/testing/btest/core/ipv6_esp.test b/testing/btest/core/ipv6_esp.test index 508a4597f2..4f8b3a4b69 100644 --- a/testing/btest/core/ipv6_esp.test +++ b/testing/btest/core/ipv6_esp.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/ip6_esp.trace %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/ip6_esp.trace %INPUT >output # @TEST-EXEC: btest-diff output # Just check that the event is raised correctly for a packet containing diff --git a/testing/btest/core/ipv6_ext_headers.test b/testing/btest/core/ipv6_ext_headers.test index 32a0f5d558..100410510b 100644 --- a/testing/btest/core/ipv6_ext_headers.test +++ b/testing/btest/core/ipv6_ext_headers.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/ipv6-hbh-routing0.trace %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/ipv6-hbh-routing0.trace %INPUT >output # @TEST-EXEC: btest-diff output # Just check that the event is raised correctly for a packet containing diff --git a/testing/btest/core/ipv6_zero_len_ah.test b/testing/btest/core/ipv6_zero_len_ah.test index 014ba7b3cc..28c612992f 100644 --- a/testing/btest/core/ipv6_zero_len_ah.test +++ b/testing/btest/core/ipv6_zero_len_ah.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/ipv6_zero_len_ah.trace %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/ipv6_zero_len_ah.trace %INPUT >output # @TEST-EXEC: btest-diff output # Shouldn't crash, but we also won't have seq and data fields set of the ip6_ah diff --git a/testing/btest/core/leaks/ayiya.test b/testing/btest/core/leaks/ayiya.test index 3572cf98ba..abbf46e6d8 100644 --- a/testing/btest/core/leaks/ayiya.test +++ b/testing/btest/core/leaks/ayiya.test @@ -1,8 +1,8 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/tunnels/ayiya3.trace +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -r $TRACES/tunnels/ayiya3.trace # @TEST-EXEC: btest-bg-wait 60 diff --git a/testing/btest/core/leaks/basic-cluster.zeek b/testing/btest/core/leaks/basic-cluster.zeek index e186b7aa43..7698c46023 100644 --- a/testing/btest/core/leaks/basic-cluster.zeek +++ b/testing/btest/core/leaks/basic-cluster.zeek @@ -5,11 +5,11 @@ # @TEST-PORT: BROKER_PORT3 # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: btest-bg-run manager-1 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro -m %INPUT -# @TEST-EXEC: btest-bg-run worker-1 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro -m %INPUT -# @TEST-EXEC: btest-bg-run worker-2 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro -m %INPUT +# @TEST-EXEC: btest-bg-run manager-1 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek -m %INPUT +# @TEST-EXEC: btest-bg-run worker-1 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek -m %INPUT +# @TEST-EXEC: btest-bg-run worker-2 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek -m %INPUT # @TEST-EXEC: btest-bg-wait 60 @TEST-START-FILE cluster-layout.zeek diff --git a/testing/btest/core/leaks/bloomfilter.zeek b/testing/btest/core/leaks/bloomfilter.zeek index e93bfe23cc..6318251767 100644 --- a/testing/btest/core/leaks/bloomfilter.zeek +++ b/testing/btest/core/leaks/bloomfilter.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 function test_basic_bloom_filter() diff --git a/testing/btest/core/leaks/broker/clone_store.zeek b/testing/btest/core/leaks/broker/clone_store.zeek index a1f1256551..bf8732a60f 100644 --- a/testing/btest/core/leaks/broker/clone_store.zeek +++ b/testing/btest/core/leaks/broker/clone_store.zeek @@ -1,9 +1,9 @@ # @TEST-PORT: BROKER_PORT -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # @TEST-GROUP: leaks -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run clone "bro -m -b ../clone.zeek >clone.out" -# @TEST-EXEC: btest-bg-run master "bro -b ../master.zeek >master.out" +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run clone "zeek -m -b ../clone.zeek >clone.out" +# @TEST-EXEC: btest-bg-run master "zeek -b ../master.zeek >master.out" # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff clone/clone.out diff --git a/testing/btest/core/leaks/broker/data.zeek b/testing/btest/core/leaks/broker/data.zeek index 590d041ff1..9d4aa120a7 100644 --- a/testing/btest/core/leaks/broker/data.zeek +++ b/testing/btest/core/leaks/broker/data.zeek @@ -1,9 +1,9 @@ -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # @TEST-GROUP: leaks -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-bg-wait 45 -# @TEST-EXEC: btest-diff bro/.stdout +# @TEST-EXEC: btest-diff zeek/.stdout type bro_set: set[string]; type bro_table: table[string] of count; diff --git a/testing/btest/core/leaks/broker/master_store.zeek b/testing/btest/core/leaks/broker/master_store.zeek index 08919bb461..c8527b8d73 100644 --- a/testing/btest/core/leaks/broker/master_store.zeek +++ b/testing/btest/core/leaks/broker/master_store.zeek @@ -1,7 +1,7 @@ -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # @TEST-GROUP: leaks -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-bg-wait 45 redef exit_only_after_terminate = T; diff --git a/testing/btest/core/leaks/broker/remote_event.test b/testing/btest/core/leaks/broker/remote_event.test index 9983f7871d..470fc0837a 100644 --- a/testing/btest/core/leaks/broker/remote_event.test +++ b/testing/btest/core/leaks/broker/remote_event.test @@ -1,9 +1,9 @@ # @TEST-PORT: BROKER_PORT -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # @TEST-GROUP: leaks -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run recv "bro -m -b ../recv.zeek >recv.out" -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run send "bro -m -b ../send.zeek >send.out" +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run recv "zeek -m -b ../recv.zeek >recv.out" +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run send "zeek -m -b ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/core/leaks/broker/remote_log.test b/testing/btest/core/leaks/broker/remote_log.test index 21d387b15f..2580877de0 100644 --- a/testing/btest/core/leaks/broker/remote_log.test +++ b/testing/btest/core/leaks/broker/remote_log.test @@ -1,9 +1,9 @@ # @TEST-PORT: BROKER_PORT -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # @TEST-GROUP: leaks -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run recv "bro -m -b ../recv.zeek >recv.out" -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run send "bro -m -b ../send.zeek >send.out" +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run recv "zeek -m -b ../recv.zeek >recv.out" +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run send "zeek -m -b ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/core/leaks/dns-nsec3.zeek b/testing/btest/core/leaks/dns-nsec3.zeek index 16be0103e6..29b591b0ee 100644 --- a/testing/btest/core/leaks/dns-nsec3.zeek +++ b/testing/btest/core/leaks/dns-nsec3.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -C -m -r $TRACES/dnssec/nsec3.pcap %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -C -m -r $TRACES/dnssec/nsec3.pcap %INPUT # @TEST-EXEC: btest-bg-wait 60 @load policy/protocols/dns/auth-addl diff --git a/testing/btest/core/leaks/dns-txt.zeek b/testing/btest/core/leaks/dns-txt.zeek index c04e5df6ea..93d049a40b 100644 --- a/testing/btest/core/leaks/dns-txt.zeek +++ b/testing/btest/core/leaks/dns-txt.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 redef exit_only_after_terminate = T; diff --git a/testing/btest/core/leaks/dns.zeek b/testing/btest/core/leaks/dns.zeek index f16a4ca3bb..e4f8c92cdb 100644 --- a/testing/btest/core/leaks/dns.zeek +++ b/testing/btest/core/leaks/dns.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 redef exit_only_after_terminate = T; diff --git a/testing/btest/core/leaks/dtls.zeek b/testing/btest/core/leaks/dtls.zeek index e7f75a530e..b7f27de91d 100644 --- a/testing/btest/core/leaks/dtls.zeek +++ b/testing/btest/core/leaks/dtls.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/tls/dtls1_0.pcap %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/tls/dtls1_0.pcap %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/ssl diff --git a/testing/btest/core/leaks/exec.test b/testing/btest/core/leaks/exec.test index ec4eb0d75f..793954a9dc 100644 --- a/testing/btest/core/leaks/exec.test +++ b/testing/btest/core/leaks/exec.test @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b ../exectest.zeek +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b ../exectest.zeek # @TEST-EXEC: btest-bg-wait 60 @TEST-START-FILE exectest.zeek diff --git a/testing/btest/core/leaks/file-analysis-http-get.zeek b/testing/btest/core/leaks/file-analysis-http-get.zeek index 960a510137..6e0dae16be 100644 --- a/testing/btest/core/leaks/file-analysis-http-get.zeek +++ b/testing/btest/core/leaks/file-analysis-http-get.zeek @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT # @TEST-EXEC: btest-bg-wait 60 redef test_file_analysis_source = "HTTP"; diff --git a/testing/btest/core/leaks/gridftp.test b/testing/btest/core/leaks/gridftp.test index 4c7d31937d..4028df6b33 100644 --- a/testing/btest/core/leaks/gridftp.test +++ b/testing/btest/core/leaks/gridftp.test @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/globus-url-copy.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -r $TRACES/globus-url-copy.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/ftp/gridftp diff --git a/testing/btest/core/leaks/gtp_opt_header.test b/testing/btest/core/leaks/gtp_opt_header.test index 79cc50d752..e11ecf1942 100644 --- a/testing/btest/core/leaks/gtp_opt_header.test +++ b/testing/btest/core/leaks/gtp_opt_header.test @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/tunnels/gtp/gtp6_gtp_0x32.pcap %INPUT >out +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -r $TRACES/tunnels/gtp/gtp6_gtp_0x32.pcap %INPUT >out # @TEST-EXEC: btest-bg-wait 60 # Some GTPv1 headers have some optional fields totaling to a 4-byte extension diff --git a/testing/btest/core/leaks/hll_cluster.zeek b/testing/btest/core/leaks/hll_cluster.zeek index 40f964ad3a..a6afed593a 100644 --- a/testing/btest/core/leaks/hll_cluster.zeek +++ b/testing/btest/core/leaks/hll_cluster.zeek @@ -5,12 +5,12 @@ # @TEST-PORT: BROKER_PORT3 # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: bro -m %INPUT>out -# @TEST-EXEC: btest-bg-run manager-1 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro -m %INPUT -# @TEST-EXEC: btest-bg-run worker-1 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro -m runnumber=1 %INPUT -# @TEST-EXEC: btest-bg-run worker-2 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro -m runnumber=2 %INPUT +# @TEST-EXEC: zeek -m %INPUT>out +# @TEST-EXEC: btest-bg-run manager-1 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek -m %INPUT +# @TEST-EXEC: btest-bg-run worker-1 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek -m runnumber=1 %INPUT +# @TEST-EXEC: btest-bg-run worker-2 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek -m runnumber=2 %INPUT # @TEST-EXEC: btest-bg-wait 60 # # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/core/leaks/hook.zeek b/testing/btest/core/leaks/hook.zeek index 0d991bc9a0..5f25a8a011 100644 --- a/testing/btest/core/leaks/hook.zeek +++ b/testing/btest/core/leaks/hook.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 type rec: record { diff --git a/testing/btest/core/leaks/http-connect.zeek b/testing/btest/core/leaks/http-connect.zeek index 8a7f1c8146..c18871c55d 100644 --- a/testing/btest/core/leaks/http-connect.zeek +++ b/testing/btest/core/leaks/http-connect.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/http/connect-with-smtp.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/http/connect-with-smtp.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/conn diff --git a/testing/btest/core/leaks/incr-vec-expr.test b/testing/btest/core/leaks/incr-vec-expr.test index 42d9d9f820..ff6117feea 100644 --- a/testing/btest/core/leaks/incr-vec-expr.test +++ b/testing/btest/core/leaks/incr-vec-expr.test @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT # @TEST-EXEC: btest-bg-wait 60 type rec: record { diff --git a/testing/btest/core/leaks/input-basic.zeek b/testing/btest/core/leaks/input-basic.zeek index 177cbc5e26..8903fa0409 100644 --- a/testing/btest/core/leaks/input-basic.zeek +++ b/testing/btest/core/leaks/input-basic.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b %INPUT # @TEST-EXEC: btest-bg-wait 60 redef exit_only_after_terminate = T; diff --git a/testing/btest/core/leaks/input-errors.zeek b/testing/btest/core/leaks/input-errors.zeek index 93a143c8d5..7262e16c06 100644 --- a/testing/btest/core/leaks/input-errors.zeek +++ b/testing/btest/core/leaks/input-errors.zeek @@ -3,9 +3,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b %INPUT # @TEST-EXEC: btest-bg-wait 60 @TEST-START-FILE input.log diff --git a/testing/btest/core/leaks/input-missing-enum.zeek b/testing/btest/core/leaks/input-missing-enum.zeek index 5f931a35f3..9c34d163dd 100644 --- a/testing/btest/core/leaks/input-missing-enum.zeek +++ b/testing/btest/core/leaks/input-missing-enum.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b %INPUT # @TEST-EXEC: btest-bg-wait 60 @TEST-START-FILE input.log diff --git a/testing/btest/core/leaks/input-optional-event.zeek b/testing/btest/core/leaks/input-optional-event.zeek index df8d591769..500a076ed6 100644 --- a/testing/btest/core/leaks/input-optional-event.zeek +++ b/testing/btest/core/leaks/input-optional-event.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b %INPUT # @TEST-EXEC: btest-bg-wait 60 @TEST-START-FILE input.log diff --git a/testing/btest/core/leaks/input-optional-table.zeek b/testing/btest/core/leaks/input-optional-table.zeek index f3e4c05fb4..09f50fb8c8 100644 --- a/testing/btest/core/leaks/input-optional-table.zeek +++ b/testing/btest/core/leaks/input-optional-table.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b %INPUT # @TEST-EXEC: btest-bg-wait 60 @TEST-START-FILE input.log diff --git a/testing/btest/core/leaks/input-raw.zeek b/testing/btest/core/leaks/input-raw.zeek index 39ab13adfd..938875987c 100644 --- a/testing/btest/core/leaks/input-raw.zeek +++ b/testing/btest/core/leaks/input-raw.zeek @@ -2,13 +2,13 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-EXEC: cp input1.log input.log -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 60 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got2 60 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cat input2.log >> input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got6 15 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got6 15 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cat input3.log >> input.log # @TEST-EXEC: btest-bg-wait 60 diff --git a/testing/btest/core/leaks/input-reread.zeek b/testing/btest/core/leaks/input-reread.zeek index c15a91a6aa..6621c14574 100644 --- a/testing/btest/core/leaks/input-reread.zeek +++ b/testing/btest/core/leaks/input-reread.zeek @@ -2,17 +2,17 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-EXEC: cp input1.log input.log -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 60 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got2 60 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cp input2.log input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got4 10 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got4 10 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cp input3.log input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got6 10 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got6 10 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cp input4.log input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got8 10 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got8 10 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cp input5.log input.log # @TEST-EXEC: btest-bg-wait 120 diff --git a/testing/btest/core/leaks/input-sqlite.zeek b/testing/btest/core/leaks/input-sqlite.zeek index d278a00533..9606779c7b 100644 --- a/testing/btest/core/leaks/input-sqlite.zeek +++ b/testing/btest/core/leaks/input-sqlite.zeek @@ -2,11 +2,11 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # @TEST-REQUIRES: which sqlite3 # # @TEST-EXEC: cat conn.sql | sqlite3 conn.sqlite -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b %INPUT # @TEST-EXEC: btest-bg-wait 60 @TEST-START-FILE conn.sql diff --git a/testing/btest/core/leaks/input-with-remove.zeek b/testing/btest/core/leaks/input-with-remove.zeek index 59e3f28c0a..2a55c8a3fa 100644 --- a/testing/btest/core/leaks/input-with-remove.zeek +++ b/testing/btest/core/leaks/input-with-remove.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/frameworks/input diff --git a/testing/btest/core/leaks/ip-in-ip.test b/testing/btest/core/leaks/ip-in-ip.test index 3ceae55d49..8f69f4ddd2 100644 --- a/testing/btest/core/leaks/ip-in-ip.test +++ b/testing/btest/core/leaks/ip-in-ip.test @@ -1,12 +1,12 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro1 bro -m -b -r $TRACES/tunnels/6in6.pcap %INPUT -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro2 bro -m -b -r $TRACES/tunnels/6in6in6.pcap %INPUT -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro3 bro -m -b -r $TRACES/tunnels/6in6-tunnel-change.pcap %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro1 zeek -m -b -r $TRACES/tunnels/6in6.pcap %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro2 zeek -m -b -r $TRACES/tunnels/6in6in6.pcap %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro3 zeek -m -b -r $TRACES/tunnels/6in6-tunnel-change.pcap %INPUT # @TEST-EXEC: btest-bg-wait 60 event new_connection(c: connection) diff --git a/testing/btest/core/leaks/ipv6_ext_headers.test b/testing/btest/core/leaks/ipv6_ext_headers.test index 3b6f8d467c..84ad8e69a8 100644 --- a/testing/btest/core/leaks/ipv6_ext_headers.test +++ b/testing/btest/core/leaks/ipv6_ext_headers.test @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/ipv6-hbh-routing0.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/ipv6-hbh-routing0.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 # Just check that the event is raised correctly for a packet containing diff --git a/testing/btest/core/leaks/irc.test b/testing/btest/core/leaks/irc.test index 7b2ac389d4..7b3130a553 100644 --- a/testing/btest/core/leaks/irc.test +++ b/testing/btest/core/leaks/irc.test @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/irc-dcc-send.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -r $TRACES/irc-dcc-send.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 event irc_names_info(c: connection, is_orig: bool, c_type: string, channel: string, users: string_set) diff --git a/testing/btest/core/leaks/krb-service-name.test b/testing/btest/core/leaks/krb-service-name.test index a0d8a84322..5b07a48633 100644 --- a/testing/btest/core/leaks/krb-service-name.test +++ b/testing/btest/core/leaks/krb-service-name.test @@ -1,8 +1,8 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/krb/optional-service-name.pcap +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -r $TRACES/krb/optional-service-name.pcap # @TEST-EXEC: btest-bg-wait 60 diff --git a/testing/btest/core/leaks/krb.test b/testing/btest/core/leaks/krb.test index 7bfb7a550d..a16711b850 100644 --- a/testing/btest/core/leaks/krb.test +++ b/testing/btest/core/leaks/krb.test @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/krb/kinit.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/krb/kinit.trace %INPUT # @TEST-EXEC: btest-bg-wait 30 @load base/protocols/krb \ No newline at end of file diff --git a/testing/btest/core/leaks/kv-iteration.zeek b/testing/btest/core/leaks/kv-iteration.zeek index 5c7a9f1f62..7496698e42 100644 --- a/testing/btest/core/leaks/kv-iteration.zeek +++ b/testing/btest/core/leaks/kv-iteration.zeek @@ -1,7 +1,7 @@ # @TEST-GROUP: leaks -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 event new_connection(c: connection) diff --git a/testing/btest/core/leaks/mysql.test b/testing/btest/core/leaks/mysql.test index 2e9ec6990f..07f3239885 100644 --- a/testing/btest/core/leaks/mysql.test +++ b/testing/btest/core/leaks/mysql.test @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/mysql/mysql.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/mysql/mysql.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/mysql diff --git a/testing/btest/core/leaks/pattern.zeek b/testing/btest/core/leaks/pattern.zeek index f48a8f28bd..e223e64b57 100644 --- a/testing/btest/core/leaks/pattern.zeek +++ b/testing/btest/core/leaks/pattern.zeek @@ -1,7 +1,7 @@ # @TEST-GROUP: leaks -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 function test_case(msg: string, expect: bool) diff --git a/testing/btest/core/leaks/pe.test b/testing/btest/core/leaks/pe.test index d951cdbd47..3ff64b587f 100644 --- a/testing/btest/core/leaks/pe.test +++ b/testing/btest/core/leaks/pe.test @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/pe/pe.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/pe/pe.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/ftp diff --git a/testing/btest/core/leaks/radius.test b/testing/btest/core/leaks/radius.test index 228973c47e..e6d1d66bea 100644 --- a/testing/btest/core/leaks/radius.test +++ b/testing/btest/core/leaks/radius.test @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/radius/radius.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/radius/radius.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/radius diff --git a/testing/btest/core/leaks/returnwhen.zeek b/testing/btest/core/leaks/returnwhen.zeek index 1220a3c371..689adf1256 100644 --- a/testing/btest/core/leaks/returnwhen.zeek +++ b/testing/btest/core/leaks/returnwhen.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: btest-bg-run bro HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -b %INPUT +# @TEST-EXEC: btest-bg-run zeek HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local zeek -m -b %INPUT # @TEST-EXEC: btest-bg-wait 60 redef exit_only_after_terminate = T; diff --git a/testing/btest/core/leaks/set.zeek b/testing/btest/core/leaks/set.zeek index b3f2200d28..a902fe9797 100644 --- a/testing/btest/core/leaks/set.zeek +++ b/testing/btest/core/leaks/set.zeek @@ -1,7 +1,7 @@ # @TEST-GROUP: leaks -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 function test_case(msg: string, expect: bool) diff --git a/testing/btest/core/leaks/sip.test b/testing/btest/core/leaks/sip.test index 1aac2b30e0..25125e1816 100644 --- a/testing/btest/core/leaks/sip.test +++ b/testing/btest/core/leaks/sip.test @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/sip/wireshark.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/sip/wireshark.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/sip diff --git a/testing/btest/core/leaks/smtp_attachment.test b/testing/btest/core/leaks/smtp_attachment.test index 3094deb65c..63eb1e8b5c 100644 --- a/testing/btest/core/leaks/smtp_attachment.test +++ b/testing/btest/core/leaks/smtp_attachment.test @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/smtp.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/smtp.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/smtp diff --git a/testing/btest/core/leaks/snmp.test b/testing/btest/core/leaks/snmp.test index 43112eb9bf..f6769f2602 100644 --- a/testing/btest/core/leaks/snmp.test +++ b/testing/btest/core/leaks/snmp.test @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/snmp/snmpv1_get.pcap -r $TRACES/snmp/snmpv1_get_short.pcap -r $TRACES/snmp/snmpv1_set.pcap -r $TRACES/snmp/snmpv1_trap.pcap -r $TRACES/snmp/snmpv2_get_bulk.pcap -r $TRACES/snmp/snmpv2_get_next.pcap -r $TRACES/snmp/snmpv2_get.pcap -r $TRACES/snmp/snmpv3_get_next.pcap $SCRIPTS/snmp-test.zeek %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/snmp/snmpv1_get.pcap -r $TRACES/snmp/snmpv1_get_short.pcap -r $TRACES/snmp/snmpv1_set.pcap -r $TRACES/snmp/snmpv1_trap.pcap -r $TRACES/snmp/snmpv2_get_bulk.pcap -r $TRACES/snmp/snmpv2_get_next.pcap -r $TRACES/snmp/snmpv2_get.pcap -r $TRACES/snmp/snmpv3_get_next.pcap $SCRIPTS/snmp-test.zeek %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/snmp diff --git a/testing/btest/core/leaks/ssh.test b/testing/btest/core/leaks/ssh.test index 714d7bb3eb..a43654705d 100644 --- a/testing/btest/core/leaks/ssh.test +++ b/testing/btest/core/leaks/ssh.test @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/ssh/ssh.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/ssh/ssh.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/ssh diff --git a/testing/btest/core/leaks/stats.zeek b/testing/btest/core/leaks/stats.zeek index 7df104be95..f541b4fb79 100644 --- a/testing/btest/core/leaks/stats.zeek +++ b/testing/btest/core/leaks/stats.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load policy/misc/stats diff --git a/testing/btest/core/leaks/string-indexing.zeek b/testing/btest/core/leaks/string-indexing.zeek index 37f7868190..1ac28efe63 100644 --- a/testing/btest/core/leaks/string-indexing.zeek +++ b/testing/btest/core/leaks/string-indexing.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 diff --git a/testing/btest/core/leaks/switch-statement.zeek b/testing/btest/core/leaks/switch-statement.zeek index e5145f9227..b0c906ec46 100644 --- a/testing/btest/core/leaks/switch-statement.zeek +++ b/testing/btest/core/leaks/switch-statement.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 type MyEnum: enum { diff --git a/testing/btest/core/leaks/teredo.zeek b/testing/btest/core/leaks/teredo.zeek index c83a501705..2841679b0e 100644 --- a/testing/btest/core/leaks/teredo.zeek +++ b/testing/btest/core/leaks/teredo.zeek @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/tunnels/Teredo.pcap %INPUT >output +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -r $TRACES/tunnels/Teredo.pcap %INPUT >output # @TEST-EXEC: btest-bg-wait 60 function print_teredo(name: string, outer: connection, inner: teredo_hdr) diff --git a/testing/btest/core/leaks/test-all.zeek b/testing/btest/core/leaks/test-all.zeek index d4f8a040ec..79bc8c916a 100644 --- a/testing/btest/core/leaks/test-all.zeek +++ b/testing/btest/core/leaks/test-all.zeek @@ -2,7 +2,7 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/wikipedia.trace test-all-policy +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -r $TRACES/wikipedia.trace test-all-policy # @TEST-EXEC: btest-bg-wait 60 diff --git a/testing/btest/core/leaks/vector-val-bifs.test b/testing/btest/core/leaks/vector-val-bifs.test index 9e9caece69..a552279a57 100644 --- a/testing/btest/core/leaks/vector-val-bifs.test +++ b/testing/btest/core/leaks/vector-val-bifs.test @@ -2,13 +2,13 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # The BIFS used in this test originally didn't call the VectorVal() ctor right, # assuming that it didn't automatically Ref the VectorType argument and thus # leaked that memeory. # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/ftp/ipv4.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/ftp/ipv4.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 function myfunc(aa: interval, bb: interval): int diff --git a/testing/btest/core/leaks/while.zeek b/testing/btest/core/leaks/while.zeek index 44f17e9b69..f490c9a13d 100644 --- a/testing/btest/core/leaks/while.zeek +++ b/testing/btest/core/leaks/while.zeek @@ -1,7 +1,7 @@ # @TEST-GROUP: leaks -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 function test_noop() diff --git a/testing/btest/core/leaks/x509_ocsp_verify.zeek b/testing/btest/core/leaks/x509_ocsp_verify.zeek index ab24f28ee8..8d6cd5aa3e 100644 --- a/testing/btest/core/leaks/x509_ocsp_verify.zeek +++ b/testing/btest/core/leaks/x509_ocsp_verify.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/tls/ocsp-stapling.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/tls/ocsp-stapling.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/ssl diff --git a/testing/btest/core/leaks/x509_verify.zeek b/testing/btest/core/leaks/x509_verify.zeek index 7db2581a8b..3989c2b850 100644 --- a/testing/btest/core/leaks/x509_verify.zeek +++ b/testing/btest/core/leaks/x509_verify.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/tls/tls-expired-cert.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/tls/tls-expired-cert.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/ssl diff --git a/testing/btest/core/load-duplicates.zeek b/testing/btest/core/load-duplicates.zeek index 9b3810d40d..3ab98015d5 100644 --- a/testing/btest/core/load-duplicates.zeek +++ b/testing/btest/core/load-duplicates.zeek @@ -5,11 +5,11 @@ # @TEST-EXEC: cp %INPUT foo/bar/test.bro # @TEST-EXEC: cp %INPUT foo/bar/test2.bro # -# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader bar/test -# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader bar/test.bro -# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader foo/bar/test -# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader foo/bar/test.bro -# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader `pwd`/foo/bar/test.bro -# @TEST-EXEC-FAIL: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader bar/test2 +# @TEST-EXEC: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader bar/test +# @TEST-EXEC: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader bar/test.bro +# @TEST-EXEC: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader foo/bar/test +# @TEST-EXEC: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader foo/bar/test.bro +# @TEST-EXEC: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader `pwd`/foo/bar/test.bro +# @TEST-EXEC-FAIL: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader bar/test2 global pi = 3.14; diff --git a/testing/btest/core/load-explicit-bro-suffix-fallback.zeek b/testing/btest/core/load-explicit-bro-suffix-fallback.zeek index 689be5bc03..d2ce412209 100644 --- a/testing/btest/core/load-explicit-bro-suffix-fallback.zeek +++ b/testing/btest/core/load-explicit-bro-suffix-fallback.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out # We don't have a foo.bro, but we'll accept foo.zeek. diff --git a/testing/btest/core/load-file-extension.zeek b/testing/btest/core/load-file-extension.zeek index 1b5520c873..3a0f4e64c5 100644 --- a/testing/btest/core/load-file-extension.zeek +++ b/testing/btest/core/load-file-extension.zeek @@ -2,22 +2,22 @@ # # Test that either ".zeek" or ".bro" can be loaded without specifying extension # @TEST-EXEC: cp x/foo.bro . -# @TEST-EXEC: bro -b load_foo > bro_only +# @TEST-EXEC: zeek -b load_foo > bro_only # @TEST-EXEC: btest-diff bro_only # @TEST-EXEC: rm foo.bro # # @TEST-EXEC: cp x/foo.zeek . -# @TEST-EXEC: bro -b load_foo > zeek_only +# @TEST-EXEC: zeek -b load_foo > zeek_only # @TEST-EXEC: btest-diff zeek_only # @TEST-EXEC: rm foo.zeek # # Test that ".zeek" is the preferred file extension, unless ".bro" is specified # @TEST-EXEC: cp x/foo.* . # @TEST-EXEC: cp x2/foo . -# @TEST-EXEC: bro -b load_foo > zeek_preferred +# @TEST-EXEC: zeek -b load_foo > zeek_preferred # @TEST-EXEC: btest-diff zeek_preferred # -# @TEST-EXEC: bro -b load_foo_bro > bro_preferred +# @TEST-EXEC: zeek -b load_foo_bro > bro_preferred # @TEST-EXEC: btest-diff bro_preferred # @TEST-EXEC: rm foo* # @@ -25,30 +25,30 @@ # there is no ".zeek" script) # @TEST-EXEC: cp x/foo.bro . # @TEST-EXEC: cp x2/foo . -# @TEST-EXEC: bro -b load_foo > bro_preferred_2 +# @TEST-EXEC: zeek -b load_foo > bro_preferred_2 # @TEST-EXEC: btest-diff bro_preferred_2 # @TEST-EXEC: rm foo* # # Test that a script with no file extension can be loaded # @TEST-EXEC: cp x2/foo . -# @TEST-EXEC: bro -b load_foo > no_extension +# @TEST-EXEC: zeek -b load_foo > no_extension # @TEST-EXEC: btest-diff no_extension # @TEST-EXEC: rm foo # # Test that a ".zeek" script is preferred over a script package of same name # @TEST-EXEC: cp -r x/foo* . -# @TEST-EXEC: bro -b load_foo > zeek_script_preferred +# @TEST-EXEC: zeek -b load_foo > zeek_script_preferred # @TEST-EXEC: btest-diff zeek_script_preferred # @TEST-EXEC: rm -r foo* # # Test that unrecognized file extensions can be loaded explicitly # @TEST-EXEC: cp x/foo.* . -# @TEST-EXEC: bro -b load_foo_xyz > xyz_preferred +# @TEST-EXEC: zeek -b load_foo_xyz > xyz_preferred # @TEST-EXEC: btest-diff xyz_preferred # @TEST-EXEC: rm foo.* # # @TEST-EXEC: cp x/foo.xyz . -# @TEST-EXEC-FAIL: bro -b load_foo +# @TEST-EXEC-FAIL: zeek -b load_foo # @TEST-EXEC: rm foo.xyz @TEST-START-FILE load_foo diff --git a/testing/btest/core/load-pkg.zeek b/testing/btest/core/load-pkg.zeek index 8c861f7982..b97211a86a 100644 --- a/testing/btest/core/load-pkg.zeek +++ b/testing/btest/core/load-pkg.zeek @@ -1,17 +1,17 @@ # Test that package loading works when a package loader script is present. # # Test that ".zeek" is loaded when there is also a ".bro" -# @TEST-EXEC: bro -b foo >output +# @TEST-EXEC: zeek -b foo >output # @TEST-EXEC: btest-diff output # # Test that ".bro" is loaded when there is no ".zeek" # @TEST-EXEC: rm foo/__load__.zeek -# @TEST-EXEC: bro -b foo >output2 +# @TEST-EXEC: zeek -b foo >output2 # @TEST-EXEC: btest-diff output2 # # Test that package cannot be loaded when no package loader script exists. # @TEST-EXEC: rm foo/__load__.bro -# @TEST-EXEC-FAIL: bro -b foo +# @TEST-EXEC-FAIL: zeek -b foo @TEST-START-FILE foo/__load__.bro @load ./test diff --git a/testing/btest/core/load-prefixes.zeek b/testing/btest/core/load-prefixes.zeek index c91f278a65..0416319827 100644 --- a/testing/btest/core/load-prefixes.zeek +++ b/testing/btest/core/load-prefixes.zeek @@ -1,6 +1,6 @@ # A test of prefix-based @load'ing -# @TEST-EXEC: bro addprefixes >output +# @TEST-EXEC: zeek addprefixes >output # @TEST-EXEC: btest-diff output @TEST-START-FILE addprefixes.zeek diff --git a/testing/btest/core/load-relative.zeek b/testing/btest/core/load-relative.zeek index 439563c201..8e1e6f8a06 100644 --- a/testing/btest/core/load-relative.zeek +++ b/testing/btest/core/load-relative.zeek @@ -1,6 +1,6 @@ # A test of relative-path-based @load'ing -# @TEST-EXEC: bro -b foo/foo >output +# @TEST-EXEC: zeek -b foo/foo >output # @TEST-EXEC: btest-diff output @TEST-START-FILE foo/foo.zeek diff --git a/testing/btest/core/load-unload.zeek b/testing/btest/core/load-unload.zeek index 6b2614a50c..6199f12e8b 100644 --- a/testing/btest/core/load-unload.zeek +++ b/testing/btest/core/load-unload.zeek @@ -1,13 +1,13 @@ # This tests the @unload directive # # Test that @unload works with ".bro" when there is no ".zeek" script -# @TEST-EXEC: bro -b unloadbro misc/loaded-scripts dontloadmebro > output +# @TEST-EXEC: zeek -b unloadbro misc/loaded-scripts dontloadmebro > output # @TEST-EXEC: btest-diff output # @TEST-EXEC: grep dontloadmebro loaded_scripts.log && exit 1 || exit 0 # # Test that @unload looks for ".zeek" first (assuming no file extension is # specified in the @unload) -# @TEST-EXEC: bro -b unload misc/loaded-scripts dontloadme.zeek dontloadme.bro > output2 +# @TEST-EXEC: zeek -b unload misc/loaded-scripts dontloadme.zeek dontloadme.bro > output2 # @TEST-EXEC: btest-diff output2 # @TEST-EXEC: grep dontloadme.bro loaded_scripts.log diff --git a/testing/btest/core/mobile-ipv6-home-addr.test b/testing/btest/core/mobile-ipv6-home-addr.test index e171a07afb..a7e803c24a 100644 --- a/testing/btest/core/mobile-ipv6-home-addr.test +++ b/testing/btest/core/mobile-ipv6-home-addr.test @@ -1,5 +1,5 @@ # @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/bro-config.h -# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/ipv6-mobile-hoa.trace %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/ipv6-mobile-hoa.trace %INPUT >output # @TEST-EXEC: btest-diff output # Just check that the orig of the connection is the Home Address, but the diff --git a/testing/btest/core/mobile-ipv6-routing.test b/testing/btest/core/mobile-ipv6-routing.test index ea99a70706..f394ff865c 100644 --- a/testing/btest/core/mobile-ipv6-routing.test +++ b/testing/btest/core/mobile-ipv6-routing.test @@ -1,5 +1,5 @@ # @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/bro-config.h -# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/ipv6-mobile-routing.trace %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/ipv6-mobile-routing.trace %INPUT >output # @TEST-EXEC: btest-diff output # Just check that the responder of the connection is the final routing diff --git a/testing/btest/core/mobility-checksums.test b/testing/btest/core/mobility-checksums.test index 42877b63d4..ee849c08a6 100644 --- a/testing/btest/core/mobility-checksums.test +++ b/testing/btest/core/mobility-checksums.test @@ -1,15 +1,15 @@ # @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/bro-config.h -# @TEST-EXEC: bro -r $TRACES/chksums/mip6-bad-mh-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/mip6-bad-mh-chksum.pcap # @TEST-EXEC: mv weird.log bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-hoa-tcp-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-hoa-tcp-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-hoa-udp-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-hoa-udp-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out # @TEST-EXEC: rm weird.log -# @TEST-EXEC: bro -r $TRACES/chksums/mip6-good-mh-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/mip6-good-mh-chksum.pcap # @TEST-EXEC: test ! -e weird.log -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-hoa-tcp-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-hoa-tcp-good-chksum.pcap # @TEST-EXEC: test ! -e weird.log -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-hoa-udp-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-hoa-udp-good-chksum.pcap # @TEST-EXEC: test ! -e weird.log # @TEST-EXEC: btest-diff bad.out diff --git a/testing/btest/core/mobility_msg.test b/testing/btest/core/mobility_msg.test index 1fde084dc2..f0017e4cdd 100644 --- a/testing/btest/core/mobility_msg.test +++ b/testing/btest/core/mobility_msg.test @@ -1,12 +1,12 @@ # @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/bro-config.h -# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT >output -# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_be.trace %INPUT >>output -# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_brr.trace %INPUT >>output -# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_bu.trace %INPUT >>output -# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_cot.trace %INPUT >>output -# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_coti.trace %INPUT >>output -# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_hot.trace %INPUT >>output -# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_hoti.trace %INPUT >>output +# @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_be.trace %INPUT >>output +# @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_brr.trace %INPUT >>output +# @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_bu.trace %INPUT >>output +# @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_cot.trace %INPUT >>output +# @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_coti.trace %INPUT >>output +# @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_hot.trace %INPUT >>output +# @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_hoti.trace %INPUT >>output # @TEST-EXEC: btest-diff output event mobile_ipv6_message(p: pkt_hdr) diff --git a/testing/btest/core/mpls-in-vlan.zeek b/testing/btest/core/mpls-in-vlan.zeek index f57c1862ce..9048c34c17 100644 --- a/testing/btest/core/mpls-in-vlan.zeek +++ b/testing/btest/core/mpls-in-vlan.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -C -r $TRACES/mpls-in-vlan.trace +# @TEST-EXEC: zeek -C -r $TRACES/mpls-in-vlan.trace # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/negative-time.test b/testing/btest/core/negative-time.test index 5717df835c..cd1ac20240 100644 --- a/testing/btest/core/negative-time.test +++ b/testing/btest/core/negative-time.test @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -b -C -r $TRACES/negative-time.pcap base/frameworks/notice +# @TEST-EXEC: zeek -b -C -r $TRACES/negative-time.pcap base/frameworks/notice # @TEST-EXEC: btest-diff weird.log diff --git a/testing/btest/core/nflog.zeek b/testing/btest/core/nflog.zeek index 39186bbbea..e3bb62e4a5 100644 --- a/testing/btest/core/nflog.zeek +++ b/testing/btest/core/nflog.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/nflog-http.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/nflog-http.pcap %INPUT # @TEST-EXEC: btest-diff http.log @load base/protocols/http diff --git a/testing/btest/core/nop.zeek b/testing/btest/core/nop.zeek index e42b5a7821..d1316cdccd 100644 --- a/testing/btest/core/nop.zeek +++ b/testing/btest/core/nop.zeek @@ -1,4 +1,4 @@ # Bro shouldn't crash when doing nothing, nor outputting anything. # -# @TEST-EXEC: cat /dev/null | bro >output 2>&1 +# @TEST-EXEC: cat /dev/null | zeek >output 2>&1 # @TEST-EXEC: btest-diff output diff --git a/testing/btest/core/old_comm_usage.zeek b/testing/btest/core/old_comm_usage.zeek index 8f4e3854aa..3559afee83 100644 --- a/testing/btest/core/old_comm_usage.zeek +++ b/testing/btest/core/old_comm_usage.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out event zeek_init() diff --git a/testing/btest/core/option-errors.zeek b/testing/btest/core/option-errors.zeek index 6a9a8f1db6..b08ba17864 100644 --- a/testing/btest/core/option-errors.zeek +++ b/testing/btest/core/option-errors.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro %INPUT +# @TEST-EXEC-FAIL: zeek %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr option testbool; diff --git a/testing/btest/core/option-priorities.zeek b/testing/btest/core/option-priorities.zeek index 088d82ea9f..cfc78aafe7 100644 --- a/testing/btest/core/option-priorities.zeek +++ b/testing/btest/core/option-priorities.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: btest-diff .stdout export { diff --git a/testing/btest/core/option-redef.zeek b/testing/btest/core/option-redef.zeek index 30d381306a..e47bd7344e 100644 --- a/testing/btest/core/option-redef.zeek +++ b/testing/btest/core/option-redef.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: btest-diff .stdout # options are allowed to be redef-able. diff --git a/testing/btest/core/option-runtime-errors.zeek b/testing/btest/core/option-runtime-errors.zeek index 8ae4b9ca40..aa7ad77874 100644 --- a/testing/btest/core/option-runtime-errors.zeek +++ b/testing/btest/core/option-runtime-errors.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr # Errors that happen during runtime. At least at the moment we are not checking these early enough diff --git a/testing/btest/core/pcap/dumper.zeek b/testing/btest/core/pcap/dumper.zeek index 0f2bdb072e..4602022b45 100644 --- a/testing/btest/core/pcap/dumper.zeek +++ b/testing/btest/core/pcap/dumper.zeek @@ -1,5 +1,5 @@ # @TEST-REQUIRES: which hexdump -# @TEST-EXEC: bro -r $TRACES/workshop_2011_browse.trace -w dump +# @TEST-EXEC: zeek -r $TRACES/workshop_2011_browse.trace -w dump # @TEST-EXEC: hexdump -C $TRACES/workshop_2011_browse.trace >1 # @TEST-EXEC: hexdump -C dump >2 # @TEST-EXEC: diff 1 2 >output || true diff --git a/testing/btest/core/pcap/dynamic-filter.zeek b/testing/btest/core/pcap/dynamic-filter.zeek index caebaf0558..11edf87644 100644 --- a/testing/btest/core/pcap/dynamic-filter.zeek +++ b/testing/btest/core/pcap/dynamic-filter.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT >output +# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/pcap/filter-error.zeek b/testing/btest/core/pcap/filter-error.zeek index b83b8879a0..81f4c24cf9 100644 --- a/testing/btest/core/pcap/filter-error.zeek +++ b/testing/btest/core/pcap/filter-error.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC-FAIL: bro -r $TRACES/workshop_2011_browse.trace -f "kaputt" >>output 2>&1 +# @TEST-EXEC-FAIL: zeek -r $TRACES/workshop_2011_browse.trace -f "kaputt" >>output 2>&1 # @TEST-EXEC-FAIL: test -e conn.log # @TEST-EXEC: echo ---- >>output -# @TEST-EXEC: bro -r $TRACES/workshop_2011_browse.trace %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -r $TRACES/workshop_2011_browse.trace %INPUT >>output 2>&1 # @TEST-EXEC: test -e conn.log # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output diff --git a/testing/btest/core/pcap/input-error.zeek b/testing/btest/core/pcap/input-error.zeek index 5e469e08e8..8a67293a8b 100644 --- a/testing/btest/core/pcap/input-error.zeek +++ b/testing/btest/core/pcap/input-error.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC-FAIL: bro -i NO_SUCH_INTERFACE 2>&1 >>output 2>&1 +# @TEST-EXEC-FAIL: zeek -i NO_SUCH_INTERFACE 2>&1 >>output 2>&1 # @TEST-EXEC: cat output | sed 's/(.*)//g' >output2 -# @TEST-EXEC-FAIL: bro -r NO_SUCH_TRACE 2>&1 >>output2 2>&1 +# @TEST-EXEC-FAIL: zeek -r NO_SUCH_TRACE 2>&1 >>output2 2>&1 # @TEST-EXEC: btest-diff output2 redef enum PcapFilterID += { A }; diff --git a/testing/btest/core/pcap/pseudo-realtime.zeek b/testing/btest/core/pcap/pseudo-realtime.zeek index c51b5cc32b..994fb42a65 100644 --- a/testing/btest/core/pcap/pseudo-realtime.zeek +++ b/testing/btest/core/pcap/pseudo-realtime.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT --pseudo-realtime >output +# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace %INPUT --pseudo-realtime >output # @TEST-EXEC: btest-diff output global init = F; diff --git a/testing/btest/core/pcap/read-trace-with-filter.zeek b/testing/btest/core/pcap/read-trace-with-filter.zeek index 5878bada64..ba9db2c2a4 100644 --- a/testing/btest/core/pcap/read-trace-with-filter.zeek +++ b/testing/btest/core/pcap/read-trace-with-filter.zeek @@ -1,3 +1,3 @@ -# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace -f "port 50000" +# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace -f "port 50000" # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff packet_filter.log diff --git a/testing/btest/core/pppoe-over-qinq.zeek b/testing/btest/core/pppoe-over-qinq.zeek index cdfd4607ae..54cdcba1f7 100644 --- a/testing/btest/core/pppoe-over-qinq.zeek +++ b/testing/btest/core/pppoe-over-qinq.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -C -r $TRACES/pppoe-over-qinq.pcap +# @TEST-EXEC: zeek -C -r $TRACES/pppoe-over-qinq.pcap # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/pppoe.test b/testing/btest/core/pppoe.test index 35be84d657..74e3678858 100644 --- a/testing/btest/core/pppoe.test +++ b/testing/btest/core/pppoe.test @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -r $TRACES/pppoe.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/pppoe.trace %INPUT # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/print-bpf-filters.zeek b/testing/btest/core/print-bpf-filters.zeek index 6e4a4d5c30..fd86ce4f04 100644 --- a/testing/btest/core/print-bpf-filters.zeek +++ b/testing/btest/core/print-bpf-filters.zeek @@ -1,15 +1,15 @@ -# @TEST-EXEC: bro -r $TRACES/empty.trace >output +# @TEST-EXEC: zeek -r $TRACES/empty.trace >output # @TEST-EXEC: cat packet_filter.log >>output -# @TEST-EXEC: bro -r $TRACES/empty.trace -f "port 42" >>output +# @TEST-EXEC: zeek -r $TRACES/empty.trace -f "port 42" >>output # @TEST-EXEC: cat packet_filter.log >>output -# @TEST-EXEC: bro -r $TRACES/mixed-vlan-mpls.trace PacketFilter::restricted_filter="vlan" >>output +# @TEST-EXEC: zeek -r $TRACES/mixed-vlan-mpls.trace PacketFilter::restricted_filter="vlan" >>output # @TEST-EXEC: cat packet_filter.log >>output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff conn.log # # The order in the output of enable_auto_protocol_capture_filters isn't # stable, for reasons not clear. We canonify it first. -# @TEST-EXEC: bro -r $TRACES/empty.trace PacketFilter::enable_auto_protocol_capture_filters=T -# @TEST-EXEC: cat packet_filter.log | bro-cut filter | sed 's#[()]##g' | tr ' ' '\n' | sort | uniq -c | awk '{print $1, $2}' >output2 +# @TEST-EXEC: zeek -r $TRACES/empty.trace PacketFilter::enable_auto_protocol_capture_filters=T +# @TEST-EXEC: cat packet_filter.log | zeek-cut filter | sed 's#[()]##g' | tr ' ' '\n' | sort | uniq -c | awk '{print $1, $2}' >output2 # @TEST-EXEC: btest-diff output2 diff --git a/testing/btest/core/q-in-q.zeek b/testing/btest/core/q-in-q.zeek index 7444e7b458..e864fdf3b5 100644 --- a/testing/btest/core/q-in-q.zeek +++ b/testing/btest/core/q-in-q.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -r $TRACES/q-in-q.trace +# @TEST-EXEC: zeek -r $TRACES/q-in-q.trace # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/radiotap.zeek b/testing/btest/core/radiotap.zeek index 27513990f0..48886297ff 100644 --- a/testing/btest/core/radiotap.zeek +++ b/testing/btest/core/radiotap.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -C -r $TRACES/radiotap.pcap +# @TEST-EXEC: zeek -C -r $TRACES/radiotap.pcap # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/raw_packet.zeek b/testing/btest/core/raw_packet.zeek index cb1ee94b0f..15fa7d133b 100644 --- a/testing/btest/core/raw_packet.zeek +++ b/testing/btest/core/raw_packet.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -b -r $TRACES/raw_packets.trace %INPUT >output -# @TEST-EXEC: bro -b -r $TRACES/icmp_dot1q.trace %INPUT >>output +# @TEST-EXEC: zeek -b -r $TRACES/raw_packets.trace %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/icmp_dot1q.trace %INPUT >>output # @TEST-EXEC: btest-diff output event raw_packet(p: raw_pkt_hdr) diff --git a/testing/btest/core/reassembly.zeek b/testing/btest/core/reassembly.zeek index 53489008de..db14364331 100644 --- a/testing/btest/core/reassembly.zeek +++ b/testing/btest/core/reassembly.zeek @@ -1,8 +1,8 @@ -# @TEST-EXEC: bro -C -r $TRACES/ipv4/fragmented-1.pcap %INPUT >>output -# @TEST-EXEC: bro -C -r $TRACES/ipv4/fragmented-2.pcap %INPUT >>output -# @TEST-EXEC: bro -C -r $TRACES/ipv4/fragmented-3.pcap %INPUT >>output -# @TEST-EXEC: bro -C -r $TRACES/ipv4/fragmented-4.pcap %INPUT >>output -# @TEST-EXEC: bro -C -r $TRACES/tcp/reassembly.pcap %INPUT >>output +# @TEST-EXEC: zeek -C -r $TRACES/ipv4/fragmented-1.pcap %INPUT >>output +# @TEST-EXEC: zeek -C -r $TRACES/ipv4/fragmented-2.pcap %INPUT >>output +# @TEST-EXEC: zeek -C -r $TRACES/ipv4/fragmented-3.pcap %INPUT >>output +# @TEST-EXEC: zeek -C -r $TRACES/ipv4/fragmented-4.pcap %INPUT >>output +# @TEST-EXEC: zeek -C -r $TRACES/tcp/reassembly.pcap %INPUT >>output # @TEST-EXEC: btest-diff output event zeek_init() diff --git a/testing/btest/core/recursive-event.zeek b/testing/btest/core/recursive-event.zeek index 63cb05eb6f..75e3ce46d5 100644 --- a/testing/btest/core/recursive-event.zeek +++ b/testing/btest/core/recursive-event.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT 2>&1 | grep -v termination | sort | uniq | wc -l | awk '{print $1}' >output +# @TEST-EXEC: zeek %INPUT 2>&1 | grep -v termination | sort | uniq | wc -l | awk '{print $1}' >output # @TEST-EXEC: btest-diff output # In old version, the event would keep triggering endlessely, with the network diff --git a/testing/btest/core/reporter-error-in-handler.zeek b/testing/btest/core/reporter-error-in-handler.zeek index fc0517ab2a..e7de8a1a75 100644 --- a/testing/btest/core/reporter-error-in-handler.zeek +++ b/testing/btest/core/reporter-error-in-handler.zeek @@ -2,7 +2,7 @@ # This test procudes a recursive error: the error handler is itself broken. Rather # than looping indefinitly, the error inside the handler should reported to stderr. # -# @TEST-EXEC: bro %INPUT >output 2>&1 +# @TEST-EXEC: zeek %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output global a: table[count] of count; diff --git a/testing/btest/core/reporter-fmt-strings.zeek b/testing/btest/core/reporter-fmt-strings.zeek index 09c03cf721..087b0e2244 100644 --- a/testing/btest/core/reporter-fmt-strings.zeek +++ b/testing/btest/core/reporter-fmt-strings.zeek @@ -1,7 +1,7 @@ # The format string below should end up as a literal part of the reporter's # error message to stderr and shouldn't be replaced internally. # -# @TEST-EXEC-FAIL: bro %INPUT >output 2>&1 +# @TEST-EXEC-FAIL: zeek %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output event zeek_init() diff --git a/testing/btest/core/reporter-parse-error.zeek b/testing/btest/core/reporter-parse-error.zeek index d57917ff26..dfd9ed6d02 100644 --- a/testing/btest/core/reporter-parse-error.zeek +++ b/testing/btest/core/reporter-parse-error.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC-FAIL: bro %INPUT >output 2>&1 +# @TEST-EXEC-FAIL: zeek %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output event zeek_init() diff --git a/testing/btest/core/reporter-runtime-error.zeek b/testing/btest/core/reporter-runtime-error.zeek index 9caeddb258..63e0437e26 100644 --- a/testing/btest/core/reporter-runtime-error.zeek +++ b/testing/btest/core/reporter-runtime-error.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC-FAIL: bro %INPUT >output 2>&1 +# @TEST-EXEC-FAIL: zeek %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output global a: table[count] of count; diff --git a/testing/btest/core/reporter-shutdown-order-errors.zeek b/testing/btest/core/reporter-shutdown-order-errors.zeek index 6289d47c96..03943679ff 100644 --- a/testing/btest/core/reporter-shutdown-order-errors.zeek +++ b/testing/btest/core/reporter-shutdown-order-errors.zeek @@ -1,5 +1,5 @@ # @TEST-EXEC: touch reporter.log && chmod -w reporter.log -# @TEST-EXEC: bro %INPUT >out 2>&1 +# @TEST-EXEC: zeek %INPUT >out 2>&1 # Output doesn't really matter, but we just want to know that Bro shutdowns # without crashing in such scenarios (reporter log not writable diff --git a/testing/btest/core/reporter-type-mismatch.zeek b/testing/btest/core/reporter-type-mismatch.zeek index 1a375ea84b..0fc8d78f6f 100644 --- a/testing/btest/core/reporter-type-mismatch.zeek +++ b/testing/btest/core/reporter-type-mismatch.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC-FAIL: bro %INPUT >output 2>&1 +# @TEST-EXEC-FAIL: zeek %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output event foo(a: string) diff --git a/testing/btest/core/reporter-weird-sampling-disable.zeek b/testing/btest/core/reporter-weird-sampling-disable.zeek index 014e287dab..63b4503004 100644 --- a/testing/btest/core/reporter-weird-sampling-disable.zeek +++ b/testing/btest/core/reporter-weird-sampling-disable.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/http/bro.org.pcap %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/http/bro.org.pcap %INPUT >output # @TEST-EXEC: btest-diff output redef Weird::sampling_threshold = 1; diff --git a/testing/btest/core/reporter-weird-sampling.zeek b/testing/btest/core/reporter-weird-sampling.zeek index d9d99681c4..c3a83a2c8f 100644 --- a/testing/btest/core/reporter-weird-sampling.zeek +++ b/testing/btest/core/reporter-weird-sampling.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/http/bro.org.pcap %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/http/bro.org.pcap %INPUT >output # @TEST-EXEC: btest-diff output redef Weird::sampling_duration = 5sec; diff --git a/testing/btest/core/reporter.zeek b/testing/btest/core/reporter.zeek index bc79ca73d8..8591096c2b 100644 --- a/testing/btest/core/reporter.zeek +++ b/testing/btest/core/reporter.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro %INPUT >output 2>&1 +# @TEST-EXEC: zeek %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff logger-test.log diff --git a/testing/btest/core/tcp/fin-retransmit.zeek b/testing/btest/core/tcp/fin-retransmit.zeek index 42bf062f5a..a24d253583 100644 --- a/testing/btest/core/tcp/fin-retransmit.zeek +++ b/testing/btest/core/tcp/fin-retransmit.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/tcp/fin_retransmission.pcap %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/tcp/fin_retransmission.pcap %INPUT >out # @TEST-EXEC: btest-diff out event connection_state_remove(c: connection) diff --git a/testing/btest/core/tcp/large-file-reassembly.zeek b/testing/btest/core/tcp/large-file-reassembly.zeek index 655d030d96..ed5d283561 100644 --- a/testing/btest/core/tcp/large-file-reassembly.zeek +++ b/testing/btest/core/tcp/large-file-reassembly.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/ftp/bigtransfer.pcap %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/ftp/bigtransfer.pcap %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff files.log # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/tcp/miss-end-data.zeek b/testing/btest/core/tcp/miss-end-data.zeek index 6cee7577d9..6c802810f1 100644 --- a/testing/btest/core/tcp/miss-end-data.zeek +++ b/testing/btest/core/tcp/miss-end-data.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tcp/miss_end_data.pcap %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/tcp/miss_end_data.pcap %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/tcp/missing-syn.zeek b/testing/btest/core/tcp/missing-syn.zeek index f34767eee8..3450941584 100644 --- a/testing/btest/core/tcp/missing-syn.zeek +++ b/testing/btest/core/tcp/missing-syn.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -C -r $TRACES/tcp/missing-syn.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tcp/missing-syn.pcap %INPUT # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/tcp/quantum-insert.zeek b/testing/btest/core/tcp/quantum-insert.zeek index 8b4738c9e1..4e94f488c3 100644 --- a/testing/btest/core/tcp/quantum-insert.zeek +++ b/testing/btest/core/tcp/quantum-insert.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/tcp/qi_internet_SYNACK_curl_jsonip.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tcp/qi_internet_SYNACK_curl_jsonip.pcap %INPUT # @TEST-EXEC: btest-diff .stdout # Quantum Insert like attack, overlapping TCP packet with different content diff --git a/testing/btest/core/tcp/rst-after-syn.zeek b/testing/btest/core/tcp/rst-after-syn.zeek index 38976909d7..97075993d9 100644 --- a/testing/btest/core/tcp/rst-after-syn.zeek +++ b/testing/btest/core/tcp/rst-after-syn.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/tcp/rst-inject-rae.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tcp/rst-inject-rae.trace %INPUT # @TEST-EXEC: btest-diff .stdout # Mostly just checking that c$resp$size isn't huge due to the injected diff --git a/testing/btest/core/tcp/rxmit-history.zeek b/testing/btest/core/tcp/rxmit-history.zeek index 6413d66041..b63e357633 100644 --- a/testing/btest/core/tcp/rxmit-history.zeek +++ b/testing/btest/core/tcp/rxmit-history.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -C -r $TRACES/tcp/retransmit-fast009.trace %INPUT && mv conn.log conn-1.log -# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT && mv conn.log conn-2.log +# @TEST-EXEC: zeek -C -r $TRACES/tcp/retransmit-fast009.trace %INPUT && mv conn.log conn-1.log +# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace %INPUT && mv conn.log conn-2.log # @TEST-EXEC: btest-diff conn-1.log # @TEST-EXEC: btest-diff conn-2.log diff --git a/testing/btest/core/tcp/truncated-header.zeek b/testing/btest/core/tcp/truncated-header.zeek index f3ae369b2e..babfd7531c 100644 --- a/testing/btest/core/tcp/truncated-header.zeek +++ b/testing/btest/core/tcp/truncated-header.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/tcp/truncated-header.pcap %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/tcp/truncated-header.pcap %INPUT >out # @TEST-EXEC: btest-diff out event tcp_packet(c: connection, is_orig: bool, flags: string, seq: count, ack: count, len: count, payload: string) diff --git a/testing/btest/core/truncation.test b/testing/btest/core/truncation.test index d819ca1f88..22db760810 100644 --- a/testing/btest/core/truncation.test +++ b/testing/btest/core/truncation.test @@ -1,43 +1,43 @@ # Truncated IP packet's should not be analyzed, and generate truncated_IP weird -# @TEST-EXEC: bro -r $TRACES/trunc/ip4-trunc.pcap +# @TEST-EXEC: zeek -r $TRACES/trunc/ip4-trunc.pcap # @TEST-EXEC: mv weird.log output -# @TEST-EXEC: bro -r $TRACES/trunc/ip6-trunc.pcap +# @TEST-EXEC: zeek -r $TRACES/trunc/ip6-trunc.pcap # @TEST-EXEC: cat weird.log >> output -# @TEST-EXEC: bro -r $TRACES/trunc/ip6-ext-trunc.pcap +# @TEST-EXEC: zeek -r $TRACES/trunc/ip6-ext-trunc.pcap # @TEST-EXEC: cat weird.log >> output # If an ICMP packet's payload is truncated due to too small snaplen, # the checksum calculation is bypassed (and Bro doesn't crash, of course). # @TEST-EXEC: rm -f weird.log -# @TEST-EXEC: bro -r $TRACES/trunc/icmp-payload-trunc.pcap +# @TEST-EXEC: zeek -r $TRACES/trunc/icmp-payload-trunc.pcap # @TEST-EXEC: test ! -e weird.log # If an ICMP packet has the ICMP header truncated due to too small snaplen, # an internally_truncated_header weird gets generated. -# @TEST-EXEC: bro -r $TRACES/trunc/icmp-header-trunc.pcap +# @TEST-EXEC: zeek -r $TRACES/trunc/icmp-header-trunc.pcap # @TEST-EXEC: cat weird.log >> output # Truncated packets where the captured length is less than the length required # for the packet header should also raise a Weird -# @TEST-EXEC: bro -r $TRACES/trunc/trunc-hdr.pcap +# @TEST-EXEC: zeek -r $TRACES/trunc/trunc-hdr.pcap # @TEST-EXEC: cat weird.log >> output # Truncated packet where the length of the IP header is larger than the total # packet length -# @TEST-EXEC: bro -C -r $TRACES/trunc/ipv4-truncated-broken-header.pcap +# @TEST-EXEC: zeek -C -r $TRACES/trunc/ipv4-truncated-broken-header.pcap # @TEST-EXEC: cat weird.log >> output # Truncated packet where the captured length is big enough for the ip header # struct, but not large enough to capture the full header length (with options) -# @TEST-EXEC: bro -C -r $TRACES/trunc/ipv4-internally-truncated-header.pcap +# @TEST-EXEC: zeek -C -r $TRACES/trunc/ipv4-internally-truncated-header.pcap # @TEST-EXEC: cat weird.log >> output # Truncated packet where the length of the IP header is larger than the total # packet length inside several tunnels -# @TEST-EXEC: bro -C -r $TRACES/trunc/mpls-6in6-6in6-4in6-trunc.pcap +# @TEST-EXEC: zeek -C -r $TRACES/trunc/mpls-6in6-6in6-4in6-trunc.pcap # @TEST-EXEC: cat weird.log >> output # @TEST-EXEC: btest-diff output diff --git a/testing/btest/core/tunnels/ayiya.test b/testing/btest/core/tunnels/ayiya.test index 043e06c621..d7a79e6eb2 100644 --- a/testing/btest/core/tunnels/ayiya.test +++ b/testing/btest/core/tunnels/ayiya.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/ayiya3.trace +# @TEST-EXEC: zeek -r $TRACES/tunnels/ayiya3.trace # @TEST-EXEC: btest-diff tunnel.log # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/core/tunnels/false-teredo.zeek b/testing/btest/core/tunnels/false-teredo.zeek index 5622e05204..818b543d95 100644 --- a/testing/btest/core/tunnels/false-teredo.zeek +++ b/testing/btest/core/tunnels/false-teredo.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/false-teredo.pcap %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/tunnels/false-teredo.pcap %INPUT >output # @TEST-EXEC: test ! -e weird.log # @TEST-EXEC: test ! -e dpd.log diff --git a/testing/btest/core/tunnels/gre-in-gre.test b/testing/btest/core/tunnels/gre-in-gre.test index ce85f54dbb..39a7bd774b 100644 --- a/testing/btest/core/tunnels/gre-in-gre.test +++ b/testing/btest/core/tunnels/gre-in-gre.test @@ -1,3 +1,3 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gre-within-gre.pcap +# @TEST-EXEC: zeek -r $TRACES/tunnels/gre-within-gre.pcap # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/core/tunnels/gre-pptp.test b/testing/btest/core/tunnels/gre-pptp.test index a5fa8c0d19..892f105fb2 100644 --- a/testing/btest/core/tunnels/gre-pptp.test +++ b/testing/btest/core/tunnels/gre-pptp.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gre-pptp.pcap +# @TEST-EXEC: zeek -r $TRACES/tunnels/gre-pptp.pcap # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff tunnel.log # @TEST-EXEC: btest-diff dns.log diff --git a/testing/btest/core/tunnels/gre.test b/testing/btest/core/tunnels/gre.test index 0ce9a0c8b8..395bcd38bd 100644 --- a/testing/btest/core/tunnels/gre.test +++ b/testing/btest/core/tunnels/gre.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gre-sample.pcap +# @TEST-EXEC: zeek -r $TRACES/tunnels/gre-sample.pcap # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff tunnel.log # @TEST-EXEC: btest-diff dns.log diff --git a/testing/btest/core/tunnels/gtp/different_dl_and_ul.test b/testing/btest/core/tunnels/gtp/different_dl_and_ul.test index 136853c463..aedd6781dd 100644 --- a/testing/btest/core/tunnels/gtp/different_dl_and_ul.test +++ b/testing/btest/core/tunnels/gtp/different_dl_and_ul.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tunnels/gtp/gtp2_different_udp_port.pcap +# @TEST-EXEC: zeek -C -r $TRACES/tunnels/gtp/gtp2_different_udp_port.pcap # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/core/tunnels/gtp/ext_header.test b/testing/btest/core/tunnels/gtp/ext_header.test index 6316acb184..251d8fb9d6 100644 --- a/testing/btest/core/tunnels/gtp/ext_header.test +++ b/testing/btest/core/tunnels/gtp/ext_header.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gtp/gtp_ext_header.pcap %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/tunnels/gtp/gtp_ext_header.pcap %INPUT >out # @TEST-EXEC: btest-diff out event gtpv1_message(c: connection, hdr: gtpv1_hdr) diff --git a/testing/btest/core/tunnels/gtp/false_gtp.test b/testing/btest/core/tunnels/gtp/false_gtp.test index 6e84be7323..b38291c8df 100644 --- a/testing/btest/core/tunnels/gtp/false_gtp.test +++ b/testing/btest/core/tunnels/gtp/false_gtp.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gtp/gtp3_false_gtp.pcap +# @TEST-EXEC: zeek -r $TRACES/tunnels/gtp/gtp3_false_gtp.pcap # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff dns.log # @TEST-EXEC: test ! -e tunnel.log diff --git a/testing/btest/core/tunnels/gtp/inner_ipv6.test b/testing/btest/core/tunnels/gtp/inner_ipv6.test index 97d8562ecc..865401b9df 100644 --- a/testing/btest/core/tunnels/gtp/inner_ipv6.test +++ b/testing/btest/core/tunnels/gtp/inner_ipv6.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gtp/gtp7_ipv6.pcap +# @TEST-EXEC: zeek -r $TRACES/tunnels/gtp/gtp7_ipv6.pcap # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/core/tunnels/gtp/inner_teredo.test b/testing/btest/core/tunnels/gtp/inner_teredo.test index 9161d31229..b6e83a36c3 100644 --- a/testing/btest/core/tunnels/gtp/inner_teredo.test +++ b/testing/btest/core/tunnels/gtp/inner_teredo.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gtp/gtp8_teredo.pcap "Tunnel::delay_teredo_confirmation=F" +# @TEST-EXEC: zeek -r $TRACES/tunnels/gtp/gtp8_teredo.pcap "Tunnel::delay_teredo_confirmation=F" # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/core/tunnels/gtp/non_recursive.test b/testing/btest/core/tunnels/gtp/non_recursive.test index 0b03c0d6ae..6f5e6f3c62 100644 --- a/testing/btest/core/tunnels/gtp/non_recursive.test +++ b/testing/btest/core/tunnels/gtp/non_recursive.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gtp/gtp4_udp_2152_inside.pcap %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/tunnels/gtp/gtp4_udp_2152_inside.pcap %INPUT >out # @TEST-EXEC: btest-diff out # In telecoms there is never a GTP tunnel within another GTP tunnel. diff --git a/testing/btest/core/tunnels/gtp/not_user_plane_data.test b/testing/btest/core/tunnels/gtp/not_user_plane_data.test index a6a3333360..4edab5ab44 100644 --- a/testing/btest/core/tunnels/gtp/not_user_plane_data.test +++ b/testing/btest/core/tunnels/gtp/not_user_plane_data.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gtp/gtp10_not_0xff.pcap +# @TEST-EXEC: zeek -r $TRACES/tunnels/gtp/gtp10_not_0xff.pcap # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: test ! -e tunnel.log diff --git a/testing/btest/core/tunnels/gtp/opt_header.test b/testing/btest/core/tunnels/gtp/opt_header.test index 32329c7ca8..c1f3d89e03 100644 --- a/testing/btest/core/tunnels/gtp/opt_header.test +++ b/testing/btest/core/tunnels/gtp/opt_header.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gtp/gtp6_gtp_0x32.pcap %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/tunnels/gtp/gtp6_gtp_0x32.pcap %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/core/tunnels/gtp/outer_ip_frag.test b/testing/btest/core/tunnels/gtp/outer_ip_frag.test index b2badb9c1b..310c377eed 100644 --- a/testing/btest/core/tunnels/gtp/outer_ip_frag.test +++ b/testing/btest/core/tunnels/gtp/outer_ip_frag.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tunnels/gtp/gtp1_gn_normal_incl_fragmentation.pcap +# @TEST-EXEC: zeek -C -r $TRACES/tunnels/gtp/gtp1_gn_normal_incl_fragmentation.pcap # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/core/tunnels/gtp/pdp_ctx_messages.test b/testing/btest/core/tunnels/gtp/pdp_ctx_messages.test index 7405c8d019..06912c1f9d 100644 --- a/testing/btest/core/tunnels/gtp/pdp_ctx_messages.test +++ b/testing/btest/core/tunnels/gtp/pdp_ctx_messages.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gtp/gtp_control_prime.pcap -r $TRACES/tunnels/gtp/gtp_create_pdp_ctx.pcap %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/tunnels/gtp/gtp_control_prime.pcap -r $TRACES/tunnels/gtp/gtp_create_pdp_ctx.pcap %INPUT >out # @TEST-EXEC: btest-diff out event gtpv1_message(c: connection, hdr: gtpv1_hdr) diff --git a/testing/btest/core/tunnels/gtp/unknown_or_too_short.test b/testing/btest/core/tunnels/gtp/unknown_or_too_short.test index e1b3d4ba20..0fe72b9ad8 100644 --- a/testing/btest/core/tunnels/gtp/unknown_or_too_short.test +++ b/testing/btest/core/tunnels/gtp/unknown_or_too_short.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tunnels/gtp/gtp9_unknown_or_too_short_payload.pcap +# @TEST-EXEC: zeek -C -r $TRACES/tunnels/gtp/gtp9_unknown_or_too_short_payload.pcap # @TEST-EXEC: btest-diff dpd.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/core/tunnels/ip-in-ip-version.zeek b/testing/btest/core/tunnels/ip-in-ip-version.zeek index 35d633c8fe..f5ff69c21c 100644 --- a/testing/btest/core/tunnels/ip-in-ip-version.zeek +++ b/testing/btest/core/tunnels/ip-in-ip-version.zeek @@ -1,11 +1,11 @@ # Trace in we have mpls->ip6->ip6->ip4 where the ip4 packet # has an invalid IP version. -# @TEST-EXEC: bro -C -r $TRACES/tunnels/mpls-6in6-6in6-4in6-invalid-version-4.pcap +# @TEST-EXEC: zeek -C -r $TRACES/tunnels/mpls-6in6-6in6-4in6-invalid-version-4.pcap # @TEST-EXEC: mv weird.log output # Trace in which we have mpls->ip6->ip6 where the ip6 packet # has an invalid IP version. -# @TEST-EXEC: bro -C -r $TRACES/tunnels/mpls-6in6-6in6-invalid-version-6.pcap +# @TEST-EXEC: zeek -C -r $TRACES/tunnels/mpls-6in6-6in6-invalid-version-6.pcap # @TEST-EXEC: cat weird.log >> output # @TEST-EXEC: btest-diff output diff --git a/testing/btest/core/tunnels/ip-in-ip.test b/testing/btest/core/tunnels/ip-in-ip.test index 38f4610445..f003865b2e 100644 --- a/testing/btest/core/tunnels/ip-in-ip.test +++ b/testing/btest/core/tunnels/ip-in-ip.test @@ -1,9 +1,9 @@ -# @TEST-EXEC: bro -b -r $TRACES/tunnels/6in6.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/tunnels/6in6in6.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/tunnels/6in4.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/tunnels/4in6.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/tunnels/4in4.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/tunnels/6in6-tunnel-change.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/6in6.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/6in6in6.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/6in4.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/4in6.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/4in4.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/6in6-tunnel-change.pcap %INPUT >>output 2>&1 # @TEST-EXEC: btest-diff output event new_connection(c: connection) diff --git a/testing/btest/core/tunnels/ip-tunnel-uid.test b/testing/btest/core/tunnels/ip-tunnel-uid.test index f86fd126c9..1f50d4baea 100644 --- a/testing/btest/core/tunnels/ip-tunnel-uid.test +++ b/testing/btest/core/tunnels/ip-tunnel-uid.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/tunnels/ping6-in-ipv4.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/ping6-in-ipv4.pcap %INPUT >>output 2>&1 # @TEST-EXEC: btest-diff output event new_connection(c: connection) diff --git a/testing/btest/core/tunnels/teredo-known-services.test b/testing/btest/core/tunnels/teredo-known-services.test index db42996eb2..dc5aad52fd 100644 --- a/testing/btest/core/tunnels/teredo-known-services.test +++ b/testing/btest/core/tunnels/teredo-known-services.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/false-teredo.pcap base/frameworks/dpd base/protocols/tunnels protocols/conn/known-services Tunnel::delay_teredo_confirmation=T "Site::local_nets+={192.168.1.0/24}" +# @TEST-EXEC: zeek -r $TRACES/tunnels/false-teredo.pcap base/frameworks/dpd base/protocols/tunnels protocols/conn/known-services Tunnel::delay_teredo_confirmation=T "Site::local_nets+={192.168.1.0/24}" # @TEST-EXEC: test ! -e known_services.log # The first case using Tunnel::delay_teredo_confirmation=T doesn't produce diff --git a/testing/btest/core/tunnels/teredo.zeek b/testing/btest/core/tunnels/teredo.zeek index c457decd98..0a884bc027 100644 --- a/testing/btest/core/tunnels/teredo.zeek +++ b/testing/btest/core/tunnels/teredo.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/Teredo.pcap %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/tunnels/Teredo.pcap %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff tunnel.log # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/tunnels/teredo_bubble_with_payload.test b/testing/btest/core/tunnels/teredo_bubble_with_payload.test index f45d8ca585..ef72ddf519 100644 --- a/testing/btest/core/tunnels/teredo_bubble_with_payload.test +++ b/testing/btest/core/tunnels/teredo_bubble_with_payload.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/teredo_bubble_with_payload.pcap %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/tunnels/teredo_bubble_with_payload.pcap %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff tunnel.log # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/tunnels/vxlan.zeek b/testing/btest/core/tunnels/vxlan.zeek index 50a7b1a24a..5b1b9defaa 100644 --- a/testing/btest/core/tunnels/vxlan.zeek +++ b/testing/btest/core/tunnels/vxlan.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/vxlan.pcap %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/tunnels/vxlan.pcap %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/core/vector-assignment.zeek b/testing/btest/core/vector-assignment.zeek index 9c5cc4e0f6..8593562892 100644 --- a/testing/btest/core/vector-assignment.zeek +++ b/testing/btest/core/vector-assignment.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # This regression test checks a special case in the vector code. In this case # UnaryExpr will be called with a Type() of any. Tests succeeds if it does not diff --git a/testing/btest/core/vlan-mpls.zeek b/testing/btest/core/vlan-mpls.zeek index b7a7a351cb..9e345b762a 100644 --- a/testing/btest/core/vlan-mpls.zeek +++ b/testing/btest/core/vlan-mpls.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -C -r $TRACES/mixed-vlan-mpls.trace +# @TEST-EXEC: zeek -C -r $TRACES/mixed-vlan-mpls.trace # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/when-interpreter-exceptions.zeek b/testing/btest/core/when-interpreter-exceptions.zeek index 41f2374c2f..1a713fd1af 100644 --- a/testing/btest/core/when-interpreter-exceptions.zeek +++ b/testing/btest/core/when-interpreter-exceptions.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: btest-bg-run bro "bro -b %INPUT >output 2>&1" +# @TEST-EXEC: btest-bg-run zeek "zeek -b %INPUT >output 2>&1" # @TEST-EXEC: btest-bg-wait 15 -# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps | $SCRIPTS/diff-sort" btest-diff bro/output +# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps | $SCRIPTS/diff-sort" btest-diff zeek/output # interpreter exceptions in "when" blocks shouldn't cause termination diff --git a/testing/btest/core/wlanmon.zeek b/testing/btest/core/wlanmon.zeek index b227baf7eb..e29613ae56 100644 --- a/testing/btest/core/wlanmon.zeek +++ b/testing/btest/core/wlanmon.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -C -r $TRACES/wlanmon.pcap +# @TEST-EXEC: zeek -C -r $TRACES/wlanmon.pcap # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/x509-generalizedtime.zeek b/testing/btest/core/x509-generalizedtime.zeek index b69ab31743..14e9edbf24 100644 --- a/testing/btest/core/x509-generalizedtime.zeek +++ b/testing/btest/core/x509-generalizedtime.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/x509-generalizedtime.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -C -r $TRACES/tls/tls1.2.trace %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -C -r $TRACES/tls/x509-generalizedtime.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -C -r $TRACES/tls/tls1.2.trace %INPUT >>output 2>&1 # @TEST-EXEC: btest-diff output event x509_certificate(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate) { diff --git a/testing/btest/coverage/bare-load-baseline.test b/testing/btest/coverage/bare-load-baseline.test index 98ce72e4b8..94fdb04b04 100644 --- a/testing/btest/coverage/bare-load-baseline.test +++ b/testing/btest/coverage/bare-load-baseline.test @@ -7,7 +7,7 @@ # prefix to make the test work everywhere. That's what the sed magic # below does. Don't ask. :-) -# @TEST-EXEC: bro -b misc/loaded-scripts +# @TEST-EXEC: zeek -b misc/loaded-scripts # @TEST-EXEC: test -e loaded_scripts.log # @TEST-EXEC: cat loaded_scripts.log | egrep -v '#' | awk 'NR>0{print $1}' | sed -e ':a' -e '$!N' -e 's/^\(.*\).*\n\1.*/\1/' -e 'ta' >prefix # @TEST-EXEC: (test -L $BUILD && basename $(readlink $BUILD) || basename $BUILD) >buildprefix diff --git a/testing/btest/coverage/bare-mode-errors.test b/testing/btest/coverage/bare-mode-errors.test index 6f5e6983f6..fa4c15c120 100644 --- a/testing/btest/coverage/bare-mode-errors.test +++ b/testing/btest/coverage/bare-mode-errors.test @@ -1,9 +1,9 @@ -# Makes sure any given bro script in the scripts/ tree can be loaded in +# Makes sure any given zeek script in the scripts/ tree can be loaded in # bare mode without error. # # Commonly, this test may fail if one forgets to @load some base/ scripts -# when writing a new bro scripts. +# when writing a new zeek scripts. # # @TEST-EXEC: test -d $DIST/scripts -# @TEST-EXEC: for script in `find $DIST/scripts/ -name \*\.zeek`; do bro -b --parse-only $script >>errors 2>&1; done +# @TEST-EXEC: for script in `find $DIST/scripts/ -name \*\.zeek`; do zeek -b --parse-only $script >>errors 2>&1; done # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-sort" btest-diff errors diff --git a/testing/btest/coverage/coverage-blacklist.zeek b/testing/btest/coverage/coverage-blacklist.zeek index 30a5f86efa..469a874a69 100644 --- a/testing/btest/coverage/coverage-blacklist.zeek +++ b/testing/btest/coverage/coverage-blacklist.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: BRO_PROFILER_FILE=coverage bro -b %INPUT +# @TEST-EXEC: BRO_PROFILER_FILE=coverage zeek -b %INPUT # @TEST-EXEC: grep %INPUT coverage | sort -k2 >output # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output diff --git a/testing/btest/coverage/default-load-baseline.test b/testing/btest/coverage/default-load-baseline.test index 076f26b770..df13444ad7 100644 --- a/testing/btest/coverage/default-load-baseline.test +++ b/testing/btest/coverage/default-load-baseline.test @@ -7,7 +7,7 @@ # prefix to make the test work everywhere. That's what the sed magic # below does. Don't ask. :-) -# @TEST-EXEC: bro misc/loaded-scripts +# @TEST-EXEC: zeek misc/loaded-scripts # @TEST-EXEC: test -e loaded_scripts.log # @TEST-EXEC: cat loaded_scripts.log | egrep -v '#' | sed 's/ //g' | sed -e ':a' -e '$!N' -e 's/^\(.*\).*\n\1.*/\1/' -e 'ta' >prefix # @TEST-EXEC: (test -L $BUILD && basename $(readlink $BUILD) || basename $BUILD) >buildprefix diff --git a/testing/btest/coverage/find-bro-logs.test b/testing/btest/coverage/find-bro-logs.test index ee0e45262b..61d2b13ada 100644 --- a/testing/btest/coverage/find-bro-logs.test +++ b/testing/btest/coverage/find-bro-logs.test @@ -22,7 +22,7 @@ import os, sys scriptdir = sys.argv[1] -# Return a list of all bro script files. +# Return a list of all zeek script files. def find_scripts(): scripts = [] diff --git a/testing/btest/coverage/init-default.test b/testing/btest/coverage/init-default.test index edc0012ef1..f3c1aec31e 100644 --- a/testing/btest/coverage/init-default.test +++ b/testing/btest/coverage/init-default.test @@ -1,16 +1,16 @@ # Makes sure that all base/* scripts are loaded by default via # init-default.zeek; and that all scripts loaded there actually exist. # -# This test will fail if a new bro script is added under the scripts/base/ +# This test will fail if a new zeek script is added under the scripts/base/ # directory and it is not also added as an @load in base/init-default.zeek. -# In some cases, a script in base is loaded based on the bro configuration +# In some cases, a script in base is loaded based on the zeek configuration # (e.g. cluster operation), and in such cases, the missing_loads baseline # can be adjusted to tolerate that. #@TEST-EXEC: test -d $DIST/scripts/base #@TEST-EXEC: test -e $DIST/scripts/base/init-default.zeek #@TEST-EXEC: ( cd $DIST/scripts/base && find . -name '*.zeek' ) | sort >"all scripts found" -#@TEST-EXEC: bro misc/loaded-scripts +#@TEST-EXEC: zeek misc/loaded-scripts #@TEST-EXEC: (test -L $BUILD && basename $(readlink $BUILD) || basename $BUILD) >buildprefix #@TEST-EXEC: cat loaded_scripts.log | egrep -v "/build/scripts/|$(cat buildprefix)/scripts/|/loaded-scripts.zeek|#" | sed 's#/./#/#g' >loaded_scripts.log.tmp #@TEST-EXEC: cat loaded_scripts.log.tmp | sed 's/ //g' | sed -e ':a' -e '$!N' -e 's/^\(.*\).*\n\1.*/\1/' -e 'ta' >prefix diff --git a/testing/btest/coverage/test-all-policy.test b/testing/btest/coverage/test-all-policy.test index 61e4297f83..46571d967e 100644 --- a/testing/btest/coverage/test-all-policy.test +++ b/testing/btest/coverage/test-all-policy.test @@ -1,9 +1,9 @@ # Makes sure that all policy/* scripts are loaded in # scripts/test-all-policy.zeek and that all scripts loaded there actually exist. # -# This test will fail if new bro scripts are added to the scripts/policy/ +# This test will fail if new zeek scripts are added to the scripts/policy/ # directory. Correcting that just involves updating -# scripts/test-all-policy.zeek to @load the new bro scripts. +# scripts/test-all-policy.zeek to @load the new zeek scripts. @TEST-EXEC: test -e $DIST/scripts/test-all-policy.zeek @TEST-EXEC: test -d $DIST/scripts diff --git a/testing/btest/doc/record-add.zeek b/testing/btest/doc/record-add.zeek index 284ea22959..baebaaf3f2 100644 --- a/testing/btest/doc/record-add.zeek +++ b/testing/btest/doc/record-add.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # To support documentation of type aliases, Bro clones declared types # (see add_type() in Var.cc) in order to keep track of type names and aliases. diff --git a/testing/btest/doc/record-attr-check.zeek b/testing/btest/doc/record-attr-check.zeek index c7dc74631d..e34b417e57 100644 --- a/testing/btest/doc/record-attr-check.zeek +++ b/testing/btest/doc/record-attr-check.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT type Tag: enum { SOMETHING diff --git a/testing/btest/doc/zeexygen/command_line.zeek b/testing/btest/doc/zeexygen/command_line.zeek index d009667b7e..d8d48e6a44 100644 --- a/testing/btest/doc/zeexygen/command_line.zeek +++ b/testing/btest/doc/zeexygen/command_line.zeek @@ -1,7 +1,7 @@ # Shouldn't emit any warnings about not being able to document something # that's supplied via command line script. -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro %INPUT -e 'redef myvar=10; print myvar' >output 2>&1 +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek %INPUT -e 'redef myvar=10; print myvar' >output 2>&1 # @TEST-EXEC: btest-diff output const myvar = 5 &redef; diff --git a/testing/btest/doc/zeexygen/comment_retrieval_bifs.zeek b/testing/btest/doc/zeexygen/comment_retrieval_bifs.zeek index f3c1be6b14..5747d80cb6 100644 --- a/testing/btest/doc/zeexygen/comment_retrieval_bifs.zeek +++ b/testing/btest/doc/zeexygen/comment_retrieval_bifs.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b %INPUT >out +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b %INPUT >out # @TEST-EXEC: btest-diff out ##! This is a test script. diff --git a/testing/btest/doc/zeexygen/enums.zeek b/testing/btest/doc/zeexygen/enums.zeek index a385a36a6c..c2c91ff280 100644 --- a/testing/btest/doc/zeexygen/enums.zeek +++ b/testing/btest/doc/zeexygen/enums.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b -X zeexygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-enums.rst @TEST-START-FILE zeexygen.config diff --git a/testing/btest/doc/zeexygen/example.zeek b/testing/btest/doc/zeexygen/example.zeek index 53179dac39..ae611bc0a4 100644 --- a/testing/btest/doc/zeexygen/example.zeek +++ b/testing/btest/doc/zeexygen/example.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -X zeexygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -X zeexygen.config %INPUT # @TEST-EXEC: btest-diff example.rst @TEST-START-FILE zeexygen.config diff --git a/testing/btest/doc/zeexygen/func-params.zeek b/testing/btest/doc/zeexygen/func-params.zeek index 5facba3e05..62d116def5 100644 --- a/testing/btest/doc/zeexygen/func-params.zeek +++ b/testing/btest/doc/zeexygen/func-params.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b -X zeexygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-func-params.rst @TEST-START-FILE zeexygen.config diff --git a/testing/btest/doc/zeexygen/identifier.zeek b/testing/btest/doc/zeexygen/identifier.zeek index 38a4f274ad..ee851096ef 100644 --- a/testing/btest/doc/zeexygen/identifier.zeek +++ b/testing/btest/doc/zeexygen/identifier.zeek @@ -1,5 +1,5 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT # @TEST-EXEC: btest-diff test.rst @TEST-START-FILE zeexygen.config diff --git a/testing/btest/doc/zeexygen/package.zeek b/testing/btest/doc/zeexygen/package.zeek index 7038b5b50a..dcf299fc2b 100644 --- a/testing/btest/doc/zeexygen/package.zeek +++ b/testing/btest/doc/zeexygen/package.zeek @@ -1,5 +1,5 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT # @TEST-EXEC: btest-diff test.rst @TEST-START-FILE zeexygen.config diff --git a/testing/btest/doc/zeexygen/package_index.zeek b/testing/btest/doc/zeexygen/package_index.zeek index 3a0c92ca71..55e645433e 100644 --- a/testing/btest/doc/zeexygen/package_index.zeek +++ b/testing/btest/doc/zeexygen/package_index.zeek @@ -1,5 +1,5 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT # @TEST-EXEC: btest-diff test.rst @TEST-START-FILE zeexygen.config diff --git a/testing/btest/doc/zeexygen/records.zeek b/testing/btest/doc/zeexygen/records.zeek index 0c1f668df9..b4243ec58a 100644 --- a/testing/btest/doc/zeexygen/records.zeek +++ b/testing/btest/doc/zeexygen/records.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b -X zeexygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-records.rst @TEST-START-FILE zeexygen.config diff --git a/testing/btest/doc/zeexygen/script_index.zeek b/testing/btest/doc/zeexygen/script_index.zeek index f92513d632..d60fa54356 100644 --- a/testing/btest/doc/zeexygen/script_index.zeek +++ b/testing/btest/doc/zeexygen/script_index.zeek @@ -1,5 +1,5 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT # @TEST-EXEC: btest-diff test.rst @TEST-START-FILE zeexygen.config diff --git a/testing/btest/doc/zeexygen/script_summary.zeek b/testing/btest/doc/zeexygen/script_summary.zeek index 9378417f08..2c8dc5fb36 100644 --- a/testing/btest/doc/zeexygen/script_summary.zeek +++ b/testing/btest/doc/zeexygen/script_summary.zeek @@ -1,5 +1,5 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT # @TEST-EXEC: btest-diff test.rst @TEST-START-FILE zeexygen.config diff --git a/testing/btest/doc/zeexygen/type-aliases.zeek b/testing/btest/doc/zeexygen/type-aliases.zeek index 40a6e24417..a505eb0c05 100644 --- a/testing/btest/doc/zeexygen/type-aliases.zeek +++ b/testing/btest/doc/zeexygen/type-aliases.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b -X zeexygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-type-aliases.rst @TEST-START-FILE zeexygen.config diff --git a/testing/btest/doc/zeexygen/vectors.zeek b/testing/btest/doc/zeexygen/vectors.zeek index 8a16a58149..0f1f9a65ad 100644 --- a/testing/btest/doc/zeexygen/vectors.zeek +++ b/testing/btest/doc/zeexygen/vectors.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b -X zeexygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-vectors.rst @TEST-START-FILE zeexygen.config diff --git a/testing/btest/language/addr.zeek b/testing/btest/language/addr.zeek index 8829c20da2..dff331c3fd 100644 --- a/testing/btest/language/addr.zeek +++ b/testing/btest/language/addr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/any.zeek b/testing/btest/language/any.zeek index 32daa36903..aebab284c2 100644 --- a/testing/btest/language/any.zeek +++ b/testing/btest/language/any.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/at-deprecated.zeek b/testing/btest/language/at-deprecated.zeek index 271a918e5e..a035f6d24e 100644 --- a/testing/btest/language/at-deprecated.zeek +++ b/testing/btest/language/at-deprecated.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b foo +# @TEST-EXEC: zeek -b foo # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr @TEST-START-FILE foo.zeek diff --git a/testing/btest/language/at-dir.zeek b/testing/btest/language/at-dir.zeek index a366285a5b..35f8894caf 100644 --- a/testing/btest/language/at-dir.zeek +++ b/testing/btest/language/at-dir.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out -# @TEST-EXEC: bro -b ./pathtest.zeek >out2 +# @TEST-EXEC: zeek -b ./pathtest.zeek >out2 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out2 print @DIR; diff --git a/testing/btest/language/at-filename.zeek b/testing/btest/language/at-filename.zeek index 83e4e968f3..aa8b924b7e 100644 --- a/testing/btest/language/at-filename.zeek +++ b/testing/btest/language/at-filename.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out print @FILENAME; diff --git a/testing/btest/language/at-if-event.zeek b/testing/btest/language/at-if-event.zeek index 2ac757810d..bd6112f369 100644 --- a/testing/btest/language/at-if-event.zeek +++ b/testing/btest/language/at-if-event.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out # Check if @if can be used to alternative function/event definitions diff --git a/testing/btest/language/at-if-invalid.zeek b/testing/btest/language/at-if-invalid.zeek index e2e5e2c699..8657e3affb 100644 --- a/testing/btest/language/at-if-invalid.zeek +++ b/testing/btest/language/at-if-invalid.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out function foo(c: count): bool diff --git a/testing/btest/language/at-if.zeek b/testing/btest/language/at-if.zeek index 1aba7b9ded..e6d7f58cae 100644 --- a/testing/btest/language/at-if.zeek +++ b/testing/btest/language/at-if.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/at-ifdef.zeek b/testing/btest/language/at-ifdef.zeek index ebc59f7056..cbc26b5cfa 100644 --- a/testing/btest/language/at-ifdef.zeek +++ b/testing/btest/language/at-ifdef.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/at-ifndef.zeek b/testing/btest/language/at-ifndef.zeek index 6e4df4dd86..069b51bddc 100644 --- a/testing/btest/language/at-ifndef.zeek +++ b/testing/btest/language/at-ifndef.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/at-load.zeek b/testing/btest/language/at-load.zeek index ae14eba436..45df73b05c 100644 --- a/testing/btest/language/at-load.zeek +++ b/testing/btest/language/at-load.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out # In this script, we try to access each object defined in a "@load"ed script @@ -18,7 +18,7 @@ event zeek_init() # In this script, we define some objects to be used in another script -# Note: this script is not listed on the bro command-line (instead, it +# Note: this script is not listed on the zeek command-line (instead, it # is "@load"ed from the other script) global test_case: function(msg: string, expect: bool); diff --git a/testing/btest/language/attr-default-coercion.zeek b/testing/btest/language/attr-default-coercion.zeek index 8304169cfb..01adee04e4 100644 --- a/testing/btest/language/attr-default-coercion.zeek +++ b/testing/btest/language/attr-default-coercion.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type my_table: table[string] of double; diff --git a/testing/btest/language/attr-default-global-set-error.zeek b/testing/btest/language/attr-default-global-set-error.zeek index 8ee80bccb2..515c71fc24 100644 --- a/testing/btest/language/attr-default-global-set-error.zeek +++ b/testing/btest/language/attr-default-global-set-error.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out global ss: set[string] &default=0; diff --git a/testing/btest/language/bool.zeek b/testing/btest/language/bool.zeek index be54a442d9..e19f5a3714 100644 --- a/testing/btest/language/bool.zeek +++ b/testing/btest/language/bool.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/common-mistakes.zeek b/testing/btest/language/common-mistakes.zeek index 4e9e017fda..b829b5315b 100644 --- a/testing/btest/language/common-mistakes.zeek +++ b/testing/btest/language/common-mistakes.zeek @@ -2,13 +2,13 @@ # handled internally by way of throwing an exception to unwind out # of the current event handler body. -# @TEST-EXEC: bro -b 1.zeek >1.out 2>&1 +# @TEST-EXEC: zeek -b 1.zeek >1.out 2>&1 # @TEST-EXEC: btest-diff 1.out -# @TEST-EXEC: bro -b 2.zeek >2.out 2>&1 +# @TEST-EXEC: zeek -b 2.zeek >2.out 2>&1 # @TEST-EXEC: btest-diff 2.out -# @TEST-EXEC: bro -b 3.zeek >3.out 2>&1 +# @TEST-EXEC: zeek -b 3.zeek >3.out 2>&1 # @TEST-EXEC: btest-diff 3.out @TEST-START-FILE 1.zeek diff --git a/testing/btest/language/conditional-expression.zeek b/testing/btest/language/conditional-expression.zeek index 4938b87b4d..43c5d12a83 100644 --- a/testing/btest/language/conditional-expression.zeek +++ b/testing/btest/language/conditional-expression.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/const.zeek b/testing/btest/language/const.zeek index 6d7b3fe527..38aada2029 100644 --- a/testing/btest/language/const.zeek +++ b/testing/btest/language/const.zeek @@ -1,8 +1,8 @@ -# @TEST-EXEC: bro -b valid.zeek 2>valid.stderr 1>valid.stdout +# @TEST-EXEC: zeek -b valid.zeek 2>valid.stderr 1>valid.stdout # @TEST-EXEC: btest-diff valid.stderr # @TEST-EXEC: btest-diff valid.stdout -# @TEST-EXEC-FAIL: bro -b invalid.zeek 2>invalid.stderr 1>invalid.stdout +# @TEST-EXEC-FAIL: zeek -b invalid.zeek 2>invalid.stderr 1>invalid.stdout # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff invalid.stderr # @TEST-EXEC: btest-diff invalid.stdout diff --git a/testing/btest/language/container-ctor-scope.zeek b/testing/btest/language/container-ctor-scope.zeek index fd1939a459..f4f2da92ac 100644 --- a/testing/btest/language/container-ctor-scope.zeek +++ b/testing/btest/language/container-ctor-scope.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out # All various container contructors should work at both global and local scope. diff --git a/testing/btest/language/copy.zeek b/testing/btest/language/copy.zeek index e3d6b80d5b..9ac1e577ea 100644 --- a/testing/btest/language/copy.zeek +++ b/testing/btest/language/copy.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/count.zeek b/testing/btest/language/count.zeek index 6e5dca8bc2..a2d3fb0cc2 100644 --- a/testing/btest/language/count.zeek +++ b/testing/btest/language/count.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/cross-product-init.zeek b/testing/btest/language/cross-product-init.zeek index 8cb9c48367..f5027cfd3c 100644 --- a/testing/btest/language/cross-product-init.zeek +++ b/testing/btest/language/cross-product-init.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output global my_subs = { 1.2.3.4/19, 5.6.7.8/21 }; diff --git a/testing/btest/language/default-params.zeek b/testing/btest/language/default-params.zeek index c11adbf3b5..c07bdee207 100644 --- a/testing/btest/language/default-params.zeek +++ b/testing/btest/language/default-params.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out ### functions diff --git a/testing/btest/language/delete-field-set.zeek b/testing/btest/language/delete-field-set.zeek index 1f1c5b0c27..8f1482c6c2 100644 --- a/testing/btest/language/delete-field-set.zeek +++ b/testing/btest/language/delete-field-set.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output type FooBar: record { diff --git a/testing/btest/language/delete-field.zeek b/testing/btest/language/delete-field.zeek index 99136ff2b9..0e5d4e3809 100644 --- a/testing/btest/language/delete-field.zeek +++ b/testing/btest/language/delete-field.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output type X: record { diff --git a/testing/btest/language/deprecated.zeek b/testing/btest/language/deprecated.zeek index 9ac6996145..6e10d7d744 100644 --- a/testing/btest/language/deprecated.zeek +++ b/testing/btest/language/deprecated.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out 2>&1 +# @TEST-EXEC: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out type blah: string &deprecated; diff --git a/testing/btest/language/double.zeek b/testing/btest/language/double.zeek index f1338ca16d..56ce711da2 100644 --- a/testing/btest/language/double.zeek +++ b/testing/btest/language/double.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/enum-desc.zeek b/testing/btest/language/enum-desc.zeek index 86466e2fc2..c296b76a13 100644 --- a/testing/btest/language/enum-desc.zeek +++ b/testing/btest/language/enum-desc.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output type test_enum1: enum { ONE }; diff --git a/testing/btest/language/enum-scope.zeek b/testing/btest/language/enum-scope.zeek index 82e7c7fd7c..8c2e20c9b2 100644 --- a/testing/btest/language/enum-scope.zeek +++ b/testing/btest/language/enum-scope.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output type foo: enum { a, b } &redef; diff --git a/testing/btest/language/enum.zeek b/testing/btest/language/enum.zeek index c4aa2d71a1..71c354971f 100644 --- a/testing/btest/language/enum.zeek +++ b/testing/btest/language/enum.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/eof-parse-errors.zeek b/testing/btest/language/eof-parse-errors.zeek index 3b6ba8faf5..54fe96df19 100644 --- a/testing/btest/language/eof-parse-errors.zeek +++ b/testing/btest/language/eof-parse-errors.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC-FAIL: bro -b a.zeek >output1 2>&1 -# @TEST-EXEC-FAIL: bro -b a.zeek b.zeek >output2 2>&1 +# @TEST-EXEC-FAIL: zeek -b a.zeek >output1 2>&1 +# @TEST-EXEC-FAIL: zeek -b a.zeek b.zeek >output2 2>&1 # @TEST-EXEC: btest-diff output1 # @TEST-EXEC: btest-diff output2 diff --git a/testing/btest/language/event-local-var.zeek b/testing/btest/language/event-local-var.zeek index 337cd37bac..4d7364cc39 100644 --- a/testing/btest/language/event-local-var.zeek +++ b/testing/btest/language/event-local-var.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT 2> out +# @TEST-EXEC-FAIL: zeek -b %INPUT 2> out # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out diff --git a/testing/btest/language/event.zeek b/testing/btest/language/event.zeek index 664bff49ef..39bb36c192 100644 --- a/testing/btest/language/event.zeek +++ b/testing/btest/language/event.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/language/expire-expr-error.zeek b/testing/btest/language/expire-expr-error.zeek index b2ac4d7c55..5e6f0b4e6f 100644 --- a/testing/btest/language/expire-expr-error.zeek +++ b/testing/btest/language/expire-expr-error.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: cp .stderr output # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output diff --git a/testing/btest/language/expire-func-undef.zeek b/testing/btest/language/expire-func-undef.zeek index 2da735a9be..9198edc6c4 100644 --- a/testing/btest/language/expire-func-undef.zeek +++ b/testing/btest/language/expire-func-undef.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/rotation.trace -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -r $TRACES/rotation.trace -b %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output module segfault; diff --git a/testing/btest/language/expire-redef.zeek b/testing/btest/language/expire-redef.zeek index 552e26cce0..3958ef8342 100644 --- a/testing/btest/language/expire-redef.zeek +++ b/testing/btest/language/expire-redef.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output redef exit_only_after_terminate = T; diff --git a/testing/btest/language/expire-type-error.zeek b/testing/btest/language/expire-type-error.zeek index d6d807e22f..2424ca0394 100644 --- a/testing/btest/language/expire-type-error.zeek +++ b/testing/btest/language/expire-type-error.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out global data: table[int] of string &write_expire="kaputt"; diff --git a/testing/btest/language/expire_func.test b/testing/btest/language/expire_func.test index c66a901a4f..016ebe9d88 100644 --- a/testing/btest/language/expire_func.test +++ b/testing/btest/language/expire_func.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/var-services-std-ports.trace %INPUT >output +# @TEST-EXEC: zeek -C -r $TRACES/var-services-std-ports.trace %INPUT >output # @TEST-EXEC: btest-diff output function inform_me(s: set[string], idx: string): interval diff --git a/testing/btest/language/expire_func_mod.zeek b/testing/btest/language/expire_func_mod.zeek index 8b14dad74c..4e64edc968 100644 --- a/testing/btest/language/expire_func_mod.zeek +++ b/testing/btest/language/expire_func_mod.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out module Test; diff --git a/testing/btest/language/expire_multiple.test b/testing/btest/language/expire_multiple.test index 1e4aaa0975..38c552a0e1 100644 --- a/testing/btest/language/expire_multiple.test +++ b/testing/btest/language/expire_multiple.test @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >output 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output global s: set[string] &create_expire=1secs &read_expire=1secs; diff --git a/testing/btest/language/expire_subnet.test b/testing/btest/language/expire_subnet.test index f0bf388ad0..9b95f39763 100644 --- a/testing/btest/language/expire_subnet.test +++ b/testing/btest/language/expire_subnet.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/var-services-std-ports.trace %INPUT >output +# @TEST-EXEC: zeek -C -r $TRACES/var-services-std-ports.trace %INPUT >output # @TEST-EXEC: btest-diff output redef table_expire_interval = 1sec; diff --git a/testing/btest/language/file.zeek b/testing/btest/language/file.zeek index 80d10a4d1f..a3691b87da 100644 --- a/testing/btest/language/file.zeek +++ b/testing/btest/language/file.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff out1 # @TEST-EXEC: btest-diff out2 diff --git a/testing/btest/language/for.zeek b/testing/btest/language/for.zeek index acf9612927..246eb47051 100644 --- a/testing/btest/language/for.zeek +++ b/testing/btest/language/for.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/func-assignment.zeek b/testing/btest/language/func-assignment.zeek index 724eac38ae..febf57e61c 100644 --- a/testing/btest/language/func-assignment.zeek +++ b/testing/btest/language/func-assignment.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function double_string(s: string): string diff --git a/testing/btest/language/function.zeek b/testing/btest/language/function.zeek index db2ac675b0..ff967b897f 100644 --- a/testing/btest/language/function.zeek +++ b/testing/btest/language/function.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/hook.zeek b/testing/btest/language/hook.zeek index c14e153577..01b43e5807 100644 --- a/testing/btest/language/hook.zeek +++ b/testing/btest/language/hook.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type rec: record { diff --git a/testing/btest/language/hook_calls.zeek b/testing/btest/language/hook_calls.zeek index d465510a34..eee92f1e2a 100644 --- a/testing/btest/language/hook_calls.zeek +++ b/testing/btest/language/hook_calls.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: bro -b valid.zeek >valid.out +# @TEST-EXEC: zeek -b valid.zeek >valid.out # @TEST-EXEC: btest-diff valid.out -# @TEST-EXEC-FAIL: bro -b invalid.zeek > invalid.out 2>&1 +# @TEST-EXEC-FAIL: zeek -b invalid.zeek > invalid.out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff invalid.out # hook functions must be called using the "hook" keyword as an operator... diff --git a/testing/btest/language/if.zeek b/testing/btest/language/if.zeek index 9f3be4dd1b..1f6f1116e1 100644 --- a/testing/btest/language/if.zeek +++ b/testing/btest/language/if.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/incr-vec-expr.test b/testing/btest/language/incr-vec-expr.test index c9945061a2..1bd3e54129 100644 --- a/testing/btest/language/incr-vec-expr.test +++ b/testing/btest/language/incr-vec-expr.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type rec: record { diff --git a/testing/btest/language/index-assignment-invalid.zeek b/testing/btest/language/index-assignment-invalid.zeek index 662b73ff91..a42c81320b 100644 --- a/testing/btest/language/index-assignment-invalid.zeek +++ b/testing/btest/language/index-assignment-invalid.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: grep "error" output >output2 # @TEST-EXEC: for i in 1 2 3 4 5; do cat output2 | cut -d'|' -f$i >>out; done # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out diff --git a/testing/btest/language/init-in-anon-function.zeek b/testing/btest/language/init-in-anon-function.zeek index 4da70dd2f4..f5808c1d99 100644 --- a/testing/btest/language/init-in-anon-function.zeek +++ b/testing/btest/language/init-in-anon-function.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r ${TRACES}/wikipedia.trace %INPUT >out +# @TEST-EXEC: zeek -r ${TRACES}/wikipedia.trace %INPUT >out # @TEST-EXEC: btest-diff http.log module Foo; diff --git a/testing/btest/language/int.zeek b/testing/btest/language/int.zeek index d4314c8367..c9344dd007 100644 --- a/testing/btest/language/int.zeek +++ b/testing/btest/language/int.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/interval.zeek b/testing/btest/language/interval.zeek index c8b975e637..994eb4c769 100644 --- a/testing/btest/language/interval.zeek +++ b/testing/btest/language/interval.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/invalid_index.zeek b/testing/btest/language/invalid_index.zeek index 399865ba23..80f294c68b 100644 --- a/testing/btest/language/invalid_index.zeek +++ b/testing/btest/language/invalid_index.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out 2>&1 +# @TEST-EXEC: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out global foo: vector of count = { 42 }; diff --git a/testing/btest/language/ipv6-literals.zeek b/testing/btest/language/ipv6-literals.zeek index bf888b29e1..e64185d92a 100644 --- a/testing/btest/language/ipv6-literals.zeek +++ b/testing/btest/language/ipv6-literals.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output local v: vector of addr = vector(); diff --git a/testing/btest/language/key-value-for.zeek b/testing/btest/language/key-value-for.zeek index 396c1d0bab..6d3dfc5f7f 100644 --- a/testing/btest/language/key-value-for.zeek +++ b/testing/btest/language/key-value-for.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/language/module.zeek b/testing/btest/language/module.zeek index 7f2512741f..e714ff22c2 100644 --- a/testing/btest/language/module.zeek +++ b/testing/btest/language/module.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT secondtestfile >out +# @TEST-EXEC: zeek -b %INPUT secondtestfile >out # @TEST-EXEC: btest-diff out # In this source file, we define a module and export some objects diff --git a/testing/btest/language/named-record-ctors.zeek b/testing/btest/language/named-record-ctors.zeek index 40a79d86b3..af2b175266 100644 --- a/testing/btest/language/named-record-ctors.zeek +++ b/testing/btest/language/named-record-ctors.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out @load frameworks/software/vulnerable diff --git a/testing/btest/language/named-set-ctors.zeek b/testing/btest/language/named-set-ctors.zeek index 083937c42e..707c8f6fe5 100644 --- a/testing/btest/language/named-set-ctors.zeek +++ b/testing/btest/language/named-set-ctors.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type MyRec: record { diff --git a/testing/btest/language/named-table-ctors.zeek b/testing/btest/language/named-table-ctors.zeek index 45d0974832..957ea351da 100644 --- a/testing/btest/language/named-table-ctors.zeek +++ b/testing/btest/language/named-table-ctors.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type MyRec: record { diff --git a/testing/btest/language/named-vector-ctors.zeek b/testing/btest/language/named-vector-ctors.zeek index 1e0e1e9e55..775422810b 100644 --- a/testing/btest/language/named-vector-ctors.zeek +++ b/testing/btest/language/named-vector-ctors.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type MyRec: record { diff --git a/testing/btest/language/nested-sets.zeek b/testing/btest/language/nested-sets.zeek index e33e1ac842..8c4f987075 100644 --- a/testing/btest/language/nested-sets.zeek +++ b/testing/btest/language/nested-sets.zeek @@ -1,5 +1,5 @@ # @TEST-EXEC: for i in `seq 21`; do echo 0 >> random.seed; done -# @TEST-EXEC: test `bro -b -G random.seed %INPUT` = "pass" +# @TEST-EXEC: test `zeek -b -G random.seed %INPUT` = "pass" type r: record { b: set[count]; diff --git a/testing/btest/language/next-test.zeek b/testing/btest/language/next-test.zeek index 83523dd59b..3746c4cb09 100644 --- a/testing/btest/language/next-test.zeek +++ b/testing/btest/language/next-test.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output # This script tests "next" being called during the last iteration of a diff --git a/testing/btest/language/no-module.zeek b/testing/btest/language/no-module.zeek index 4d1372f10c..3369e9b14e 100644 --- a/testing/btest/language/no-module.zeek +++ b/testing/btest/language/no-module.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT secondtestfile >out +# @TEST-EXEC: zeek -b %INPUT secondtestfile >out # @TEST-EXEC: btest-diff out # This is the same test as "module.bro", but here we omit the module definition diff --git a/testing/btest/language/null-statement.zeek b/testing/btest/language/null-statement.zeek index 69861ce96e..72ceedf293 100644 --- a/testing/btest/language/null-statement.zeek +++ b/testing/btest/language/null-statement.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/language/outer_param_binding.zeek b/testing/btest/language/outer_param_binding.zeek index a197cb87fb..d3587a7cce 100644 --- a/testing/btest/language/outer_param_binding.zeek +++ b/testing/btest/language/outer_param_binding.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out type Foo: record { diff --git a/testing/btest/language/pattern.zeek b/testing/btest/language/pattern.zeek index ae9cb15bf7..05a84e713c 100644 --- a/testing/btest/language/pattern.zeek +++ b/testing/btest/language/pattern.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/port.zeek b/testing/btest/language/port.zeek index 81d7704c14..03a6617eed 100644 --- a/testing/btest/language/port.zeek +++ b/testing/btest/language/port.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/precedence.zeek b/testing/btest/language/precedence.zeek index 9d74c67262..1af4bb6569 100644 --- a/testing/btest/language/precedence.zeek +++ b/testing/btest/language/precedence.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) @@ -7,7 +7,7 @@ function test_case(msg: string, expect: bool) } # This is an incomplete set of tests to demonstrate the order of precedence -# of bro script operators +# of zeek script operators event zeek_init() { diff --git a/testing/btest/language/raw_output_attr.test b/testing/btest/language/raw_output_attr.test index 3af94dc727..ccf616405e 100644 --- a/testing/btest/language/raw_output_attr.test +++ b/testing/btest/language/raw_output_attr.test @@ -1,7 +1,7 @@ # Files with the &raw_output attribute shouldn't interpret NUL characters # in strings that are `print`ed to it. -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: tr '\000' 'X' output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cmp myfile hookfile diff --git a/testing/btest/language/rec-comp-init.zeek b/testing/btest/language/rec-comp-init.zeek index c65ef69097..022f9fd50e 100644 --- a/testing/btest/language/rec-comp-init.zeek +++ b/testing/btest/language/rec-comp-init.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output # Make sure composit types in records are initialized. diff --git a/testing/btest/language/rec-nested-opt.zeek b/testing/btest/language/rec-nested-opt.zeek index 3b4a478f6b..be03a4532c 100644 --- a/testing/btest/language/rec-nested-opt.zeek +++ b/testing/btest/language/rec-nested-opt.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output type Version: record { diff --git a/testing/btest/language/rec-of-tbl.zeek b/testing/btest/language/rec-of-tbl.zeek index 8d2c9ab0e0..6285680c47 100644 --- a/testing/btest/language/rec-of-tbl.zeek +++ b/testing/btest/language/rec-of-tbl.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output type x: record { diff --git a/testing/btest/language/rec-table-default.zeek b/testing/btest/language/rec-table-default.zeek index 27e0043dc3..3f14e3ab59 100644 --- a/testing/btest/language/rec-table-default.zeek +++ b/testing/btest/language/rec-table-default.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output type X: record { diff --git a/testing/btest/language/record-bad-ctor.zeek b/testing/btest/language/record-bad-ctor.zeek index 6b7ae4ff19..7c465e7dea 100644 --- a/testing/btest/language/record-bad-ctor.zeek +++ b/testing/btest/language/record-bad-ctor.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out # At least shouldn't crash Bro, just report the invalid record ctor. diff --git a/testing/btest/language/record-bad-ctor2.zeek b/testing/btest/language/record-bad-ctor2.zeek index 7941c38860..02f4f472d6 100644 --- a/testing/btest/language/record-bad-ctor2.zeek +++ b/testing/btest/language/record-bad-ctor2.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out # Record ctor's expression list shouldn't accept "expressions that diff --git a/testing/btest/language/record-ceorce-orphan.zeek b/testing/btest/language/record-ceorce-orphan.zeek index d72f447a12..8279da4afb 100644 --- a/testing/btest/language/record-ceorce-orphan.zeek +++ b/testing/btest/language/record-ceorce-orphan.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out type myrec: record { diff --git a/testing/btest/language/record-coerce-clash.zeek b/testing/btest/language/record-coerce-clash.zeek index 5dab9ded8a..3b4dcb393e 100644 --- a/testing/btest/language/record-coerce-clash.zeek +++ b/testing/btest/language/record-coerce-clash.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out # Record coercion attempt should report mismatched field types. global wrong = "80/tcp"; diff --git a/testing/btest/language/record-default-coercion.zeek b/testing/btest/language/record-default-coercion.zeek index 9d8babf571..83e48044a3 100644 --- a/testing/btest/language/record-default-coercion.zeek +++ b/testing/btest/language/record-default-coercion.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type MyRecord: record { diff --git a/testing/btest/language/record-default-set-mismatch.zeek b/testing/btest/language/record-default-set-mismatch.zeek index fcf10c1281..8de2459ebd 100644 --- a/testing/btest/language/record-default-set-mismatch.zeek +++ b/testing/btest/language/record-default-set-mismatch.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT 2>out +# @TEST-EXEC-FAIL: zeek -b %INPUT 2>out # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out type Foo: record { diff --git a/testing/btest/language/record-extension.zeek b/testing/btest/language/record-extension.zeek index 02b4c3bbe7..6dbf2be290 100644 --- a/testing/btest/language/record-extension.zeek +++ b/testing/btest/language/record-extension.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output type Foo: record { diff --git a/testing/btest/language/record-function-recursion.zeek b/testing/btest/language/record-function-recursion.zeek index d6a1587962..e5168a6e3e 100644 --- a/testing/btest/language/record-function-recursion.zeek +++ b/testing/btest/language/record-function-recursion.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT 2>&1 >out +# @TEST-EXEC: zeek -b %INPUT 2>&1 >out # @TEST-EXEC: btest-diff out type Outer: record { diff --git a/testing/btest/language/record-index-complex-fields.zeek b/testing/btest/language/record-index-complex-fields.zeek index ae45648728..eedf777ff6 100644 --- a/testing/btest/language/record-index-complex-fields.zeek +++ b/testing/btest/language/record-index-complex-fields.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output # This test checks whether records with complex fields (tables, sets, vectors) diff --git a/testing/btest/language/record-recursive-coercion.zeek b/testing/btest/language/record-recursive-coercion.zeek index 4d17c0dee3..614bd3d92c 100644 --- a/testing/btest/language/record-recursive-coercion.zeek +++ b/testing/btest/language/record-recursive-coercion.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output type Version: record { diff --git a/testing/btest/language/record-redef-after-init.zeek b/testing/btest/language/record-redef-after-init.zeek index 693d8bac76..2ec28c1367 100644 --- a/testing/btest/language/record-redef-after-init.zeek +++ b/testing/btest/language/record-redef-after-init.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output type myrec: record { diff --git a/testing/btest/language/record-ref-assign.zeek b/testing/btest/language/record-ref-assign.zeek index a9539ab716..993d7223e3 100644 --- a/testing/btest/language/record-ref-assign.zeek +++ b/testing/btest/language/record-ref-assign.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output type State: record { diff --git a/testing/btest/language/record-type-checking.zeek b/testing/btest/language/record-type-checking.zeek index 5e50a4d8bc..b341414564 100644 --- a/testing/btest/language/record-type-checking.zeek +++ b/testing/btest/language/record-type-checking.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out type MyRec: record { diff --git a/testing/btest/language/redef-same-prefixtable-idx.zeek b/testing/btest/language/redef-same-prefixtable-idx.zeek index e0e16060f4..c96af48f3e 100644 --- a/testing/btest/language/redef-same-prefixtable-idx.zeek +++ b/testing/btest/language/redef-same-prefixtable-idx.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out const my_table: table[subnet] of subnet &redef; diff --git a/testing/btest/language/redef-vector.zeek b/testing/btest/language/redef-vector.zeek index 26dc2109ba..bf35467424 100644 --- a/testing/btest/language/redef-vector.zeek +++ b/testing/btest/language/redef-vector.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out const foo: vector of string &redef; diff --git a/testing/btest/language/returnwhen.zeek b/testing/btest/language/returnwhen.zeek index c3d5f17661..8eddd4a30b 100644 --- a/testing/btest/language/returnwhen.zeek +++ b/testing/btest/language/returnwhen.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 15 -# @TEST-EXEC: btest-diff bro/.stdout +# @TEST-EXEC: btest-diff zeek/.stdout redef exit_only_after_terminate = T; diff --git a/testing/btest/language/set-opt-record-index.zeek b/testing/btest/language/set-opt-record-index.zeek index f22c144595..0015c20621 100644 --- a/testing/btest/language/set-opt-record-index.zeek +++ b/testing/btest/language/set-opt-record-index.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output # Make sure a set can be indexed with a record that has optional fields diff --git a/testing/btest/language/set-type-checking.zeek b/testing/btest/language/set-type-checking.zeek index 3518b8a02d..49674ce870 100644 --- a/testing/btest/language/set-type-checking.zeek +++ b/testing/btest/language/set-type-checking.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out type MySet: set[port]; diff --git a/testing/btest/language/set.zeek b/testing/btest/language/set.zeek index 53cf400795..1c3ab85ef2 100644 --- a/testing/btest/language/set.zeek +++ b/testing/btest/language/set.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/short-circuit.zeek b/testing/btest/language/short-circuit.zeek index 70928f6441..45d1046ab3 100644 --- a/testing/btest/language/short-circuit.zeek +++ b/testing/btest/language/short-circuit.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/sizeof.zeek b/testing/btest/language/sizeof.zeek index 396984780a..fc510afb70 100644 --- a/testing/btest/language/sizeof.zeek +++ b/testing/btest/language/sizeof.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output # Demo policy for the sizeof operator "|x|". diff --git a/testing/btest/language/smith-waterman-test.zeek b/testing/btest/language/smith-waterman-test.zeek index 2113d88e24..1eff86ef83 100644 --- a/testing/btest/language/smith-waterman-test.zeek +++ b/testing/btest/language/smith-waterman-test.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output global params: sw_params = [ $min_strlen = 2, $sw_variant = 0 ]; diff --git a/testing/btest/language/string-indexing.zeek b/testing/btest/language/string-indexing.zeek index e109eeba80..6cce3ab713 100644 --- a/testing/btest/language/string-indexing.zeek +++ b/testing/btest/language/string-indexing.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out local word = "HelpA"; diff --git a/testing/btest/language/string.zeek b/testing/btest/language/string.zeek index 936ac3e493..8f9350a16d 100644 --- a/testing/btest/language/string.zeek +++ b/testing/btest/language/string.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/strings.zeek b/testing/btest/language/strings.zeek index 992fb2c5b3..a5d8cbf69b 100644 --- a/testing/btest/language/strings.zeek +++ b/testing/btest/language/strings.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output # Demo policy for string functions diff --git a/testing/btest/language/subnet-errors.zeek b/testing/btest/language/subnet-errors.zeek index 499a6fb552..875817c433 100644 --- a/testing/btest/language/subnet-errors.zeek +++ b/testing/btest/language/subnet-errors.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out 2>&1 +# @TEST-EXEC: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out event zeek_init() diff --git a/testing/btest/language/subnet.zeek b/testing/btest/language/subnet.zeek index 32cf11701e..db61460df9 100644 --- a/testing/btest/language/subnet.zeek +++ b/testing/btest/language/subnet.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/switch-error-mixed.zeek b/testing/btest/language/switch-error-mixed.zeek index 78c7a2091f..4eb68f38d7 100644 --- a/testing/btest/language/switch-error-mixed.zeek +++ b/testing/btest/language/switch-error-mixed.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out function switch_one(v: count): string diff --git a/testing/btest/language/switch-incomplete.zeek b/testing/btest/language/switch-incomplete.zeek index dedf529ccb..62f55f63d2 100644 --- a/testing/btest/language/switch-incomplete.zeek +++ b/testing/btest/language/switch-incomplete.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out event zeek_init() diff --git a/testing/btest/language/switch-statement.zeek b/testing/btest/language/switch-statement.zeek index 1035cb4b2e..2f4bf56118 100644 --- a/testing/btest/language/switch-statement.zeek +++ b/testing/btest/language/switch-statement.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type MyEnum: enum { diff --git a/testing/btest/language/switch-types-error-duplicate.zeek b/testing/btest/language/switch-types-error-duplicate.zeek index 846d228be3..3b40e2fcfe 100644 --- a/testing/btest/language/switch-types-error-duplicate.zeek +++ b/testing/btest/language/switch-types-error-duplicate.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out function switch_one(v: any): string diff --git a/testing/btest/language/switch-types-error-unsupported.zeek b/testing/btest/language/switch-types-error-unsupported.zeek index d8b8d039df..3045336f22 100644 --- a/testing/btest/language/switch-types-error-unsupported.zeek +++ b/testing/btest/language/switch-types-error-unsupported.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out function switch_one(v: string): string diff --git a/testing/btest/language/switch-types-vars.zeek b/testing/btest/language/switch-types-vars.zeek index 3e33e1c17f..c92a16e5e6 100644 --- a/testing/btest/language/switch-types-vars.zeek +++ b/testing/btest/language/switch-types-vars.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function switch_one(v: any) diff --git a/testing/btest/language/switch-types.zeek b/testing/btest/language/switch-types.zeek index 2ebddea6f0..031a311774 100644 --- a/testing/btest/language/switch-types.zeek +++ b/testing/btest/language/switch-types.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function switch_one(v: any): string diff --git a/testing/btest/language/table-default-record.zeek b/testing/btest/language/table-default-record.zeek index 3894f3ac09..c7f561d19f 100644 --- a/testing/btest/language/table-default-record.zeek +++ b/testing/btest/language/table-default-record.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type Foo: record { diff --git a/testing/btest/language/table-init-attrs.zeek b/testing/btest/language/table-init-attrs.zeek index 9d3403642a..5f1e742479 100644 --- a/testing/btest/language/table-init-attrs.zeek +++ b/testing/btest/language/table-init-attrs.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output # set()/table() constructors are allowed to have attributes. When initializing diff --git a/testing/btest/language/table-init-container-ctors.zeek b/testing/btest/language/table-init-container-ctors.zeek index 1f9e18d848..6302ca83e1 100644 --- a/testing/btest/language/table-init-container-ctors.zeek +++ b/testing/btest/language/table-init-container-ctors.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output # The various container constructor expressions should work in table diff --git a/testing/btest/language/table-init-record-idx.zeek b/testing/btest/language/table-init-record-idx.zeek index db9716dc42..e3c1c4823c 100644 --- a/testing/btest/language/table-init-record-idx.zeek +++ b/testing/btest/language/table-init-record-idx.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output # Record constructors should work in table initializers diff --git a/testing/btest/language/table-init.zeek b/testing/btest/language/table-init.zeek index cc94589974..0a2514e0b9 100644 --- a/testing/btest/language/table-init.zeek +++ b/testing/btest/language/table-init.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output global global_table: table[count] of string = { diff --git a/testing/btest/language/table-redef.zeek b/testing/btest/language/table-redef.zeek index 290610499f..51c4360044 100644 --- a/testing/btest/language/table-redef.zeek +++ b/testing/btest/language/table-redef.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT > out +# @TEST-EXEC: zeek -b %INPUT > out # @TEST-EXEC: btest-diff out const foo: table[string] of double &redef; diff --git a/testing/btest/language/table-type-checking.zeek b/testing/btest/language/table-type-checking.zeek index 639a2d021d..faefaf3a60 100644 --- a/testing/btest/language/table-type-checking.zeek +++ b/testing/btest/language/table-type-checking.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out type MyTable: table[port] of count; diff --git a/testing/btest/language/table.zeek b/testing/btest/language/table.zeek index 98f7daa8e3..cb26b5c17b 100644 --- a/testing/btest/language/table.zeek +++ b/testing/btest/language/table.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/ternary-record-mismatch.zeek b/testing/btest/language/ternary-record-mismatch.zeek index 3c0c4ab95e..1b9796a799 100644 --- a/testing/btest/language/ternary-record-mismatch.zeek +++ b/testing/btest/language/ternary-record-mismatch.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath" btest-diff out type MyRecord: record { diff --git a/testing/btest/language/time.zeek b/testing/btest/language/time.zeek index e8b71219ca..685b011217 100644 --- a/testing/btest/language/time.zeek +++ b/testing/btest/language/time.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/timeout.zeek b/testing/btest/language/timeout.zeek index 47906b35fb..120ec845ab 100644 --- a/testing/btest/language/timeout.zeek +++ b/testing/btest/language/timeout.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: unset BRO_DNS_FAKE && bro -b %INPUT >out +# @TEST-EXEC: unset BRO_DNS_FAKE && zeek -b %INPUT >out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/language/type-cast-any.zeek b/testing/btest/language/type-cast-any.zeek index ad18a28646..f79e8abcce 100644 --- a/testing/btest/language/type-cast-any.zeek +++ b/testing/btest/language/type-cast-any.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output type X: record { diff --git a/testing/btest/language/type-cast-error-dynamic.zeek b/testing/btest/language/type-cast-error-dynamic.zeek index 21f51bc8d8..1edf9e3d2a 100644 --- a/testing/btest/language/type-cast-error-dynamic.zeek +++ b/testing/btest/language/type-cast-error-dynamic.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output type X: record { diff --git a/testing/btest/language/type-cast-error-static.zeek b/testing/btest/language/type-cast-error-static.zeek index 3d1afbe095..05ab92e09e 100644 --- a/testing/btest/language/type-cast-error-static.zeek +++ b/testing/btest/language/type-cast-error-static.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >output 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output type X: record { diff --git a/testing/btest/language/type-cast-same.zeek b/testing/btest/language/type-cast-same.zeek index 58e98bb0c0..226eb05b17 100644 --- a/testing/btest/language/type-cast-same.zeek +++ b/testing/btest/language/type-cast-same.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output type X: record { diff --git a/testing/btest/language/type-check-any.zeek b/testing/btest/language/type-check-any.zeek index 1b681a3420..95047c8de1 100644 --- a/testing/btest/language/type-check-any.zeek +++ b/testing/btest/language/type-check-any.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output type X: record { diff --git a/testing/btest/language/type-check-vector.zeek b/testing/btest/language/type-check-vector.zeek index b92c654fb6..b7ea42241e 100644 --- a/testing/btest/language/type-check-vector.zeek +++ b/testing/btest/language/type-check-vector.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output type myvec: vector of any; diff --git a/testing/btest/language/type-type-error.zeek b/testing/btest/language/type-type-error.zeek index 2f3e3913ef..586b181ec5 100644 --- a/testing/btest/language/type-type-error.zeek +++ b/testing/btest/language/type-type-error.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT +# @TEST-EXEC-FAIL: zeek -b %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr type r: record { diff --git a/testing/btest/language/undefined-delete-field.zeek b/testing/btest/language/undefined-delete-field.zeek index a45e093527..f4ecfdb106 100644 --- a/testing/btest/language/undefined-delete-field.zeek +++ b/testing/btest/language/undefined-delete-field.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 || echo $? >>output +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 || echo $? >>output # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output type MyRecordType: record diff --git a/testing/btest/language/uninitialized-local.zeek b/testing/btest/language/uninitialized-local.zeek index ec4a6e61de..6d8e26be72 100644 --- a/testing/btest/language/uninitialized-local.zeek +++ b/testing/btest/language/uninitialized-local.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out 2>&1 +# @TEST-EXEC: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out event testit() &priority=10 diff --git a/testing/btest/language/uninitialized-local2.zeek b/testing/btest/language/uninitialized-local2.zeek index ed4045a1a3..4b8f0c8275 100644 --- a/testing/btest/language/uninitialized-local2.zeek +++ b/testing/btest/language/uninitialized-local2.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out 2>&1 +# @TEST-EXEC: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out event test() diff --git a/testing/btest/language/vector-any-append.zeek b/testing/btest/language/vector-any-append.zeek index d501af6b15..599859b1d8 100644 --- a/testing/btest/language/vector-any-append.zeek +++ b/testing/btest/language/vector-any-append.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function assign(v: vector of any) diff --git a/testing/btest/language/vector-coerce-expr.zeek b/testing/btest/language/vector-coerce-expr.zeek index 97f9617665..7fa4affe9c 100644 --- a/testing/btest/language/vector-coerce-expr.zeek +++ b/testing/btest/language/vector-coerce-expr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output type X: record { diff --git a/testing/btest/language/vector-in-operator.zeek b/testing/btest/language/vector-in-operator.zeek index 5936145363..ceea232f0e 100644 --- a/testing/btest/language/vector-in-operator.zeek +++ b/testing/btest/language/vector-in-operator.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out local ten = "0123456789"; diff --git a/testing/btest/language/vector-list-init-records.zeek b/testing/btest/language/vector-list-init-records.zeek index b1eee0ac92..d7aad468a2 100644 --- a/testing/btest/language/vector-list-init-records.zeek +++ b/testing/btest/language/vector-list-init-records.zeek @@ -1,7 +1,7 @@ # Initializing a vector with a list of records should promote elements as # necessary to match the vector's yield type. -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output type Foo: record { diff --git a/testing/btest/language/vector-type-checking.zeek b/testing/btest/language/vector-type-checking.zeek index c0003503a4..bdea76c4cd 100644 --- a/testing/btest/language/vector-type-checking.zeek +++ b/testing/btest/language/vector-type-checking.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out type MyVec: vector of count; diff --git a/testing/btest/language/vector-unspecified.zeek b/testing/btest/language/vector-unspecified.zeek index b91f910504..d0898b5d42 100644 --- a/testing/btest/language/vector-unspecified.zeek +++ b/testing/btest/language/vector-unspecified.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output # Test assignment behavior of unspecified vectors diff --git a/testing/btest/language/vector.zeek b/testing/btest/language/vector.zeek index 36ff7c0267..0564e52e4f 100644 --- a/testing/btest/language/vector.zeek +++ b/testing/btest/language/vector.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/when-unitialized-rhs.zeek b/testing/btest/language/when-unitialized-rhs.zeek index 196834c2ae..62464004f2 100644 --- a/testing/btest/language/when-unitialized-rhs.zeek +++ b/testing/btest/language/when-unitialized-rhs.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT >out 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out global crashMe: function(): string; diff --git a/testing/btest/language/when.zeek b/testing/btest/language/when.zeek index 36914ce993..de710aa736 100644 --- a/testing/btest/language/when.zeek +++ b/testing/btest/language/when.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run test1 bro %INPUT +# @TEST-EXEC: btest-bg-run test1 zeek %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: mv test1/.stdout out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/language/while.zeek b/testing/btest/language/while.zeek index d6588589f7..3e12c81514 100644 --- a/testing/btest/language/while.zeek +++ b/testing/btest/language/while.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_noop() diff --git a/testing/btest/language/wrong-delete-field.zeek b/testing/btest/language/wrong-delete-field.zeek index 63573faf8a..c393f66c16 100644 --- a/testing/btest/language/wrong-delete-field.zeek +++ b/testing/btest/language/wrong-delete-field.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >output 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output type X: record { diff --git a/testing/btest/language/wrong-record-extension.zeek b/testing/btest/language/wrong-record-extension.zeek index a8ef6a64e9..72b66c4ee3 100644 --- a/testing/btest/language/wrong-record-extension.zeek +++ b/testing/btest/language/wrong-record-extension.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >output.tmp 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >output.tmp 2>&1 # @TEST-EXEC: sed 's#^.*:##g' output # @TEST-EXEC: btest-diff output diff --git a/testing/btest/language/zeek_init.zeek b/testing/btest/language/zeek_init.zeek index 27f82d626c..c1ca3ba65c 100644 --- a/testing/btest/language/zeek_init.zeek +++ b/testing/btest/language/zeek_init.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/language/zeek_script_loaded.zeek b/testing/btest/language/zeek_script_loaded.zeek index 41f43409e6..9011790e93 100644 --- a/testing/btest/language/zeek_script_loaded.zeek +++ b/testing/btest/language/zeek_script_loaded.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_script_loaded(path: string, level: count) &priority=10 diff --git a/testing/btest/plugins/bifs-and-scripts-install.sh b/testing/btest/plugins/bifs-and-scripts-install.sh index f3a60d20b7..9470231888 100644 --- a/testing/btest/plugins/bifs-and-scripts-install.sh +++ b/testing/btest/plugins/bifs-and-scripts-install.sh @@ -3,8 +3,8 @@ # @TEST-EXEC: ./configure --bro-dist=${DIST} --install-root=`pwd`/test-install # @TEST-EXEC: make # @TEST-EXEC: make install -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd`/test-install bro -NN Demo::Foo >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd`/test-install bro Demo/Foo -r $TRACES/empty.trace >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd`/test-install zeek -NN Demo::Foo >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd`/test-install zeek Demo/Foo -r $TRACES/empty.trace >>output # @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff output mkdir -p scripts/Demo/Foo/base/ diff --git a/testing/btest/plugins/bifs-and-scripts.sh b/testing/btest/plugins/bifs-and-scripts.sh index 6cc1ca61f5..222c961b2d 100644 --- a/testing/btest/plugins/bifs-and-scripts.sh +++ b/testing/btest/plugins/bifs-and-scripts.sh @@ -1,25 +1,25 @@ # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: bash %INPUT # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -r $TRACES/empty.trace >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -r $TRACES/empty.trace >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro Demo/Foo -r $TRACES/empty.trace >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek Demo/Foo -r $TRACES/empty.trace >>output # @TEST-EXEC: echo =-= >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -b -r $TRACES/empty.trace >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/empty.trace >>output # @TEST-EXEC: echo =-= >>output -# @TEST-EXEC-FAIL: BRO_PLUGIN_PATH=`pwd` bro -b Demo/Foo -r $TRACES/empty.trace >>output +# @TEST-EXEC-FAIL: BRO_PLUGIN_PATH=`pwd` zeek -b Demo/Foo -r $TRACES/empty.trace >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -b ./activate.zeek -r $TRACES/empty.trace >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -b ./activate.zeek -r $TRACES/empty.trace >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -b ./activate.zeek Demo/Foo -r $TRACES/empty.trace >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -b ./activate.zeek Demo/Foo -r $TRACES/empty.trace >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -b Demo::Foo Demo/Foo -r $TRACES/empty.trace >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -b Demo::Foo Demo/Foo -r $TRACES/empty.trace >>output # @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff output diff --git a/testing/btest/plugins/file.zeek b/testing/btest/plugins/file.zeek index 29724aa8a4..9193fc7101 100644 --- a/testing/btest/plugins/file.zeek +++ b/testing/btest/plugins/file.zeek @@ -1,9 +1,9 @@ # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: cp -r %DIR/file-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -r $TRACES/ftp/retr.trace %INPUT >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -r $TRACES/ftp/retr.trace %INPUT >>output # @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff output event file_new(f: fa_file) diff --git a/testing/btest/plugins/hooks.zeek b/testing/btest/plugins/hooks.zeek index d2d3d754d9..be00e50f5c 100644 --- a/testing/btest/plugins/hooks.zeek +++ b/testing/btest/plugins/hooks.zeek @@ -1,7 +1,7 @@ # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Hooks # @TEST-EXEC: cp -r %DIR/hooks-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_ACTIVATE="Demo::Hooks" BRO_PLUGIN_PATH=`pwd` bro -b -r $TRACES/http/get.trace %INPUT 2>&1 | $SCRIPTS/diff-remove-abspath | sort | uniq >output +# @TEST-EXEC: BRO_PLUGIN_ACTIVATE="Demo::Hooks" BRO_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/http/get.trace %INPUT 2>&1 | $SCRIPTS/diff-remove-abspath | sort | uniq >output # @TEST-EXEC: btest-diff output @unload base/misc/version diff --git a/testing/btest/plugins/init-plugin.zeek b/testing/btest/plugins/init-plugin.zeek index a4ebf7b00c..c3332f170b 100644 --- a/testing/btest/plugins/init-plugin.zeek +++ b/testing/btest/plugins/init-plugin.zeek @@ -1,6 +1,6 @@ # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -r $TRACES/port4242.trace >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -r $TRACES/port4242.trace >>output # @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff output diff --git a/testing/btest/plugins/logging-hooks.zeek b/testing/btest/plugins/logging-hooks.zeek index fa6a936d11..46a724957e 100644 --- a/testing/btest/plugins/logging-hooks.zeek +++ b/testing/btest/plugins/logging-hooks.zeek @@ -1,7 +1,7 @@ # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Log Hooks # @TEST-EXEC: cp -r %DIR/logging-hooks-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_ACTIVATE="Log::Hooks" BRO_PLUGIN_PATH=`pwd` bro -b %INPUT 2>&1 | $SCRIPTS/diff-remove-abspath | sort | uniq >output +# @TEST-EXEC: BRO_PLUGIN_ACTIVATE="Log::Hooks" BRO_PLUGIN_PATH=`pwd` zeek -b %INPUT 2>&1 | $SCRIPTS/diff-remove-abspath | sort | uniq >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff ssh.log diff --git a/testing/btest/plugins/pktdumper.zeek b/testing/btest/plugins/pktdumper.zeek index d9bd91a5a6..0ed93db5a9 100644 --- a/testing/btest/plugins/pktdumper.zeek +++ b/testing/btest/plugins/pktdumper.zeek @@ -1,8 +1,8 @@ # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: cp -r %DIR/pktdumper-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -r $TRACES/port4242.trace -w foo::XXX %INPUT FilteredTraceDetection::enable=F >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -r $TRACES/port4242.trace -w foo::XXX %INPUT FilteredTraceDetection::enable=F >>output # @TEST-EXEC: btest-diff output diff --git a/testing/btest/plugins/pktsrc.zeek b/testing/btest/plugins/pktsrc.zeek index a13596e245..7aafe490ba 100644 --- a/testing/btest/plugins/pktsrc.zeek +++ b/testing/btest/plugins/pktsrc.zeek @@ -1,8 +1,8 @@ # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: cp -r %DIR/pktsrc-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -r foo::XXX %INPUT FilteredTraceDetection::enable=F >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -r foo::XXX %INPUT FilteredTraceDetection::enable=F >>output # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/plugins/plugin-nopatchversion.zeek b/testing/btest/plugins/plugin-nopatchversion.zeek index 2279efde6a..d2460e4abc 100644 --- a/testing/btest/plugins/plugin-nopatchversion.zeek +++ b/testing/btest/plugins/plugin-nopatchversion.zeek @@ -1,5 +1,5 @@ # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Testing NoPatchVersion # @TEST-EXEC: cp -r %DIR/plugin-nopatchversion-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_PATH=$(pwd) bro -N Testing::NoPatchVersion >> output +# @TEST-EXEC: BRO_PLUGIN_PATH=$(pwd) zeek -N Testing::NoPatchVersion >> output # @TEST-EXEC: btest-diff output diff --git a/testing/btest/plugins/plugin-withpatchversion.zeek b/testing/btest/plugins/plugin-withpatchversion.zeek index 4d86f09719..4ea5511929 100644 --- a/testing/btest/plugins/plugin-withpatchversion.zeek +++ b/testing/btest/plugins/plugin-withpatchversion.zeek @@ -1,5 +1,5 @@ # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Testing WithPatchVersion # @TEST-EXEC: cp -r %DIR/plugin-withpatchversion-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_PATH=$(pwd) bro -N Testing::WithPatchVersion >> output +# @TEST-EXEC: BRO_PLUGIN_PATH=$(pwd) zeek -N Testing::WithPatchVersion >> output # @TEST-EXEC: btest-diff output diff --git a/testing/btest/plugins/protocol.zeek b/testing/btest/plugins/protocol.zeek index 8a6c2a6399..14b2b09ee9 100644 --- a/testing/btest/plugins/protocol.zeek +++ b/testing/btest/plugins/protocol.zeek @@ -1,9 +1,9 @@ # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: cp -r %DIR/protocol-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -r $TRACES/port4242.trace %INPUT >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -r $TRACES/port4242.trace %INPUT >>output # @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff output event foo_message(c: connection, data: string) diff --git a/testing/btest/plugins/reader.zeek b/testing/btest/plugins/reader.zeek index 8f9cf0c97f..2c62db375d 100644 --- a/testing/btest/plugins/reader.zeek +++ b/testing/btest/plugins/reader.zeek @@ -1,9 +1,9 @@ # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: cp -r %DIR/reader-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` btest-bg-run bro bro %INPUT +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` btest-bg-run zeek zeek %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff output # @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff out diff --git a/testing/btest/plugins/reporter-hook.zeek b/testing/btest/plugins/reporter-hook.zeek index 6ac3683b2b..6c6c1fe323 100644 --- a/testing/btest/plugins/reporter-hook.zeek +++ b/testing/btest/plugins/reporter-hook.zeek @@ -1,7 +1,7 @@ # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Reporter Hook # @TEST-EXEC: cp -r %DIR/reporter-hook-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_ACTIVATE="Reporter::Hook" BRO_PLUGIN_PATH=`pwd` bro -b %INPUT 2>&1 | $SCRIPTS/diff-remove-abspath | sort | uniq >output +# @TEST-EXEC: BRO_PLUGIN_ACTIVATE="Reporter::Hook" BRO_PLUGIN_PATH=`pwd` zeek -b %INPUT 2>&1 | $SCRIPTS/diff-remove-abspath | sort | uniq >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps" btest-diff reporter.log diff --git a/testing/btest/plugins/writer.zeek b/testing/btest/plugins/writer.zeek index 732d726fd7..a10f4fb218 100644 --- a/testing/btest/plugins/writer.zeek +++ b/testing/btest/plugins/writer.zeek @@ -1,8 +1,8 @@ # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: cp -r %DIR/writer-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -r $TRACES/socks.trace Log::default_writer=Log::WRITER_FOO %INPUT | sort >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -r $TRACES/socks.trace Log::default_writer=Log::WRITER_FOO %INPUT | sort >>output # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/files/data_event/basic.zeek b/testing/btest/scripts/base/files/data_event/basic.zeek index 2877155ebb..a5026c287c 100644 --- a/testing/btest/scripts/base/files/data_event/basic.zeek +++ b/testing/btest/scripts/base/files/data_event/basic.zeek @@ -1,6 +1,6 @@ # Just a very basic test to check if ANALYZER_DATA_EVENT works. # Also check if "in" works with binary data. -# @TEST-EXEC: bro -r $TRACES/pe/pe.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/pe/pe.trace %INPUT # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: btest-diff .stderr diff --git a/testing/btest/scripts/base/files/entropy/basic.test b/testing/btest/scripts/base/files/entropy/basic.test index 2b867eb8cb..fda15d9724 100644 --- a/testing/btest/scripts/base/files/entropy/basic.test +++ b/testing/btest/scripts/base/files/entropy/basic.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/files/extract/limit.zeek b/testing/btest/scripts/base/files/extract/limit.zeek index 2a88a0886d..e676d0ebe0 100644 --- a/testing/btest/scripts/base/files/extract/limit.zeek +++ b/testing/btest/scripts/base/files/extract/limit.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b -r $TRACES/ftp/retr.trace %INPUT max_extract=3000 efname=1 +# @TEST-EXEC: zeek -b -r $TRACES/ftp/retr.trace %INPUT max_extract=3000 efname=1 # @TEST-EXEC: btest-diff extract_files/1 # @TEST-EXEC: btest-diff 1.out -# @TEST-EXEC: bro -b -r $TRACES/ftp/retr.trace %INPUT max_extract=3000 efname=2 double_it=T +# @TEST-EXEC: zeek -b -r $TRACES/ftp/retr.trace %INPUT max_extract=3000 efname=2 double_it=T # @TEST-EXEC: btest-diff extract_files/2 # @TEST-EXEC: btest-diff 2.out # @TEST-EXEC: btest-diff files.log -# @TEST-EXEC: bro -b -r $TRACES/ftp/retr.trace %INPUT max_extract=7000 efname=3 unlimit_it=T +# @TEST-EXEC: zeek -b -r $TRACES/ftp/retr.trace %INPUT max_extract=7000 efname=3 unlimit_it=T # @TEST-EXEC: btest-diff extract_files/3 # @TEST-EXEC: btest-diff 3.out diff --git a/testing/btest/scripts/base/files/pe/basic.test b/testing/btest/scripts/base/files/pe/basic.test index 4ca9ceecef..99778b7943 100644 --- a/testing/btest/scripts/base/files/pe/basic.test +++ b/testing/btest/scripts/base/files/pe/basic.test @@ -1,5 +1,5 @@ # This tests the PE analyzer against a PCAP of 4 PE files being downloaded via FTP. # The files are a mix of DLL/EXEs, signed/unsigned, and 32/64-bit files. -# @TEST-EXEC: bro -r $TRACES/pe/pe.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/pe/pe.trace %INPUT # @TEST-EXEC: btest-diff pe.log diff --git a/testing/btest/scripts/base/files/unified2/alert.zeek b/testing/btest/scripts/base/files/unified2/alert.zeek index eca1ca036c..ae1b472ea5 100644 --- a/testing/btest/scripts/base/files/unified2/alert.zeek +++ b/testing/btest/scripts/base/files/unified2/alert.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT Unified2::watch_file=$FILES/unified2.u2 +# @TEST-EXEC: zeek -b %INPUT Unified2::watch_file=$FILES/unified2.u2 # @TEST-EXEC: btest-diff unified2.log @TEST-START-FILE sid_msg.map diff --git a/testing/btest/scripts/base/files/x509/1999.test b/testing/btest/scripts/base/files/x509/1999.test index 7c1ab7971f..10c041db4f 100644 --- a/testing/btest/scripts/base/files/x509/1999.test +++ b/testing/btest/scripts/base/files/x509/1999.test @@ -1,5 +1,5 @@ # Test that the timestamp of a pre-y-2000 certificate is correctly parsed -# @TEST-EXEC: bro -r $TRACES/tls/telesec.pcap +# @TEST-EXEC: zeek -r $TRACES/tls/telesec.pcap # @TEST-EXEC: btest-diff x509.log diff --git a/testing/btest/scripts/base/files/x509/signed_certificate_timestamp.test b/testing/btest/scripts/base/files/x509/signed_certificate_timestamp.test index 7ca60faf96..b50d9e2697 100644 --- a/testing/btest/scripts/base/files/x509/signed_certificate_timestamp.test +++ b/testing/btest/scripts/base/files/x509/signed_certificate_timestamp.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/certificate-with-sct.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/certificate-with-sct.pcap %INPUT # @TEST-EXEC: btest-diff .stdout @load protocols/ssl/validate-certs diff --git a/testing/btest/scripts/base/files/x509/signed_certificate_timestamp_ocsp.test b/testing/btest/scripts/base/files/x509/signed_certificate_timestamp_ocsp.test index a136e42b74..9755f4f2f0 100644 --- a/testing/btest/scripts/base/files/x509/signed_certificate_timestamp_ocsp.test +++ b/testing/btest/scripts/base/files/x509/signed_certificate_timestamp_ocsp.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/signed_certificate_timestamp.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/signed_certificate_timestamp.pcap %INPUT # @TEST-EXEC: btest-diff .stdout event zeek_init() diff --git a/testing/btest/scripts/base/frameworks/analyzer/disable-analyzer.zeek b/testing/btest/scripts/base/frameworks/analyzer/disable-analyzer.zeek index 237c19299e..5b98ea0f6d 100644 --- a/testing/btest/scripts/base/frameworks/analyzer/disable-analyzer.zeek +++ b/testing/btest/scripts/base/frameworks/analyzer/disable-analyzer.zeek @@ -1,7 +1,7 @@ # -# @TEST-EXEC: bro -r ${TRACES}/var-services-std-ports.trace %INPUT -# @TEST-EXEC: cat conn.log | bro-cut service | grep -vq dns -# @TEST-EXEC: cat conn.log | bro-cut service | grep -vq ssh +# @TEST-EXEC: zeek -r ${TRACES}/var-services-std-ports.trace %INPUT +# @TEST-EXEC: cat conn.log | zeek-cut service | grep -vq dns +# @TEST-EXEC: cat conn.log | zeek-cut service | grep -vq ssh # redef Analyzer::disabled_analyzers += { Analyzer::ANALYZER_SSH }; diff --git a/testing/btest/scripts/base/frameworks/analyzer/enable-analyzer.zeek b/testing/btest/scripts/base/frameworks/analyzer/enable-analyzer.zeek index 24820f1954..edd2a77361 100644 --- a/testing/btest/scripts/base/frameworks/analyzer/enable-analyzer.zeek +++ b/testing/btest/scripts/base/frameworks/analyzer/enable-analyzer.zeek @@ -1,6 +1,6 @@ # -# @TEST-EXEC: bro -r ${TRACES}/var-services-std-ports.trace %INPUT -# @TEST-EXEC: cat conn.log | bro-cut service | grep -q dns +# @TEST-EXEC: zeek -r ${TRACES}/var-services-std-ports.trace %INPUT +# @TEST-EXEC: cat conn.log | zeek-cut service | grep -q dns # redef Analyzer::disable_all = T; diff --git a/testing/btest/scripts/base/frameworks/analyzer/register-for-port.zeek b/testing/btest/scripts/base/frameworks/analyzer/register-for-port.zeek index 0b0b4a4e21..8d3f92534b 100644 --- a/testing/btest/scripts/base/frameworks/analyzer/register-for-port.zeek +++ b/testing/btest/scripts/base/frameworks/analyzer/register-for-port.zeek @@ -1,9 +1,9 @@ # -# @TEST-EXEC: bro -r ${TRACES}/ssh/ssh-on-port-80.trace %INPUT dpd_buffer_size=0; -# @TEST-EXEC: cat conn.log | bro-cut service | grep -q ssh +# @TEST-EXEC: zeek -r ${TRACES}/ssh/ssh-on-port-80.trace %INPUT dpd_buffer_size=0; +# @TEST-EXEC: cat conn.log | zeek-cut service | grep -q ssh # -# @TEST-EXEC: bro -r ${TRACES}/ssh/ssh-on-port-80.trace dpd_buffer_size=0; -# @TEST-EXEC: cat conn.log | bro-cut service | grep -vq ssh +# @TEST-EXEC: zeek -r ${TRACES}/ssh/ssh-on-port-80.trace dpd_buffer_size=0; +# @TEST-EXEC: cat conn.log | zeek-cut service | grep -vq ssh event zeek_init() { diff --git a/testing/btest/scripts/base/frameworks/analyzer/schedule-analyzer.zeek b/testing/btest/scripts/base/frameworks/analyzer/schedule-analyzer.zeek index 114ea73673..07a84629fc 100644 --- a/testing/btest/scripts/base/frameworks/analyzer/schedule-analyzer.zeek +++ b/testing/btest/scripts/base/frameworks/analyzer/schedule-analyzer.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b -r ${TRACES}/rotation.trace %INPUT | sort >output +# @TEST-EXEC: zeek -b -r ${TRACES}/rotation.trace %INPUT | sort >output # @TEST-EXEC: btest-diff output global x = 0; diff --git a/testing/btest/scripts/base/frameworks/cluster/custom_pool_exclusivity.zeek b/testing/btest/scripts/base/frameworks/cluster/custom_pool_exclusivity.zeek index f2c56a4dcc..f4d45597ad 100644 --- a/testing/btest/scripts/base/frameworks/cluster/custom_pool_exclusivity.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/custom_pool_exclusivity.zeek @@ -4,9 +4,9 @@ # @TEST-PORT: BROKER_PORT4 # @TEST-PORT: BROKER_PORT5 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/cluster/custom_pool_limits.zeek b/testing/btest/scripts/base/frameworks/cluster/custom_pool_limits.zeek index d2ca2a50f1..cd314b65a6 100644 --- a/testing/btest/scripts/base/frameworks/cluster/custom_pool_limits.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/custom_pool_limits.zeek @@ -4,9 +4,9 @@ # @TEST-PORT: BROKER_PORT4 # @TEST-PORT: BROKER_PORT5 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/cluster/forwarding.zeek b/testing/btest/scripts/base/frameworks/cluster/forwarding.zeek index b47d7ab55d..32f12d40a6 100644 --- a/testing/btest/scripts/base/frameworks/cluster/forwarding.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/forwarding.zeek @@ -4,11 +4,11 @@ # @TEST-PORT: BROKER_PORT4 # @TEST-PORT: BROKER_PORT5 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff manager-1/.stdout # @TEST-EXEC: btest-diff proxy-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/cluster/log_distribution.zeek b/testing/btest/scripts/base/frameworks/cluster/log_distribution.zeek index 97d961e34d..59c0193ab6 100644 --- a/testing/btest/scripts/base/frameworks/cluster/log_distribution.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/log_distribution.zeek @@ -3,10 +3,10 @@ # @TEST-PORT: BROKER_PORT3 # @TEST-PORT: BROKER_PORT4 # -# @TEST-EXEC: btest-bg-run logger-1 BROPATH=$BROPATH:.. CLUSTER_NODE=logger-1 bro %INPUT -# @TEST-EXEC: btest-bg-run logger-2 BROPATH=$BROPATH:.. CLUSTER_NODE=logger-2 bro %INPUT -# @TEST-EXEC: btest-bg-run manager BROPATH=$BROPATH:.. CLUSTER_NODE=manager bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT +# @TEST-EXEC: btest-bg-run logger-1 BROPATH=$BROPATH:.. CLUSTER_NODE=logger-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run logger-2 BROPATH=$BROPATH:.. CLUSTER_NODE=logger-2 zeek %INPUT +# @TEST-EXEC: btest-bg-run manager BROPATH=$BROPATH:.. CLUSTER_NODE=manager zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: btest-diff logger-1/test.log # @TEST-EXEC: btest-diff logger-2/test.log diff --git a/testing/btest/scripts/base/frameworks/cluster/start-it-up-logger.zeek b/testing/btest/scripts/base/frameworks/cluster/start-it-up-logger.zeek index 5f11122413..22a8ee8a38 100644 --- a/testing/btest/scripts/base/frameworks/cluster/start-it-up-logger.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/start-it-up-logger.zeek @@ -5,12 +5,12 @@ # @TEST-PORT: BROKER_PORT5 # @TEST-PORT: BROKER_PORT6 # -# @TEST-EXEC: btest-bg-run logger-1 CLUSTER_NODE=logger-1 BROPATH=$BROPATH:.. bro %INPUT -# @TEST-EXEC: btest-bg-run manager-1 CLUSTER_NODE=manager-1 BROPATH=$BROPATH:.. bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 CLUSTER_NODE=proxy-1 BROPATH=$BROPATH:.. bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-2 CLUSTER_NODE=proxy-2 BROPATH=$BROPATH:.. bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 CLUSTER_NODE=worker-1 BROPATH=$BROPATH:.. bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 CLUSTER_NODE=worker-2 BROPATH=$BROPATH:.. bro %INPUT +# @TEST-EXEC: btest-bg-run logger-1 CLUSTER_NODE=logger-1 BROPATH=$BROPATH:.. zeek %INPUT +# @TEST-EXEC: btest-bg-run manager-1 CLUSTER_NODE=manager-1 BROPATH=$BROPATH:.. zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 CLUSTER_NODE=proxy-1 BROPATH=$BROPATH:.. zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-2 CLUSTER_NODE=proxy-2 BROPATH=$BROPATH:.. zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 CLUSTER_NODE=worker-1 BROPATH=$BROPATH:.. zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 CLUSTER_NODE=worker-2 BROPATH=$BROPATH:.. zeek %INPUT # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff logger-1/.stdout # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/cluster/start-it-up.zeek b/testing/btest/scripts/base/frameworks/cluster/start-it-up.zeek index 2f69eba0ad..7e10ea14c1 100644 --- a/testing/btest/scripts/base/frameworks/cluster/start-it-up.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/start-it-up.zeek @@ -4,11 +4,11 @@ # @TEST-PORT: BROKER_PORT4 # @TEST-PORT: BROKER_PORT5 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff manager-1/.stdout # @TEST-EXEC: btest-diff proxy-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/cluster/topic_distribution.zeek b/testing/btest/scripts/base/frameworks/cluster/topic_distribution.zeek index 94a78e5304..36447f17e5 100644 --- a/testing/btest/scripts/base/frameworks/cluster/topic_distribution.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/topic_distribution.zeek @@ -4,9 +4,9 @@ # @TEST-PORT: BROKER_PORT4 # @TEST-PORT: BROKER_PORT5 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/cluster/topic_distribution_bifs.zeek b/testing/btest/scripts/base/frameworks/cluster/topic_distribution_bifs.zeek index a0b98aeb39..4c3fdc438b 100644 --- a/testing/btest/scripts/base/frameworks/cluster/topic_distribution_bifs.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/topic_distribution_bifs.zeek @@ -4,9 +4,9 @@ # @TEST-PORT: BROKER_PORT4 # @TEST-PORT: BROKER_PORT5 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: btest-diff manager-1/.stdout # @TEST-EXEC: btest-diff proxy-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/config/basic.zeek b/testing/btest/scripts/base/frameworks/config/basic.zeek index f5a02983fd..0195388792 100644 --- a/testing/btest/scripts/base/frameworks/config/basic.zeek +++ b/testing/btest/scripts/base/frameworks/config/basic.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 -# @TEST-EXEC: btest-diff bro/config.log -# @TEST-EXEC: btest-diff bro/.stderr +# @TEST-EXEC: btest-diff zeek/config.log +# @TEST-EXEC: btest-diff zeek/.stderr @load base/frameworks/config @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/config/basic_cluster.zeek b/testing/btest/scripts/base/frameworks/config/basic_cluster.zeek index f61deeea15..4a3c4f180e 100644 --- a/testing/btest/scripts/base/frameworks/config/basic_cluster.zeek +++ b/testing/btest/scripts/base/frameworks/config/basic_cluster.zeek @@ -2,10 +2,10 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT # @TEST-EXEC: sleep 1 -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 15 # @TEST-EXEC: btest-diff manager-1/.stdout # @TEST-EXEC: btest-diff worker-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/config/cluster_resend.zeek b/testing/btest/scripts/base/frameworks/config/cluster_resend.zeek index 4aa3ad185f..482cd1721b 100644 --- a/testing/btest/scripts/base/frameworks/config/cluster_resend.zeek +++ b/testing/btest/scripts/base/frameworks/config/cluster_resend.zeek @@ -2,11 +2,11 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT # @TEST-EXEC: sleep 1 -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT # @TEST-EXEC: sleep 15 -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 15 # @TEST-EXEC: btest-diff manager-1/.stdout # @TEST-EXEC: btest-diff worker-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/config/read_config.zeek b/testing/btest/scripts/base/frameworks/config/read_config.zeek index 7d88d20ef1..8ea2e4690e 100644 --- a/testing/btest/scripts/base/frameworks/config/read_config.zeek +++ b/testing/btest/scripts/base/frameworks/config/read_config.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 -# @TEST-EXEC: btest-diff bro/config.log +# @TEST-EXEC: btest-diff zeek/config.log @load base/frameworks/config @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/config/read_config_cluster.zeek b/testing/btest/scripts/base/frameworks/config/read_config_cluster.zeek index 7151e67d42..18b53ce07a 100644 --- a/testing/btest/scripts/base/frameworks/config/read_config_cluster.zeek +++ b/testing/btest/scripts/base/frameworks/config/read_config_cluster.zeek @@ -2,10 +2,10 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT # @TEST-EXEC: sleep 1 -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 15 # @TEST-EXEC: btest-diff manager-1/.stdout # @TEST-EXEC: btest-diff worker-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/config/several-files.zeek b/testing/btest/scripts/base/frameworks/config/several-files.zeek index c5ad563b4e..cc6d8ce8aa 100644 --- a/testing/btest/scripts/base/frameworks/config/several-files.zeek +++ b/testing/btest/scripts/base/frameworks/config/several-files.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 -# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-canonifier | grep -v ^# | $SCRIPTS/diff-sort" btest-diff bro/config.log +# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-canonifier | grep -v ^# | $SCRIPTS/diff-sort" btest-diff zeek/config.log @load base/frameworks/config @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/config/updates.zeek b/testing/btest/scripts/base/frameworks/config/updates.zeek index 5a2e051817..09bcc9d198 100644 --- a/testing/btest/scripts/base/frameworks/config/updates.zeek +++ b/testing/btest/scripts/base/frameworks/config/updates.zeek @@ -1,12 +1,12 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 10 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got1 10 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv configfile2 configfile -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 10 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got2 10 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv configfile3 configfile -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got3 10 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got3 10 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv configfile4 configfile # @TEST-EXEC: btest-bg-wait 10 -# @TEST-EXEC: btest-diff bro/config.log +# @TEST-EXEC: btest-diff zeek/config.log @load base/frameworks/config @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/config/weird.zeek b/testing/btest/scripts/base/frameworks/config/weird.zeek index 749525876d..300bb97101 100644 --- a/testing/btest/scripts/base/frameworks/config/weird.zeek +++ b/testing/btest/scripts/base/frameworks/config/weird.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/bro.org.pcap %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/http/bro.org.pcap %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff config.log diff --git a/testing/btest/scripts/base/frameworks/control/configuration_update.zeek b/testing/btest/scripts/base/frameworks/control/configuration_update.zeek index 4921099d7c..0d3e8b960d 100644 --- a/testing/btest/scripts/base/frameworks/control/configuration_update.zeek +++ b/testing/btest/scripts/base/frameworks/control/configuration_update.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro -Bbroker %INPUT frameworks/control/controllee Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. bro -Bbroker %INPUT test-redef frameworks/control/controller Control::host=127.0.0.1 Control::host_port=$BROKER_PORT Control::cmd=configuration_update +# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. zeek -Bbroker %INPUT frameworks/control/controllee Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. zeek -Bbroker %INPUT test-redef frameworks/control/controller Control::host=127.0.0.1 Control::host_port=$BROKER_PORT Control::cmd=configuration_update # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff controllee/.stdout diff --git a/testing/btest/scripts/base/frameworks/control/id_value.zeek b/testing/btest/scripts/base/frameworks/control/id_value.zeek index a557f6487e..1f0072c346 100644 --- a/testing/btest/scripts/base/frameworks/control/id_value.zeek +++ b/testing/btest/scripts/base/frameworks/control/id_value.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro %INPUT only-for-controllee frameworks/control/controllee Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=$BROKER_PORT Control::cmd=id_value Control::arg=test_var +# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. zeek %INPUT only-for-controllee frameworks/control/controllee Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. zeek %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=$BROKER_PORT Control::cmd=id_value Control::arg=test_var # @TEST-EXEC: btest-bg-wait -k 10 # @TEST-EXEC: btest-diff controller/.stdout diff --git a/testing/btest/scripts/base/frameworks/control/shutdown.zeek b/testing/btest/scripts/base/frameworks/control/shutdown.zeek index a8089bf08a..c785539e8e 100644 --- a/testing/btest/scripts/base/frameworks/control/shutdown.zeek +++ b/testing/btest/scripts/base/frameworks/control/shutdown.zeek @@ -1,6 +1,6 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controllee Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=$BROKER_PORT Control::cmd=shutdown +# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. zeek %INPUT frameworks/control/controllee Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. zeek %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=$BROKER_PORT Control::cmd=shutdown # @TEST-EXEC: btest-bg-wait 10 diff --git a/testing/btest/scripts/base/frameworks/file-analysis/actions/data_event.zeek b/testing/btest/scripts/base/frameworks/file-analysis/actions/data_event.zeek index 919d3b62c6..d5ecb55445 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/actions/data_event.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/actions/data_event.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out redef test_print_file_data_events = T; diff --git a/testing/btest/scripts/base/frameworks/file-analysis/bifs/file_exists_lookup_file.zeek b/testing/btest/scripts/base/frameworks/file-analysis/bifs/file_exists_lookup_file.zeek index 8b61eb45d3..c3a6fe208b 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/bifs/file_exists_lookup_file.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/bifs/file_exists_lookup_file.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace %INPUT 2>&1 +# @TEST-EXEC: zeek -r $TRACES/http/get.trace %INPUT 2>&1 # @TEST-EXEC: btest-diff .stdout event zeek_init() diff --git a/testing/btest/scripts/base/frameworks/file-analysis/bifs/register_mime_type.zeek b/testing/btest/scripts/base/frameworks/file-analysis/bifs/register_mime_type.zeek index df4573e418..2392c8558d 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/bifs/register_mime_type.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/bifs/register_mime_type.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-diff files.log event zeek_init() diff --git a/testing/btest/scripts/base/frameworks/file-analysis/bifs/remove_action.zeek b/testing/btest/scripts/base/frameworks/file-analysis/bifs/remove_action.zeek index 2c6f0a3d07..3d2d9b5949 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/bifs/remove_action.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/bifs/remove_action.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT >get.out +# @TEST-EXEC: zeek -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT >get.out # @TEST-EXEC: btest-diff get.out redef test_file_analysis_source = "HTTP"; diff --git a/testing/btest/scripts/base/frameworks/file-analysis/bifs/set_timeout_interval.zeek b/testing/btest/scripts/base/frameworks/file-analysis/bifs/set_timeout_interval.zeek index c44b1ec66b..c78bb521a8 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/bifs/set_timeout_interval.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/bifs/set_timeout_interval.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: btest-bg-run bro bro -r $TRACES/http/206_example_b.pcap $SCRIPTS/file-analysis-test.zeek %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -r $TRACES/http/206_example_b.pcap $SCRIPTS/file-analysis-test.zeek %INPUT # @TEST-EXEC: btest-bg-wait 8 -# @TEST-EXEC: btest-diff bro/.stdout +# @TEST-EXEC: btest-diff zeek/.stdout global cnt: count = 0; global timeout_cnt: count = 0; diff --git a/testing/btest/scripts/base/frameworks/file-analysis/bifs/stop.zeek b/testing/btest/scripts/base/frameworks/file-analysis/bifs/stop.zeek index cfd2e0c67b..e70ea5a553 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/bifs/stop.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/bifs/stop.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT >get.out +# @TEST-EXEC: zeek -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT >get.out # @TEST-EXEC: btest-diff get.out # @TEST-EXEC: test ! -s Cx92a0ym5R8-file diff --git a/testing/btest/scripts/base/frameworks/file-analysis/big-bof-buffer.zeek b/testing/btest/scripts/base/frameworks/file-analysis/big-bof-buffer.zeek index 0f7e23ddcf..fdf320cd43 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/big-bof-buffer.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/big-bof-buffer.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-diff files.log @load frameworks/files/hash-all-files diff --git a/testing/btest/scripts/base/frameworks/file-analysis/byteranges.zeek b/testing/btest/scripts/base/frameworks/file-analysis/byteranges.zeek index 7cf0ef239c..583a97481e 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/byteranges.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/byteranges.zeek @@ -1,6 +1,6 @@ # This used to crash the file reassemly code. # -# @TEST-EXEC: bro -r $TRACES/http/byteranges.trace frameworks/files/extract-all-files FileExtract::default_limit=4000 +# @TEST-EXEC: zeek -r $TRACES/http/byteranges.trace frameworks/files/extract-all-files FileExtract::default_limit=4000 # # @TEST-EXEC: btest-diff files.log diff --git a/testing/btest/scripts/base/frameworks/file-analysis/ftp.zeek b/testing/btest/scripts/base/frameworks/file-analysis/ftp.zeek index a25fde74e5..43a6506f6c 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/ftp.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/ftp.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/ftp/retr.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/ftp/retr.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff thefile diff --git a/testing/btest/scripts/base/frameworks/file-analysis/http/get.zeek b/testing/btest/scripts/base/frameworks/file-analysis/http/get.zeek index d90e08e08b..e62a952410 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/http/get.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/http/get.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT c=1 >get.out -# @TEST-EXEC: bro -r $TRACES/http/get-gzip.trace $SCRIPTS/file-analysis-test.zeek %INPUT c=2 >get-gzip.out +# @TEST-EXEC: zeek -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT c=1 >get.out +# @TEST-EXEC: zeek -r $TRACES/http/get-gzip.trace $SCRIPTS/file-analysis-test.zeek %INPUT c=2 >get-gzip.out # @TEST-EXEC: btest-diff get.out # @TEST-EXEC: btest-diff get-gzip.out # @TEST-EXEC: btest-diff 1-file diff --git a/testing/btest/scripts/base/frameworks/file-analysis/http/multipart.zeek b/testing/btest/scripts/base/frameworks/file-analysis/http/multipart.zeek index 400b787b52..7cc1efda09 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/http/multipart.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/http/multipart.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/multipart.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/http/multipart.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff 1-file # @TEST-EXEC: btest-diff 2-file diff --git a/testing/btest/scripts/base/frameworks/file-analysis/http/partial-content.zeek b/testing/btest/scripts/base/frameworks/file-analysis/http/partial-content.zeek index bb5ef7f800..c675adbb40 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/http/partial-content.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/http/partial-content.zeek @@ -1,14 +1,14 @@ -# @TEST-EXEC: bro -r $TRACES/http/206_example_a.pcap $SCRIPTS/file-analysis-test.zeek %INPUT >a.out +# @TEST-EXEC: zeek -r $TRACES/http/206_example_a.pcap $SCRIPTS/file-analysis-test.zeek %INPUT >a.out # @TEST-EXEC: btest-diff a.out # @TEST-EXEC: wc -c file-0 | sed 's/^[ \t]* //g' >a.size # @TEST-EXEC: btest-diff a.size -# @TEST-EXEC: bro -r $TRACES/http/206_example_b.pcap $SCRIPTS/file-analysis-test.zeek %INPUT >b.out +# @TEST-EXEC: zeek -r $TRACES/http/206_example_b.pcap $SCRIPTS/file-analysis-test.zeek %INPUT >b.out # @TEST-EXEC: btest-diff b.out # @TEST-EXEC: wc -c file-0 | sed 's/^[ \t]* //g' >b.size # @TEST-EXEC: btest-diff b.size -# @TEST-EXEC: bro -r $TRACES/http/206_example_c.pcap $SCRIPTS/file-analysis-test.zeek %INPUT >c.out +# @TEST-EXEC: zeek -r $TRACES/http/206_example_c.pcap $SCRIPTS/file-analysis-test.zeek %INPUT >c.out # @TEST-EXEC: btest-diff c.out # @TEST-EXEC: wc -c file-0 | sed 's/^[ \t]* //g' >c.size # @TEST-EXEC: btest-diff c.size diff --git a/testing/btest/scripts/base/frameworks/file-analysis/http/pipeline.zeek b/testing/btest/scripts/base/frameworks/file-analysis/http/pipeline.zeek index cdd69b84a9..acc635ae29 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/http/pipeline.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/http/pipeline.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/pipelined-requests.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/http/pipelined-requests.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff 1-file # @TEST-EXEC: btest-diff 2-file diff --git a/testing/btest/scripts/base/frameworks/file-analysis/http/post.zeek b/testing/btest/scripts/base/frameworks/file-analysis/http/post.zeek index 75efb27781..122c188b6c 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/http/post.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/http/post.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/post.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/http/post.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff 1-file # @TEST-EXEC: btest-diff 2-file diff --git a/testing/btest/scripts/base/frameworks/file-analysis/input/basic.zeek b/testing/btest/scripts/base/frameworks/file-analysis/input/basic.zeek index 9bafa0ca1e..3051459945 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/input/basic.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/input/basic.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: btest-bg-run bro bro -b $SCRIPTS/file-analysis-test.zeek %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b $SCRIPTS/file-analysis-test.zeek %INPUT # @TEST-EXEC: btest-bg-wait 8 -# @TEST-EXEC: btest-diff bro/.stdout -# @TEST-EXEC: diff -q bro/FK8WqY1Q9U1rVxnDge-file input.log +# @TEST-EXEC: btest-diff zeek/.stdout +# @TEST-EXEC: diff -q zeek/FK8WqY1Q9U1rVxnDge-file input.log redef exit_only_after_terminate = T; diff --git a/testing/btest/scripts/base/frameworks/file-analysis/irc.zeek b/testing/btest/scripts/base/frameworks/file-analysis/irc.zeek index a1fd1e36d5..4b3e641f34 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/irc.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/irc.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/irc-dcc-send.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff thefile diff --git a/testing/btest/scripts/base/frameworks/file-analysis/logging.zeek b/testing/btest/scripts/base/frameworks/file-analysis/logging.zeek index 597f8a26bb..96c302a31a 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/logging.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/logging.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT # @TEST-EXEC: btest-diff files.log redef test_file_analysis_source = "HTTP"; diff --git a/testing/btest/scripts/base/frameworks/file-analysis/smtp.zeek b/testing/btest/scripts/base/frameworks/file-analysis/smtp.zeek index 9edec8abc1..0fddcc7f98 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/smtp.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/smtp.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smtp.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/smtp.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff thefile0 # @TEST-EXEC: btest-diff thefile1 diff --git a/testing/btest/scripts/base/frameworks/input/basic.zeek b/testing/btest/scripts/base/frameworks/input/basic.zeek index 02c3b4ff79..e96784fc0d 100644 --- a/testing/btest/scripts/base/frameworks/input/basic.zeek +++ b/testing/btest/scripts/base/frameworks/input/basic.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/bignumber.zeek b/testing/btest/scripts/base/frameworks/input/bignumber.zeek index b5b9d3fcae..dd3a483050 100644 --- a/testing/btest/scripts/base/frameworks/input/bignumber.zeek +++ b/testing/btest/scripts/base/frameworks/input/bignumber.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/binary.zeek b/testing/btest/scripts/base/frameworks/input/binary.zeek index 072db53e11..fa98625997 100644 --- a/testing/btest/scripts/base/frameworks/input/binary.zeek +++ b/testing/btest/scripts/base/frameworks/input/binary.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/config/basic.zeek b/testing/btest/scripts/base/frameworks/input/config/basic.zeek index a0a7df017f..b6f7c2a78a 100644 --- a/testing/btest/scripts/base/frameworks/input/config/basic.zeek +++ b/testing/btest/scripts/base/frameworks/input/config/basic.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/config/errors.zeek b/testing/btest/scripts/base/frameworks/input/config/errors.zeek index 262b4ff36d..0271dbe711 100644 --- a/testing/btest/scripts/base/frameworks/input/config/errors.zeek +++ b/testing/btest/scripts/base/frameworks/input/config/errors.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: tail -n +2 .stderr > errout # @TEST-EXEC: btest-diff errout diff --git a/testing/btest/scripts/base/frameworks/input/config/spaces.zeek b/testing/btest/scripts/base/frameworks/input/config/spaces.zeek index 00bc64888e..321deb3fa4 100644 --- a/testing/btest/scripts/base/frameworks/input/config/spaces.zeek +++ b/testing/btest/scripts/base/frameworks/input/config/spaces.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/default.zeek b/testing/btest/scripts/base/frameworks/input/default.zeek index 3c9880696d..a3e65e74e0 100644 --- a/testing/btest/scripts/base/frameworks/input/default.zeek +++ b/testing/btest/scripts/base/frameworks/input/default.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/empty-values-hashing.zeek b/testing/btest/scripts/base/frameworks/input/empty-values-hashing.zeek index b43044b963..810aa96c6a 100644 --- a/testing/btest/scripts/base/frameworks/input/empty-values-hashing.zeek +++ b/testing/btest/scripts/base/frameworks/input/empty-values-hashing.zeek @@ -1,6 +1,6 @@ # @TEST-EXEC: mv input1.log input.log -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got1 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv input2.log input.log # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/emptyvals.zeek b/testing/btest/scripts/base/frameworks/input/emptyvals.zeek index 6e45f56e8d..b495832d6d 100644 --- a/testing/btest/scripts/base/frameworks/input/emptyvals.zeek +++ b/testing/btest/scripts/base/frameworks/input/emptyvals.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/errors.zeek b/testing/btest/scripts/base/frameworks/input/errors.zeek index 296c43f450..4c9c6f8ec2 100644 --- a/testing/btest/scripts/base/frameworks/input/errors.zeek +++ b/testing/btest/scripts/base/frameworks/input/errors.zeek @@ -1,6 +1,6 @@ # Test different kinds of errors of the input framework # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff .stderr # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/event.zeek b/testing/btest/scripts/base/frameworks/input/event.zeek index 1ac4e38af5..f23d9cf52d 100644 --- a/testing/btest/scripts/base/frameworks/input/event.zeek +++ b/testing/btest/scripts/base/frameworks/input/event.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/invalid-lines.zeek b/testing/btest/scripts/base/frameworks/input/invalid-lines.zeek index 2a2e2b1e63..86ace59204 100644 --- a/testing/btest/scripts/base/frameworks/input/invalid-lines.zeek +++ b/testing/btest/scripts/base/frameworks/input/invalid-lines.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/invalidnumbers.zeek b/testing/btest/scripts/base/frameworks/input/invalidnumbers.zeek index 4acaa63ee6..16a3cda1de 100644 --- a/testing/btest/scripts/base/frameworks/input/invalidnumbers.zeek +++ b/testing/btest/scripts/base/frameworks/input/invalidnumbers.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out # @TEST-EXEC: sed 1d .stderr > .stderrwithoutfirstline diff --git a/testing/btest/scripts/base/frameworks/input/invalidset.zeek b/testing/btest/scripts/base/frameworks/input/invalidset.zeek index d1ca5e3262..67aff58254 100644 --- a/testing/btest/scripts/base/frameworks/input/invalidset.zeek +++ b/testing/btest/scripts/base/frameworks/input/invalidset.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out # @TEST-EXEC: sed 1d .stderr > .stderrwithoutfirstline diff --git a/testing/btest/scripts/base/frameworks/input/invalidtext.zeek b/testing/btest/scripts/base/frameworks/input/invalidtext.zeek index 3a30da30c8..2c2809861a 100644 --- a/testing/btest/scripts/base/frameworks/input/invalidtext.zeek +++ b/testing/btest/scripts/base/frameworks/input/invalidtext.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out # @TEST-EXEC: sed 1d .stderr > .stderrwithoutfirstline diff --git a/testing/btest/scripts/base/frameworks/input/missing-enum.zeek b/testing/btest/scripts/base/frameworks/input/missing-enum.zeek index abdc608447..9c5850cfac 100644 --- a/testing/btest/scripts/base/frameworks/input/missing-enum.zeek +++ b/testing/btest/scripts/base/frameworks/input/missing-enum.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 -# @TEST-EXEC: btest-diff bro/.stderr -# @TEST-EXEC: btest-diff bro/.stdout +# @TEST-EXEC: btest-diff zeek/.stderr +# @TEST-EXEC: btest-diff zeek/.stdout @TEST-START-FILE input.log #fields e i diff --git a/testing/btest/scripts/base/frameworks/input/missing-file-initially.zeek b/testing/btest/scripts/base/frameworks/input/missing-file-initially.zeek index 0fed78d120..5d87c6d786 100644 --- a/testing/btest/scripts/base/frameworks/input/missing-file-initially.zeek +++ b/testing/btest/scripts/base/frameworks/input/missing-file-initially.zeek @@ -3,15 +3,15 @@ # It does a second test at the same time which configures the old # failing behavior. -# @TEST-EXEC: btest-bg-run bro bro %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/init 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/init 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv does-exist.dat does-not-exist.dat -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/next 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/next 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv does-not-exist.dat does-not-exist-again.dat # @TEST-EXEC: echo "3 streaming still works" >> does-not-exist-again.dat # @TEST-EXEC: btest-bg-wait 5 -# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff bro/.stdout -# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff bro/.stderr +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff zeek/.stdout +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff zeek/.stderr @TEST-START-FILE does-exist.dat #separator \x09 diff --git a/testing/btest/scripts/base/frameworks/input/missing-file.zeek b/testing/btest/scripts/base/frameworks/input/missing-file.zeek index 90fbeb175e..f1d4a203e2 100644 --- a/testing/btest/scripts/base/frameworks/input/missing-file.zeek +++ b/testing/btest/scripts/base/frameworks/input/missing-file.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait -k 5 -# @TEST-EXEC: btest-diff bro/.stderr +# @TEST-EXEC: btest-diff zeek/.stderr redef exit_only_after_terminate = T; redef InputAscii::fail_on_file_problem = T; diff --git a/testing/btest/scripts/base/frameworks/input/onecolumn-norecord.zeek b/testing/btest/scripts/base/frameworks/input/onecolumn-norecord.zeek index 723227a1c3..925ec13f82 100644 --- a/testing/btest/scripts/base/frameworks/input/onecolumn-norecord.zeek +++ b/testing/btest/scripts/base/frameworks/input/onecolumn-norecord.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/onecolumn-record.zeek b/testing/btest/scripts/base/frameworks/input/onecolumn-record.zeek index 33da194d84..a55ddd318a 100644 --- a/testing/btest/scripts/base/frameworks/input/onecolumn-record.zeek +++ b/testing/btest/scripts/base/frameworks/input/onecolumn-record.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/optional.zeek b/testing/btest/scripts/base/frameworks/input/optional.zeek index 9b9d569ffe..acea18810e 100644 --- a/testing/btest/scripts/base/frameworks/input/optional.zeek +++ b/testing/btest/scripts/base/frameworks/input/optional.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-prefix.zeek b/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-prefix.zeek index 784be4ca06..8e0b6b39b3 100644 --- a/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-prefix.zeek +++ b/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-prefix.zeek @@ -2,14 +2,14 @@ # variables to verify that an absolute path prefix gets added correctly # to relative/path-less input sources. # -# @TEST-EXEC: cat %INPUT | sed "s|@path_prefix@|$PWD/subdir|" >input.bro +# @TEST-EXEC: cat %INPUT | sed "s|@path_prefix@|$PWD/subdir|" >input.zeek # @TEST-EXEC: mkdir -p subdir # # Note, in the following we'd ideally use %DIR to express the # additional path, but there's currently a problem in btest with using # %DIR after TEST-START-NEXT. # -# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix bro -b input.bro >output +# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix zeek -b input.zeek >output # @TEST-EXEC: btest-diff output @TEST-START-FILE subdir/input.data diff --git a/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-source.zeek b/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-source.zeek index 747c3d46dd..e8b5a4af78 100644 --- a/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-source.zeek +++ b/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-source.zeek @@ -2,8 +2,8 @@ # variables to verify that setting these prefixes has no effect when # an input file uses an absolute-path source. # -# @TEST-EXEC: cat %INPUT | sed "s|@path_prefix@|$PWD|" >input.bro -# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix bro -b input.bro >output +# @TEST-EXEC: cat %INPUT | sed "s|@path_prefix@|$PWD|" >input.zeek +# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix zeek -b input.zeek >output # @TEST-EXEC: btest-diff output @TEST-START-FILE input.data diff --git a/testing/btest/scripts/base/frameworks/input/path-prefix/no-paths.zeek b/testing/btest/scripts/base/frameworks/input/path-prefix/no-paths.zeek index 02a6e7e104..4557d631d3 100644 --- a/testing/btest/scripts/base/frameworks/input/path-prefix/no-paths.zeek +++ b/testing/btest/scripts/base/frameworks/input/path-prefix/no-paths.zeek @@ -1,7 +1,7 @@ # These tests verify that when setting neither InputAscii::path_prefix # nor InputBinary::path_prefix, Zeek correctly locates local input files. # -# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix bro -b %INPUT >output +# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix zeek -b %INPUT >output # @TEST-EXEC: btest-diff output @TEST-START-FILE input.data diff --git a/testing/btest/scripts/base/frameworks/input/path-prefix/relative-prefix.zeek b/testing/btest/scripts/base/frameworks/input/path-prefix/relative-prefix.zeek index 2f24131b6f..0c4d7af64b 100644 --- a/testing/btest/scripts/base/frameworks/input/path-prefix/relative-prefix.zeek +++ b/testing/btest/scripts/base/frameworks/input/path-prefix/relative-prefix.zeek @@ -3,7 +3,7 @@ # from the current working directory. # # @TEST-EXEC: mkdir -p alternative -# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix bro -b %INPUT >output +# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix zeek -b %INPUT >output # @TEST-EXEC: btest-diff output @TEST-START-FILE alternative/input.data diff --git a/testing/btest/scripts/base/frameworks/input/port-embedded.zeek b/testing/btest/scripts/base/frameworks/input/port-embedded.zeek index 32feb47c34..ef4b0a0651 100644 --- a/testing/btest/scripts/base/frameworks/input/port-embedded.zeek +++ b/testing/btest/scripts/base/frameworks/input/port-embedded.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 -# @TEST-EXEC: btest-diff bro/.stdout -# @TEST-EXEC: btest-diff bro/.stderr +# @TEST-EXEC: btest-diff zeek/.stdout +# @TEST-EXEC: btest-diff zeek/.stderr @TEST-START-FILE input.log #fields i p diff --git a/testing/btest/scripts/base/frameworks/input/port.zeek b/testing/btest/scripts/base/frameworks/input/port.zeek index d0bb823b74..b7a4b78913 100644 --- a/testing/btest/scripts/base/frameworks/input/port.zeek +++ b/testing/btest/scripts/base/frameworks/input/port.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/predicate-stream.zeek b/testing/btest/scripts/base/frameworks/input/predicate-stream.zeek index f8e7f8fdf3..25c818dae7 100644 --- a/testing/btest/scripts/base/frameworks/input/predicate-stream.zeek +++ b/testing/btest/scripts/base/frameworks/input/predicate-stream.zeek @@ -1,8 +1,8 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out # -# only difference from predicate.bro is, that this one uses a stream source. +# only difference from predicate.zeek is, that this one uses a stream source. # the reason is, that the code-paths are quite different, because then the # ascii reader uses the put and not the sendevent interface diff --git a/testing/btest/scripts/base/frameworks/input/predicate.zeek b/testing/btest/scripts/base/frameworks/input/predicate.zeek index 171e1d42de..61f1a5cf16 100644 --- a/testing/btest/scripts/base/frameworks/input/predicate.zeek +++ b/testing/btest/scripts/base/frameworks/input/predicate.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/predicatemodify.zeek b/testing/btest/scripts/base/frameworks/input/predicatemodify.zeek index 80e8c6aac8..5de9f7bcc8 100644 --- a/testing/btest/scripts/base/frameworks/input/predicatemodify.zeek +++ b/testing/btest/scripts/base/frameworks/input/predicatemodify.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.zeek b/testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.zeek index 53708b4fdd..9f3d66df80 100644 --- a/testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.zeek +++ b/testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.zeek @@ -1,12 +1,12 @@ # @TEST-EXEC: mv input1.log input.log -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got1 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv input2.log input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got2 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv input3.log input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got3 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got3 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv input4.log input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got4 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got4 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv input5.log input.log # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/predicaterefusesecondsamerecord.zeek b/testing/btest/scripts/base/frameworks/input/predicaterefusesecondsamerecord.zeek index 6d4147ad06..79d38fab0d 100644 --- a/testing/btest/scripts/base/frameworks/input/predicaterefusesecondsamerecord.zeek +++ b/testing/btest/scripts/base/frameworks/input/predicaterefusesecondsamerecord.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/raw/basic.zeek b/testing/btest/scripts/base/frameworks/input/raw/basic.zeek index cb9e0269ea..af246fdfcb 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/basic.zeek +++ b/testing/btest/scripts/base/frameworks/input/raw/basic.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/raw/execute.zeek b/testing/btest/scripts/base/frameworks/input/raw/execute.zeek index 018b62d75b..672d8131d1 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/execute.zeek +++ b/testing/btest/scripts/base/frameworks/input/raw/execute.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: cat out.tmp | sed 's/^ *//g' >out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/raw/executestdin.zeek b/testing/btest/scripts/base/frameworks/input/raw/executestdin.zeek index 1c24c3ab8a..0beb8bca20 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/executestdin.zeek +++ b/testing/btest/scripts/base/frameworks/input/raw/executestdin.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 15 # @TEST-EXEC: btest-diff test.txt # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/raw/executestream.zeek b/testing/btest/scripts/base/frameworks/input/raw/executestream.zeek index ded6588269..73aec5cab7 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/executestream.zeek +++ b/testing/btest/scripts/base/frameworks/input/raw/executestream.zeek @@ -1,8 +1,8 @@ # @TEST-EXEC: cp input1.log input.log -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got1 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cat input2.log >> input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got3 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got3 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cat input3.log >> input.log # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/raw/long.zeek b/testing/btest/scripts/base/frameworks/input/raw/long.zeek index 40f84c8597..bab9e388e5 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/long.zeek +++ b/testing/btest/scripts/base/frameworks/input/raw/long.zeek @@ -1,5 +1,5 @@ # @TEST-EXEC: dd if=/dev/zero of=input.log bs=8193 count=1 -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out # diff --git a/testing/btest/scripts/base/frameworks/input/raw/offset.zeek b/testing/btest/scripts/base/frameworks/input/raw/offset.zeek index 0fdb6d65e9..87aa36fc8b 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/offset.zeek +++ b/testing/btest/scripts/base/frameworks/input/raw/offset.zeek @@ -1,6 +1,6 @@ # @TEST-EXEC: cp input.log input2.log -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got2 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: echo "hi" >> input2.log # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/raw/rereadraw.zeek b/testing/btest/scripts/base/frameworks/input/raw/rereadraw.zeek index ae977b4b2d..f187187f68 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/rereadraw.zeek +++ b/testing/btest/scripts/base/frameworks/input/raw/rereadraw.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/raw/stderr.zeek b/testing/btest/scripts/base/frameworks/input/raw/stderr.zeek index b62b135e43..a108ddbc4a 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/stderr.zeek +++ b/testing/btest/scripts/base/frameworks/input/raw/stderr.zeek @@ -1,5 +1,5 @@ # @TEST-EXEC: mkdir mydir && touch mydir/a && touch mydir/b && touch mydir/c -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/raw/streamraw.zeek b/testing/btest/scripts/base/frameworks/input/raw/streamraw.zeek index 923428717f..741b3f92d6 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/streamraw.zeek +++ b/testing/btest/scripts/base/frameworks/input/raw/streamraw.zeek @@ -1,8 +1,8 @@ # @TEST-EXEC: cp input1.log input.log -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got1 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cat input2.log >> input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got3 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got3 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cat input3.log >> input.log # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/repeat.zeek b/testing/btest/scripts/base/frameworks/input/repeat.zeek index 86245ef9f0..db9a6018d0 100644 --- a/testing/btest/scripts/base/frameworks/input/repeat.zeek +++ b/testing/btest/scripts/base/frameworks/input/repeat.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/reread.zeek b/testing/btest/scripts/base/frameworks/input/reread.zeek index e34ae0a5ae..ca98c9f214 100644 --- a/testing/btest/scripts/base/frameworks/input/reread.zeek +++ b/testing/btest/scripts/base/frameworks/input/reread.zeek @@ -1,12 +1,12 @@ # @TEST-EXEC: mv input1.log input.log -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got1 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv input2.log input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got2 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv input3.log input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got3 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got3 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv input4.log input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got4 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got4 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv input5.log input.log # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/set.zeek b/testing/btest/scripts/base/frameworks/input/set.zeek index 52c0b8feef..0d1021adae 100644 --- a/testing/btest/scripts/base/frameworks/input/set.zeek +++ b/testing/btest/scripts/base/frameworks/input/set.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/setseparator.zeek b/testing/btest/scripts/base/frameworks/input/setseparator.zeek index 3e052c4b44..fc876e8a6d 100644 --- a/testing/btest/scripts/base/frameworks/input/setseparator.zeek +++ b/testing/btest/scripts/base/frameworks/input/setseparator.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/setspecialcases.zeek b/testing/btest/scripts/base/frameworks/input/setspecialcases.zeek index 801a3229c5..b68e4b53d0 100644 --- a/testing/btest/scripts/base/frameworks/input/setspecialcases.zeek +++ b/testing/btest/scripts/base/frameworks/input/setspecialcases.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/sqlite/basic.zeek b/testing/btest/scripts/base/frameworks/input/sqlite/basic.zeek index fdb946e02c..d7c66f67ee 100644 --- a/testing/btest/scripts/base/frameworks/input/sqlite/basic.zeek +++ b/testing/btest/scripts/base/frameworks/input/sqlite/basic.zeek @@ -4,7 +4,7 @@ # @TEST-REQUIRES: which sqlite3 # # @TEST-EXEC: cat conn.sql | sqlite3 conn.sqlite -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/sqlite/error.zeek b/testing/btest/scripts/base/frameworks/input/sqlite/error.zeek index 7a46160dc0..b6c2b46bbb 100644 --- a/testing/btest/scripts/base/frameworks/input/sqlite/error.zeek +++ b/testing/btest/scripts/base/frameworks/input/sqlite/error.zeek @@ -4,7 +4,7 @@ # # @TEST-GROUP: sqlite # -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: sed '1d' .stderr | sort > cmpfile # @TEST-EXEC: btest-diff cmpfile diff --git a/testing/btest/scripts/base/frameworks/input/sqlite/port.zeek b/testing/btest/scripts/base/frameworks/input/sqlite/port.zeek index ddf4a844bb..ec0e9bd428 100644 --- a/testing/btest/scripts/base/frameworks/input/sqlite/port.zeek +++ b/testing/btest/scripts/base/frameworks/input/sqlite/port.zeek @@ -4,7 +4,7 @@ # @TEST-REQUIRES: which sqlite3 # # @TEST-EXEC: cat port.sql | sqlite3 port.sqlite -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/sqlite/types.zeek b/testing/btest/scripts/base/frameworks/input/sqlite/types.zeek index 894db886b5..6da0bef528 100644 --- a/testing/btest/scripts/base/frameworks/input/sqlite/types.zeek +++ b/testing/btest/scripts/base/frameworks/input/sqlite/types.zeek @@ -4,7 +4,7 @@ # # @TEST-GROUP: sqlite # -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/stream.zeek b/testing/btest/scripts/base/frameworks/input/stream.zeek index 20f1b682fa..b9064ef46b 100644 --- a/testing/btest/scripts/base/frameworks/input/stream.zeek +++ b/testing/btest/scripts/base/frameworks/input/stream.zeek @@ -1,8 +1,8 @@ # @TEST-EXEC: cp input1.log input.log -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got1 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cat input2.log >> input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got2 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cat input3.log >> input.log # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/subrecord-event.zeek b/testing/btest/scripts/base/frameworks/input/subrecord-event.zeek index fdcef27d68..9f303fbb5a 100644 --- a/testing/btest/scripts/base/frameworks/input/subrecord-event.zeek +++ b/testing/btest/scripts/base/frameworks/input/subrecord-event.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/subrecord.zeek b/testing/btest/scripts/base/frameworks/input/subrecord.zeek index 797768a7a7..c01ce24158 100644 --- a/testing/btest/scripts/base/frameworks/input/subrecord.zeek +++ b/testing/btest/scripts/base/frameworks/input/subrecord.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/tableevent.zeek b/testing/btest/scripts/base/frameworks/input/tableevent.zeek index 370265508d..680a412c27 100644 --- a/testing/btest/scripts/base/frameworks/input/tableevent.zeek +++ b/testing/btest/scripts/base/frameworks/input/tableevent.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/twotables.zeek b/testing/btest/scripts/base/frameworks/input/twotables.zeek index 12d5394a54..6ff57f9666 100644 --- a/testing/btest/scripts/base/frameworks/input/twotables.zeek +++ b/testing/btest/scripts/base/frameworks/input/twotables.zeek @@ -1,6 +1,6 @@ # @TEST-EXEC: mv input1.log input.log -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got2 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv input3.log input.log # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff event.out diff --git a/testing/btest/scripts/base/frameworks/input/unsupported_types.zeek b/testing/btest/scripts/base/frameworks/input/unsupported_types.zeek index 3090cf10c9..e4e93f7164 100644 --- a/testing/btest/scripts/base/frameworks/input/unsupported_types.zeek +++ b/testing/btest/scripts/base/frameworks/input/unsupported_types.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/windows.zeek b/testing/btest/scripts/base/frameworks/input/windows.zeek index 8addf0c6ad..2615acb197 100644 --- a/testing/btest/scripts/base/frameworks/input/windows.zeek +++ b/testing/btest/scripts/base/frameworks/input/windows.zeek @@ -1,6 +1,6 @@ # Test windows linebreaks -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/intel/cluster-transparency-with-proxy.zeek b/testing/btest/scripts/base/frameworks/intel/cluster-transparency-with-proxy.zeek index 98fc45c29d..79dbc7e035 100644 --- a/testing/btest/scripts/base/frameworks/intel/cluster-transparency-with-proxy.zeek +++ b/testing/btest/scripts/base/frameworks/intel/cluster-transparency-with-proxy.zeek @@ -3,10 +3,10 @@ # @TEST-PORT: BROKER_PORT3 # @TEST-PORT: BROKER_PORT4 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 10 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff manager-1/.stdout # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff worker-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/intel/cluster-transparency.zeek b/testing/btest/scripts/base/frameworks/intel/cluster-transparency.zeek index ecec5a0831..0b0872c704 100644 --- a/testing/btest/scripts/base/frameworks/intel/cluster-transparency.zeek +++ b/testing/btest/scripts/base/frameworks/intel/cluster-transparency.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 10 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff manager-1/.stdout # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff worker-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/intel/expire-item.zeek b/testing/btest/scripts/base/frameworks/intel/expire-item.zeek index a3a45cd1c0..a417f8a42c 100644 --- a/testing/btest/scripts/base/frameworks/intel/expire-item.zeek +++ b/testing/btest/scripts/base/frameworks/intel/expire-item.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run broproc bro %INPUT +# @TEST-EXEC: btest-bg-run broproc zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 21 # @TEST-EXEC: cat broproc/intel.log > output # @TEST-EXEC: cat broproc/.stdout >> output diff --git a/testing/btest/scripts/base/frameworks/intel/filter-item.zeek b/testing/btest/scripts/base/frameworks/intel/filter-item.zeek index 81353ce7fc..4149c33277 100644 --- a/testing/btest/scripts/base/frameworks/intel/filter-item.zeek +++ b/testing/btest/scripts/base/frameworks/intel/filter-item.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: btest-bg-run broproc bro %INPUT +# @TEST-EXEC: btest-bg-run broproc zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff broproc/intel.log diff --git a/testing/btest/scripts/base/frameworks/intel/input-and-match.zeek b/testing/btest/scripts/base/frameworks/intel/input-and-match.zeek index bea8abfd88..a7a9bcc7af 100644 --- a/testing/btest/scripts/base/frameworks/intel/input-and-match.zeek +++ b/testing/btest/scripts/base/frameworks/intel/input-and-match.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: btest-bg-run broproc bro %INPUT +# @TEST-EXEC: btest-bg-run broproc zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff broproc/intel.log diff --git a/testing/btest/scripts/base/frameworks/intel/match-subnet.zeek b/testing/btest/scripts/base/frameworks/intel/match-subnet.zeek index 9c46dd7c93..41a018efa4 100644 --- a/testing/btest/scripts/base/frameworks/intel/match-subnet.zeek +++ b/testing/btest/scripts/base/frameworks/intel/match-subnet.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run broproc bro %INPUT +# @TEST-EXEC: btest-bg-run broproc zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: cat broproc/intel.log > output # @TEST-EXEC: cat broproc/.stdout >> output diff --git a/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-absolute-prefixes.zeek b/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-absolute-prefixes.zeek index e637ebb3c5..0438fd4f4e 100644 --- a/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-absolute-prefixes.zeek +++ b/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-absolute-prefixes.zeek @@ -5,8 +5,8 @@ # /foo/bar/intel). # # @TEST-EXEC: mkdir -p intel -# @TEST-EXEC: cat %INPUT | sed "s|@path_prefix@|$PWD/intel|" >input.bro -# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/intel/path-prefix bro -b input.bro >output +# @TEST-EXEC: cat %INPUT | sed "s|@path_prefix@|$PWD/intel|" >input.zeek +# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/intel/path-prefix zeek -b input.zeek >output # @TEST-EXEC: btest-diff output @TEST-START-FILE intel/test.data diff --git a/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-relative-prefixes.zeek b/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-relative-prefixes.zeek index 1e7050aee9..d80d784044 100644 --- a/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-relative-prefixes.zeek +++ b/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-relative-prefixes.zeek @@ -3,7 +3,7 @@ # prepended first, then the input framework one. # # @TEST-EXEC: mkdir -p input/intel -# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/intel/path-prefix bro -b %INPUT >output +# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/intel/path-prefix zeek -b %INPUT >output # @TEST-EXEC: btest-diff output @TEST-START-FILE input/intel/test.data diff --git a/testing/btest/scripts/base/frameworks/intel/path-prefix/input-prefix.zeek b/testing/btest/scripts/base/frameworks/intel/path-prefix/input-prefix.zeek index 2e602752f1..b3bc9f052f 100644 --- a/testing/btest/scripts/base/frameworks/intel/path-prefix/input-prefix.zeek +++ b/testing/btest/scripts/base/frameworks/intel/path-prefix/input-prefix.zeek @@ -4,7 +4,7 @@ # Input::REREAD ingestion mode.) # # @TEST-EXEC: mkdir -p alternative -# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/intel/path-prefix bro -b %INPUT >output +# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/intel/path-prefix zeek -b %INPUT >output # @TEST-EXEC: btest-diff output @TEST-START-FILE alternative/test.data diff --git a/testing/btest/scripts/base/frameworks/intel/path-prefix/no-paths.zeek b/testing/btest/scripts/base/frameworks/intel/path-prefix/no-paths.zeek index 7d02a0ac6a..298fcaee2c 100644 --- a/testing/btest/scripts/base/frameworks/intel/path-prefix/no-paths.zeek +++ b/testing/btest/scripts/base/frameworks/intel/path-prefix/no-paths.zeek @@ -1,7 +1,7 @@ # This test verifies that when setting neither InputAscii::path_prefix # nor Intel::path_prefix, Zeek correctly locates local intel files. # -# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/intel/path-prefix bro -b %INPUT >output +# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/intel/path-prefix zeek -b %INPUT >output # @TEST-EXEC: btest-diff output @TEST-START-FILE test.data diff --git a/testing/btest/scripts/base/frameworks/intel/read-file-dist-cluster.zeek b/testing/btest/scripts/base/frameworks/intel/read-file-dist-cluster.zeek index 0914ece60d..d8078db0cc 100644 --- a/testing/btest/scripts/base/frameworks/intel/read-file-dist-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/intel/read-file-dist-cluster.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 10 # @TEST-EXEC: btest-diff manager-1/.stdout # @TEST-EXEC: btest-diff manager-1/intel.log diff --git a/testing/btest/scripts/base/frameworks/intel/remove-item-cluster.zeek b/testing/btest/scripts/base/frameworks/intel/remove-item-cluster.zeek index 16ec0df4a4..4e2ed8fcf5 100644 --- a/testing/btest/scripts/base/frameworks/intel/remove-item-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/intel/remove-item-cluster.zeek @@ -1,8 +1,8 @@ # @TEST-PORT: BROKER_PORT1 # @TEST-PORT: BROKER_PORT2 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 13 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff manager-1/.stdout # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff worker-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/intel/remove-non-existing.zeek b/testing/btest/scripts/base/frameworks/intel/remove-non-existing.zeek index 7bc071c17a..960c55f3c2 100644 --- a/testing/btest/scripts/base/frameworks/intel/remove-non-existing.zeek +++ b/testing/btest/scripts/base/frameworks/intel/remove-non-existing.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run broproc bro %INPUT +# @TEST-EXEC: btest-bg-run broproc zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: cat broproc/reporter.log > output # @TEST-EXEC: cat broproc/.stdout >> output diff --git a/testing/btest/scripts/base/frameworks/intel/updated-match.zeek b/testing/btest/scripts/base/frameworks/intel/updated-match.zeek index 5cace1741e..75a272773d 100644 --- a/testing/btest/scripts/base/frameworks/intel/updated-match.zeek +++ b/testing/btest/scripts/base/frameworks/intel/updated-match.zeek @@ -1,12 +1,12 @@ # @TEST-EXEC: cp intel1.dat intel.dat -# @TEST-EXEC: btest-bg-run broproc bro %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file broproc/got1 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeekproc zeek %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeekproc/got1 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cp intel2.dat intel.dat -# @TEST-EXEC: $SCRIPTS/wait-for-file broproc/got2 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeekproc/got2 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cp intel3.dat intel.dat # @TEST-EXEC: btest-bg-wait 10 -# @TEST-EXEC: cat broproc/intel.log > output -# @TEST-EXEC: cat broproc/notice.log >> output +# @TEST-EXEC: cat zeekproc/intel.log > output +# @TEST-EXEC: cat zeekproc/notice.log >> output # @TEST-EXEC: btest-diff output # @TEST-START-FILE intel1.dat diff --git a/testing/btest/scripts/base/frameworks/logging/adapt-filter.zeek b/testing/btest/scripts/base/frameworks/logging/adapt-filter.zeek index d342186ca3..a5aed0c018 100644 --- a/testing/btest/scripts/base/frameworks/logging/adapt-filter.zeek +++ b/testing/btest/scripts/base/frameworks/logging/adapt-filter.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh-new-default.log # @TEST-EXEC: test '!' -e ssh.log diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-binary.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-binary.zeek index 1df620e19b..74d3ea9267 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-binary.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-binary.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-double.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-double.zeek index 65bffda485..676f69600f 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-double.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-double.zeek @@ -1,8 +1,8 @@ # @TEST-DOC: Test that the ASCII writer logs values of type "double" correctly. # -# @TEST-EXEC: bro -b %INPUT test-json.zeek +# @TEST-EXEC: zeek -b %INPUT test-json.zeek # @TEST-EXEC: mv test.log json.log -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff test.log # @TEST-EXEC: btest-diff json.log # diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-empty.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-empty.zeek index bb38f988ae..515bd9aab3 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-empty.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-empty.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: cat ssh.log | grep -v PREFIX.*20..- >ssh-filtered.log # @TEST-EXEC: btest-diff ssh-filtered.log diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape-binary.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-escape-binary.zeek index d7e7739547..5535f83276 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-escape-binary.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape-binary.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff test.log # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape-empty-str.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-escape-empty-str.zeek index 0145c52243..2c66593250 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-escape-empty-str.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape-empty-str.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff test.log redef LogAscii::empty_field = "EMPTY"; diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape-notset-str.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-escape-notset-str.zeek index c42a92fdac..3c1cb2cd10 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-escape-notset-str.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape-notset-str.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff test.log module Test; diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape-odd-url.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-escape-odd-url.zeek index 9df48edbb6..f64f00f857 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-escape-odd-url.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape-odd-url.zeek @@ -1,4 +1,4 @@ # -# @TEST-EXEC: bro -C -r $TRACES/www-odd-url.trace +# @TEST-EXEC: zeek -C -r $TRACES/www-odd-url.trace # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape-set-separator.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-escape-set-separator.zeek index 03139bf2b8..5170718d9e 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-escape-set-separator.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape-set-separator.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff test.log module Test; diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-escape.zeek index 9fa6555391..85c309ca98 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-escape.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: cat ssh.log | egrep -v '#open|#close' >ssh.log.tmp && mv ssh.log.tmp ssh.log # @TEST-EXEC: btest-diff ssh.log diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-gz-rotate.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-gz-rotate.zeek index 3e73b56500..874715dce7 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-gz-rotate.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-gz-rotate.zeek @@ -1,6 +1,6 @@ # Test that log rotation works with compressed logs. # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: gunzip test.*.log.gz # diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-gz.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-gz.zeek index 74573fe3d4..c240df96e5 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-gz.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-gz.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: gunzip ssh.log.gz # @TEST-EXEC: btest-diff ssh.log # @TEST-EXEC: btest-diff ssh-uncompressed.log diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-json-iso-timestamps.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-json-iso-timestamps.zeek index bfe998a78e..6055989e70 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-json-iso-timestamps.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-json-iso-timestamps.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log # # Testing all possible types. diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-json-optional.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-json-optional.zeek index 364de2fe4c..ec86557c4a 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-json-optional.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-json-optional.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff testing.log @load tuning/json-logs diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-json.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-json.zeek index 8985715d1d..ab88225d97 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-json.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-json.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log # # Testing all possible types. diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-line-like-comment.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-line-like-comment.zeek index 33de6e720a..caaf123633 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-line-like-comment.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-line-like-comment.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff test.log module Test; diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-options.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-options.zeek index b72f077c81..11a69a0086 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-options.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-options.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log redef LogAscii::output_to_stdout = F; diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-timestamps.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-timestamps.zeek index 2e786f4927..ab7269c16c 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-timestamps.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-timestamps.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff test.log module Test; diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-tsv.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-tsv.zeek index c29b291003..67d407bb91 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-tsv.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-tsv.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: cat ssh.log | grep -v PREFIX.*20..- >ssh-filtered.log # @TEST-EXEC: btest-diff ssh-filtered.log diff --git a/testing/btest/scripts/base/frameworks/logging/attr-extend.zeek b/testing/btest/scripts/base/frameworks/logging/attr-extend.zeek index 7aece07642..203f5a5343 100644 --- a/testing/btest/scripts/base/frameworks/logging/attr-extend.zeek +++ b/testing/btest/scripts/base/frameworks/logging/attr-extend.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/attr.zeek b/testing/btest/scripts/base/frameworks/logging/attr.zeek index 84287cc280..f0e65aa818 100644 --- a/testing/btest/scripts/base/frameworks/logging/attr.zeek +++ b/testing/btest/scripts/base/frameworks/logging/attr.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/disable-stream.zeek b/testing/btest/scripts/base/frameworks/logging/disable-stream.zeek index e3b2aa2b93..da6f9f0dd5 100644 --- a/testing/btest/scripts/base/frameworks/logging/disable-stream.zeek +++ b/testing/btest/scripts/base/frameworks/logging/disable-stream.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: test '!' -e ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/empty-event.zeek b/testing/btest/scripts/base/frameworks/logging/empty-event.zeek index e7928de5c7..404b35cec8 100644 --- a/testing/btest/scripts/base/frameworks/logging/empty-event.zeek +++ b/testing/btest/scripts/base/frameworks/logging/empty-event.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/enable-stream.zeek b/testing/btest/scripts/base/frameworks/logging/enable-stream.zeek index 95d02068d8..6da68c66fa 100644 --- a/testing/btest/scripts/base/frameworks/logging/enable-stream.zeek +++ b/testing/btest/scripts/base/frameworks/logging/enable-stream.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/env-ext.test b/testing/btest/scripts/base/frameworks/logging/env-ext.test index e9f690caa4..1d77cab0d0 100644 --- a/testing/btest/scripts/base/frameworks/logging/env-ext.test +++ b/testing/btest/scripts/base/frameworks/logging/env-ext.test @@ -1,2 +1,2 @@ -# @TEST-EXEC: BRO_LOG_SUFFIX=txt bro -r $TRACES/wikipedia.trace +# @TEST-EXEC: BRO_LOG_SUFFIX=txt zeek -r $TRACES/wikipedia.trace # @TEST-EXEC: test -f conn.txt diff --git a/testing/btest/scripts/base/frameworks/logging/events.zeek b/testing/btest/scripts/base/frameworks/logging/events.zeek index d1cf0fba7e..321a702002 100644 --- a/testing/btest/scripts/base/frameworks/logging/events.zeek +++ b/testing/btest/scripts/base/frameworks/logging/events.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/exclude.zeek b/testing/btest/scripts/base/frameworks/logging/exclude.zeek index b776cf91a4..0f1e1b72d1 100644 --- a/testing/btest/scripts/base/frameworks/logging/exclude.zeek +++ b/testing/btest/scripts/base/frameworks/logging/exclude.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension-cluster-error.zeek b/testing/btest/scripts/base/frameworks/logging/field-extension-cluster-error.zeek index 1beaa72024..6e66d56bb5 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-extension-cluster-error.zeek +++ b/testing/btest/scripts/base/frameworks/logging/field-extension-cluster-error.zeek @@ -1,8 +1,8 @@ # @TEST-PORT: BROKER_PORT1 # @TEST-PORT: BROKER_PORT2 # -# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 bro %INPUT" -# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/wikipedia.trace %INPUT" +# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 zeek %INPUT" +# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 zeek --pseudo-realtime -C -r $TRACES/wikipedia.trace %INPUT" # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: grep qux manager-1/reporter.log | sed 's#line ..#line XX#g' > manager-reporter.log # @TEST-EXEC: grep qux manager-1/reporter-2.log | sed 's#line ..*#line XX#g' >> manager-reporter.log diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension-cluster.zeek b/testing/btest/scripts/base/frameworks/logging/field-extension-cluster.zeek index 39fe6c566a..14103cf816 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-extension-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/logging/field-extension-cluster.zeek @@ -1,8 +1,8 @@ # @TEST-PORT: BROKER_PORT1 # @TEST-PORT: BROKER_PORT2 # -# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 bro %INPUT" -# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/wikipedia.trace %INPUT" +# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 zeek %INPUT" +# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 zeek --pseudo-realtime -C -r $TRACES/wikipedia.trace %INPUT" # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff manager-1/http.log diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension-complex.zeek b/testing/btest/scripts/base/frameworks/logging/field-extension-complex.zeek index 7c1b448fee..5ac8e9220b 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-extension-complex.zeek +++ b/testing/btest/scripts/base/frameworks/logging/field-extension-complex.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff conn.log @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension-invalid.zeek b/testing/btest/scripts/base/frameworks/logging/field-extension-invalid.zeek index b06cec2f54..87a2caecbc 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-extension-invalid.zeek +++ b/testing/btest/scripts/base/frameworks/logging/field-extension-invalid.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff .stderr diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension-optional.zeek b/testing/btest/scripts/base/frameworks/logging/field-extension-optional.zeek index 9b37a893bf..50d6f90515 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-extension-optional.zeek +++ b/testing/btest/scripts/base/frameworks/logging/field-extension-optional.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff conn.log @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension-table.zeek b/testing/btest/scripts/base/frameworks/logging/field-extension-table.zeek index 8a9f3ed5f2..ccf40899c8 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-extension-table.zeek +++ b/testing/btest/scripts/base/frameworks/logging/field-extension-table.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC-FAIL: zeek -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension.zeek b/testing/btest/scripts/base/frameworks/logging/field-extension.zeek index 609df1b467..a53c202387 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-extension.zeek +++ b/testing/btest/scripts/base/frameworks/logging/field-extension.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff conn.log @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/logging/field-name-map.zeek b/testing/btest/scripts/base/frameworks/logging/field-name-map.zeek index e480180a0d..54af73374e 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-name-map.zeek +++ b/testing/btest/scripts/base/frameworks/logging/field-name-map.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff conn.log @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/logging/field-name-map2.zeek b/testing/btest/scripts/base/frameworks/logging/field-name-map2.zeek index e51bcd6580..60ebb5a1a4 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-name-map2.zeek +++ b/testing/btest/scripts/base/frameworks/logging/field-name-map2.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/auth_change_session_keys.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/auth_change_session_keys.pcap %INPUT # @TEST-EXEC: btest-diff conn.log # The other tests of Log::default_field_name_map used to not catch an invalid diff --git a/testing/btest/scripts/base/frameworks/logging/file.zeek b/testing/btest/scripts/base/frameworks/logging/file.zeek index 011c9bbe82..6aa07f1699 100644 --- a/testing/btest/scripts/base/frameworks/logging/file.zeek +++ b/testing/btest/scripts/base/frameworks/logging/file.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/include.zeek b/testing/btest/scripts/base/frameworks/logging/include.zeek index 7179c54338..31f905d172 100644 --- a/testing/btest/scripts/base/frameworks/logging/include.zeek +++ b/testing/btest/scripts/base/frameworks/logging/include.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/no-local.zeek b/testing/btest/scripts/base/frameworks/logging/no-local.zeek index 9418afea14..38e395afac 100644 --- a/testing/btest/scripts/base/frameworks/logging/no-local.zeek +++ b/testing/btest/scripts/base/frameworks/logging/no-local.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: test '!' -e ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/none-debug.zeek b/testing/btest/scripts/base/frameworks/logging/none-debug.zeek index 9a9f73d8f9..43b1daa187 100644 --- a/testing/btest/scripts/base/frameworks/logging/none-debug.zeek +++ b/testing/btest/scripts/base/frameworks/logging/none-debug.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output redef Log::default_writer = Log::WRITER_NONE; diff --git a/testing/btest/scripts/base/frameworks/logging/path-func-column-demote.zeek b/testing/btest/scripts/base/frameworks/logging/path-func-column-demote.zeek index ebb514042e..7b256da666 100644 --- a/testing/btest/scripts/base/frameworks/logging/path-func-column-demote.zeek +++ b/testing/btest/scripts/base/frameworks/logging/path-func-column-demote.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff local.log # @TEST-EXEC: btest-diff remote.log # diff --git a/testing/btest/scripts/base/frameworks/logging/path-func.zeek b/testing/btest/scripts/base/frameworks/logging/path-func.zeek index fa52cccc48..80cb5e7918 100644 --- a/testing/btest/scripts/base/frameworks/logging/path-func.zeek +++ b/testing/btest/scripts/base/frameworks/logging/path-func.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: ( ls static-*; cat static-* ) >output # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/frameworks/logging/pred.zeek b/testing/btest/scripts/base/frameworks/logging/pred.zeek index c6f85183b4..aa89fdf504 100644 --- a/testing/btest/scripts/base/frameworks/logging/pred.zeek +++ b/testing/btest/scripts/base/frameworks/logging/pred.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff test.success.log # @TEST-EXEC: btest-diff test.failure.log diff --git a/testing/btest/scripts/base/frameworks/logging/remove.zeek b/testing/btest/scripts/base/frameworks/logging/remove.zeek index 2247648e7c..c4a626610e 100644 --- a/testing/btest/scripts/base/frameworks/logging/remove.zeek +++ b/testing/btest/scripts/base/frameworks/logging/remove.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b -B logging %INPUT +# @TEST-EXEC: zeek -b -B logging %INPUT # @TEST-EXEC: btest-diff ssh.log # @TEST-EXEC: btest-diff ssh.failure.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/frameworks/logging/rotate-custom.zeek b/testing/btest/scripts/base/frameworks/logging/rotate-custom.zeek index 89264fa6e5..4e6e38ebe9 100644 --- a/testing/btest/scripts/base/frameworks/logging/rotate-custom.zeek +++ b/testing/btest/scripts/base/frameworks/logging/rotate-custom.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b -r ${TRACES}/rotation.trace %INPUT | egrep "test|test2" | sort >out.tmp +# @TEST-EXEC: zeek -b -r ${TRACES}/rotation.trace %INPUT | egrep "test|test2" | sort >out.tmp # @TEST-EXEC: cat out.tmp pp.log | sort >out # @TEST-EXEC: for i in `ls test*.log | sort`; do printf '> %s\n' $i; cat $i; done | sort | $SCRIPTS/diff-remove-timestamps | uniq >>out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/logging/rotate.zeek b/testing/btest/scripts/base/frameworks/logging/rotate.zeek index 2a988a88f0..a7ae0df75a 100644 --- a/testing/btest/scripts/base/frameworks/logging/rotate.zeek +++ b/testing/btest/scripts/base/frameworks/logging/rotate.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b -r ${TRACES}/rotation.trace %INPUT >bro.out 2>&1 +# @TEST-EXEC: zeek -b -r ${TRACES}/rotation.trace %INPUT >bro.out 2>&1 # @TEST-EXEC: grep "test" bro.out | sort >out # @TEST-EXEC: for i in `ls test.*.log | sort`; do printf '> %s\n' $i; cat $i; done >>out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/logging/scope_sep.zeek b/testing/btest/scripts/base/frameworks/logging/scope_sep.zeek index 9d58ef11c2..03936bbe17 100644 --- a/testing/btest/scripts/base/frameworks/logging/scope_sep.zeek +++ b/testing/btest/scripts/base/frameworks/logging/scope_sep.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff conn.log @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/logging/scope_sep_and_field_name_map.zeek b/testing/btest/scripts/base/frameworks/logging/scope_sep_and_field_name_map.zeek index 3c72b7a833..a67b260241 100644 --- a/testing/btest/scripts/base/frameworks/logging/scope_sep_and_field_name_map.zeek +++ b/testing/btest/scripts/base/frameworks/logging/scope_sep_and_field_name_map.zeek @@ -1,7 +1,7 @@ # This tests the order in which the unrolling and field name # renaming occurs. -# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff conn.log @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/error.zeek b/testing/btest/scripts/base/frameworks/logging/sqlite/error.zeek index d453804858..ea52826a13 100644 --- a/testing/btest/scripts/base/frameworks/logging/sqlite/error.zeek +++ b/testing/btest/scripts/base/frameworks/logging/sqlite/error.zeek @@ -4,7 +4,7 @@ # @TEST-GROUP: sqlite # # @TEST-EXEC: cat ssh.sql | sqlite3 ssh.sqlite -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff .stderr # # Testing all possible types. diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/set.zeek b/testing/btest/scripts/base/frameworks/logging/sqlite/set.zeek index 8612cd5765..17779a6312 100644 --- a/testing/btest/scripts/base/frameworks/logging/sqlite/set.zeek +++ b/testing/btest/scripts/base/frameworks/logging/sqlite/set.zeek @@ -6,7 +6,7 @@ # @TEST-REQUIRES: has-writer Bro::SQLiteWriter # @TEST-GROUP: sqlite # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: sqlite3 ssh.sqlite 'select * from ssh' > ssh.select # @TEST-EXEC: btest-diff ssh.select # diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/simultaneous-writes.zeek b/testing/btest/scripts/base/frameworks/logging/sqlite/simultaneous-writes.zeek index 7f9ea2d870..e717954a61 100644 --- a/testing/btest/scripts/base/frameworks/logging/sqlite/simultaneous-writes.zeek +++ b/testing/btest/scripts/base/frameworks/logging/sqlite/simultaneous-writes.zeek @@ -4,7 +4,7 @@ # @TEST-REQUIRES: has-writer Bro::SQLiteWriter # @TEST-GROUP: sqlite # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: sqlite3 ssh.sqlite 'select * from ssh' > ssh.select # @TEST-EXEC: sqlite3 ssh.sqlite 'select * from sshtwo' >> ssh.select # @TEST-EXEC: btest-diff ssh.select diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/types.zeek b/testing/btest/scripts/base/frameworks/logging/sqlite/types.zeek index e878ec32d3..783fd2603b 100644 --- a/testing/btest/scripts/base/frameworks/logging/sqlite/types.zeek +++ b/testing/btest/scripts/base/frameworks/logging/sqlite/types.zeek @@ -3,7 +3,7 @@ # @TEST-REQUIRES: has-writer Bro::SQLiteWriter # @TEST-GROUP: sqlite # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: sqlite3 ssh.sqlite 'select * from ssh' > ssh.select # @TEST-EXEC: btest-diff ssh.select # diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.zeek b/testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.zeek index e45c42d7e2..8ffc867b92 100644 --- a/testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.zeek +++ b/testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.zeek @@ -3,7 +3,7 @@ # @TEST-REQUIRES: has-writer Bro::SQLiteWriter # @TEST-GROUP: sqlite # -# @TEST-EXEC: bro -r $TRACES/wikipedia.trace Log::default_writer=Log::WRITER_SQLITE +# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace Log::default_writer=Log::WRITER_SQLITE # @TEST-EXEC: sqlite3 conn.sqlite 'select * from conn order by ts' | sort -n > conn.select # @TEST-EXEC: sqlite3 http.sqlite 'select * from http order by ts' | sort -n > http.select # @TEST-EXEC: btest-diff conn.select diff --git a/testing/btest/scripts/base/frameworks/logging/stdout.zeek b/testing/btest/scripts/base/frameworks/logging/stdout.zeek index bce55fd0ca..39db1d1e51 100644 --- a/testing/btest/scripts/base/frameworks/logging/stdout.zeek +++ b/testing/btest/scripts/base/frameworks/logging/stdout.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: test '!' -e ssh.log diff --git a/testing/btest/scripts/base/frameworks/logging/test-logging.zeek b/testing/btest/scripts/base/frameworks/logging/test-logging.zeek index f7d07e843a..3e0db68c79 100644 --- a/testing/btest/scripts/base/frameworks/logging/test-logging.zeek +++ b/testing/btest/scripts/base/frameworks/logging/test-logging.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/types.zeek b/testing/btest/scripts/base/frameworks/logging/types.zeek index 9d208335ad..fc10e88bcc 100644 --- a/testing/btest/scripts/base/frameworks/logging/types.zeek +++ b/testing/btest/scripts/base/frameworks/logging/types.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log # # Testing all possible types. diff --git a/testing/btest/scripts/base/frameworks/logging/unset-record.zeek b/testing/btest/scripts/base/frameworks/logging/unset-record.zeek index 00f97ffc1a..529e474381 100644 --- a/testing/btest/scripts/base/frameworks/logging/unset-record.zeek +++ b/testing/btest/scripts/base/frameworks/logging/unset-record.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff testing.log redef enum Log::ID += { TESTING }; diff --git a/testing/btest/scripts/base/frameworks/logging/vec.zeek b/testing/btest/scripts/base/frameworks/logging/vec.zeek index 6809e132bc..5e73357947 100644 --- a/testing/btest/scripts/base/frameworks/logging/vec.zeek +++ b/testing/btest/scripts/base/frameworks/logging/vec.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/writer-path-conflict.zeek b/testing/btest/scripts/base/frameworks/logging/writer-path-conflict.zeek index 916e5a6775..60984f1fc7 100644 --- a/testing/btest/scripts/base/frameworks/logging/writer-path-conflict.zeek +++ b/testing/btest/scripts/base/frameworks/logging/writer-path-conflict.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff reporter.log # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff http-2.log diff --git a/testing/btest/scripts/base/frameworks/netcontrol/acld-hook.zeek b/testing/btest/scripts/base/frameworks/netcontrol/acld-hook.zeek index 5561b3b674..7addee4bf7 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/acld-hook.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/acld-hook.zeek @@ -1,6 +1,6 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/scripts/base/frameworks/netcontrol/acld.zeek b/testing/btest/scripts/base/frameworks/netcontrol/acld.zeek index 94fda84c64..5603219093 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/acld.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/acld.zeek @@ -1,6 +1,6 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff send/netcontrol.log diff --git a/testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.zeek b/testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.zeek index 3f3ecb5e60..067193de8c 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.zeek @@ -2,12 +2,12 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 bro %INPUT" -# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/tls/ecdhe.pcap %INPUT" +# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 zeek %INPUT" +# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 zeek --pseudo-realtime -C -r $TRACES/tls/ecdhe.pcap %INPUT" # @TEST-EXEC: $SCRIPTS/wait-for-pid $(cat worker-1/.pid) 10 || (btest-bg-wait -k 1 && false) -# @TEST-EXEC: btest-bg-run worker-2 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-2 bro --pseudo-realtime -C -r $TRACES/tls/ecdhe.pcap %INPUT" +# @TEST-EXEC: btest-bg-run worker-2 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-2 zeek --pseudo-realtime -C -r $TRACES/tls/ecdhe.pcap %INPUT" # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff worker-1/.stdout # @TEST-EXEC: btest-diff worker-2/.stdout diff --git a/testing/btest/scripts/base/frameworks/netcontrol/basic.zeek b/testing/btest/scripts/base/frameworks/netcontrol/basic.zeek index 1efe420d73..b7510e4c2c 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/basic.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/basic.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: btest-diff netcontrol.log # @TEST-EXEC: btest-diff netcontrol_shunt.log # @TEST-EXEC: btest-diff netcontrol_drop.log diff --git a/testing/btest/scripts/base/frameworks/netcontrol/broker.zeek b/testing/btest/scripts/base/frameworks/netcontrol/broker.zeek index bf8957e4ff..c1d0f961a4 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/broker.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/broker.zeek @@ -1,6 +1,6 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/smtp.trace --pseudo-realtime ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -b -r $TRACES/smtp.trace --pseudo-realtime ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff send/netcontrol.log diff --git a/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release-forgotten.zeek b/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release-forgotten.zeek index dd5e71f1fe..ea99e13329 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release-forgotten.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release-forgotten.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/smtp.trace %INPUT # @TEST-EXEC: btest-diff netcontrol_catch_release.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release.zeek b/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release.zeek index 29c56c2535..30740dbf00 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ecdhe.pcap %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-remove-timestamps' btest-diff netcontrol.log # @TEST-EXEC: btest-diff netcontrol_catch_release.log diff --git a/testing/btest/scripts/base/frameworks/netcontrol/delete-internal-state.zeek b/testing/btest/scripts/base/frameworks/netcontrol/delete-internal-state.zeek index 29cb439a64..935142b33c 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/delete-internal-state.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/delete-internal-state.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ecdhe.pcap %INPUT # @TEST-EXEC: btest-diff .stdout # Verify the state of internal tables after rules have been deleted... diff --git a/testing/btest/scripts/base/frameworks/netcontrol/duplicate.zeek b/testing/btest/scripts/base/frameworks/netcontrol/duplicate.zeek index c64bd9e16b..a5e03add55 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/duplicate.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/duplicate.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/tls/google-duplicate.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/google-duplicate.trace %INPUT # @TEST-EXEC: btest-diff netcontrol.log @load base/frameworks/netcontrol diff --git a/testing/btest/scripts/base/frameworks/netcontrol/find-rules.zeek b/testing/btest/scripts/base/frameworks/netcontrol/find-rules.zeek index e7bb61cc04..09694cc1f8 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/find-rules.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/find-rules.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: btest-diff out @load base/frameworks/netcontrol diff --git a/testing/btest/scripts/base/frameworks/netcontrol/hook.zeek b/testing/btest/scripts/base/frameworks/netcontrol/hook.zeek index 02056a1e0a..e12599db83 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/hook.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/hook.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ecdhe.pcap %INPUT # @TEST-EXEC: btest-diff netcontrol.log @load base/frameworks/netcontrol diff --git a/testing/btest/scripts/base/frameworks/netcontrol/multiple.zeek b/testing/btest/scripts/base/frameworks/netcontrol/multiple.zeek index d56c8e2468..4fc05d4f45 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/multiple.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/multiple.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ecdhe.pcap %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-sort' btest-diff netcontrol.log # @TEST-EXEC: btest-diff openflow.log diff --git a/testing/btest/scripts/base/frameworks/netcontrol/openflow.zeek b/testing/btest/scripts/base/frameworks/netcontrol/openflow.zeek index 36c06fcc3d..04cd1302b3 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/openflow.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/openflow.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/smtp.trace %INPUT # @TEST-EXEC: btest-diff netcontrol.log # @TEST-EXEC: btest-diff openflow.log diff --git a/testing/btest/scripts/base/frameworks/netcontrol/packetfilter.zeek b/testing/btest/scripts/base/frameworks/netcontrol/packetfilter.zeek index 46a1193a21..ac8a3f5c0a 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/packetfilter.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/packetfilter.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/smtp.trace %INPUT # @TEST-EXEC: btest-diff conn.log @load base/frameworks/netcontrol diff --git a/testing/btest/scripts/base/frameworks/netcontrol/quarantine-openflow.zeek b/testing/btest/scripts/base/frameworks/netcontrol/quarantine-openflow.zeek index 9356253c98..71ef2b3efe 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/quarantine-openflow.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/quarantine-openflow.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ecdhe.pcap %INPUT # @TEST-EXEC: btest-diff netcontrol.log # @TEST-EXEC: btest-diff openflow.log diff --git a/testing/btest/scripts/base/frameworks/netcontrol/timeout.zeek b/testing/btest/scripts/base/frameworks/netcontrol/timeout.zeek index e308205ffc..bc7de9dd3a 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/timeout.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/timeout.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime %INPUT # @TEST-EXEC: btest-diff netcontrol.log @load base/frameworks/netcontrol diff --git a/testing/btest/scripts/base/frameworks/notice/cluster.zeek b/testing/btest/scripts/base/frameworks/notice/cluster.zeek index cda5fc857e..dadf5409ab 100644 --- a/testing/btest/scripts/base/frameworks/notice/cluster.zeek +++ b/testing/btest/scripts/base/frameworks/notice/cluster.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff manager-1/notice.log diff --git a/testing/btest/scripts/base/frameworks/notice/default-policy-order.test b/testing/btest/scripts/base/frameworks/notice/default-policy-order.test index d5d3f4c3fa..7daffc2ea0 100644 --- a/testing/btest/scripts/base/frameworks/notice/default-policy-order.test +++ b/testing/btest/scripts/base/frameworks/notice/default-policy-order.test @@ -1,10 +1,10 @@ # This test checks that the default notice policy ordering does not # change from run to run. -# @TEST-EXEC: bro -e '' +# @TEST-EXEC: zeek -e '' # @TEST-EXEC: cat notice_policy.log | $SCRIPTS/diff-remove-timestamps > notice_policy.log.1 -# @TEST-EXEC: bro -e '' +# @TEST-EXEC: zeek -e '' # @TEST-EXEC: cat notice_policy.log | $SCRIPTS/diff-remove-timestamps > notice_policy.log.2 -# @TEST-EXEC: bro -e '' +# @TEST-EXEC: zeek -e '' # @TEST-EXEC: cat notice_policy.log | $SCRIPTS/diff-remove-timestamps > notice_policy.log.3 # @TEST-EXEC: diff notice_policy.log.1 notice_policy.log.2 # @TEST-EXEC: diff notice_policy.log.1 notice_policy.log.3 diff --git a/testing/btest/scripts/base/frameworks/notice/mail-alarms.zeek b/testing/btest/scripts/base/frameworks/notice/mail-alarms.zeek index 0970ec0c76..373d773bd2 100644 --- a/testing/btest/scripts/base/frameworks/notice/mail-alarms.zeek +++ b/testing/btest/scripts/base/frameworks/notice/mail-alarms.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/web.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/web.trace %INPUT # @TEST-EXEC: btest-diff alarm-mail.txt hook Notice::policy(n: Notice::Info) &priority=1 diff --git a/testing/btest/scripts/base/frameworks/notice/suppression-cluster.zeek b/testing/btest/scripts/base/frameworks/notice/suppression-cluster.zeek index 73cd65cfe9..cf99a0dbd9 100644 --- a/testing/btest/scripts/base/frameworks/notice/suppression-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/notice/suppression-cluster.zeek @@ -3,10 +3,10 @@ # @TEST-PORT: BROKER_PORT3 # @TEST-PORT: BROKER_PORT4 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff manager-1/notice.log diff --git a/testing/btest/scripts/base/frameworks/notice/suppression-disable.zeek b/testing/btest/scripts/base/frameworks/notice/suppression-disable.zeek index 5eeab5bff2..a281fd1b7c 100644 --- a/testing/btest/scripts/base/frameworks/notice/suppression-disable.zeek +++ b/testing/btest/scripts/base/frameworks/notice/suppression-disable.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # The "Test_Notice" should be logged twice # @TEST-EXEC: test `grep Test_Notice notice.log | wc -l` -eq 2 diff --git a/testing/btest/scripts/base/frameworks/notice/suppression.zeek b/testing/btest/scripts/base/frameworks/notice/suppression.zeek index d91aa17a2e..f284bb4600 100644 --- a/testing/btest/scripts/base/frameworks/notice/suppression.zeek +++ b/testing/btest/scripts/base/frameworks/notice/suppression.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff notice.log @load base/frameworks/notice diff --git a/testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek b/testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek index 3cce7bda1e..a74a7331b1 100644 --- a/testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek +++ b/testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek @@ -1,6 +1,6 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/smtp.trace --pseudo-realtime ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -b -r $TRACES/smtp.trace --pseudo-realtime ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/scripts/base/frameworks/openflow/log-basic.zeek b/testing/btest/scripts/base/frameworks/openflow/log-basic.zeek index 5aa615f691..3604c95eec 100644 --- a/testing/btest/scripts/base/frameworks/openflow/log-basic.zeek +++ b/testing/btest/scripts/base/frameworks/openflow/log-basic.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/smtp.trace %INPUT # @TEST-EXEC: btest-diff openflow.log @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/openflow/log-cluster.zeek b/testing/btest/scripts/base/frameworks/openflow/log-cluster.zeek index c6a9e90cb4..5aa40ed181 100644 --- a/testing/btest/scripts/base/frameworks/openflow/log-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/openflow/log-cluster.zeek @@ -1,8 +1,8 @@ # @TEST-PORT: BROKER_PORT1 # @TEST-PORT: BROKER_PORT2 # -# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 bro %INPUT" -# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/smtp.trace %INPUT" +# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 zeek %INPUT" +# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 zeek --pseudo-realtime -C -r $TRACES/smtp.trace %INPUT" # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff manager-1/openflow.log diff --git a/testing/btest/scripts/base/frameworks/openflow/ryu-basic.zeek b/testing/btest/scripts/base/frameworks/openflow/ryu-basic.zeek index 9df9822450..8f1dc35fce 100644 --- a/testing/btest/scripts/base/frameworks/openflow/ryu-basic.zeek +++ b/testing/btest/scripts/base/frameworks/openflow/ryu-basic.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/smtp.trace %INPUT # @TEST-EXEC: btest-diff .stdout @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/packet-filter/bad-filter.test b/testing/btest/scripts/base/frameworks/packet-filter/bad-filter.test index a3e2a54c57..537b210128 100644 --- a/testing/btest/scripts/base/frameworks/packet-filter/bad-filter.test +++ b/testing/btest/scripts/base/frameworks/packet-filter/bad-filter.test @@ -1,2 +1,2 @@ -# @TEST-EXEC-FAIL: bro -r $TRACES/web.trace -f "bad filter" +# @TEST-EXEC-FAIL: zeek -r $TRACES/web.trace -f "bad filter" # @TEST-EXEC: test -s .stderr diff --git a/testing/btest/scripts/base/frameworks/reporter/disable-stderr.zeek b/testing/btest/scripts/base/frameworks/reporter/disable-stderr.zeek index bf449e886d..2adf5e1d7f 100644 --- a/testing/btest/scripts/base/frameworks/reporter/disable-stderr.zeek +++ b/testing/btest/scripts/base/frameworks/reporter/disable-stderr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps" btest-diff reporter.log diff --git a/testing/btest/scripts/base/frameworks/reporter/stderr.zeek b/testing/btest/scripts/base/frameworks/reporter/stderr.zeek index 6b878ceef5..5c3793b435 100644 --- a/testing/btest/scripts/base/frameworks/reporter/stderr.zeek +++ b/testing/btest/scripts/base/frameworks/reporter/stderr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps" btest-diff reporter.log diff --git a/testing/btest/scripts/base/frameworks/software/version-parsing.zeek b/testing/btest/scripts/base/frameworks/software/version-parsing.zeek index fd43145826..ecf36ca8dc 100644 --- a/testing/btest/scripts/base/frameworks/software/version-parsing.zeek +++ b/testing/btest/scripts/base/frameworks/software/version-parsing.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT > output +# @TEST-EXEC: zeek %INPUT > output # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff output module Software; diff --git a/testing/btest/scripts/base/frameworks/sumstats/basic-cluster.zeek b/testing/btest/scripts/base/frameworks/sumstats/basic-cluster.zeek index 726aa09416..c54aa1b128 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/basic-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/basic-cluster.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 15 # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/sumstats/basic.zeek b/testing/btest/scripts/base/frameworks/sumstats/basic.zeek index 1362c739cf..3b454ebaa4 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/basic.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/basic.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run standalone bro %INPUT +# @TEST-EXEC: btest-bg-run standalone zeek %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff standalone/.stdout diff --git a/testing/btest/scripts/base/frameworks/sumstats/cluster-intermediate-update.zeek b/testing/btest/scripts/base/frameworks/sumstats/cluster-intermediate-update.zeek index 04cdcca725..98240f3e10 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/cluster-intermediate-update.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/cluster-intermediate-update.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/sumstats/last-cluster.zeek b/testing/btest/scripts/base/frameworks/sumstats/last-cluster.zeek index 4482b43524..7bbe1860a9 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/last-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/last-cluster.zeek @@ -1,8 +1,8 @@ # @TEST-PORT: BROKER_PORT1 # @TEST-PORT: BROKER_PORT2 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT # @TEST-EXEC: btest-bg-wait 25 # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/sumstats/on-demand-cluster.zeek b/testing/btest/scripts/base/frameworks/sumstats/on-demand-cluster.zeek index 3ab0492f29..6218d85573 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/on-demand-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/on-demand-cluster.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 15 # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/sumstats/on-demand.zeek b/testing/btest/scripts/base/frameworks/sumstats/on-demand.zeek index 99658ad7d0..4faedd9bac 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/on-demand.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/on-demand.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: btest-diff .stdout redef exit_only_after_terminate=T; diff --git a/testing/btest/scripts/base/frameworks/sumstats/sample-cluster.zeek b/testing/btest/scripts/base/frameworks/sumstats/sample-cluster.zeek index 44dcd3abd4..a254c86ec0 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/sample-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/sample-cluster.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 15 # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/sumstats/sample.zeek b/testing/btest/scripts/base/frameworks/sumstats/sample.zeek index 30e80b1b49..7d63c2e946 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/sample.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/sample.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: btest-diff .stdout event zeek_init() &priority=5 diff --git a/testing/btest/scripts/base/frameworks/sumstats/thresholding.zeek b/testing/btest/scripts/base/frameworks/sumstats/thresholding.zeek index f751a85e98..93ae99e0ef 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/thresholding.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/thresholding.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT | sort >output +# @TEST-EXEC: zeek %INPUT | sort >output # @TEST-EXEC: btest-diff output redef enum Notice::Type += { diff --git a/testing/btest/scripts/base/frameworks/sumstats/topk-cluster.zeek b/testing/btest/scripts/base/frameworks/sumstats/topk-cluster.zeek index e32e417cc5..c5eaca9917 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/topk-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/topk-cluster.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 15 # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/sumstats/topk.zeek b/testing/btest/scripts/base/frameworks/sumstats/topk.zeek index 0b7ae1ea2f..a30d3ce4c8 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/topk.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/topk.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: btest-diff .stdout event zeek_init() &priority=5 diff --git a/testing/btest/scripts/base/misc/find-filtered-trace.test b/testing/btest/scripts/base/misc/find-filtered-trace.test index e6c61c2bd2..a63e0c7a2b 100644 --- a/testing/btest/scripts/base/misc/find-filtered-trace.test +++ b/testing/btest/scripts/base/misc/find-filtered-trace.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/bro.org-filtered.pcap >out1 2>&1 -# @TEST-EXEC: bro -r $TRACES/http/bro.org-filtered.pcap "FilteredTraceDetection::enable=F" >out2 2>&1 +# @TEST-EXEC: zeek -r $TRACES/http/bro.org-filtered.pcap >out1 2>&1 +# @TEST-EXEC: zeek -r $TRACES/http/bro.org-filtered.pcap "FilteredTraceDetection::enable=F" >out2 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out1 # @TEST-EXEC: btest-diff out2 diff --git a/testing/btest/scripts/base/misc/version.zeek b/testing/btest/scripts/base/misc/version.zeek index bceade0abb..da911425e6 100644 --- a/testing/btest/scripts/base/misc/version.zeek +++ b/testing/btest/scripts/base/misc/version.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath" btest-diff .stderr diff --git a/testing/btest/scripts/base/protocols/arp/bad.test b/testing/btest/scripts/base/protocols/arp/bad.test index efe9b1d15a..fb3444f105 100644 --- a/testing/btest/scripts/base/protocols/arp/bad.test +++ b/testing/btest/scripts/base/protocols/arp/bad.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/arp-leak.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/arp-leak.pcap %INPUT # @TEST-EXEC: btest-diff .stdout event arp_request(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string) diff --git a/testing/btest/scripts/base/protocols/arp/basic.test b/testing/btest/scripts/base/protocols/arp/basic.test index 9ef1404567..c8dbc58cff 100644 --- a/testing/btest/scripts/base/protocols/arp/basic.test +++ b/testing/btest/scripts/base/protocols/arp/basic.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/arp-who-has.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/arp-who-has.pcap %INPUT # @TEST-EXEC: btest-diff .stdout event arp_request(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string) diff --git a/testing/btest/scripts/base/protocols/arp/radiotap.test b/testing/btest/scripts/base/protocols/arp/radiotap.test index 95ce471532..59f69aca13 100644 --- a/testing/btest/scripts/base/protocols/arp/radiotap.test +++ b/testing/btest/scripts/base/protocols/arp/radiotap.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/arp-who-has-radiotap.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/arp-who-has-radiotap.pcap %INPUT # @TEST-EXEC: btest-diff .stdout event arp_request(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string) diff --git a/testing/btest/scripts/base/protocols/arp/wlanmon.test b/testing/btest/scripts/base/protocols/arp/wlanmon.test index 7f909eac4f..6516d424e9 100644 --- a/testing/btest/scripts/base/protocols/arp/wlanmon.test +++ b/testing/btest/scripts/base/protocols/arp/wlanmon.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/arp-who-has-wlanmon.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/arp-who-has-wlanmon.pcap %INPUT # @TEST-EXEC: btest-diff .stdout event arp_request(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string) diff --git a/testing/btest/scripts/base/protocols/conn/contents-default-extract.test b/testing/btest/scripts/base/protocols/conn/contents-default-extract.test index b53081826c..5bd0044dbc 100644 --- a/testing/btest/scripts/base/protocols/conn/contents-default-extract.test +++ b/testing/btest/scripts/base/protocols/conn/contents-default-extract.test @@ -1,3 +1,3 @@ -# @TEST-EXEC: bro -f "tcp port 21" -r $TRACES/ftp/ipv6.trace "Conn::default_extract=T" +# @TEST-EXEC: zeek -f "tcp port 21" -r $TRACES/ftp/ipv6.trace "Conn::default_extract=T" # @TEST-EXEC: btest-diff contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_orig.dat # @TEST-EXEC: btest-diff contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_resp.dat diff --git a/testing/btest/scripts/base/protocols/conn/new_connection_contents.zeek b/testing/btest/scripts/base/protocols/conn/new_connection_contents.zeek index 42919f6f13..6278078d49 100644 --- a/testing/btest/scripts/base/protocols/conn/new_connection_contents.zeek +++ b/testing/btest/scripts/base/protocols/conn/new_connection_contents.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/irc-dcc-send.trace %INPUT # @TEST-EXEC: btest-diff .stdout event new_connection_contents(c: connection) diff --git a/testing/btest/scripts/base/protocols/conn/polling.test b/testing/btest/scripts/base/protocols/conn/polling.test index f855326e77..4b009bacaa 100644 --- a/testing/btest/scripts/base/protocols/conn/polling.test +++ b/testing/btest/scripts/base/protocols/conn/polling.test @@ -1,6 +1,6 @@ -# @TEST-EXEC: bro -b -r $TRACES/http/100-continue.trace %INPUT >out1 +# @TEST-EXEC: zeek -b -r $TRACES/http/100-continue.trace %INPUT >out1 # @TEST-EXEC: btest-diff out1 -# @TEST-EXEC: bro -b -r $TRACES/http/100-continue.trace %INPUT stop_cnt=2 >out2 +# @TEST-EXEC: zeek -b -r $TRACES/http/100-continue.trace %INPUT stop_cnt=2 >out2 # @TEST-EXEC: btest-diff out2 @load base/protocols/conn diff --git a/testing/btest/scripts/base/protocols/conn/threshold.zeek b/testing/btest/scripts/base/protocols/conn/threshold.zeek index 13daa8fff0..4ab01b4dbf 100644 --- a/testing/btest/scripts/base/protocols/conn/threshold.zeek +++ b/testing/btest/scripts/base/protocols/conn/threshold.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/irc-dcc-send.trace %INPUT # @TEST-EXEC: btest-diff .stdout event connection_established(c: connection) diff --git a/testing/btest/scripts/base/protocols/dce-rpc/context.zeek b/testing/btest/scripts/base/protocols/dce-rpc/context.zeek index cb0d93383b..f49649848b 100644 --- a/testing/btest/scripts/base/protocols/dce-rpc/context.zeek +++ b/testing/btest/scripts/base/protocols/dce-rpc/context.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -C -r $TRACES/dce-rpc/cs_window7-join_stream092.pcap %INPUT >out +# @TEST-EXEC: zeek -b -C -r $TRACES/dce-rpc/cs_window7-join_stream092.pcap %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff dce_rpc.log diff --git a/testing/btest/scripts/base/protocols/dce-rpc/mapi.test b/testing/btest/scripts/base/protocols/dce-rpc/mapi.test index 97431bb005..ba29d31540 100644 --- a/testing/btest/scripts/base/protocols/dce-rpc/mapi.test +++ b/testing/btest/scripts/base/protocols/dce-rpc/mapi.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/dce-rpc/mapi.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/dce-rpc/mapi.pcap %INPUT # @TEST-EXEC: btest-diff dce_rpc.log # @TEST-EXEC: btest-diff ntlm.log diff --git a/testing/btest/scripts/base/protocols/dhcp/dhcp-ack-msg-types.btest b/testing/btest/scripts/base/protocols/dhcp/dhcp-ack-msg-types.btest index 8f192b7aa4..8f32736572 100644 --- a/testing/btest/scripts/base/protocols/dhcp/dhcp-ack-msg-types.btest +++ b/testing/btest/scripts/base/protocols/dhcp/dhcp-ack-msg-types.btest @@ -2,5 +2,5 @@ # The trace has a message of each DHCP message type, # but only one lease should show up in the logs. -# @TEST-EXEC: bro -r $TRACES/dhcp/dhcp_ack_subscriber_id_and_agent_remote_id.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/dhcp/dhcp_ack_subscriber_id_and_agent_remote_id.trace %INPUT # @TEST-EXEC: btest-diff dhcp.log diff --git a/testing/btest/scripts/base/protocols/dhcp/dhcp-all-msg-types.btest b/testing/btest/scripts/base/protocols/dhcp/dhcp-all-msg-types.btest index 752ab91780..0c902911a2 100644 --- a/testing/btest/scripts/base/protocols/dhcp/dhcp-all-msg-types.btest +++ b/testing/btest/scripts/base/protocols/dhcp/dhcp-all-msg-types.btest @@ -2,5 +2,5 @@ # The trace has a message of each DHCP message type, # but only one lease should show up in the logs. -# @TEST-EXEC: bro -r $TRACES/dhcp/dhcp.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/dhcp/dhcp.trace %INPUT # @TEST-EXEC: btest-diff dhcp.log diff --git a/testing/btest/scripts/base/protocols/dhcp/dhcp-discover-msg-types.btest b/testing/btest/scripts/base/protocols/dhcp/dhcp-discover-msg-types.btest index 1952682e61..1833bd70ab 100644 --- a/testing/btest/scripts/base/protocols/dhcp/dhcp-discover-msg-types.btest +++ b/testing/btest/scripts/base/protocols/dhcp/dhcp-discover-msg-types.btest @@ -2,5 +2,5 @@ # The trace has a message of each DHCP message type, # but only one lease should show up in the logs. -# @TEST-EXEC: bro -r $TRACES/dhcp/dhcp_discover_param_req_and_client_id.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/dhcp/dhcp_discover_param_req_and_client_id.trace %INPUT # @TEST-EXEC: btest-diff dhcp.log diff --git a/testing/btest/scripts/base/protocols/dhcp/dhcp-sub-opts.btest b/testing/btest/scripts/base/protocols/dhcp/dhcp-sub-opts.btest index 3bd37a996b..f5fc6be660 100644 --- a/testing/btest/scripts/base/protocols/dhcp/dhcp-sub-opts.btest +++ b/testing/btest/scripts/base/protocols/dhcp/dhcp-sub-opts.btest @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -r $TRACES/dhcp/dhcp_ack_subscriber_id_and_agent_remote_id.trace %INPUT protocols/dhcp/sub-opts +# @TEST-EXEC: zeek -r $TRACES/dhcp/dhcp_ack_subscriber_id_and_agent_remote_id.trace %INPUT protocols/dhcp/sub-opts # @TEST-EXEC: btest-diff dhcp.log diff --git a/testing/btest/scripts/base/protocols/dhcp/inform.test b/testing/btest/scripts/base/protocols/dhcp/inform.test index 652fd1ae45..7a6fa78eaa 100644 --- a/testing/btest/scripts/base/protocols/dhcp/inform.test +++ b/testing/btest/scripts/base/protocols/dhcp/inform.test @@ -1,5 +1,5 @@ # DHCPINFORM leases are special-cased in the code. # This tests that those leases are correctly logged. -# @TEST-EXEC: bro -r $TRACES/dhcp/dhcp_inform.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/dhcp/dhcp_inform.trace %INPUT # @TEST-EXEC: btest-diff dhcp.log diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_del_measure.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_del_measure.zeek index e551bbf7d6..dd2fe42007 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_del_measure.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_del_measure.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_del_measure.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_del_measure.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_en_spon.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_en_spon.zeek index 489be56505..3fd98f90a9 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_en_spon.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_en_spon.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_en_spon.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_en_spon.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_del.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_del.zeek index 9155ea0174..9fa7cff416 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_del.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_del.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_file_del.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_file_del.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_read.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_read.zeek index 87140ec1fe..279ce73fc5 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_read.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_read.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_file_read.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_file_read.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_write.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_write.zeek index 8ca9e3107d..a7bf5a6c51 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_write.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_write.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_file_write.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_file_write.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.zeek index 868ce39cc0..c55ad9eaf5 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -C -r $TRACES/dnp3/dnp3_link_only.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -C -r $TRACES/dnp3/dnp3_link_only.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_read.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_read.zeek index 340e2b3132..c474cc5594 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_read.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_read.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_read.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_read.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_rec_time.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_rec_time.zeek index f88c262d54..7f0e2437af 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_rec_time.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_rec_time.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_rec_time.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_rec_time.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_select_operate.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_select_operate.zeek index 9119c33a97..44fcd570c1 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_select_operate.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_select_operate.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_select_operate.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_select_operate.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_en_spon.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_en_spon.zeek index 07479c92a2..2efaa4f5d7 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_en_spon.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_en_spon.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_udp_en_spon.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_udp_en_spon.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_read.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_read.zeek index cf64179dfe..9f817b5bc1 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_read.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_read.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_udp_read.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_udp_read.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_select_operate.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_select_operate.zeek index c6deb5eb69..8c1aa79dba 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_select_operate.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_select_operate.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_udp_select_operate.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_udp_select_operate.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_write.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_write.zeek index f88e04f37a..60eeb30480 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_write.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_write.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_udp_write.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_udp_write.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_write.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_write.zeek index 86b99a11c7..cb0e0560d3 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_write.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_write.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_write.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_write.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/events.zeek b/testing/btest/scripts/base/protocols/dnp3/events.zeek index c5a853be61..ec871b0932 100644 --- a/testing/btest/scripts/base/protocols/dnp3/events.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/events.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3.trace %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3.trace %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dns/caa.zeek b/testing/btest/scripts/base/protocols/dns/caa.zeek index 9a0f4701de..4c3b5af22d 100644 --- a/testing/btest/scripts/base/protocols/dns/caa.zeek +++ b/testing/btest/scripts/base/protocols/dns/caa.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/dns-caa.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/dns-caa.pcap %INPUT # @TEST-EXEC: btest-diff .stdout event dns_CAA_reply(c: connection, msg: dns_msg, ans: dns_answer, flags: count, tag: string, value: string) diff --git a/testing/btest/scripts/base/protocols/dns/dns-key.zeek b/testing/btest/scripts/base/protocols/dns/dns-key.zeek index 4880ad3530..7ab37cb015 100644 --- a/testing/btest/scripts/base/protocols/dns/dns-key.zeek +++ b/testing/btest/scripts/base/protocols/dns/dns-key.zeek @@ -1,4 +1,4 @@ # Making sure DNSKEY gets logged as such. # -# @TEST-EXEC: bro -r $TRACES/dnssec/dnskey2.pcap +# @TEST-EXEC: zeek -r $TRACES/dnssec/dnskey2.pcap # @TEST-EXEC: btest-diff dns.log diff --git a/testing/btest/scripts/base/protocols/dns/dnskey.zeek b/testing/btest/scripts/base/protocols/dns/dnskey.zeek index 9297dc696a..b790b832cf 100644 --- a/testing/btest/scripts/base/protocols/dns/dnskey.zeek +++ b/testing/btest/scripts/base/protocols/dns/dnskey.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/dnssec/dnskey.pcap %INPUT > output +# @TEST-EXEC: zeek -C -r $TRACES/dnssec/dnskey.pcap %INPUT > output # @TEST-EXEC: btest-diff dns.log # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/protocols/dns/ds.zeek b/testing/btest/scripts/base/protocols/dns/ds.zeek index ecb90514cd..4c1a75562f 100644 --- a/testing/btest/scripts/base/protocols/dns/ds.zeek +++ b/testing/btest/scripts/base/protocols/dns/ds.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/dnssec/ds.pcap %INPUT > output +# @TEST-EXEC: zeek -C -r $TRACES/dnssec/ds.pcap %INPUT > output # @TEST-EXEC: btest-diff dns.log # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/protocols/dns/duplicate-reponses.zeek b/testing/btest/scripts/base/protocols/dns/duplicate-reponses.zeek index e13b3b4807..91f37fa723 100644 --- a/testing/btest/scripts/base/protocols/dns/duplicate-reponses.zeek +++ b/testing/btest/scripts/base/protocols/dns/duplicate-reponses.zeek @@ -1,4 +1,4 @@ # This tests the case where the DNS server responded with zero RRs. # -# @TEST-EXEC: bro -r $TRACES/dns-two-responses.trace +# @TEST-EXEC: zeek -r $TRACES/dns-two-responses.trace # @TEST-EXEC: btest-diff dns.log diff --git a/testing/btest/scripts/base/protocols/dns/flip.zeek b/testing/btest/scripts/base/protocols/dns/flip.zeek index 66987ee27d..92058c6c49 100644 --- a/testing/btest/scripts/base/protocols/dns/flip.zeek +++ b/testing/btest/scripts/base/protocols/dns/flip.zeek @@ -1,3 +1,3 @@ -# @TEST-EXEC: bro -r $TRACES/dns53.pcap +# @TEST-EXEC: zeek -r $TRACES/dns53.pcap # @TEST-EXEC: btest-diff dns.log # If the DNS reply is seen first, should be able to correctly set orig/resp. diff --git a/testing/btest/scripts/base/protocols/dns/huge-ttl.zeek b/testing/btest/scripts/base/protocols/dns/huge-ttl.zeek index ee6a76e978..90ed2275b0 100644 --- a/testing/btest/scripts/base/protocols/dns/huge-ttl.zeek +++ b/testing/btest/scripts/base/protocols/dns/huge-ttl.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/dns-huge-ttl.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/dns-huge-ttl.pcap %INPUT # @TEST-EXEC: btest-diff .stdout event dns_A_reply(c: connection, msg: dns_msg, ans: dns_answer, a: addr) diff --git a/testing/btest/scripts/base/protocols/dns/multiple-txt-strings.zeek b/testing/btest/scripts/base/protocols/dns/multiple-txt-strings.zeek index 4a15792702..55ea225106 100644 --- a/testing/btest/scripts/base/protocols/dns/multiple-txt-strings.zeek +++ b/testing/btest/scripts/base/protocols/dns/multiple-txt-strings.zeek @@ -1,4 +1,4 @@ # This tests the case where the DNS server responded with zero RRs. # -# @TEST-EXEC: bro -r $TRACES/dns-txt-multiple.trace +# @TEST-EXEC: zeek -r $TRACES/dns-txt-multiple.trace # @TEST-EXEC: btest-diff dns.log diff --git a/testing/btest/scripts/base/protocols/dns/nsec.zeek b/testing/btest/scripts/base/protocols/dns/nsec.zeek index 8d9b1c91a7..006e24057b 100644 --- a/testing/btest/scripts/base/protocols/dns/nsec.zeek +++ b/testing/btest/scripts/base/protocols/dns/nsec.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/dnssec/nsec.pcap %INPUT > output +# @TEST-EXEC: zeek -C -r $TRACES/dnssec/nsec.pcap %INPUT > output # @TEST-EXEC: btest-diff dns.log # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/protocols/dns/nsec3.zeek b/testing/btest/scripts/base/protocols/dns/nsec3.zeek index 0710be8fea..ce77ae857d 100644 --- a/testing/btest/scripts/base/protocols/dns/nsec3.zeek +++ b/testing/btest/scripts/base/protocols/dns/nsec3.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/dnssec/nsec3.pcap %INPUT > output +# @TEST-EXEC: zeek -C -r $TRACES/dnssec/nsec3.pcap %INPUT > output # @TEST-EXEC: btest-diff dns.log # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/protocols/dns/rrsig.zeek b/testing/btest/scripts/base/protocols/dns/rrsig.zeek index 32b958a789..68f6a46e0a 100644 --- a/testing/btest/scripts/base/protocols/dns/rrsig.zeek +++ b/testing/btest/scripts/base/protocols/dns/rrsig.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/dnssec/rrsig.pcap %INPUT > output +# @TEST-EXEC: zeek -C -r $TRACES/dnssec/rrsig.pcap %INPUT > output # @TEST-EXEC: btest-diff dns.log # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/protocols/dns/tsig.zeek b/testing/btest/scripts/base/protocols/dns/tsig.zeek index 79de4cf9f1..7df31eb9c4 100644 --- a/testing/btest/scripts/base/protocols/dns/tsig.zeek +++ b/testing/btest/scripts/base/protocols/dns/tsig.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/dns-tsig.trace %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/dns-tsig.trace %INPUT >out # @TEST-EXEC: btest-diff out redef dns_skip_all_addl = F; diff --git a/testing/btest/scripts/base/protocols/dns/zero-responses.zeek b/testing/btest/scripts/base/protocols/dns/zero-responses.zeek index 54f7d7b7d3..aff38b4402 100644 --- a/testing/btest/scripts/base/protocols/dns/zero-responses.zeek +++ b/testing/btest/scripts/base/protocols/dns/zero-responses.zeek @@ -1,4 +1,4 @@ # This tests the case where the DNS server responded with zero RRs. # -# @TEST-EXEC: bro -r $TRACES/dns-zero-RRs.trace +# @TEST-EXEC: zeek -r $TRACES/dns-zero-RRs.trace # @TEST-EXEC: btest-diff dns.log \ No newline at end of file diff --git a/testing/btest/scripts/base/protocols/ftp/cwd-navigation.zeek b/testing/btest/scripts/base/protocols/ftp/cwd-navigation.zeek index c3c5de778a..79b41fa28d 100644 --- a/testing/btest/scripts/base/protocols/ftp/cwd-navigation.zeek +++ b/testing/btest/scripts/base/protocols/ftp/cwd-navigation.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/ftp/cwd-navigation.pcap >output.log %INPUT +# @TEST-EXEC: zeek -r $TRACES/ftp/cwd-navigation.pcap >output.log %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff ftp.log # @TEST-EXEC: btest-diff output.log diff --git a/testing/btest/scripts/base/protocols/ftp/ftp-get-file-size.zeek b/testing/btest/scripts/base/protocols/ftp/ftp-get-file-size.zeek index 4791d31460..42e90301b4 100644 --- a/testing/btest/scripts/base/protocols/ftp/ftp-get-file-size.zeek +++ b/testing/btest/scripts/base/protocols/ftp/ftp-get-file-size.zeek @@ -1,5 +1,5 @@ # This tests extracting the server reported file size # from FTP sessions. # -# @TEST-EXEC: bro -r $TRACES/ftp/ftp-with-numbers-in-filename.pcap +# @TEST-EXEC: zeek -r $TRACES/ftp/ftp-with-numbers-in-filename.pcap # @TEST-EXEC: btest-diff ftp.log diff --git a/testing/btest/scripts/base/protocols/ftp/ftp-ipv4.zeek b/testing/btest/scripts/base/protocols/ftp/ftp-ipv4.zeek index cb58d4af8a..f12ef0d109 100644 --- a/testing/btest/scripts/base/protocols/ftp/ftp-ipv4.zeek +++ b/testing/btest/scripts/base/protocols/ftp/ftp-ipv4.zeek @@ -1,6 +1,6 @@ # This tests both active and passive FTP over IPv4. # -# @TEST-EXEC: bro -r $TRACES/ftp/ipv4.trace +# @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff ftp.log diff --git a/testing/btest/scripts/base/protocols/ftp/ftp-ipv6.zeek b/testing/btest/scripts/base/protocols/ftp/ftp-ipv6.zeek index 87dfa7e052..bb8bf9ca1b 100644 --- a/testing/btest/scripts/base/protocols/ftp/ftp-ipv6.zeek +++ b/testing/btest/scripts/base/protocols/ftp/ftp-ipv6.zeek @@ -1,6 +1,6 @@ # This tests both active and passive FTP over IPv6. # -# @TEST-EXEC: bro -r $TRACES/ftp/ipv6.trace +# @TEST-EXEC: zeek -r $TRACES/ftp/ipv6.trace # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff ftp.log diff --git a/testing/btest/scripts/base/protocols/ftp/gridftp.test b/testing/btest/scripts/base/protocols/ftp/gridftp.test index 18b3bd956b..3981adc5ae 100644 --- a/testing/btest/scripts/base/protocols/ftp/gridftp.test +++ b/testing/btest/scripts/base/protocols/ftp/gridftp.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/globus-url-copy.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/globus-url-copy.trace %INPUT # @TEST-EXEC: btest-diff notice.log # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff ssl.log diff --git a/testing/btest/scripts/base/protocols/http/100-continue.zeek b/testing/btest/scripts/base/protocols/http/100-continue.zeek index ed9e4970fe..110c6c2f4c 100644 --- a/testing/btest/scripts/base/protocols/http/100-continue.zeek +++ b/testing/btest/scripts/base/protocols/http/100-continue.zeek @@ -3,7 +3,7 @@ # a given request. The http scripts should also be able log such replies # in a way that correlates the final response with the request. # -# @TEST-EXEC: bro -r $TRACES/http/100-continue.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/100-continue.trace %INPUT # @TEST-EXEC: test ! -f weird.log # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/scripts/base/protocols/http/101-switching-protocols.zeek b/testing/btest/scripts/base/protocols/http/101-switching-protocols.zeek index b6aabb0de5..e8ec4ff491 100644 --- a/testing/btest/scripts/base/protocols/http/101-switching-protocols.zeek +++ b/testing/btest/scripts/base/protocols/http/101-switching-protocols.zeek @@ -1,7 +1,7 @@ # This tests that the HTTP analyzer does not generate a dpd error as a # result of seeing an upgraded connection. # -# @TEST-EXEC: bro -r $TRACES/http/websocket.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/websocket.pcap %INPUT # @TEST-EXEC: test ! -f dpd.log # @TEST-EXEC: test ! -f weird.log # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/scripts/base/protocols/http/content-range-gap-skip.zeek b/testing/btest/scripts/base/protocols/http/content-range-gap-skip.zeek index 74ce213505..f499543327 100644 --- a/testing/btest/scripts/base/protocols/http/content-range-gap-skip.zeek +++ b/testing/btest/scripts/base/protocols/http/content-range-gap-skip.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/content-range-gap-skip.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/content-range-gap-skip.trace %INPUT # In this trace, we should be able to determine that a gap lies # entirely within the body of an entity that specifies Content-Range, diff --git a/testing/btest/scripts/base/protocols/http/content-range-gap.zeek b/testing/btest/scripts/base/protocols/http/content-range-gap.zeek index a62e8aa362..d992ef4d38 100644 --- a/testing/btest/scripts/base/protocols/http/content-range-gap.zeek +++ b/testing/btest/scripts/base/protocols/http/content-range-gap.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/content-range-gap.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/content-range-gap.trace %INPUT # @TEST-EXEC: btest-diff extract_files/thefile event file_new(f: fa_file) diff --git a/testing/btest/scripts/base/protocols/http/content-range-less-than-len.zeek b/testing/btest/scripts/base/protocols/http/content-range-less-than-len.zeek index c95816b29f..e10e504635 100644 --- a/testing/btest/scripts/base/protocols/http/content-range-less-than-len.zeek +++ b/testing/btest/scripts/base/protocols/http/content-range-less-than-len.zeek @@ -1,3 +1,3 @@ -# @TEST-EXEC: bro -r $TRACES/http/content-range-less-than-len.pcap +# @TEST-EXEC: zeek -r $TRACES/http/content-range-less-than-len.pcap # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff weird.log diff --git a/testing/btest/scripts/base/protocols/http/entity-gap.zeek b/testing/btest/scripts/base/protocols/http/entity-gap.zeek index 95d3e52759..6f82801d2d 100644 --- a/testing/btest/scripts/base/protocols/http/entity-gap.zeek +++ b/testing/btest/scripts/base/protocols/http/entity-gap.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/entity_gap.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/entity_gap.trace %INPUT # @TEST-EXEC: btest-diff entity_data # @TEST-EXEC: btest-diff extract_files/file0 diff --git a/testing/btest/scripts/base/protocols/http/entity-gap2.zeek b/testing/btest/scripts/base/protocols/http/entity-gap2.zeek index c9ade93b72..e8703efc85 100644 --- a/testing/btest/scripts/base/protocols/http/entity-gap2.zeek +++ b/testing/btest/scripts/base/protocols/http/entity-gap2.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/entity_gap2.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/entity_gap2.trace %INPUT # @TEST-EXEC: btest-diff entity_data # @TEST-EXEC: btest-diff extract_files/file0 diff --git a/testing/btest/scripts/base/protocols/http/fake-content-length.zeek b/testing/btest/scripts/base/protocols/http/fake-content-length.zeek index 5993b18ed1..30bb628958 100644 --- a/testing/btest/scripts/base/protocols/http/fake-content-length.zeek +++ b/testing/btest/scripts/base/protocols/http/fake-content-length.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -r $TRACES/http/fake-content-length.pcap +# @TEST-EXEC: zeek -r $TRACES/http/fake-content-length.pcap # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/scripts/base/protocols/http/http-bad-request-with-version.zeek b/testing/btest/scripts/base/protocols/http/http-bad-request-with-version.zeek index f95196e8bd..dbd4747598 100644 --- a/testing/btest/scripts/base/protocols/http/http-bad-request-with-version.zeek +++ b/testing/btest/scripts/base/protocols/http/http-bad-request-with-version.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -Cr $TRACES/http/http-bad-request-with-version.trace %INPUT +# @TEST-EXEC: zeek -Cr $TRACES/http/http-bad-request-with-version.trace %INPUT # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff weird.log diff --git a/testing/btest/scripts/base/protocols/http/http-connect-with-header.zeek b/testing/btest/scripts/base/protocols/http/http-connect-with-header.zeek index 84172878f6..6c2cbcc815 100644 --- a/testing/btest/scripts/base/protocols/http/http-connect-with-header.zeek +++ b/testing/btest/scripts/base/protocols/http/http-connect-with-header.zeek @@ -1,7 +1,7 @@ # This tests that the HTTP analyzer handles HTTP CONNECT proxying correctly # when the server include a header line into its response. # -# @TEST-EXEC: bro -C -r $TRACES/http/connect-with-header.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/http/connect-with-header.trace %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/scripts/base/protocols/http/http-connect.zeek b/testing/btest/scripts/base/protocols/http/http-connect.zeek index df6f3268b4..39cf3f3271 100644 --- a/testing/btest/scripts/base/protocols/http/http-connect.zeek +++ b/testing/btest/scripts/base/protocols/http/http-connect.zeek @@ -1,6 +1,6 @@ # This tests that the HTTP analyzer handles HTTP CONNECT proxying correctly. # -# @TEST-EXEC: bro -r $TRACES/http/connect-with-smtp.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/connect-with-smtp.trace %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff smtp.log diff --git a/testing/btest/scripts/base/protocols/http/http-filename.zeek b/testing/btest/scripts/base/protocols/http/http-filename.zeek index b20bbddafe..b3528191c0 100644 --- a/testing/btest/scripts/base/protocols/http/http-filename.zeek +++ b/testing/btest/scripts/base/protocols/http/http-filename.zeek @@ -1,6 +1,6 @@ # This tests that the HTTP analyzer handles filenames over HTTP correctly. # -# @TEST-EXEC: bro -r $TRACES/http/http-filename.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/http-filename.pcap %INPUT # @TEST-EXEC: btest-diff http.log # The base analysis scripts are loaded by default. diff --git a/testing/btest/scripts/base/protocols/http/http-header-crlf.zeek b/testing/btest/scripts/base/protocols/http/http-header-crlf.zeek index c9ba7afba3..60d5095d97 100644 --- a/testing/btest/scripts/base/protocols/http/http-header-crlf.zeek +++ b/testing/btest/scripts/base/protocols/http/http-header-crlf.zeek @@ -2,7 +2,7 @@ # it gets confused whether it's in a header or not; it shouldn't report # the http_no_crlf_in_header_list wierd. # -# @TEST-EXEC: bro -r $TRACES/http/byteranges.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/byteranges.trace %INPUT # @TEST-EXEC: test ! -f weird.log # The base analysis scripts are loaded by default. diff --git a/testing/btest/scripts/base/protocols/http/http-methods.zeek b/testing/btest/scripts/base/protocols/http/http-methods.zeek index 5ab89bbe4d..810868184f 100644 --- a/testing/btest/scripts/base/protocols/http/http-methods.zeek +++ b/testing/btest/scripts/base/protocols/http/http-methods.zeek @@ -1,6 +1,6 @@ # This tests that the HTTP analyzer handles strange HTTP methods properly. # -# @TEST-EXEC: bro -r $TRACES/http/methods.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/methods.trace %INPUT # @TEST-EXEC: btest-diff weird.log # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/scripts/base/protocols/http/http-pipelining.zeek b/testing/btest/scripts/base/protocols/http/http-pipelining.zeek index afb1a7f33e..d1451276fe 100644 --- a/testing/btest/scripts/base/protocols/http/http-pipelining.zeek +++ b/testing/btest/scripts/base/protocols/http/http-pipelining.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/pipelined-requests.trace %INPUT > output +# @TEST-EXEC: zeek -r $TRACES/http/pipelined-requests.trace %INPUT > output # @TEST-EXEC: btest-diff http.log # mime type is irrelevant to this test, so filter it out diff --git a/testing/btest/scripts/base/protocols/http/missing-zlib-header.zeek b/testing/btest/scripts/base/protocols/http/missing-zlib-header.zeek index 25923f70da..9c993c7e7f 100644 --- a/testing/btest/scripts/base/protocols/http/missing-zlib-header.zeek +++ b/testing/btest/scripts/base/protocols/http/missing-zlib-header.zeek @@ -2,5 +2,5 @@ # include an appropriate ZLIB header on deflated # content. # -# @TEST-EXEC: bro -r $TRACES/http/missing-zlib-header.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/missing-zlib-header.pcap %INPUT # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/scripts/base/protocols/http/multipart-extract.zeek b/testing/btest/scripts/base/protocols/http/multipart-extract.zeek index a919a844b2..93f12e13d7 100644 --- a/testing/btest/scripts/base/protocols/http/multipart-extract.zeek +++ b/testing/btest/scripts/base/protocols/http/multipart-extract.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/http/multipart.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/http/multipart.trace %INPUT # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: cat extract_files/http-item-* | sort > extractions diff --git a/testing/btest/scripts/base/protocols/http/multipart-file-limit.zeek b/testing/btest/scripts/base/protocols/http/multipart-file-limit.zeek index 7c0690babd..21980ae7e0 100644 --- a/testing/btest/scripts/base/protocols/http/multipart-file-limit.zeek +++ b/testing/btest/scripts/base/protocols/http/multipart-file-limit.zeek @@ -1,10 +1,10 @@ -# @TEST-EXEC: bro -C -r $TRACES/http/multipart.trace +# @TEST-EXEC: zeek -C -r $TRACES/http/multipart.trace # @TEST-EXEC: btest-diff http.log -# @TEST-EXEC: bro -C -r $TRACES/http/multipart.trace %INPUT >out-limited +# @TEST-EXEC: zeek -C -r $TRACES/http/multipart.trace %INPUT >out-limited # @TEST-EXEC: mv http.log http-limited.log # @TEST-EXEC: btest-diff http-limited.log # @TEST-EXEC: btest-diff out-limited -# @TEST-EXEC: bro -C -r $TRACES/http/multipart.trace %INPUT ignore_http_file_limit=T >out-limit-ignored +# @TEST-EXEC: zeek -C -r $TRACES/http/multipart.trace %INPUT ignore_http_file_limit=T >out-limit-ignored # @TEST-EXEC: mv http.log http-limit-ignored.log # @TEST-EXEC: btest-diff http-limit-ignored.log # @TEST-EXEC: btest-diff out-limit-ignored diff --git a/testing/btest/scripts/base/protocols/http/no-uri.zeek b/testing/btest/scripts/base/protocols/http/no-uri.zeek index 9793b93c58..dc0a3f313d 100644 --- a/testing/btest/scripts/base/protocols/http/no-uri.zeek +++ b/testing/btest/scripts/base/protocols/http/no-uri.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -Cr $TRACES/http/no-uri.pcap %INPUT +# @TEST-EXEC: zeek -Cr $TRACES/http/no-uri.pcap %INPUT # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff weird.log diff --git a/testing/btest/scripts/base/protocols/http/no-version.zeek b/testing/btest/scripts/base/protocols/http/no-version.zeek index 3e861534bd..d926cb565e 100644 --- a/testing/btest/scripts/base/protocols/http/no-version.zeek +++ b/testing/btest/scripts/base/protocols/http/no-version.zeek @@ -1,3 +1,3 @@ -# @TEST-EXEC: bro -Cr $TRACES/http/no-version.pcap %INPUT +# @TEST-EXEC: zeek -Cr $TRACES/http/no-version.pcap %INPUT # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/scripts/base/protocols/http/percent-end-of-line.zeek b/testing/btest/scripts/base/protocols/http/percent-end-of-line.zeek index a41dbab294..9bfd21d46f 100644 --- a/testing/btest/scripts/base/protocols/http/percent-end-of-line.zeek +++ b/testing/btest/scripts/base/protocols/http/percent-end-of-line.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -Cr $TRACES/http/percent-end-of-line.pcap %INPUT +# @TEST-EXEC: zeek -Cr $TRACES/http/percent-end-of-line.pcap %INPUT # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff weird.log diff --git a/testing/btest/scripts/base/protocols/http/x-gzip.zeek b/testing/btest/scripts/base/protocols/http/x-gzip.zeek index a73fc5f71f..75cd505490 100644 --- a/testing/btest/scripts/base/protocols/http/x-gzip.zeek +++ b/testing/btest/scripts/base/protocols/http/x-gzip.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -r $TRACES/http/x-gzip.pcap +# @TEST-EXEC: zeek -r $TRACES/http/x-gzip.pcap # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/scripts/base/protocols/http/zero-length-bodies-with-drops.zeek b/testing/btest/scripts/base/protocols/http/zero-length-bodies-with-drops.zeek index ccf397617e..1e7ba1f5eb 100644 --- a/testing/btest/scripts/base/protocols/http/zero-length-bodies-with-drops.zeek +++ b/testing/btest/scripts/base/protocols/http/zero-length-bodies-with-drops.zeek @@ -3,7 +3,7 @@ # files when there isn't actually any body there and shouldn't # create a file. # -# @TEST-EXEC: bro -r $TRACES/http/zero-length-bodies-with-drops.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/zero-length-bodies-with-drops.pcap %INPUT # There shouldn't be a files log (no files!) # @TEST-EXEC: test ! -f files.log diff --git a/testing/btest/scripts/base/protocols/imap/capabilities.test b/testing/btest/scripts/base/protocols/imap/capabilities.test index 06bdb56b7d..81fb802275 100644 --- a/testing/btest/scripts/base/protocols/imap/capabilities.test +++ b/testing/btest/scripts/base/protocols/imap/capabilities.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -C -r $TRACES/tls/imap-starttls.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/imap-starttls.pcap %INPUT # @TEST-EXEC: btest-diff .stdout @load base/protocols/ssl diff --git a/testing/btest/scripts/base/protocols/imap/starttls.test b/testing/btest/scripts/base/protocols/imap/starttls.test index 444c27688a..2d20622b15 100644 --- a/testing/btest/scripts/base/protocols/imap/starttls.test +++ b/testing/btest/scripts/base/protocols/imap/starttls.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -C -r $TRACES/tls/imap-starttls.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/imap-starttls.pcap %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log diff --git a/testing/btest/scripts/base/protocols/irc/basic.test b/testing/btest/scripts/base/protocols/irc/basic.test index d4fb893e2c..bf3141896b 100644 --- a/testing/btest/scripts/base/protocols/irc/basic.test +++ b/testing/btest/scripts/base/protocols/irc/basic.test @@ -1,7 +1,7 @@ # This tests that basic IRC commands (NICK, USER, JOIN, DCC SEND) # are logged for a client. -# @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/irc-dcc-send.trace %INPUT # @TEST-EXEC: btest-diff irc.log # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/scripts/base/protocols/irc/events.test b/testing/btest/scripts/base/protocols/irc/events.test index c5220b247b..3e187d9da9 100644 --- a/testing/btest/scripts/base/protocols/irc/events.test +++ b/testing/btest/scripts/base/protocols/irc/events.test @@ -1,8 +1,8 @@ # Test IRC events -# @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace %INPUT -# @TEST-EXEC: bro -r $TRACES/irc-basic.trace %INPUT -# @TEST-EXEC: bro -r $TRACES/irc-whitespace.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/irc-dcc-send.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/irc-basic.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/irc-whitespace.trace %INPUT # @TEST-EXEC: btest-diff .stdout event irc_privmsg_message(c: connection, is_orig: bool, source: string, target: string, message: string) diff --git a/testing/btest/scripts/base/protocols/irc/longline.test b/testing/btest/scripts/base/protocols/irc/longline.test index 0573494844..fec493d086 100644 --- a/testing/btest/scripts/base/protocols/irc/longline.test +++ b/testing/btest/scripts/base/protocols/irc/longline.test @@ -1,6 +1,6 @@ # This tests that an excessively long line is truncated by the contentline # analyzer -# @TEST-EXEC: bro -C -r $TRACES/contentline-irc-5k-line.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/contentline-irc-5k-line.pcap %INPUT # @TEST-EXEC: btest-diff weird.log diff --git a/testing/btest/scripts/base/protocols/irc/names-weird.zeek b/testing/btest/scripts/base/protocols/irc/names-weird.zeek index 33124416f6..2d0ff001b2 100644 --- a/testing/btest/scripts/base/protocols/irc/names-weird.zeek +++ b/testing/btest/scripts/base/protocols/irc/names-weird.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/irc-353.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/irc-353.pcap %INPUT # @TEST-EXEC: btest-diff weird.log event irc_names_info(c: connection, is_orig: bool, c_type: string, channel: string, users: string_set) diff --git a/testing/btest/scripts/base/protocols/irc/starttls.test b/testing/btest/scripts/base/protocols/irc/starttls.test index c110a77c39..9a0ec689ad 100644 --- a/testing/btest/scripts/base/protocols/irc/starttls.test +++ b/testing/btest/scripts/base/protocols/irc/starttls.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -C -r $TRACES/tls/irc-starttls.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/irc-starttls.pcap %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log diff --git a/testing/btest/scripts/base/protocols/krb/kinit.test b/testing/btest/scripts/base/protocols/krb/kinit.test index d9e4097361..16c8773a5b 100644 --- a/testing/btest/scripts/base/protocols/krb/kinit.test +++ b/testing/btest/scripts/base/protocols/krb/kinit.test @@ -1,6 +1,6 @@ # This test exercises many of the Linux kinit options against a KDC -# @TEST-EXEC: bro -b -r $TRACES/krb/kinit.trace %INPUT > output +# @TEST-EXEC: zeek -b -r $TRACES/krb/kinit.trace %INPUT > output # @TEST-EXEC: btest-diff kerberos.log # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/protocols/krb/smb2_krb.test b/testing/btest/scripts/base/protocols/krb/smb2_krb.test index 32c2a6e58d..38b6f592f4 100644 --- a/testing/btest/scripts/base/protocols/krb/smb2_krb.test +++ b/testing/btest/scripts/base/protocols/krb/smb2_krb.test @@ -5,7 +5,7 @@ # @TEST-REQUIRES: grep -q "#define USE_KRB5" $BUILD/bro-config.h # # @TEST-COPY-FILE: ${TRACES}/krb/smb2_krb.keytab -# @TEST-EXEC: bro -b -C -r $TRACES/krb/smb2_krb.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/krb/smb2_krb.pcap %INPUT # @TEST-EXEC: btest-diff .stdout redef KRB::keytab = "smb2_krb.keytab"; diff --git a/testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test b/testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test index d08543a0fb..e54b0d4ece 100644 --- a/testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test +++ b/testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test @@ -4,7 +4,7 @@ # @TEST-REQUIRES: grep -q "#define USE_KRB5" $BUILD/bro-config.h # # @TEST-COPY-FILE: ${TRACES}/krb/smb2_krb.keytab -# @TEST-EXEC: bro -C -r $TRACES/krb/smb2_krb.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/krb/smb2_krb.pcap %INPUT # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: btest-diff .stderr diff --git a/testing/btest/scripts/base/protocols/krb/smb_gssapi.test b/testing/btest/scripts/base/protocols/krb/smb_gssapi.test index 95e5660812..b8ad67945c 100644 --- a/testing/btest/scripts/base/protocols/krb/smb_gssapi.test +++ b/testing/btest/scripts/base/protocols/krb/smb_gssapi.test @@ -3,7 +3,7 @@ # SMB authentication event and therfore relies on the SMB # analyzer as well. -# @TEST-EXEC: bro -b -C -r $TRACES/krb/smb_gssapi.trace %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/krb/smb_gssapi.trace %INPUT # @TEST-EXEC: btest-diff kerberos.log # @TEST-EXEC: btest-diff-rst scripts.base.protocols.krb diff --git a/testing/btest/scripts/base/protocols/krb/tgs.test b/testing/btest/scripts/base/protocols/krb/tgs.test index bbf99762f6..8041a12804 100644 --- a/testing/btest/scripts/base/protocols/krb/tgs.test +++ b/testing/btest/scripts/base/protocols/krb/tgs.test @@ -1,6 +1,6 @@ # This test exercises a Kerberos authentication to a Kerberized SSH server -# @TEST-EXEC: bro -b -r $TRACES/krb/auth.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/krb/auth.trace %INPUT # @TEST-EXEC: btest-diff kerberos.log @load base/protocols/krb diff --git a/testing/btest/scripts/base/protocols/modbus/coil_parsing_big.zeek b/testing/btest/scripts/base/protocols/modbus/coil_parsing_big.zeek index acbf9aef8c..1cecf4c541 100644 --- a/testing/btest/scripts/base/protocols/modbus/coil_parsing_big.zeek +++ b/testing/btest/scripts/base/protocols/modbus/coil_parsing_big.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -C -r $TRACES/modbus/modbusBig.pcap %INPUT | sort | uniq -c | sed 's/^ *//g' >output +# @TEST-EXEC: zeek -C -r $TRACES/modbus/modbusBig.pcap %INPUT | sort | uniq -c | sed 's/^ *//g' >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $2}' | grep "^modbus_" | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/modbus/events.bif | grep "^event modbus_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/modbus/coil_parsing_small.zeek b/testing/btest/scripts/base/protocols/modbus/coil_parsing_small.zeek index 84ee314907..0e21021d6e 100644 --- a/testing/btest/scripts/base/protocols/modbus/coil_parsing_small.zeek +++ b/testing/btest/scripts/base/protocols/modbus/coil_parsing_small.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -C -r $TRACES/modbus/modbusSmall.pcap %INPUT | sort | uniq -c | sed 's/^ *//g' >output +# @TEST-EXEC: zeek -C -r $TRACES/modbus/modbusSmall.pcap %INPUT | sort | uniq -c | sed 's/^ *//g' >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $2}' | grep "^modbus_" | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/modbus/events.bif | grep "^event modbus_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/modbus/events.zeek b/testing/btest/scripts/base/protocols/modbus/events.zeek index 55a3f3cb04..4b55828565 100644 --- a/testing/btest/scripts/base/protocols/modbus/events.zeek +++ b/testing/btest/scripts/base/protocols/modbus/events.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/modbus/modbus.trace %INPUT | sort | uniq -c | sed 's/^ *//g' >output +# @TEST-EXEC: zeek -r $TRACES/modbus/modbus.trace %INPUT | sort | uniq -c | sed 's/^ *//g' >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $2}' | grep "^modbus_" | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/modbus/events.bif | grep "^event modbus_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/modbus/exception_handling.test b/testing/btest/scripts/base/protocols/modbus/exception_handling.test index 8a4fadcbeb..cb62bd7a3b 100644 --- a/testing/btest/scripts/base/protocols/modbus/exception_handling.test +++ b/testing/btest/scripts/base/protocols/modbus/exception_handling.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/modbus/fuzz-72.trace +# @TEST-EXEC: zeek -r $TRACES/modbus/fuzz-72.trace # @TEST-EXEC: btest-diff modbus.log # The pcap has a flow with some fuzzed modbus traffic in it that should cause diff --git a/testing/btest/scripts/base/protocols/modbus/length_mismatch.zeek b/testing/btest/scripts/base/protocols/modbus/length_mismatch.zeek index 17371f3788..0659614bd8 100644 --- a/testing/btest/scripts/base/protocols/modbus/length_mismatch.zeek +++ b/testing/btest/scripts/base/protocols/modbus/length_mismatch.zeek @@ -11,4 +11,4 @@ # as that can cause reading from a location that exceeds the end of the # data buffer. -# @TEST-EXEC: bro -r $TRACES/modbus/4SICS-GeekLounge-151022-min.pcap +# @TEST-EXEC: zeek -r $TRACES/modbus/4SICS-GeekLounge-151022-min.pcap diff --git a/testing/btest/scripts/base/protocols/modbus/policy.zeek b/testing/btest/scripts/base/protocols/modbus/policy.zeek index 5dab1d09f8..ae4923ee77 100644 --- a/testing/btest/scripts/base/protocols/modbus/policy.zeek +++ b/testing/btest/scripts/base/protocols/modbus/policy.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/modbus/modbus.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/modbus/modbus.trace %INPUT # @TEST-EXEC: btest-diff modbus.log # @TEST-EXEC: btest-diff modbus_register_change.log # @TEST-EXEC: btest-diff known_modbus.log diff --git a/testing/btest/scripts/base/protocols/modbus/register_parsing.zeek b/testing/btest/scripts/base/protocols/modbus/register_parsing.zeek index 1641860228..1fc482ee95 100644 --- a/testing/btest/scripts/base/protocols/modbus/register_parsing.zeek +++ b/testing/btest/scripts/base/protocols/modbus/register_parsing.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/modbus/fuzz-1011.trace %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/modbus/fuzz-1011.trace %INPUT >output # @TEST-EXEC: btest-diff modbus.log # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/protocols/mount/basic.test b/testing/btest/scripts/base/protocols/mount/basic.test index bd6fd5d5db..65a1adffd4 100644 --- a/testing/btest/scripts/base/protocols/mount/basic.test +++ b/testing/btest/scripts/base/protocols/mount/basic.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/mount/mount_base.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/mount/mount_base.pcap %INPUT # @TEST-EXEC: btest-diff .stdout global mount_ports: set[port] = { 635/tcp, 635/udp, 20048/tcp, 20048/udp } &redef; diff --git a/testing/btest/scripts/base/protocols/mysql/auth.test b/testing/btest/scripts/base/protocols/mysql/auth.test index 6c764e496f..78c1ca0f19 100644 --- a/testing/btest/scripts/base/protocols/mysql/auth.test +++ b/testing/btest/scripts/base/protocols/mysql/auth.test @@ -1,6 +1,6 @@ # This tests that successful/unsuccesful auth attempts get logged correctly -# @TEST-EXEC: bro -b -r $TRACES/mysql/auth.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/mysql/auth.trace %INPUT # @TEST-EXEC: btest-diff mysql.log @load base/protocols/mysql \ No newline at end of file diff --git a/testing/btest/scripts/base/protocols/mysql/encrypted.test b/testing/btest/scripts/base/protocols/mysql/encrypted.test index e41c93186f..0f806e4e25 100644 --- a/testing/btest/scripts/base/protocols/mysql/encrypted.test +++ b/testing/btest/scripts/base/protocols/mysql/encrypted.test @@ -2,7 +2,7 @@ # can't parse much of value. We're testing for an empty mysql.log file. # @TEST-EXEC: touch mysql.log -# @TEST-EXEC: bro -b -r $TRACES/mysql/encrypted.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/mysql/encrypted.trace %INPUT # @TEST-EXEC: btest-diff mysql.log @load base/protocols/mysql \ No newline at end of file diff --git a/testing/btest/scripts/base/protocols/mysql/wireshark.test b/testing/btest/scripts/base/protocols/mysql/wireshark.test index 55fe5be16c..64c8eb7ffa 100644 --- a/testing/btest/scripts/base/protocols/mysql/wireshark.test +++ b/testing/btest/scripts/base/protocols/mysql/wireshark.test @@ -1,6 +1,6 @@ # This tests a PCAP with a few MySQL commands from the Wireshark samples. -# @TEST-EXEC: bro -b -r $TRACES/mysql/mysql.trace %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/mysql/mysql.trace %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff mysql.log diff --git a/testing/btest/scripts/base/protocols/ncp/event.zeek b/testing/btest/scripts/base/protocols/ncp/event.zeek index 2333544b05..58ac47c8e8 100644 --- a/testing/btest/scripts/base/protocols/ncp/event.zeek +++ b/testing/btest/scripts/base/protocols/ncp/event.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/ncp.pcap %INPUT >out +# @TEST-EXEC: zeek -C -r $TRACES/ncp.pcap %INPUT >out # @TEST-EXEC: btest-diff out redef likely_server_ports += { 524/tcp }; diff --git a/testing/btest/scripts/base/protocols/ncp/frame_size_tuning.zeek b/testing/btest/scripts/base/protocols/ncp/frame_size_tuning.zeek index cc4a5799f2..c18f322892 100644 --- a/testing/btest/scripts/base/protocols/ncp/frame_size_tuning.zeek +++ b/testing/btest/scripts/base/protocols/ncp/frame_size_tuning.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/ncp.pcap %INPUT NCP::max_frame_size=150 >out +# @TEST-EXEC: zeek -C -r $TRACES/ncp.pcap %INPUT NCP::max_frame_size=150 >out # @TEST-EXEC: btest-diff out redef likely_server_ports += { 524/tcp }; diff --git a/testing/btest/scripts/base/protocols/nfs/basic.test b/testing/btest/scripts/base/protocols/nfs/basic.test index 9b7ae91910..e4dab09ed6 100755 --- a/testing/btest/scripts/base/protocols/nfs/basic.test +++ b/testing/btest/scripts/base/protocols/nfs/basic.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/nfs/nfs_base.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/nfs/nfs_base.pcap %INPUT # @TEST-EXEC: btest-diff .stdout global nfs_ports: set[port] = { 2049/tcp, 2049/udp } &redef; diff --git a/testing/btest/scripts/base/protocols/pop3/starttls.zeek b/testing/btest/scripts/base/protocols/pop3/starttls.zeek index d2bfee6449..cf5371d284 100644 --- a/testing/btest/scripts/base/protocols/pop3/starttls.zeek +++ b/testing/btest/scripts/base/protocols/pop3/starttls.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -b -r $TRACES/tls/pop3-starttls.pcap %INPUT +# @TEST-EXEC: zeek -C -b -r $TRACES/tls/pop3-starttls.pcap %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log diff --git a/testing/btest/scripts/base/protocols/radius/auth.test b/testing/btest/scripts/base/protocols/radius/auth.test index 9ec63dec0a..bcddeffd57 100644 --- a/testing/btest/scripts/base/protocols/radius/auth.test +++ b/testing/btest/scripts/base/protocols/radius/auth.test @@ -1,6 +1,6 @@ # This tests that a RADIUS authentication gets logged correctly -# @TEST-EXEC: bro -b -r $TRACES/radius/radius.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/radius/radius.trace %INPUT # @TEST-EXEC: btest-diff radius.log @load base/protocols/radius \ No newline at end of file diff --git a/testing/btest/scripts/base/protocols/radius/radius-multiple-attempts.test b/testing/btest/scripts/base/protocols/radius/radius-multiple-attempts.test index 473e492355..6456e58fe2 100644 --- a/testing/btest/scripts/base/protocols/radius/radius-multiple-attempts.test +++ b/testing/btest/scripts/base/protocols/radius/radius-multiple-attempts.test @@ -1,6 +1,6 @@ # Test a more complicated radius session with multiple attempts -# @TEST-EXEC: bro -b -C -r $TRACES/radius/radius_localhost.pcapng %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/radius/radius_localhost.pcapng %INPUT # @TEST-EXEC: btest-diff radius.log @load base/protocols/radius diff --git a/testing/btest/scripts/base/protocols/rdp/rdp-proprietary-encryption.zeek b/testing/btest/scripts/base/protocols/rdp/rdp-proprietary-encryption.zeek index 99305087ba..7558506c8f 100644 --- a/testing/btest/scripts/base/protocols/rdp/rdp-proprietary-encryption.zeek +++ b/testing/btest/scripts/base/protocols/rdp/rdp-proprietary-encryption.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/rdp/rdp-proprietary-encryption.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/rdp/rdp-proprietary-encryption.pcap %INPUT # @TEST-EXEC: btest-diff rdp.log @load base/protocols/rdp diff --git a/testing/btest/scripts/base/protocols/rdp/rdp-to-ssl.zeek b/testing/btest/scripts/base/protocols/rdp/rdp-to-ssl.zeek index 1be2bd7e8e..47f154eef3 100644 --- a/testing/btest/scripts/base/protocols/rdp/rdp-to-ssl.zeek +++ b/testing/btest/scripts/base/protocols/rdp/rdp-to-ssl.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/rdp/rdp-to-ssl.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/rdp/rdp-to-ssl.pcap %INPUT # @TEST-EXEC: btest-diff rdp.log # @TEST-EXEC: btest-diff ssl.log diff --git a/testing/btest/scripts/base/protocols/rdp/rdp-x509.zeek b/testing/btest/scripts/base/protocols/rdp/rdp-x509.zeek index 2fed0d7d19..56747a915b 100644 --- a/testing/btest/scripts/base/protocols/rdp/rdp-x509.zeek +++ b/testing/btest/scripts/base/protocols/rdp/rdp-x509.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/rdp/rdp-x509.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/rdp/rdp-x509.pcap %INPUT # @TEST-EXEC: btest-diff rdp.log # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-timestamps | $SCRIPTS/diff-remove-x509-key-info" btest-diff x509.log diff --git a/testing/btest/scripts/base/protocols/rfb/rfb-apple-remote-desktop.test b/testing/btest/scripts/base/protocols/rfb/rfb-apple-remote-desktop.test index e4510f35fb..2fc8129c67 100644 --- a/testing/btest/scripts/base/protocols/rfb/rfb-apple-remote-desktop.test +++ b/testing/btest/scripts/base/protocols/rfb/rfb-apple-remote-desktop.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/rfb/vncmac.pcap +# @TEST-EXEC: zeek -C -r $TRACES/rfb/vncmac.pcap # @TEST-EXEC: btest-diff rfb.log @load base/protocols/rfb diff --git a/testing/btest/scripts/base/protocols/rfb/vnc-mac-to-linux.test b/testing/btest/scripts/base/protocols/rfb/vnc-mac-to-linux.test index c9dd37f1c1..027a70e955 100644 --- a/testing/btest/scripts/base/protocols/rfb/vnc-mac-to-linux.test +++ b/testing/btest/scripts/base/protocols/rfb/vnc-mac-to-linux.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/rfb/vnc-mac-to-linux.pcap +# @TEST-EXEC: zeek -C -r $TRACES/rfb/vnc-mac-to-linux.pcap # @TEST-EXEC: btest-diff rfb.log @load base/protocols/rfb diff --git a/testing/btest/scripts/base/protocols/sip/wireshark.test b/testing/btest/scripts/base/protocols/sip/wireshark.test index 8c4611c880..12ebe6b664 100644 --- a/testing/btest/scripts/base/protocols/sip/wireshark.test +++ b/testing/btest/scripts/base/protocols/sip/wireshark.test @@ -1,6 +1,6 @@ # This tests a PCAP with a few SIP commands from the Wireshark samples. -# @TEST-EXEC: bro -b -r $TRACES/sip/wireshark.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/sip/wireshark.trace %INPUT # @TEST-EXEC: btest-diff sip.log @load base/protocols/sip \ No newline at end of file diff --git a/testing/btest/scripts/base/protocols/smb/disabled-dce-rpc.test b/testing/btest/scripts/base/protocols/smb/disabled-dce-rpc.test index d65ee81c41..330e95eace 100644 --- a/testing/btest/scripts/base/protocols/smb/disabled-dce-rpc.test +++ b/testing/btest/scripts/base/protocols/smb/disabled-dce-rpc.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/smb/dssetup_DsRoleGetPrimaryDomainInformation_standalone_workstation.cap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/smb/dssetup_DsRoleGetPrimaryDomainInformation_standalone_workstation.cap %INPUT # @TEST-EXEC: [ ! -f dce_rpc.log ] @load base/protocols/smb diff --git a/testing/btest/scripts/base/protocols/smb/raw-ntlm.test b/testing/btest/scripts/base/protocols/smb/raw-ntlm.test index 9cf9aa35c4..4518368972 100644 --- a/testing/btest/scripts/base/protocols/smb/raw-ntlm.test +++ b/testing/btest/scripts/base/protocols/smb/raw-ntlm.test @@ -1,4 +1,4 @@ -#@TEST-EXEC: bro -b -C -r $TRACES/smb/raw_ntlm_in_smb.pcap %INPUT +#@TEST-EXEC: zeek -b -C -r $TRACES/smb/raw_ntlm_in_smb.pcap %INPUT #@TEST-EXEC: btest-diff .stdout @load base/protocols/ntlm diff --git a/testing/btest/scripts/base/protocols/smb/smb1-transaction-dcerpc.test b/testing/btest/scripts/base/protocols/smb/smb1-transaction-dcerpc.test index 52f05c57b4..8a6a775005 100644 --- a/testing/btest/scripts/base/protocols/smb/smb1-transaction-dcerpc.test +++ b/testing/btest/scripts/base/protocols/smb/smb1-transaction-dcerpc.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -C -r $TRACES/smb/dssetup_DsRoleGetPrimaryDomainInformation_standalone_workstation.cap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/smb/dssetup_DsRoleGetPrimaryDomainInformation_standalone_workstation.cap %INPUT # @TEST-EXEC: btest-diff dce_rpc.log @load base/protocols/dce-rpc diff --git a/testing/btest/scripts/base/protocols/smb/smb1-transaction-request.test b/testing/btest/scripts/base/protocols/smb/smb1-transaction-request.test index 1573eb93b8..d6b5d0766d 100644 --- a/testing/btest/scripts/base/protocols/smb/smb1-transaction-request.test +++ b/testing/btest/scripts/base/protocols/smb/smb1-transaction-request.test @@ -1,4 +1,4 @@ -#@TEST-EXEC: bro -b -C -r $TRACES/smb/smb1_transaction_request.pcap %INPUT +#@TEST-EXEC: zeek -b -C -r $TRACES/smb/smb1_transaction_request.pcap %INPUT #@TEST-EXEC: btest-diff .stdout @load base/protocols/smb diff --git a/testing/btest/scripts/base/protocols/smb/smb1-transaction-response.test b/testing/btest/scripts/base/protocols/smb/smb1-transaction-response.test index 6e826445e9..5016c828b5 100644 --- a/testing/btest/scripts/base/protocols/smb/smb1-transaction-response.test +++ b/testing/btest/scripts/base/protocols/smb/smb1-transaction-response.test @@ -1,4 +1,4 @@ -#@TEST-EXEC: bro -b -C -r $TRACES/smb/smb1_transaction_response.pcap %INPUT +#@TEST-EXEC: zeek -b -C -r $TRACES/smb/smb1_transaction_response.pcap %INPUT #@TEST-EXEC: btest-diff .stdout @load base/protocols/smb diff --git a/testing/btest/scripts/base/protocols/smb/smb1-transaction-secondary-request.test b/testing/btest/scripts/base/protocols/smb/smb1-transaction-secondary-request.test index e186ee7b22..797fe01b6d 100644 --- a/testing/btest/scripts/base/protocols/smb/smb1-transaction-secondary-request.test +++ b/testing/btest/scripts/base/protocols/smb/smb1-transaction-secondary-request.test @@ -1,4 +1,4 @@ -#@TEST-EXEC: bro -b -C -r $TRACES/smb/smb1_transaction_secondary_request.pcap %INPUT +#@TEST-EXEC: zeek -b -C -r $TRACES/smb/smb1_transaction_secondary_request.pcap %INPUT #@TEST-EXEC: btest-diff .stdout @load base/protocols/smb diff --git a/testing/btest/scripts/base/protocols/smb/smb1-transaction2-request.test b/testing/btest/scripts/base/protocols/smb/smb1-transaction2-request.test index d216d41c32..40fe08a2a4 100644 --- a/testing/btest/scripts/base/protocols/smb/smb1-transaction2-request.test +++ b/testing/btest/scripts/base/protocols/smb/smb1-transaction2-request.test @@ -1,4 +1,4 @@ -#@TEST-EXEC: bro -b -C -r $TRACES/smb/smb1_transaction2_request.pcap %INPUT +#@TEST-EXEC: zeek -b -C -r $TRACES/smb/smb1_transaction2_request.pcap %INPUT #@TEST-EXEC: btest-diff .stdout @load base/protocols/smb diff --git a/testing/btest/scripts/base/protocols/smb/smb1-transaction2-secondary-request.test b/testing/btest/scripts/base/protocols/smb/smb1-transaction2-secondary-request.test index e8c462dd0d..1e7ba8665f 100644 --- a/testing/btest/scripts/base/protocols/smb/smb1-transaction2-secondary-request.test +++ b/testing/btest/scripts/base/protocols/smb/smb1-transaction2-secondary-request.test @@ -1,4 +1,4 @@ -#@TEST-EXEC: bro -b -C -r $TRACES/smb/smb1_transaction2_secondary_request.pcap %INPUT +#@TEST-EXEC: zeek -b -C -r $TRACES/smb/smb1_transaction2_secondary_request.pcap %INPUT #@TEST-EXEC: btest-diff .stdout @load base/protocols/smb diff --git a/testing/btest/scripts/base/protocols/smb/smb1.test b/testing/btest/scripts/base/protocols/smb/smb1.test index 61727754dc..89ac10eecb 100644 --- a/testing/btest/scripts/base/protocols/smb/smb1.test +++ b/testing/btest/scripts/base/protocols/smb/smb1.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/smb/smb1.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/smb/smb1.pcap %INPUT # @TEST-EXEC: btest-diff smb_files.log @load base/protocols/smb diff --git a/testing/btest/scripts/base/protocols/smb/smb2-read-write.zeek b/testing/btest/scripts/base/protocols/smb/smb2-read-write.zeek index 0d59e7a495..ed18bb0715 100644 --- a/testing/btest/scripts/base/protocols/smb/smb2-read-write.zeek +++ b/testing/btest/scripts/base/protocols/smb/smb2-read-write.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/smb/smb2readwrite.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/smb/smb2readwrite.pcap %INPUT # @TEST-EXEC: btest-diff smb_files.log # @TEST-EXEC: btest-diff files.log # @TEST-EXEC: test ! -f dpd.log diff --git a/testing/btest/scripts/base/protocols/smb/smb2-write-response.test b/testing/btest/scripts/base/protocols/smb/smb2-write-response.test index f926628f03..c737b43991 100644 --- a/testing/btest/scripts/base/protocols/smb/smb2-write-response.test +++ b/testing/btest/scripts/base/protocols/smb/smb2-write-response.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/smb/smb2readwrite.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/smb/smb2readwrite.pcap %INPUT # @TEST-EXEC: btest-diff .stdout @load base/protocols/smb diff --git a/testing/btest/scripts/base/protocols/smb/smb2.test b/testing/btest/scripts/base/protocols/smb/smb2.test index c4c6e78224..f69972f8ba 100644 --- a/testing/btest/scripts/base/protocols/smb/smb2.test +++ b/testing/btest/scripts/base/protocols/smb/smb2.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smb/smb2.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/smb/smb2.pcap %INPUT # @TEST-EXEC: btest-diff smb_files.log # @TEST-EXEC: btest-diff smb_mapping.log # @TEST-EXEC: btest-diff files.log diff --git a/testing/btest/scripts/base/protocols/smb/smb3.test b/testing/btest/scripts/base/protocols/smb/smb3.test index f762ea10f3..aeab67d27c 100644 --- a/testing/btest/scripts/base/protocols/smb/smb3.test +++ b/testing/btest/scripts/base/protocols/smb/smb3.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smb/smb3.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/smb/smb3.pcap %INPUT # @TEST-EXEC: btest-diff smb_mapping.log # @TEST-EXEC: test ! -f dpd.log # @TEST-EXEC: test ! -f weird.log diff --git a/testing/btest/scripts/base/protocols/smb/smb311.test b/testing/btest/scripts/base/protocols/smb/smb311.test index 22f232c14a..c988355742 100644 --- a/testing/btest/scripts/base/protocols/smb/smb311.test +++ b/testing/btest/scripts/base/protocols/smb/smb311.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -C -r $TRACES/smb/smb311.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/smb/smb311.pcap %INPUT # @TEST-EXEC: test ! -f dpd.log # @TEST-EXEC: test ! -f weird.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/smtp/attachment.test b/testing/btest/scripts/base/protocols/smtp/attachment.test index 49602f00c1..ddbdae0d64 100644 --- a/testing/btest/scripts/base/protocols/smtp/attachment.test +++ b/testing/btest/scripts/base/protocols/smtp/attachment.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/smtp.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/smtp.trace %INPUT # @TEST-EXEC: btest-diff smtp.log # @TEST-EXEC: btest-diff files.log diff --git a/testing/btest/scripts/base/protocols/smtp/basic.test b/testing/btest/scripts/base/protocols/smtp/basic.test index 6be512a255..41a9290f13 100644 --- a/testing/btest/scripts/base/protocols/smtp/basic.test +++ b/testing/btest/scripts/base/protocols/smtp/basic.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/smtp.trace %INPUT # @TEST-EXEC: btest-diff smtp.log @load base/protocols/smtp diff --git a/testing/btest/scripts/base/protocols/smtp/one-side.test b/testing/btest/scripts/base/protocols/smtp/one-side.test index cffbe1d173..9c9e036a8c 100644 --- a/testing/btest/scripts/base/protocols/smtp/one-side.test +++ b/testing/btest/scripts/base/protocols/smtp/one-side.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/smtp-one-side-only.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/smtp-one-side-only.trace %INPUT # @TEST-EXEC: btest-diff smtp.log @load base/protocols/smtp diff --git a/testing/btest/scripts/base/protocols/smtp/starttls.test b/testing/btest/scripts/base/protocols/smtp/starttls.test index e3a114f572..865497f022 100644 --- a/testing/btest/scripts/base/protocols/smtp/starttls.test +++ b/testing/btest/scripts/base/protocols/smtp/starttls.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/smtp-starttls.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/smtp-starttls.pcap %INPUT # @TEST-EXEC: btest-diff smtp.log # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log diff --git a/testing/btest/scripts/base/protocols/snmp/snmp-addr.zeek b/testing/btest/scripts/base/protocols/snmp/snmp-addr.zeek index 5c21cf7be3..16203c597e 100644 --- a/testing/btest/scripts/base/protocols/snmp/snmp-addr.zeek +++ b/testing/btest/scripts/base/protocols/snmp/snmp-addr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -b -r $TRACES/snmp/snmpwalk-short.pcap %INPUT +# @TEST-EXEC: zeek -C -b -r $TRACES/snmp/snmpwalk-short.pcap %INPUT # @TEST-EXEC: btest-diff .stdout @load base/protocols/snmp diff --git a/testing/btest/scripts/base/protocols/snmp/v1.zeek b/testing/btest/scripts/base/protocols/snmp/v1.zeek index 09f86a28e4..6513d94177 100644 --- a/testing/btest/scripts/base/protocols/snmp/v1.zeek +++ b/testing/btest/scripts/base/protocols/snmp/v1.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv1_get.pcap %INPUT $SCRIPTS/snmp-test.zeek >out1 -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv1_get_short.pcap %INPUT $SCRIPTS/snmp-test.zeek >out2 -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv1_set.pcap %INPUT $SCRIPTS/snmp-test.zeek >out3 -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv1_trap.pcap %INPUT $SCRIPTS/snmp-test.zeek >out4 +# @TEST-EXEC: zeek -b -r $TRACES/snmp/snmpv1_get.pcap %INPUT $SCRIPTS/snmp-test.zeek >out1 +# @TEST-EXEC: zeek -b -r $TRACES/snmp/snmpv1_get_short.pcap %INPUT $SCRIPTS/snmp-test.zeek >out2 +# @TEST-EXEC: zeek -b -r $TRACES/snmp/snmpv1_set.pcap %INPUT $SCRIPTS/snmp-test.zeek >out3 +# @TEST-EXEC: zeek -b -r $TRACES/snmp/snmpv1_trap.pcap %INPUT $SCRIPTS/snmp-test.zeek >out4 # @TEST-EXEC: btest-diff out1 # @TEST-EXEC: btest-diff out2 diff --git a/testing/btest/scripts/base/protocols/snmp/v2.zeek b/testing/btest/scripts/base/protocols/snmp/v2.zeek index 58491d33b2..015d6446da 100644 --- a/testing/btest/scripts/base/protocols/snmp/v2.zeek +++ b/testing/btest/scripts/base/protocols/snmp/v2.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv2_get.pcap %INPUT $SCRIPTS/snmp-test.zeek >out1 -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv2_get_bulk.pcap %INPUT $SCRIPTS/snmp-test.zeek >out2 -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv2_get_next.pcap %INPUT $SCRIPTS/snmp-test.zeek >out3 +# @TEST-EXEC: zeek -b -r $TRACES/snmp/snmpv2_get.pcap %INPUT $SCRIPTS/snmp-test.zeek >out1 +# @TEST-EXEC: zeek -b -r $TRACES/snmp/snmpv2_get_bulk.pcap %INPUT $SCRIPTS/snmp-test.zeek >out2 +# @TEST-EXEC: zeek -b -r $TRACES/snmp/snmpv2_get_next.pcap %INPUT $SCRIPTS/snmp-test.zeek >out3 # @TEST-EXEC: btest-diff out1 # @TEST-EXEC: btest-diff out2 diff --git a/testing/btest/scripts/base/protocols/snmp/v3.zeek b/testing/btest/scripts/base/protocols/snmp/v3.zeek index 4d72b6476d..7d4cb53e72 100644 --- a/testing/btest/scripts/base/protocols/snmp/v3.zeek +++ b/testing/btest/scripts/base/protocols/snmp/v3.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv3_get_next.pcap %INPUT $SCRIPTS/snmp-test.zeek >out1 +# @TEST-EXEC: zeek -b -r $TRACES/snmp/snmpv3_get_next.pcap %INPUT $SCRIPTS/snmp-test.zeek >out1 # @TEST-EXEC: btest-diff out1 diff --git a/testing/btest/scripts/base/protocols/socks/socks-auth.zeek b/testing/btest/scripts/base/protocols/socks/socks-auth.zeek index d58e1b5801..eabd4a6420 100644 --- a/testing/btest/scripts/base/protocols/socks/socks-auth.zeek +++ b/testing/btest/scripts/base/protocols/socks/socks-auth.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/socks-auth.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/socks-auth.pcap %INPUT # @TEST-EXEC: btest-diff socks.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/scripts/base/protocols/socks/trace1.test b/testing/btest/scripts/base/protocols/socks/trace1.test index fb1d9ebaf2..900a962fef 100644 --- a/testing/btest/scripts/base/protocols/socks/trace1.test +++ b/testing/btest/scripts/base/protocols/socks/trace1.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/socks.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/socks.trace %INPUT # @TEST-EXEC: btest-diff socks.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/scripts/base/protocols/socks/trace2.test b/testing/btest/scripts/base/protocols/socks/trace2.test index 5e3a449120..c9defb5f34 100644 --- a/testing/btest/scripts/base/protocols/socks/trace2.test +++ b/testing/btest/scripts/base/protocols/socks/trace2.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/socks-with-ssl.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/socks-with-ssl.trace %INPUT # @TEST-EXEC: btest-diff socks.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/scripts/base/protocols/socks/trace3.test b/testing/btest/scripts/base/protocols/socks/trace3.test index c3b3b091eb..c83ad4fa87 100644 --- a/testing/btest/scripts/base/protocols/socks/trace3.test +++ b/testing/btest/scripts/base/protocols/socks/trace3.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tunnels/socks.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tunnels/socks.pcap %INPUT # @TEST-EXEC: btest-diff tunnel.log @load base/protocols/socks diff --git a/testing/btest/scripts/base/protocols/ssh/basic.test b/testing/btest/scripts/base/protocols/ssh/basic.test index 84b38a1f32..162ab9dd1f 100644 --- a/testing/btest/scripts/base/protocols/ssh/basic.test +++ b/testing/btest/scripts/base/protocols/ssh/basic.test @@ -1,6 +1,6 @@ # This tests some SSH connections and the output log. -# @TEST-EXEC: bro -r $TRACES/ssh/ssh.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/ssh/ssh.trace %INPUT # @TEST-EXEC: btest-diff ssh.log # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ssh/curve25519_kex.test b/testing/btest/scripts/base/protocols/ssh/curve25519_kex.test index 64641fe4af..ca13bda6ef 100644 --- a/testing/btest/scripts/base/protocols/ssh/curve25519_kex.test +++ b/testing/btest/scripts/base/protocols/ssh/curve25519_kex.test @@ -1,6 +1,6 @@ # This tests a successful login with pubkey using curve25519 as the KEX algorithm -# @TEST-EXEC: bro -b -r $TRACES/ssh/ssh_kex_curve25519.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/ssh/ssh_kex_curve25519.pcap %INPUT # @TEST-EXEC: btest-diff ssh.log @load base/protocols/ssh \ No newline at end of file diff --git a/testing/btest/scripts/base/protocols/ssh/one-auth-fail-only.test b/testing/btest/scripts/base/protocols/ssh/one-auth-fail-only.test index abaa48fd35..e87a246957 100644 --- a/testing/btest/scripts/base/protocols/ssh/one-auth-fail-only.test +++ b/testing/btest/scripts/base/protocols/ssh/one-auth-fail-only.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/ssh/sshguess.pcap %INPUT | sort >output +# @TEST-EXEC: zeek -C -r $TRACES/ssh/sshguess.pcap %INPUT | sort >output # @TEST-EXEC: btest-diff output event ssh_auth_attempted(c: connection, authenticated: bool) diff --git a/testing/btest/scripts/base/protocols/ssl/basic.test b/testing/btest/scripts/base/protocols/ssl/basic.test index 51eacfd572..918ecd55b7 100644 --- a/testing/btest/scripts/base/protocols/ssl/basic.test +++ b/testing/btest/scripts/base/protocols/ssl/basic.test @@ -1,6 +1,6 @@ # This tests a normal SSL connection and the log it outputs. -# @TEST-EXEC: bro -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log # @TEST-EXEC: test ! -f dpd.log diff --git a/testing/btest/scripts/base/protocols/ssl/common_name.test b/testing/btest/scripts/base/protocols/ssl/common_name.test index fa14e19045..32565b2ea7 100644 --- a/testing/btest/scripts/base/protocols/ssl/common_name.test +++ b/testing/btest/scripts/base/protocols/ssl/common_name.test @@ -1,7 +1,7 @@ # This tests a normal SSL connection and the log it outputs. -# @TEST-EXEC: bro -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT -# @TEST-EXEC: bro -C -r $TRACES/tls/cert-no-cn.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/cert-no-cn.pcap %INPUT # @TEST-EXEC: btest-diff .stdout event x509_certificate(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate) diff --git a/testing/btest/scripts/base/protocols/ssl/comp_methods.test b/testing/btest/scripts/base/protocols/ssl/comp_methods.test index fa24d4b47b..ae6b43e179 100644 --- a/testing/btest/scripts/base/protocols/ssl/comp_methods.test +++ b/testing/btest/scripts/base/protocols/ssl/comp_methods.test @@ -1,6 +1,6 @@ # This tests that the values sent for compression methods are correct. -# @TEST-EXEC: bro -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT # @TEST-EXEC: btest-diff .stdout event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec) diff --git a/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test b/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test index 878d2a3064..2f11f84df1 100644 --- a/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test +++ b/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test @@ -1,6 +1,6 @@ # This tests if Bro does not crash when exposed to CVE-2015-3194 -# @TEST-EXEC: bro -r $TRACES/tls/CVE-2015-3194.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/CVE-2015-3194.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log @load protocols/ssl/validate-certs diff --git a/testing/btest/scripts/base/protocols/ssl/dhe.test b/testing/btest/scripts/base/protocols/ssl/dhe.test index f41cb70fab..df22cea9cc 100644 --- a/testing/btest/scripts/base/protocols/ssl/dhe.test +++ b/testing/btest/scripts/base/protocols/ssl/dhe.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/dhe.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/dhe.pcap %INPUT # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: btest-diff ssl.log diff --git a/testing/btest/scripts/base/protocols/ssl/dpd.test b/testing/btest/scripts/base/protocols/ssl/dpd.test index 20b6ab6b74..f7f76a6e1a 100644 --- a/testing/btest/scripts/base/protocols/ssl/dpd.test +++ b/testing/btest/scripts/base/protocols/ssl/dpd.test @@ -1,8 +1,8 @@ -# @TEST-EXEC: bro -C -b -r $TRACES/tls/ssl-v2.trace %INPUT -# @TEST-EXEC: bro -b -r $TRACES/tls/ssl.v3.trace %INPUT -# @TEST-EXEC: bro -b -r $TRACES/tls/tls1.2.trace %INPUT -# @TEST-EXEC: bro -b -r $TRACES/tls/tls-early-alert.trace %INPUT -# @TEST-EXEC: bro -b -r $TRACES/tls/tls-13draft19-early-data.pcap %INPUT +# @TEST-EXEC: zeek -C -b -r $TRACES/tls/ssl-v2.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/ssl.v3.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/tls1.2.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/tls-early-alert.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/tls-13draft19-early-data.pcap %INPUT # @TEST-EXEC: btest-diff .stdout @load base/frameworks/dpd diff --git a/testing/btest/scripts/base/protocols/ssl/dtls-no-dtls.test b/testing/btest/scripts/base/protocols/ssl/dtls-no-dtls.test index e8731bb1be..88667fca18 100644 --- a/testing/btest/scripts/base/protocols/ssl/dtls-no-dtls.test +++ b/testing/btest/scripts/base/protocols/ssl/dtls-no-dtls.test @@ -1,6 +1,6 @@ # This tests checks that non-dtls connections to which we attach don't trigger tons of errors. -# @TEST-EXEC: bro -C -r $TRACES/dns-txt-multiple.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/dns-txt-multiple.trace %INPUT # @TEST-EXEC: btest-diff .stdout event zeek_init() diff --git a/testing/btest/scripts/base/protocols/ssl/dtls-stun-dpd.test b/testing/btest/scripts/base/protocols/ssl/dtls-stun-dpd.test index d2437aac8b..b86ff75ee4 100644 --- a/testing/btest/scripts/base/protocols/ssl/dtls-stun-dpd.test +++ b/testing/btest/scripts/base/protocols/ssl/dtls-stun-dpd.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/webrtc-stun.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/webrtc-stun.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: touch dpd.log # @TEST-EXEC: btest-diff dpd.log diff --git a/testing/btest/scripts/base/protocols/ssl/dtls.test b/testing/btest/scripts/base/protocols/ssl/dtls.test index a1b2c74dd8..2f31758cbf 100644 --- a/testing/btest/scripts/base/protocols/ssl/dtls.test +++ b/testing/btest/scripts/base/protocols/ssl/dtls.test @@ -1,9 +1,9 @@ # This tests a normal SSL connection and the log it outputs. -# @TEST-EXEC: bro -r $TRACES/tls/dtls1_0.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/dtls1_0.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log -# @TEST-EXEC: bro -r $TRACES/tls/dtls1_2.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/dtls1_2.pcap %INPUT # @TEST-EXEC: cp ssl.log ssl1_2.log # @TEST-EXEC: cp x509.log x5091_2.log # @TEST-EXEC: btest-diff ssl1_2.log diff --git a/testing/btest/scripts/base/protocols/ssl/ecdhe.test b/testing/btest/scripts/base/protocols/ssl/ecdhe.test index bd1bd2cb96..e200619013 100644 --- a/testing/btest/scripts/base/protocols/ssl/ecdhe.test +++ b/testing/btest/scripts/base/protocols/ssl/ecdhe.test @@ -1,3 +1,3 @@ -# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ecdhe.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log diff --git a/testing/btest/scripts/base/protocols/ssl/ecdsa.test b/testing/btest/scripts/base/protocols/ssl/ecdsa.test index a2db7c2cb5..2ace638a41 100644 --- a/testing/btest/scripts/base/protocols/ssl/ecdsa.test +++ b/testing/btest/scripts/base/protocols/ssl/ecdsa.test @@ -1,3 +1,3 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/ecdsa-cert.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/ecdsa-cert.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log diff --git a/testing/btest/scripts/base/protocols/ssl/fragment.test b/testing/btest/scripts/base/protocols/ssl/fragment.test index b01a78a07a..2ea87d8291 100644 --- a/testing/btest/scripts/base/protocols/ssl/fragment.test +++ b/testing/btest/scripts/base/protocols/ssl/fragment.test @@ -1,6 +1,6 @@ # Test a heavily fragmented tls connection -# @TEST-EXEC: cat $TRACES/tls/tls-fragmented-handshake.pcap.gz | gunzip | bro -r - %INPUT +# @TEST-EXEC: cat $TRACES/tls/tls-fragmented-handshake.pcap.gz | gunzip | zeek -r - %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ssl/handshake-events.test b/testing/btest/scripts/base/protocols/ssl/handshake-events.test index f73d268eef..0b45bebc02 100644 --- a/testing/btest/scripts/base/protocols/ssl/handshake-events.test +++ b/testing/btest/scripts/base/protocols/ssl/handshake-events.test @@ -1,6 +1,6 @@ # This tests events not covered by other tests -# @TEST-EXEC: bro -b -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT # @TEST-EXEC: btest-diff .stdout @load base/protocols/ssl diff --git a/testing/btest/scripts/base/protocols/ssl/keyexchange.test b/testing/btest/scripts/base/protocols/ssl/keyexchange.test index 9c65ea5dda..252237f0dd 100644 --- a/testing/btest/scripts/base/protocols/ssl/keyexchange.test +++ b/testing/btest/scripts/base/protocols/ssl/keyexchange.test @@ -1,14 +1,14 @@ -# @TEST-EXEC: bro -r $TRACES/tls/dhe.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/dhe.pcap %INPUT # @TEST-EXEC: cat ssl.log > ssl-all.log -# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ecdhe.pcap %INPUT # @TEST-EXEC: cat ssl.log >> ssl-all.log -# @TEST-EXEC: bro -r $TRACES/tls/ssl.v3.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ssl.v3.trace %INPUT # @TEST-EXEC: cat ssl.log >> ssl-all.log -# @TEST-EXEC: bro -r $TRACES/tls/tls1_1.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls1_1.pcap %INPUT # @TEST-EXEC: cat ssl.log >> ssl-all.log -# @TEST-EXEC: bro -r $TRACES/tls/dtls1_0.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/dtls1_0.pcap %INPUT # @TEST-EXEC: cat ssl.log >> ssl-all.log -# @TEST-EXEC: bro -r $TRACES/tls/dtls1_2.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/dtls1_2.pcap %INPUT # @TEST-EXEC: cat ssl.log >> ssl-all.log # @TEST-EXEC: btest-diff ssl-all.log diff --git a/testing/btest/scripts/base/protocols/ssl/ocsp-http-get.test b/testing/btest/scripts/base/protocols/ssl/ocsp-http-get.test index 181ee34909..747c1a667c 100644 --- a/testing/btest/scripts/base/protocols/ssl/ocsp-http-get.test +++ b/testing/btest/scripts/base/protocols/ssl/ocsp-http-get.test @@ -1,6 +1,6 @@ # This tests a normal OCSP request sent through HTTP GET -# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-http-get.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/ocsp-http-get.pcap %INPUT # @TEST-EXEC: btest-diff ocsp.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ssl/ocsp-request-only.test b/testing/btest/scripts/base/protocols/ssl/ocsp-request-only.test index ff493a62a8..348da52f96 100644 --- a/testing/btest/scripts/base/protocols/ssl/ocsp-request-only.test +++ b/testing/btest/scripts/base/protocols/ssl/ocsp-request-only.test @@ -1,6 +1,6 @@ # This tests a OCSP request missing response -# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-request-only.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/ocsp-request-only.pcap %INPUT # @TEST-EXEC: btest-diff .stdout @load files/x509/log-ocsp diff --git a/testing/btest/scripts/base/protocols/ssl/ocsp-request-response.test b/testing/btest/scripts/base/protocols/ssl/ocsp-request-response.test index cfa5b99375..1942b57bad 100644 --- a/testing/btest/scripts/base/protocols/ssl/ocsp-request-response.test +++ b/testing/btest/scripts/base/protocols/ssl/ocsp-request-response.test @@ -1,6 +1,6 @@ # This tests a pair of normal OCSP request and response -# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-request-response.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/ocsp-request-response.pcap %INPUT # @TEST-EXEC: btest-diff ocsp.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ssl/ocsp-response-only.test b/testing/btest/scripts/base/protocols/ssl/ocsp-response-only.test index 3b8c4a2d57..871ac59a34 100644 --- a/testing/btest/scripts/base/protocols/ssl/ocsp-response-only.test +++ b/testing/btest/scripts/base/protocols/ssl/ocsp-response-only.test @@ -1,6 +1,6 @@ # This tests a normal OCSP response missing request -# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-response-only.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/ocsp-response-only.pcap %INPUT # @TEST-EXEC: btest-diff ocsp.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ssl/ocsp-revoked.test b/testing/btest/scripts/base/protocols/ssl/ocsp-revoked.test index 3ee0e96776..5f5f1486ea 100644 --- a/testing/btest/scripts/base/protocols/ssl/ocsp-revoked.test +++ b/testing/btest/scripts/base/protocols/ssl/ocsp-revoked.test @@ -1,6 +1,6 @@ # This tests OCSP response with revocation -# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-revoked.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/ocsp-revoked.pcap %INPUT # @TEST-EXEC: btest-diff ocsp.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ssl/ocsp-stapling.test b/testing/btest/scripts/base/protocols/ssl/ocsp-stapling.test index 6424f263f1..3c338933aa 100644 --- a/testing/btest/scripts/base/protocols/ssl/ocsp-stapling.test +++ b/testing/btest/scripts/base/protocols/ssl/ocsp-stapling.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-stapling.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/ocsp-stapling.trace %INPUT # @TEST-EXEC: btest-diff .stdout redef SSL::root_certs += { diff --git a/testing/btest/scripts/base/protocols/ssl/signed_certificate_timestamp.test b/testing/btest/scripts/base/protocols/ssl/signed_certificate_timestamp.test index 7c7dc90e4c..e2201c3218 100644 --- a/testing/btest/scripts/base/protocols/ssl/signed_certificate_timestamp.test +++ b/testing/btest/scripts/base/protocols/ssl/signed_certificate_timestamp.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/signed_certificate_timestamp.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/signed_certificate_timestamp.pcap %INPUT # # The following file contains a tls 1.0 connection with a SCT in a TLS extension. # This is interesting because the digitally-signed struct in TLS 1.0 does not come @@ -7,7 +7,7 @@ # uses in the end. So this one does have a Signature/Hash alg, even if the protocol # itself does not carry it in the same struct. # -# @TEST-EXEC: bro -r $TRACES/tls/signed_certificate_timestamp_tls1_0.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/signed_certificate_timestamp_tls1_0.pcap %INPUT # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: test ! -f dpd.log diff --git a/testing/btest/scripts/base/protocols/ssl/tls-1.2-ciphers.test b/testing/btest/scripts/base/protocols/ssl/tls-1.2-ciphers.test index a904628acf..077aa15f1a 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls-1.2-ciphers.test +++ b/testing/btest/scripts/base/protocols/ssl/tls-1.2-ciphers.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/tls1.2.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls1.2.trace %INPUT # @TEST-EXEC: btest-diff .stdout event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec) diff --git a/testing/btest/scripts/base/protocols/ssl/tls-1.2-handshake-failure.test b/testing/btest/scripts/base/protocols/ssl/tls-1.2-handshake-failure.test index 74acf3224a..6507e58793 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls-1.2-handshake-failure.test +++ b/testing/btest/scripts/base/protocols/ssl/tls-1.2-handshake-failure.test @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -r $TRACES/tls/tls-1.2-handshake-failure.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls-1.2-handshake-failure.trace %INPUT # @TEST-EXEC: btest-diff ssl.log diff --git a/testing/btest/scripts/base/protocols/ssl/tls-1.2-random.test b/testing/btest/scripts/base/protocols/ssl/tls-1.2-random.test index 7f023927ac..b21fc4ee11 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls-1.2-random.test +++ b/testing/btest/scripts/base/protocols/ssl/tls-1.2-random.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/tls1.2.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls1.2.trace %INPUT # @TEST-EXEC: btest-diff .stdout event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec) diff --git a/testing/btest/scripts/base/protocols/ssl/tls-1.2.test b/testing/btest/scripts/base/protocols/ssl/tls-1.2.test index 15a737c032..8e2189d9f6 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls-1.2.test +++ b/testing/btest/scripts/base/protocols/ssl/tls-1.2.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/tls1.2.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls1.2.trace %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ssl/tls-extension-events.test b/testing/btest/scripts/base/protocols/ssl/tls-extension-events.test index b8f3d42242..f548d81512 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls-extension-events.test +++ b/testing/btest/scripts/base/protocols/ssl/tls-extension-events.test @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/chrome-34-google.trace %INPUT -# @TEST-EXEC: bro -C -r $TRACES/tls/tls-13draft19-early-data.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/chrome-34-google.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/tls-13draft19-early-data.pcap %INPUT # @TEST-EXEC: btest-diff .stdout event ssl_extension_elliptic_curves(c: connection, is_orig: bool, curves: index_vec) diff --git a/testing/btest/scripts/base/protocols/ssl/tls13-experiment.test b/testing/btest/scripts/base/protocols/ssl/tls13-experiment.test index e074535692..f784ea0af0 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls13-experiment.test +++ b/testing/btest/scripts/base/protocols/ssl/tls13-experiment.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/chrome-63.0.3211.0-canary-tls_experiment.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/chrome-63.0.3211.0-canary-tls_experiment.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ssl/tls13-version.test b/testing/btest/scripts/base/protocols/ssl/tls13-version.test index 9194c861e1..29c6da9261 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls13-version.test +++ b/testing/btest/scripts/base/protocols/ssl/tls13-version.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/tls13draft23-chrome67.0.3368.0-canary.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/tls13draft23-chrome67.0.3368.0-canary.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log # Test that we correctly parse the version out of the extension in an 1.3 connection diff --git a/testing/btest/scripts/base/protocols/ssl/tls13.test b/testing/btest/scripts/base/protocols/ssl/tls13.test index 5033b6ea01..5f67e0333e 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls13.test +++ b/testing/btest/scripts/base/protocols/ssl/tls13.test @@ -1,10 +1,10 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/tls13draft16-chrome55.0.2879.0-canary-aborted.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/tls13draft16-chrome55.0.2879.0-canary-aborted.pcap %INPUT # @TEST-EXEC: cat ssl.log > ssl-out.log -# @TEST-EXEC: bro -C -r $TRACES/tls/tls13draft16-chrome55.0.2879.0-canary.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/tls13draft16-chrome55.0.2879.0-canary.pcap %INPUT # @TEST-EXEC: cat ssl.log >> ssl-out.log -# @TEST-EXEC: bro -C -r $TRACES/tls/tls13draft16-ff52.a01-aborted.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/tls13draft16-ff52.a01-aborted.pcap %INPUT # @TEST-EXEC: cat ssl.log >> ssl-out.log -# @TEST-EXEC: bro -C -r $TRACES/tls/tls13draft16-ff52.a01.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/tls13draft16-ff52.a01.pcap %INPUT # @TEST-EXEC: cat ssl.log >> ssl-out.log # @TEST-EXEC: btest-diff ssl-out.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ssl/tls1_1.test b/testing/btest/scripts/base/protocols/ssl/tls1_1.test index 885a047ebe..de3ed740b4 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls1_1.test +++ b/testing/btest/scripts/base/protocols/ssl/tls1_1.test @@ -1,6 +1,6 @@ # This tests a normal SSL connection and the log it outputs. -# @TEST-EXEC: bro -r $TRACES/tls/tls1_1.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls1_1.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log # @TEST-EXEC: test ! -f dpd.log diff --git a/testing/btest/scripts/base/protocols/ssl/x509-invalid-extension.test b/testing/btest/scripts/base/protocols/ssl/x509-invalid-extension.test index de0dc9e59f..05bac2d21b 100644 --- a/testing/btest/scripts/base/protocols/ssl/x509-invalid-extension.test +++ b/testing/btest/scripts/base/protocols/ssl/x509-invalid-extension.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-stapling.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/ocsp-stapling.trace %INPUT # @TEST-EXEC: btest-diff .stdout event x509_extension(f: fa_file, ext: X509::Extension) diff --git a/testing/btest/scripts/base/protocols/ssl/x509_extensions.test b/testing/btest/scripts/base/protocols/ssl/x509_extensions.test index 425afbb2c8..ee7fa103e4 100644 --- a/testing/btest/scripts/base/protocols/ssl/x509_extensions.test +++ b/testing/btest/scripts/base/protocols/ssl/x509_extensions.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/tls1.2.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls1.2.trace %INPUT # @TEST-EXEC: btest-diff .stdout event x509_extension(f: fa_file, extension: X509::Extension) diff --git a/testing/btest/scripts/base/protocols/syslog/missing-pri.zeek b/testing/btest/scripts/base/protocols/syslog/missing-pri.zeek index c33eb1638b..0382fa0aaf 100644 --- a/testing/btest/scripts/base/protocols/syslog/missing-pri.zeek +++ b/testing/btest/scripts/base/protocols/syslog/missing-pri.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/syslog-missing-pri.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/syslog-missing-pri.trace %INPUT # @TEST-EXEC: btest-diff syslog.log @load base/protocols/syslog diff --git a/testing/btest/scripts/base/protocols/syslog/trace.test b/testing/btest/scripts/base/protocols/syslog/trace.test index 78b681a9d8..f4dba5c807 100644 --- a/testing/btest/scripts/base/protocols/syslog/trace.test +++ b/testing/btest/scripts/base/protocols/syslog/trace.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/syslog-single-udp.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/syslog-single-udp.trace %INPUT # @TEST-EXEC: btest-diff syslog.log @load base/protocols/syslog diff --git a/testing/btest/scripts/base/protocols/tcp/pending.zeek b/testing/btest/scripts/base/protocols/tcp/pending.zeek index 1a49f5d19b..8695f71b47 100644 --- a/testing/btest/scripts/base/protocols/tcp/pending.zeek +++ b/testing/btest/scripts/base/protocols/tcp/pending.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/chrome-34-google.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/chrome-34-google.trace %INPUT # @TEST-EXEC: btest-diff .stdout event connection_pending(c: connection) diff --git a/testing/btest/scripts/base/protocols/xmpp/client-dpd.test b/testing/btest/scripts/base/protocols/xmpp/client-dpd.test index 9c9cc29c8a..544b56a744 100644 --- a/testing/btest/scripts/base/protocols/xmpp/client-dpd.test +++ b/testing/btest/scripts/base/protocols/xmpp/client-dpd.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -b -r $TRACES/tls/xmpp-starttls.pcap %INPUT +# @TEST-EXEC: zeek -C -b -r $TRACES/tls/xmpp-starttls.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log @load base/frameworks/dpd diff --git a/testing/btest/scripts/base/protocols/xmpp/server-dialback-dpd.test b/testing/btest/scripts/base/protocols/xmpp/server-dialback-dpd.test index 9483c0cca8..e398aed22e 100644 --- a/testing/btest/scripts/base/protocols/xmpp/server-dialback-dpd.test +++ b/testing/btest/scripts/base/protocols/xmpp/server-dialback-dpd.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -b -r $TRACES/tls/xmpp-dialback-starttls.pcap %INPUT +# @TEST-EXEC: zeek -C -b -r $TRACES/tls/xmpp-dialback-starttls.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log @load base/frameworks/dpd diff --git a/testing/btest/scripts/base/protocols/xmpp/starttls.test b/testing/btest/scripts/base/protocols/xmpp/starttls.test index f046d49283..7cc4717e31 100644 --- a/testing/btest/scripts/base/protocols/xmpp/starttls.test +++ b/testing/btest/scripts/base/protocols/xmpp/starttls.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -b -r $TRACES/tls/xmpp-starttls.pcap %INPUT +# @TEST-EXEC: zeek -C -b -r $TRACES/tls/xmpp-starttls.pcap %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log diff --git a/testing/btest/scripts/base/utils/active-http.test b/testing/btest/scripts/base/utils/active-http.test index 9f94a14c7f..ff80dc5bf2 100644 --- a/testing/btest/scripts/base/utils/active-http.test +++ b/testing/btest/scripts/base/utils/active-http.test @@ -3,9 +3,9 @@ # # @TEST-EXEC: btest-bg-run httpd python $SCRIPTS/httpd.py --max 2 --addr=127.0.0.1 # @TEST-EXEC: sleep 3 -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 15 -# @TEST-EXEC: cat bro/.stdout | sort >output +# @TEST-EXEC: cat zeek/.stdout | sort >output # @TEST-EXEC: btest-diff output @load base/utils/active-http diff --git a/testing/btest/scripts/base/utils/addrs.test b/testing/btest/scripts/base/utils/addrs.test index 8e5580d3e5..664f714784 100644 --- a/testing/btest/scripts/base/utils/addrs.test +++ b/testing/btest/scripts/base/utils/addrs.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT > output +# @TEST-EXEC: zeek -b %INPUT > output # @TEST-EXEC: btest-diff output @load base/utils/addrs diff --git a/testing/btest/scripts/base/utils/conn-ids.test b/testing/btest/scripts/base/utils/conn-ids.test index affe746e35..b44615b102 100644 --- a/testing/btest/scripts/base/utils/conn-ids.test +++ b/testing/btest/scripts/base/utils/conn-ids.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: zeek %INPUT >output # @TEST-EXEC: btest-diff output # This is loaded by default. diff --git a/testing/btest/scripts/base/utils/decompose_uri.zeek b/testing/btest/scripts/base/utils/decompose_uri.zeek index 074e782474..30ba9cd245 100644 --- a/testing/btest/scripts/base/utils/decompose_uri.zeek +++ b/testing/btest/scripts/base/utils/decompose_uri.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT > output +# @TEST-EXEC: zeek -b %INPUT > output # @TEST-EXEC: btest-diff output @load base/utils/urls diff --git a/testing/btest/scripts/base/utils/dir.test b/testing/btest/scripts/base/utils/dir.test index c02f215d51..6043d54289 100644 --- a/testing/btest/scripts/base/utils/dir.test +++ b/testing/btest/scripts/base/utils/dir.test @@ -1,12 +1,12 @@ -# @TEST-EXEC: btest-bg-run bro bro -b ../dirtest.zeek -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/next1 10 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek -b ../dirtest.zeek +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/next1 10 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: touch testdir/newone # @TEST-EXEC: rm testdir/bye -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/next2 10 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/next2 10 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: touch testdir/bye # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: touch testdir/newone -# @TEST-EXEC: btest-diff bro/.stdout +# @TEST-EXEC: btest-diff zeek/.stdout @TEST-START-FILE dirtest.zeek diff --git a/testing/btest/scripts/base/utils/directions-and-hosts.test b/testing/btest/scripts/base/utils/directions-and-hosts.test index a955053d4a..7e731aba2e 100644 --- a/testing/btest/scripts/base/utils/directions-and-hosts.test +++ b/testing/btest/scripts/base/utils/directions-and-hosts.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: zeek %INPUT >output # @TEST-EXEC: btest-diff output # These are loaded by default. diff --git a/testing/btest/scripts/base/utils/exec.test b/testing/btest/scripts/base/utils/exec.test index 8913ed025c..efa13c781c 100644 --- a/testing/btest/scripts/base/utils/exec.test +++ b/testing/btest/scripts/base/utils/exec.test @@ -1,6 +1,6 @@ -# @TEST-EXEC: btest-bg-run bro bro -b ../exectest.zeek +# @TEST-EXEC: btest-bg-run zeek zeek -b ../exectest.zeek # @TEST-EXEC: btest-bg-wait 15 -# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff bro/.stdout +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff zeek/.stdout @TEST-START-FILE exectest.zeek diff --git a/testing/btest/scripts/base/utils/files.test b/testing/btest/scripts/base/utils/files.test index 402da96bed..8410c50a1a 100644 --- a/testing/btest/scripts/base/utils/files.test +++ b/testing/btest/scripts/base/utils/files.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace %INPUT >output # @TEST-EXEC: btest-diff output # This is loaded by default. diff --git a/testing/btest/scripts/base/utils/hash_hrw.zeek b/testing/btest/scripts/base/utils/hash_hrw.zeek index 90f87f6f46..c77e1548fe 100644 --- a/testing/btest/scripts/base/utils/hash_hrw.zeek +++ b/testing/btest/scripts/base/utils/hash_hrw.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT > output +# @TEST-EXEC: zeek -b %INPUT > output # @TEST-EXEC: btest-diff output @load base/utils/hash_hrw diff --git a/testing/btest/scripts/base/utils/json.test b/testing/btest/scripts/base/utils/json.test index 968db1cefe..8d34ed98b1 100644 --- a/testing/btest/scripts/base/utils/json.test +++ b/testing/btest/scripts/base/utils/json.test @@ -2,7 +2,7 @@ # test with no elements, with one element, and with more than one element. # Test that the "only_loggable" option works (output only record fields with # the &log attribute). -# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: zeek %INPUT >output # @TEST-EXEC: btest-diff output type color: enum { Red, White, Blue }; diff --git a/testing/btest/scripts/base/utils/numbers.test b/testing/btest/scripts/base/utils/numbers.test index c1a2fff8c8..f80b64c26a 100644 --- a/testing/btest/scripts/base/utils/numbers.test +++ b/testing/btest/scripts/base/utils/numbers.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: zeek %INPUT >output # @TEST-EXEC: btest-diff output # This is loaded by default. diff --git a/testing/btest/scripts/base/utils/paths.test b/testing/btest/scripts/base/utils/paths.test index 8436d37b8b..09e8b96f97 100644 --- a/testing/btest/scripts/base/utils/paths.test +++ b/testing/btest/scripts/base/utils/paths.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: zeek %INPUT >output # @TEST-EXEC: btest-diff output # This is loaded by default. @@ -41,18 +41,18 @@ print "==============================="; test_extract("\"/this/is/a/dir\" is current directory", "/this/is/a/dir"); test_extract("/this/is/a/dir is current directory", "/this/is/a/dir"); test_extract("/this/is/a/dir\\ is\\ current\\ directory", "/this/is/a/dir\\ is\\ current\\ directory"); -test_extract("hey, /foo/bar/baz.bro is a cool script", "/foo/bar/baz.bro"); +test_extract("hey, /foo/bar/baz.zeek is a cool script", "/foo/bar/baz.zeek"); test_extract("here's two dirs: /foo/bar and /foo/baz", "/foo/bar"); print "test build_path_compressed()"; print "==============================="; -print build_path_compressed("/home/bro/", "policy/somefile.bro"); -print build_path_compressed("/home/bro/", "/usr/local/bro/share/bro/somefile.bro"); -print build_path_compressed("/home/bro/", "/usr/local/bro/share/../../bro/somefile.bro"); +print build_path_compressed("/home/bro/", "policy/somefile.zeek"); +print build_path_compressed("/home/bro/", "/usr/local/bro/share/bro/somefile.zeek"); +print build_path_compressed("/home/bro/", "/usr/local/bro/share/../../bro/somefile.zeek"); print "==============================="; print "test build_full_path()"; print "==============================="; -print build_path("/home/bro/", "policy/somefile.bro"); -print build_path("/home/bro/", "/usr/local/bro/share/bro/somefile.bro"); +print build_path("/home/bro/", "policy/somefile.zeek"); +print build_path("/home/bro/", "/usr/local/bro/share/bro/somefile.zeek"); diff --git a/testing/btest/scripts/base/utils/pattern.test b/testing/btest/scripts/base/utils/pattern.test index 1cf5c49100..1c5ad227ef 100644 --- a/testing/btest/scripts/base/utils/pattern.test +++ b/testing/btest/scripts/base/utils/pattern.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: zeek %INPUT >output # @TEST-EXEC: btest-diff output # This is loaded by default. diff --git a/testing/btest/scripts/base/utils/queue.test b/testing/btest/scripts/base/utils/queue.test index b11cac233f..bad45a67ab 100644 --- a/testing/btest/scripts/base/utils/queue.test +++ b/testing/btest/scripts/base/utils/queue.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT > output +# @TEST-EXEC: zeek -b %INPUT > output # @TEST-EXEC: btest-diff output # This is loaded by default diff --git a/testing/btest/scripts/base/utils/site.test b/testing/btest/scripts/base/utils/site.test index 50438a0b9c..c97d98acbd 100644 --- a/testing/btest/scripts/base/utils/site.test +++ b/testing/btest/scripts/base/utils/site.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT > output +# @TEST-EXEC: zeek %INPUT > output # @TEST-EXEC: btest-diff output # This is loaded by default. diff --git a/testing/btest/scripts/base/utils/strings.test b/testing/btest/scripts/base/utils/strings.test index 77fe715def..9606ab3213 100644 --- a/testing/btest/scripts/base/utils/strings.test +++ b/testing/btest/scripts/base/utils/strings.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: zeek %INPUT >output # @TEST-EXEC: btest-diff output # This is loaded by default. diff --git a/testing/btest/scripts/base/utils/thresholds.test b/testing/btest/scripts/base/utils/thresholds.test index 2e18cc3b63..1c56057090 100644 --- a/testing/btest/scripts/base/utils/thresholds.test +++ b/testing/btest/scripts/base/utils/thresholds.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: zeek %INPUT >output # @TEST-EXEC: btest-diff output # This is loaded by default. diff --git a/testing/btest/scripts/base/utils/urls.test b/testing/btest/scripts/base/utils/urls.test index fd8c0a8622..666f805edb 100644 --- a/testing/btest/scripts/base/utils/urls.test +++ b/testing/btest/scripts/base/utils/urls.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: zeek %INPUT >output # @TEST-EXEC: btest-diff output # This is loaded by default. diff --git a/testing/btest/scripts/check-test-all-policy.zeek b/testing/btest/scripts/check-test-all-policy.zeek index 9a9d120e6d..19bfe40c08 100644 --- a/testing/btest/scripts/check-test-all-policy.zeek +++ b/testing/btest/scripts/check-test-all-policy.zeek @@ -1,6 +1,6 @@ -# Makes sures test-all-policy.bro (which loads *all* other policy scripts) compiles correctly. +# Makes sures test-all-policy.zeek (which loads *all* other policy scripts) compiles correctly. # -# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: zeek %INPUT >output # @TEST-EXEC: btest-diff output @load test-all-policy diff --git a/testing/btest/scripts/policy/frameworks/files/extract-all.zeek b/testing/btest/scripts/policy/frameworks/files/extract-all.zeek index f54b2e299d..b043e48830 100644 --- a/testing/btest/scripts/policy/frameworks/files/extract-all.zeek +++ b/testing/btest/scripts/policy/frameworks/files/extract-all.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace frameworks/files/extract-all-files +# @TEST-EXEC: zeek -r $TRACES/http/get.trace frameworks/files/extract-all-files # @TEST-EXEC: grep -q EXTRACT files.log diff --git a/testing/btest/scripts/policy/frameworks/intel/removal.zeek b/testing/btest/scripts/policy/frameworks/intel/removal.zeek index 41c87bc6fb..7ca2bd5541 100644 --- a/testing/btest/scripts/policy/frameworks/intel/removal.zeek +++ b/testing/btest/scripts/policy/frameworks/intel/removal.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: btest-bg-run broproc bro %INPUT +# @TEST-EXEC: btest-bg-run broproc zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff broproc/intel.log diff --git a/testing/btest/scripts/policy/frameworks/intel/seen/certs.zeek b/testing/btest/scripts/policy/frameworks/intel/seen/certs.zeek index c90c5e41f4..bd9abdf452 100644 --- a/testing/btest/scripts/policy/frameworks/intel/seen/certs.zeek +++ b/testing/btest/scripts/policy/frameworks/intel/seen/certs.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: bro -Cr $TRACES/tls/ecdsa-cert.pcap %INPUT +# @TEST-EXEC: zeek -Cr $TRACES/tls/ecdsa-cert.pcap %INPUT # @TEST-EXEC: cat intel.log > intel-all.log -# @TEST-EXEC: bro -r $TRACES/tls/ssl.v3.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ssl.v3.trace %INPUT # @TEST-EXEC: cat intel.log >> intel-all.log # @TEST-EXEC: btest-diff intel-all.log diff --git a/testing/btest/scripts/policy/frameworks/intel/seen/smb.zeek b/testing/btest/scripts/policy/frameworks/intel/seen/smb.zeek index 5e0024ec7c..ad87bf8955 100644 --- a/testing/btest/scripts/policy/frameworks/intel/seen/smb.zeek +++ b/testing/btest/scripts/policy/frameworks/intel/seen/smb.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/smb/smb2readwrite.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/smb/smb2readwrite.pcap %INPUT # @TEST-EXEC: btest-diff intel.log @load base/frameworks/intel diff --git a/testing/btest/scripts/policy/frameworks/intel/seen/smtp.zeek b/testing/btest/scripts/policy/frameworks/intel/seen/smtp.zeek index 6ad04e95bd..ca144d3a55 100644 --- a/testing/btest/scripts/policy/frameworks/intel/seen/smtp.zeek +++ b/testing/btest/scripts/policy/frameworks/intel/seen/smtp.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smtp-multi-addr.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/smtp-multi-addr.pcap %INPUT # @TEST-EXEC: btest-diff intel.log @TEST-START-FILE intel.dat diff --git a/testing/btest/scripts/policy/frameworks/intel/whitelisting.zeek b/testing/btest/scripts/policy/frameworks/intel/whitelisting.zeek index 560ba35c0a..de8e28c7d4 100644 --- a/testing/btest/scripts/policy/frameworks/intel/whitelisting.zeek +++ b/testing/btest/scripts/policy/frameworks/intel/whitelisting.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -Cr $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -Cr $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff intel.log #@TEST-START-FILE intel.dat diff --git a/testing/btest/scripts/policy/frameworks/software/version-changes.zeek b/testing/btest/scripts/policy/frameworks/software/version-changes.zeek index 493bc1d354..9f168fb502 100644 --- a/testing/btest/scripts/policy/frameworks/software/version-changes.zeek +++ b/testing/btest/scripts/policy/frameworks/software/version-changes.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff software.log # @TEST-EXEC: btest-diff notice.log diff --git a/testing/btest/scripts/policy/frameworks/software/vulnerable.zeek b/testing/btest/scripts/policy/frameworks/software/vulnerable.zeek index dd233a6ffc..4d36bbf3f4 100644 --- a/testing/btest/scripts/policy/frameworks/software/vulnerable.zeek +++ b/testing/btest/scripts/policy/frameworks/software/vulnerable.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: btest-diff notice.log @load frameworks/software/vulnerable diff --git a/testing/btest/scripts/policy/misc/dump-events.zeek b/testing/btest/scripts/policy/misc/dump-events.zeek index d318266787..bc017c6533 100644 --- a/testing/btest/scripts/policy/misc/dump-events.zeek +++ b/testing/btest/scripts/policy/misc/dump-events.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events %INPUT >all-events.log -# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events %INPUT DumpEvents::include_args=F >all-events-no-args.log -# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events %INPUT DumpEvents::include=/smtp_/ >smtp-events.log +# @TEST-EXEC: zeek -r $TRACES/smtp.trace policy/misc/dump-events %INPUT >all-events.log +# @TEST-EXEC: zeek -r $TRACES/smtp.trace policy/misc/dump-events %INPUT DumpEvents::include_args=F >all-events-no-args.log +# @TEST-EXEC: zeek -r $TRACES/smtp.trace policy/misc/dump-events %INPUT DumpEvents::include=/smtp_/ >smtp-events.log # # @TEST-EXEC: btest-diff all-events.log # @TEST-EXEC: btest-diff all-events-no-args.log diff --git a/testing/btest/scripts/policy/misc/weird-stats-cluster.zeek b/testing/btest/scripts/policy/misc/weird-stats-cluster.zeek index 0c73ccf189..5d8fd2529d 100644 --- a/testing/btest/scripts/policy/misc/weird-stats-cluster.zeek +++ b/testing/btest/scripts/policy/misc/weird-stats-cluster.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff manager-1/weird_stats.log diff --git a/testing/btest/scripts/policy/misc/weird-stats.zeek b/testing/btest/scripts/policy/misc/weird-stats.zeek index 16a0ca02d7..0caeb960fe 100644 --- a/testing/btest/scripts/policy/misc/weird-stats.zeek +++ b/testing/btest/scripts/policy/misc/weird-stats.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: btest-bg-run bro bro %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek %INPUT # @TEST-EXEC: btest-bg-wait 20 -# @TEST-EXEC: btest-diff bro/weird_stats.log +# @TEST-EXEC: btest-diff zeek/weird_stats.log @load misc/weird-stats diff --git a/testing/btest/scripts/policy/protocols/conn/known-hosts.zeek b/testing/btest/scripts/policy/protocols/conn/known-hosts.zeek index 677cfa9f3d..cdb3fa5058 100644 --- a/testing/btest/scripts/policy/protocols/conn/known-hosts.zeek +++ b/testing/btest/scripts/policy/protocols/conn/known-hosts.zeek @@ -1,18 +1,18 @@ # A basic test of the known-hosts script's logging and asset_tracking options -# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=LOCAL_HOSTS +# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=LOCAL_HOSTS # @TEST-EXEC: mv known_hosts.log knownhosts-local.log # @TEST-EXEC: btest-diff knownhosts-local.log -# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=REMOTE_HOSTS +# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=REMOTE_HOSTS # @TEST-EXEC: mv known_hosts.log knownhosts-remote.log # @TEST-EXEC: btest-diff knownhosts-remote.log -# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=ALL_HOSTS +# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=ALL_HOSTS # @TEST-EXEC: mv known_hosts.log knownhosts-all.log # @TEST-EXEC: btest-diff knownhosts-all.log -# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=NO_HOSTS +# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=NO_HOSTS # @TEST-EXEC: test '!' -e known_hosts.log @load protocols/conn/known-hosts diff --git a/testing/btest/scripts/policy/protocols/conn/known-services.zeek b/testing/btest/scripts/policy/protocols/conn/known-services.zeek index ab787b6bd4..3c34adadc9 100644 --- a/testing/btest/scripts/policy/protocols/conn/known-services.zeek +++ b/testing/btest/scripts/policy/protocols/conn/known-services.zeek @@ -1,18 +1,18 @@ # A basic test of the known-services script's logging and asset_tracking options -# @TEST-EXEC: bro -r $TRACES/var-services-std-ports.trace %INPUT Known::service_tracking=LOCAL_HOSTS +# @TEST-EXEC: zeek -r $TRACES/var-services-std-ports.trace %INPUT Known::service_tracking=LOCAL_HOSTS # @TEST-EXEC: mv known_services.log knownservices-local.log # @TEST-EXEC: btest-diff knownservices-local.log -# @TEST-EXEC: bro -r $TRACES/var-services-std-ports.trace %INPUT Known::service_tracking=REMOTE_HOSTS +# @TEST-EXEC: zeek -r $TRACES/var-services-std-ports.trace %INPUT Known::service_tracking=REMOTE_HOSTS # @TEST-EXEC: mv known_services.log knownservices-remote.log # @TEST-EXEC: btest-diff knownservices-remote.log -# @TEST-EXEC: bro -r $TRACES/var-services-std-ports.trace %INPUT Known::service_tracking=ALL_HOSTS +# @TEST-EXEC: zeek -r $TRACES/var-services-std-ports.trace %INPUT Known::service_tracking=ALL_HOSTS # @TEST-EXEC: mv known_services.log knownservices-all.log # @TEST-EXEC: btest-diff knownservices-all.log -# @TEST-EXEC: bro -r $TRACES/var-services-std-ports.trace %INPUT Known::service_tracking=NO_HOSTS +# @TEST-EXEC: zeek -r $TRACES/var-services-std-ports.trace %INPUT Known::service_tracking=NO_HOSTS # @TEST-EXEC: test '!' -e known_services.log @load protocols/conn/known-services diff --git a/testing/btest/scripts/policy/protocols/conn/mac-logging.zeek b/testing/btest/scripts/policy/protocols/conn/mac-logging.zeek index a3cfbf768f..78b1ce9f4c 100644 --- a/testing/btest/scripts/policy/protocols/conn/mac-logging.zeek +++ b/testing/btest/scripts/policy/protocols/conn/mac-logging.zeek @@ -1,10 +1,10 @@ # A basic test of the mac logging script -# @TEST-EXEC: bro -b -C -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: mv conn.log conn1.log -# @TEST-EXEC: bro -b -C -r $TRACES/radiotap.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/radiotap.pcap %INPUT # @TEST-EXEC: mv conn.log conn2.log -# @TEST-EXEC: bro -b -C -r $TRACES/llc.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/llc.pcap %INPUT # @TEST-EXEC: mv conn.log conn3.log # # @TEST-EXEC: btest-diff conn1.log diff --git a/testing/btest/scripts/policy/protocols/conn/vlan-logging.zeek b/testing/btest/scripts/policy/protocols/conn/vlan-logging.zeek index 1711eba71d..6ee809af52 100644 --- a/testing/btest/scripts/policy/protocols/conn/vlan-logging.zeek +++ b/testing/btest/scripts/policy/protocols/conn/vlan-logging.zeek @@ -1,6 +1,6 @@ # A basic test of the vlan logging script -# @TEST-EXEC: bro -r $TRACES/q-in-q.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/q-in-q.trace %INPUT # @TEST-EXEC: btest-diff conn.log @load protocols/conn/vlan-logging diff --git a/testing/btest/scripts/policy/protocols/dns/inverse-request.zeek b/testing/btest/scripts/policy/protocols/dns/inverse-request.zeek index d695060707..770386072c 100644 --- a/testing/btest/scripts/policy/protocols/dns/inverse-request.zeek +++ b/testing/btest/scripts/policy/protocols/dns/inverse-request.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/dns-inverse-query.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/dns-inverse-query.trace %INPUT # @TEST-EXEC: test ! -e dns.log @load protocols/dns/auth-addl diff --git a/testing/btest/scripts/policy/protocols/http/flash-version.zeek b/testing/btest/scripts/policy/protocols/http/flash-version.zeek index 9357295c3c..e2ad2ebf3b 100644 --- a/testing/btest/scripts/policy/protocols/http/flash-version.zeek +++ b/testing/btest/scripts/policy/protocols/http/flash-version.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r ${TRACES}/http/flash-version.trace %INPUT +# @TEST-EXEC: zeek -r ${TRACES}/http/flash-version.trace %INPUT # @TEST-EXEC: btest-diff software.log @load protocols/http/software diff --git a/testing/btest/scripts/policy/protocols/http/header-names.zeek b/testing/btest/scripts/policy/protocols/http/header-names.zeek index 30b1de7fdb..5422c8e9e2 100644 --- a/testing/btest/scripts/policy/protocols/http/header-names.zeek +++ b/testing/btest/scripts/policy/protocols/http/header-names.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff http.log @load protocols/http/header-names diff --git a/testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.zeek b/testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.zeek index 3041abab75..129acde477 100644 --- a/testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.zeek +++ b/testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT > output +# @TEST-EXEC: zeek %INPUT > output # @TEST-EXEC: btest-diff output @load protocols/http/detect-sqli diff --git a/testing/btest/scripts/policy/protocols/krb/ticket-logging.zeek b/testing/btest/scripts/policy/protocols/krb/ticket-logging.zeek index 0bc0a33d5d..f537e5146d 100644 --- a/testing/btest/scripts/policy/protocols/krb/ticket-logging.zeek +++ b/testing/btest/scripts/policy/protocols/krb/ticket-logging.zeek @@ -1,6 +1,6 @@ # This test makes sure that krb ticket hashes are logged correctly. -# @TEST-EXEC: bro -b -r $TRACES/krb/auth.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/krb/auth.trace %INPUT # @TEST-EXEC: btest-diff kerberos.log @load protocols/krb/ticket-logging diff --git a/testing/btest/scripts/policy/protocols/ssh/detect-bruteforcing.zeek b/testing/btest/scripts/policy/protocols/ssh/detect-bruteforcing.zeek index e28ebf5b49..583c8ae0a5 100644 --- a/testing/btest/scripts/policy/protocols/ssh/detect-bruteforcing.zeek +++ b/testing/btest/scripts/policy/protocols/ssh/detect-bruteforcing.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/ssh/sshguess.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/ssh/sshguess.pcap %INPUT # @TEST-EXEC: btest-diff notice.log @load protocols/ssh/detect-bruteforcing diff --git a/testing/btest/scripts/policy/protocols/ssl/expiring-certs.zeek b/testing/btest/scripts/policy/protocols/ssl/expiring-certs.zeek index 9278e11de0..16591d560c 100644 --- a/testing/btest/scripts/policy/protocols/ssl/expiring-certs.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/expiring-certs.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/tls-expired-cert.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls-expired-cert.trace %INPUT # @TEST-EXEC: btest-diff notice.log @load protocols/ssl/expiring-certs diff --git a/testing/btest/scripts/policy/protocols/ssl/extract-certs-pem.zeek b/testing/btest/scripts/policy/protocols/ssl/extract-certs-pem.zeek index ad99e2e143..660181942e 100644 --- a/testing/btest/scripts/policy/protocols/ssl/extract-certs-pem.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/extract-certs-pem.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/ssl.v3.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ssl.v3.trace %INPUT # @TEST-EXEC: btest-diff certs-remote.pem @load protocols/ssl/extract-certs-pem diff --git a/testing/btest/scripts/policy/protocols/ssl/heartbleed.zeek b/testing/btest/scripts/policy/protocols/ssl/heartbleed.zeek index 52137adbd0..887035d946 100644 --- a/testing/btest/scripts/policy/protocols/ssl/heartbleed.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/heartbleed.zeek @@ -1,20 +1,20 @@ -# TEST-EXEC: bro -C -r $TRACES/tls/heartbleed.pcap %INPUT +# TEST-EXEC: zeek -C -r $TRACES/tls/heartbleed.pcap %INPUT # TEST-EXEC: mv notice.log notice-heartbleed.log # TEST-EXEC: btest-diff notice-heartbleed.log -# @TEST-EXEC: bro -C -r $TRACES/tls/heartbleed-success.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/heartbleed-success.pcap %INPUT # @TEST-EXEC: mv notice.log notice-heartbleed-success.log # @TEST-EXEC: btest-diff notice-heartbleed-success.log -# @TEST-EXEC: bro -C -r $TRACES/tls/heartbleed-encrypted.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/heartbleed-encrypted.pcap %INPUT # @TEST-EXEC: mv notice.log notice-encrypted.log # @TEST-EXEC: btest-diff notice-encrypted.log -# @TEST-EXEC: bro -C -r $TRACES/tls/heartbleed-encrypted-success.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/heartbleed-encrypted-success.pcap %INPUT # @TEST-EXEC: mv notice.log notice-encrypted-success.log # @TEST-EXEC: btest-diff notice-encrypted-success.log -# @TEST-EXEC: bro -C -r $TRACES/tls/heartbleed-encrypted-short.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/heartbleed-encrypted-short.pcap %INPUT # @TEST-EXEC: mv notice.log notice-encrypted-short.log # @TEST-EXEC: btest-diff notice-encrypted-short.log diff --git a/testing/btest/scripts/policy/protocols/ssl/known-certs.zeek b/testing/btest/scripts/policy/protocols/ssl/known-certs.zeek index f5ff187164..e3a586b292 100644 --- a/testing/btest/scripts/policy/protocols/ssl/known-certs.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/known-certs.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/google-duplicate.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/google-duplicate.trace %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log # @TEST-EXEC: btest-diff known_certs.log diff --git a/testing/btest/scripts/policy/protocols/ssl/log-hostcerts-only.zeek b/testing/btest/scripts/policy/protocols/ssl/log-hostcerts-only.zeek index 37f9f7592b..25d830acb0 100644 --- a/testing/btest/scripts/policy/protocols/ssl/log-hostcerts-only.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/log-hostcerts-only.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/google-duplicate.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/google-duplicate.trace %INPUT # @TEST-EXEC: btest-diff x509.log @load protocols/ssl/log-hostcerts-only diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.zeek b/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.zeek index ccca29fd7c..cb5d72a0d9 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap $SCRIPTS/external-ca-list.zeek %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/missing-intermediate.pcap $SCRIPTS/external-ca-list.zeek %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl.log @load protocols/ssl/validate-certs diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-certs.zeek b/testing/btest/scripts/policy/protocols/ssl/validate-certs.zeek index 9686c1ab28..434b3b020b 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-certs.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/validate-certs.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: bro -r $TRACES/tls/tls-expired-cert.trace $SCRIPTS/external-ca-list.zeek %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls-expired-cert.trace $SCRIPTS/external-ca-list.zeek %INPUT # @TEST-EXEC: cat ssl.log > ssl-all.log -# @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap $SCRIPTS/external-ca-list.zeek %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/missing-intermediate.pcap $SCRIPTS/external-ca-list.zeek %INPUT # @TEST-EXEC: cat ssl.log >> ssl-all.log # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-all.log diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-ocsp.zeek b/testing/btest/scripts/policy/protocols/ssl/validate-ocsp.zeek index 21d174be91..948fa38b01 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-ocsp.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/validate-ocsp.zeek @@ -1,9 +1,9 @@ -# @TEST-EXEC: bro $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling.trace %INPUT +# @TEST-EXEC: zeek $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling.trace %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl.log -# @TEST-EXEC: bro $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling-twimg.trace %INPUT +# @TEST-EXEC: zeek $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling-twimg.trace %INPUT # @TEST-EXEC: mv ssl.log ssl-twimg.log # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-twimg.log -# @TEST-EXEC: bro $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling-digicert.trace %INPUT +# @TEST-EXEC: zeek $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling-digicert.trace %INPUT # @TEST-EXEC: mv ssl.log ssl-digicert.log # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-digicert.log diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-sct.zeek b/testing/btest/scripts/policy/protocols/ssl/validate-sct.zeek index c21dc18094..7d2ac86865 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-sct.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/validate-sct.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: bro -r $TRACES/tls/signed_certificate_timestamp.pcap $SCRIPTS/external-ca-list.zeek %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/signed_certificate_timestamp.pcap $SCRIPTS/external-ca-list.zeek %INPUT # @TEST-EXEC: cat ssl.log > ssl-all.log -# @TEST-EXEC: bro -r $TRACES/tls/signed_certificate_timestamp-2.pcap $SCRIPTS/external-ca-list.zeek %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/signed_certificate_timestamp-2.pcap $SCRIPTS/external-ca-list.zeek %INPUT # @TEST-EXEC: cat ssl.log >> ssl-all.log # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-all.log diff --git a/testing/btest/scripts/policy/protocols/ssl/weak-keys.zeek b/testing/btest/scripts/policy/protocols/ssl/weak-keys.zeek index f4d51f8016..efc9aebf12 100644 --- a/testing/btest/scripts/policy/protocols/ssl/weak-keys.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/weak-keys.zeek @@ -1,8 +1,8 @@ -# @TEST-EXEC: bro -r $TRACES/tls/dhe.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/dhe.pcap %INPUT # @TEST-EXEC: cp notice.log notice-out.log -# @TEST-EXEC: bro -r $TRACES/tls/ssl-v2.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ssl-v2.trace %INPUT # @TEST-EXEC: cat notice.log >> notice-out.log -# @TEST-EXEC: bro -r $TRACES/tls/ssl.v3.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ssl.v3.trace %INPUT # @TEST-EXEC: cat notice.log >> notice-out.log # @TEST-EXEC: btest-diff notice-out.log diff --git a/testing/btest/scripts/site/local-compat.test b/testing/btest/scripts/site/local-compat.test index 3eb189e639..036f9184b0 100644 --- a/testing/btest/scripts/site/local-compat.test +++ b/testing/btest/scripts/site/local-compat.test @@ -1,10 +1,10 @@ -# @TEST-EXEC: bro local-`cat $DIST/VERSION | sed 's/\([0-9].[0-9]\).*/\1/g'`.bro +# @TEST-EXEC: zeek local-`cat $DIST/VERSION | sed 's/\([0-9].[0-9]\).*/\1/g'`.bro # This tests the compatibility of the past release's site/local.bro # script with the current version of Bro. If the test fails because # it doesn't find the right file, that means everything stayed # compatibile between releases, so just add a TEST-START-FILE with -# the contents the latest Bro version's site/local.bro script. +# the contents the latest Bro version's site/local.zeek script. # If the test fails while loading the old local.bro, it usually # indicates a note will need to be made in NEWS explaining to users # how to migrate to the new version and this test's TEST-START-FILE diff --git a/testing/btest/scripts/site/local.test b/testing/btest/scripts/site/local.test index e2058417cd..158cc7f8c0 100644 --- a/testing/btest/scripts/site/local.test +++ b/testing/btest/scripts/site/local.test @@ -1,3 +1,3 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT @load local \ No newline at end of file diff --git a/testing/btest/signatures/bad-eval-condition.zeek b/testing/btest/signatures/bad-eval-condition.zeek index 2b3fef76fe..d64cb4cba4 100644 --- a/testing/btest/signatures/bad-eval-condition.zeek +++ b/testing/btest/signatures/bad-eval-condition.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -r $TRACES/ftp/ipv4.trace %INPUT +# @TEST-EXEC-FAIL: zeek -r $TRACES/ftp/ipv4.trace %INPUT # @TEST-EXEC: btest-diff .stderr @load-sigs blah.sig diff --git a/testing/btest/signatures/dpd.zeek b/testing/btest/signatures/dpd.zeek index b6d58fb3a3..16e7f19724 100644 --- a/testing/btest/signatures/dpd.zeek +++ b/testing/btest/signatures/dpd.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: bro -b -s myftp -r $TRACES/ftp/ipv4.trace %INPUT >dpd-ipv4.out -# @TEST-EXEC: bro -b -s myftp -r $TRACES/ftp/ipv6.trace %INPUT >dpd-ipv6.out -# @TEST-EXEC: bro -b -r $TRACES/ftp/ipv4.trace %INPUT >nosig-ipv4.out -# @TEST-EXEC: bro -b -r $TRACES/ftp/ipv6.trace %INPUT >nosig-ipv6.out +# @TEST-EXEC: zeek -b -s myftp -r $TRACES/ftp/ipv4.trace %INPUT >dpd-ipv4.out +# @TEST-EXEC: zeek -b -s myftp -r $TRACES/ftp/ipv6.trace %INPUT >dpd-ipv6.out +# @TEST-EXEC: zeek -b -r $TRACES/ftp/ipv4.trace %INPUT >nosig-ipv4.out +# @TEST-EXEC: zeek -b -r $TRACES/ftp/ipv6.trace %INPUT >nosig-ipv6.out # @TEST-EXEC: btest-diff dpd-ipv4.out # @TEST-EXEC: btest-diff dpd-ipv6.out # @TEST-EXEC: btest-diff nosig-ipv4.out diff --git a/testing/btest/signatures/dst-ip-cidr-v4.zeek b/testing/btest/signatures/dst-ip-cidr-v4.zeek index e86a746e54..9c80a9148a 100644 --- a/testing/btest/signatures/dst-ip-cidr-v4.zeek +++ b/testing/btest/signatures/dst-ip-cidr-v4.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/ntp.pcap %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/ntp.pcap %INPUT >output # @TEST-EXEC: btest-diff output @TEST-START-FILE a.sig diff --git a/testing/btest/signatures/dst-ip-header-condition-v4-masks.zeek b/testing/btest/signatures/dst-ip-header-condition-v4-masks.zeek index dc5b0f48b8..9389f11df2 100644 --- a/testing/btest/signatures/dst-ip-header-condition-v4-masks.zeek +++ b/testing/btest/signatures/dst-ip-header-condition-v4-masks.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b -s dst-ip-eq -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq.out -# @TEST-EXEC: bro -b -s dst-ip-eq-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq-nomatch.out -# @TEST-EXEC: bro -b -s dst-ip-eq-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq-list.out +# @TEST-EXEC: zeek -b -s dst-ip-eq -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq.out +# @TEST-EXEC: zeek -b -s dst-ip-eq-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-eq-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq-list.out -# @TEST-EXEC: bro -b -s dst-ip-ne -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne.out -# @TEST-EXEC: bro -b -s dst-ip-ne-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-nomatch.out -# @TEST-EXEC: bro -b -s dst-ip-ne-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-list.out -# @TEST-EXEC: bro -b -s dst-ip-ne-list-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-list-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-ne -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-list.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-list-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-list-nomatch.out # @TEST-EXEC: btest-diff dst-ip-eq.out # @TEST-EXEC: btest-diff dst-ip-eq-nomatch.out diff --git a/testing/btest/signatures/dst-ip-header-condition-v4.zeek b/testing/btest/signatures/dst-ip-header-condition-v4.zeek index 0d0d3e644c..b04d6c30ca 100644 --- a/testing/btest/signatures/dst-ip-header-condition-v4.zeek +++ b/testing/btest/signatures/dst-ip-header-condition-v4.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b -s dst-ip-eq -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq.out -# @TEST-EXEC: bro -b -s dst-ip-eq-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq-nomatch.out -# @TEST-EXEC: bro -b -s dst-ip-eq-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq-list.out +# @TEST-EXEC: zeek -b -s dst-ip-eq -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq.out +# @TEST-EXEC: zeek -b -s dst-ip-eq-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-eq-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq-list.out -# @TEST-EXEC: bro -b -s dst-ip-ne -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne.out -# @TEST-EXEC: bro -b -s dst-ip-ne-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-nomatch.out -# @TEST-EXEC: bro -b -s dst-ip-ne-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-list.out -# @TEST-EXEC: bro -b -s dst-ip-ne-list-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-list-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-ne -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-list.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-list-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-list-nomatch.out # @TEST-EXEC: btest-diff dst-ip-eq.out # @TEST-EXEC: btest-diff dst-ip-eq-nomatch.out diff --git a/testing/btest/signatures/dst-ip-header-condition-v6-masks.zeek b/testing/btest/signatures/dst-ip-header-condition-v6-masks.zeek index d82a76e78d..9de148eb87 100644 --- a/testing/btest/signatures/dst-ip-header-condition-v6-masks.zeek +++ b/testing/btest/signatures/dst-ip-header-condition-v6-masks.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b -s dst-ip-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq.out -# @TEST-EXEC: bro -b -s dst-ip-eq-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq-nomatch.out -# @TEST-EXEC: bro -b -s dst-ip-eq-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq-list.out +# @TEST-EXEC: zeek -b -s dst-ip-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq.out +# @TEST-EXEC: zeek -b -s dst-ip-eq-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-eq-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq-list.out -# @TEST-EXEC: bro -b -s dst-ip-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne.out -# @TEST-EXEC: bro -b -s dst-ip-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-nomatch.out -# @TEST-EXEC: bro -b -s dst-ip-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-list.out -# @TEST-EXEC: bro -b -s dst-ip-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-list-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-list.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-list-nomatch.out # @TEST-EXEC: btest-diff dst-ip-eq.out # @TEST-EXEC: btest-diff dst-ip-eq-nomatch.out diff --git a/testing/btest/signatures/dst-ip-header-condition-v6.zeek b/testing/btest/signatures/dst-ip-header-condition-v6.zeek index e629fb4462..5bd64f8fc1 100644 --- a/testing/btest/signatures/dst-ip-header-condition-v6.zeek +++ b/testing/btest/signatures/dst-ip-header-condition-v6.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b -s dst-ip-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq.out -# @TEST-EXEC: bro -b -s dst-ip-eq-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq-nomatch.out -# @TEST-EXEC: bro -b -s dst-ip-eq-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq-list.out +# @TEST-EXEC: zeek -b -s dst-ip-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq.out +# @TEST-EXEC: zeek -b -s dst-ip-eq-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-eq-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq-list.out -# @TEST-EXEC: bro -b -s dst-ip-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne.out -# @TEST-EXEC: bro -b -s dst-ip-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-nomatch.out -# @TEST-EXEC: bro -b -s dst-ip-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-list.out -# @TEST-EXEC: bro -b -s dst-ip-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-list-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-list.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-list-nomatch.out # @TEST-EXEC: btest-diff dst-ip-eq.out # @TEST-EXEC: btest-diff dst-ip-eq-nomatch.out diff --git a/testing/btest/signatures/dst-port-header-condition.zeek b/testing/btest/signatures/dst-port-header-condition.zeek index 08ba07b0de..5f2f880d79 100644 --- a/testing/btest/signatures/dst-port-header-condition.zeek +++ b/testing/btest/signatures/dst-port-header-condition.zeek @@ -1,24 +1,24 @@ -# @TEST-EXEC: bro -b -s dst-port-eq -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >dst-port-eq.out -# @TEST-EXEC: bro -b -s dst-port-eq-nomatch -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >dst-port-eq-nomatch.out -# @TEST-EXEC: bro -b -s dst-port-eq-list -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >dst-port-eq-list.out -# @TEST-EXEC: bro -b -s dst-port-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-eq-ip6.out +# @TEST-EXEC: zeek -b -s dst-port-eq -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >dst-port-eq.out +# @TEST-EXEC: zeek -b -s dst-port-eq-nomatch -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >dst-port-eq-nomatch.out +# @TEST-EXEC: zeek -b -s dst-port-eq-list -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >dst-port-eq-list.out +# @TEST-EXEC: zeek -b -s dst-port-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-eq-ip6.out -# @TEST-EXEC: bro -b -s dst-port-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-ne.out -# @TEST-EXEC: bro -b -s dst-port-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-ne-nomatch.out -# @TEST-EXEC: bro -b -s dst-port-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-ne-list.out -# @TEST-EXEC: bro -b -s dst-port-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-ne-list-nomatch.out +# @TEST-EXEC: zeek -b -s dst-port-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-ne.out +# @TEST-EXEC: zeek -b -s dst-port-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-ne-nomatch.out +# @TEST-EXEC: zeek -b -s dst-port-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-ne-list.out +# @TEST-EXEC: zeek -b -s dst-port-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-ne-list-nomatch.out -# @TEST-EXEC: bro -b -s dst-port-lt -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-lt.out -# @TEST-EXEC: bro -b -s dst-port-lt-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-lt-nomatch.out -# @TEST-EXEC: bro -b -s dst-port-lte1 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-lte1.out -# @TEST-EXEC: bro -b -s dst-port-lte2 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-lte2.out -# @TEST-EXEC: bro -b -s dst-port-lte-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-lte-nomatch.out +# @TEST-EXEC: zeek -b -s dst-port-lt -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-lt.out +# @TEST-EXEC: zeek -b -s dst-port-lt-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-lt-nomatch.out +# @TEST-EXEC: zeek -b -s dst-port-lte1 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-lte1.out +# @TEST-EXEC: zeek -b -s dst-port-lte2 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-lte2.out +# @TEST-EXEC: zeek -b -s dst-port-lte-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-lte-nomatch.out -# @TEST-EXEC: bro -b -s dst-port-gt -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-gt.out -# @TEST-EXEC: bro -b -s dst-port-gt-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-gt-nomatch.out -# @TEST-EXEC: bro -b -s dst-port-gte1 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-gte1.out -# @TEST-EXEC: bro -b -s dst-port-gte2 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-gte2.out -# @TEST-EXEC: bro -b -s dst-port-gte-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-gte-nomatch.out +# @TEST-EXEC: zeek -b -s dst-port-gt -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-gt.out +# @TEST-EXEC: zeek -b -s dst-port-gt-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-gt-nomatch.out +# @TEST-EXEC: zeek -b -s dst-port-gte1 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-gte1.out +# @TEST-EXEC: zeek -b -s dst-port-gte2 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-gte2.out +# @TEST-EXEC: zeek -b -s dst-port-gte-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-gte-nomatch.out # @TEST-EXEC: btest-diff dst-port-eq.out # @TEST-EXEC: btest-diff dst-port-eq-nomatch.out diff --git a/testing/btest/signatures/eval-condition-no-return-value.zeek b/testing/btest/signatures/eval-condition-no-return-value.zeek index b1a4f5781f..88a8e57ca1 100644 --- a/testing/btest/signatures/eval-condition-no-return-value.zeek +++ b/testing/btest/signatures/eval-condition-no-return-value.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/ftp/ipv4.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace %INPUT # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: btest-diff .stderr diff --git a/testing/btest/signatures/eval-condition.zeek b/testing/btest/signatures/eval-condition.zeek index a14003b691..fe2db7482b 100644 --- a/testing/btest/signatures/eval-condition.zeek +++ b/testing/btest/signatures/eval-condition.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/ftp/ipv4.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace %INPUT # @TEST-EXEC: btest-diff conn.log @load-sigs blah.sig diff --git a/testing/btest/signatures/header-header-condition.zeek b/testing/btest/signatures/header-header-condition.zeek index ad78ba4513..545a9fdf40 100644 --- a/testing/btest/signatures/header-header-condition.zeek +++ b/testing/btest/signatures/header-header-condition.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b -s ip -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >ip.out -# @TEST-EXEC: bro -b -s ip-mask -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >ip-mask.out -# @TEST-EXEC: bro -b -s ip6 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >ip6.out -# @TEST-EXEC: bro -b -s udp -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >udp.out -# @TEST-EXEC: bro -b -s tcp -r $TRACES/chksums/ip4-tcp-good-chksum.pcap %INPUT >tcp.out -# @TEST-EXEC: bro -b -s icmp -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >icmp.out -# @TEST-EXEC: bro -b -s icmp6 -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap %INPUT >icmp6.out -# @TEST-EXEC: bro -b -s val-mask -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >val-mask.out +# @TEST-EXEC: zeek -b -s ip -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >ip.out +# @TEST-EXEC: zeek -b -s ip-mask -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >ip-mask.out +# @TEST-EXEC: zeek -b -s ip6 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >ip6.out +# @TEST-EXEC: zeek -b -s udp -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >udp.out +# @TEST-EXEC: zeek -b -s tcp -r $TRACES/chksums/ip4-tcp-good-chksum.pcap %INPUT >tcp.out +# @TEST-EXEC: zeek -b -s icmp -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >icmp.out +# @TEST-EXEC: zeek -b -s icmp6 -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap %INPUT >icmp6.out +# @TEST-EXEC: zeek -b -s val-mask -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >val-mask.out # @TEST-EXEC: btest-diff ip.out # @TEST-EXEC: btest-diff ip-mask.out diff --git a/testing/btest/signatures/id-lookup.zeek b/testing/btest/signatures/id-lookup.zeek index f055e73725..a100b0a624 100644 --- a/testing/btest/signatures/id-lookup.zeek +++ b/testing/btest/signatures/id-lookup.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -s id -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >id.out +# @TEST-EXEC: zeek -b -s id -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >id.out # @TEST-EXEC: btest-diff id.out @TEST-START-FILE id.sig diff --git a/testing/btest/signatures/ip-proto-header-condition.zeek b/testing/btest/signatures/ip-proto-header-condition.zeek index 52d58ea223..bbaf865f06 100644 --- a/testing/btest/signatures/ip-proto-header-condition.zeek +++ b/testing/btest/signatures/ip-proto-header-condition.zeek @@ -1,10 +1,10 @@ -# @TEST-EXEC: bro -b -s tcp -r $TRACES/chksums/ip4-tcp-good-chksum.pcap %INPUT >tcp_in_ip4.out -# @TEST-EXEC: bro -b -s udp -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >udp_in_ip4.out -# @TEST-EXEC: bro -b -s icmp -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >icmp_in_ip4.out -# @TEST-EXEC: bro -b -s tcp -r $TRACES/chksums/ip6-tcp-good-chksum.pcap %INPUT >tcp_in_ip6.out -# @TEST-EXEC: bro -b -s udp -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >udp_in_ip6.out -# @TEST-EXEC: bro -b -s icmp6 -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap %INPUT >icmp6_in_ip6.out -# @TEST-EXEC: bro -b -s icmp -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap %INPUT >nomatch.out +# @TEST-EXEC: zeek -b -s tcp -r $TRACES/chksums/ip4-tcp-good-chksum.pcap %INPUT >tcp_in_ip4.out +# @TEST-EXEC: zeek -b -s udp -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >udp_in_ip4.out +# @TEST-EXEC: zeek -b -s icmp -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >icmp_in_ip4.out +# @TEST-EXEC: zeek -b -s tcp -r $TRACES/chksums/ip6-tcp-good-chksum.pcap %INPUT >tcp_in_ip6.out +# @TEST-EXEC: zeek -b -s udp -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >udp_in_ip6.out +# @TEST-EXEC: zeek -b -s icmp6 -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap %INPUT >icmp6_in_ip6.out +# @TEST-EXEC: zeek -b -s icmp -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap %INPUT >nomatch.out # @TEST-EXEC: btest-diff tcp_in_ip4.out # @TEST-EXEC: btest-diff udp_in_ip4.out diff --git a/testing/btest/signatures/load-sigs.zeek b/testing/btest/signatures/load-sigs.zeek index 3e08338f2c..d57630ec14 100644 --- a/testing/btest/signatures/load-sigs.zeek +++ b/testing/btest/signatures/load-sigs.zeek @@ -1,6 +1,6 @@ # A test of signature loading using @load-sigs. -# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT >output +# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace %INPUT >output # @TEST-EXEC: btest-diff output @load-sigs ./subdir/mysigs.sig diff --git a/testing/btest/signatures/src-ip-header-condition-v4-masks.zeek b/testing/btest/signatures/src-ip-header-condition-v4-masks.zeek index 1e272c81ee..9c34853c8a 100644 --- a/testing/btest/signatures/src-ip-header-condition-v4-masks.zeek +++ b/testing/btest/signatures/src-ip-header-condition-v4-masks.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b -s src-ip-eq -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq.out -# @TEST-EXEC: bro -b -s src-ip-eq-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq-nomatch.out -# @TEST-EXEC: bro -b -s src-ip-eq-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq-list.out +# @TEST-EXEC: zeek -b -s src-ip-eq -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq.out +# @TEST-EXEC: zeek -b -s src-ip-eq-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-eq-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq-list.out -# @TEST-EXEC: bro -b -s src-ip-ne -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne.out -# @TEST-EXEC: bro -b -s src-ip-ne-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-nomatch.out -# @TEST-EXEC: bro -b -s src-ip-ne-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-list.out -# @TEST-EXEC: bro -b -s src-ip-ne-list-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-list-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-ne -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne.out +# @TEST-EXEC: zeek -b -s src-ip-ne-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-ne-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-list.out +# @TEST-EXEC: zeek -b -s src-ip-ne-list-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-list-nomatch.out # @TEST-EXEC: btest-diff src-ip-eq.out # @TEST-EXEC: btest-diff src-ip-eq-nomatch.out diff --git a/testing/btest/signatures/src-ip-header-condition-v4.zeek b/testing/btest/signatures/src-ip-header-condition-v4.zeek index 746e41a4be..3eaa73ce9c 100644 --- a/testing/btest/signatures/src-ip-header-condition-v4.zeek +++ b/testing/btest/signatures/src-ip-header-condition-v4.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b -s src-ip-eq -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq.out -# @TEST-EXEC: bro -b -s src-ip-eq-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq-nomatch.out -# @TEST-EXEC: bro -b -s src-ip-eq-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq-list.out +# @TEST-EXEC: zeek -b -s src-ip-eq -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq.out +# @TEST-EXEC: zeek -b -s src-ip-eq-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-eq-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq-list.out -# @TEST-EXEC: bro -b -s src-ip-ne -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne.out -# @TEST-EXEC: bro -b -s src-ip-ne-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-nomatch.out -# @TEST-EXEC: bro -b -s src-ip-ne-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-list.out -# @TEST-EXEC: bro -b -s src-ip-ne-list-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-list-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-ne -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne.out +# @TEST-EXEC: zeek -b -s src-ip-ne-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-ne-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-list.out +# @TEST-EXEC: zeek -b -s src-ip-ne-list-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-list-nomatch.out # @TEST-EXEC: btest-diff src-ip-eq.out # @TEST-EXEC: btest-diff src-ip-eq-nomatch.out diff --git a/testing/btest/signatures/src-ip-header-condition-v6-masks.zeek b/testing/btest/signatures/src-ip-header-condition-v6-masks.zeek index 3c4fbf5526..ad5ca917a9 100644 --- a/testing/btest/signatures/src-ip-header-condition-v6-masks.zeek +++ b/testing/btest/signatures/src-ip-header-condition-v6-masks.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b -s src-ip-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq.out -# @TEST-EXEC: bro -b -s src-ip-eq-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq-nomatch.out -# @TEST-EXEC: bro -b -s src-ip-eq-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq-list.out +# @TEST-EXEC: zeek -b -s src-ip-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq.out +# @TEST-EXEC: zeek -b -s src-ip-eq-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-eq-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq-list.out -# @TEST-EXEC: bro -b -s src-ip-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne.out -# @TEST-EXEC: bro -b -s src-ip-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-nomatch.out -# @TEST-EXEC: bro -b -s src-ip-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-list.out -# @TEST-EXEC: bro -b -s src-ip-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-list-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne.out +# @TEST-EXEC: zeek -b -s src-ip-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-list.out +# @TEST-EXEC: zeek -b -s src-ip-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-list-nomatch.out # @TEST-EXEC: btest-diff src-ip-eq.out # @TEST-EXEC: btest-diff src-ip-eq-nomatch.out diff --git a/testing/btest/signatures/src-ip-header-condition-v6.zeek b/testing/btest/signatures/src-ip-header-condition-v6.zeek index 613a3dd4c1..6ada9db299 100644 --- a/testing/btest/signatures/src-ip-header-condition-v6.zeek +++ b/testing/btest/signatures/src-ip-header-condition-v6.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b -s src-ip-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq.out -# @TEST-EXEC: bro -b -s src-ip-eq-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq-nomatch.out -# @TEST-EXEC: bro -b -s src-ip-eq-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq-list.out +# @TEST-EXEC: zeek -b -s src-ip-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq.out +# @TEST-EXEC: zeek -b -s src-ip-eq-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-eq-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq-list.out -# @TEST-EXEC: bro -b -s src-ip-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne.out -# @TEST-EXEC: bro -b -s src-ip-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-nomatch.out -# @TEST-EXEC: bro -b -s src-ip-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-list.out -# @TEST-EXEC: bro -b -s src-ip-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-list-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne.out +# @TEST-EXEC: zeek -b -s src-ip-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-list.out +# @TEST-EXEC: zeek -b -s src-ip-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-list-nomatch.out # @TEST-EXEC: btest-diff src-ip-eq.out # @TEST-EXEC: btest-diff src-ip-eq-nomatch.out diff --git a/testing/btest/signatures/src-port-header-condition.zeek b/testing/btest/signatures/src-port-header-condition.zeek index ea9e08ce2b..3fcd71308c 100644 --- a/testing/btest/signatures/src-port-header-condition.zeek +++ b/testing/btest/signatures/src-port-header-condition.zeek @@ -1,24 +1,24 @@ -# @TEST-EXEC: bro -b -s src-port-eq -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >src-port-eq.out -# @TEST-EXEC: bro -b -s src-port-eq-nomatch -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >src-port-eq-nomatch.out -# @TEST-EXEC: bro -b -s src-port-eq-list -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >src-port-eq-list.out -# @TEST-EXEC: bro -b -s src-port-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-eq-ip6.out +# @TEST-EXEC: zeek -b -s src-port-eq -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >src-port-eq.out +# @TEST-EXEC: zeek -b -s src-port-eq-nomatch -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >src-port-eq-nomatch.out +# @TEST-EXEC: zeek -b -s src-port-eq-list -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >src-port-eq-list.out +# @TEST-EXEC: zeek -b -s src-port-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-eq-ip6.out -# @TEST-EXEC: bro -b -s src-port-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-ne.out -# @TEST-EXEC: bro -b -s src-port-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-ne-nomatch.out -# @TEST-EXEC: bro -b -s src-port-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-ne-list.out -# @TEST-EXEC: bro -b -s src-port-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-ne-list-nomatch.out +# @TEST-EXEC: zeek -b -s src-port-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-ne.out +# @TEST-EXEC: zeek -b -s src-port-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-ne-nomatch.out +# @TEST-EXEC: zeek -b -s src-port-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-ne-list.out +# @TEST-EXEC: zeek -b -s src-port-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-ne-list-nomatch.out -# @TEST-EXEC: bro -b -s src-port-lt -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-lt.out -# @TEST-EXEC: bro -b -s src-port-lt-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-lt-nomatch.out -# @TEST-EXEC: bro -b -s src-port-lte1 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-lte1.out -# @TEST-EXEC: bro -b -s src-port-lte2 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-lte2.out -# @TEST-EXEC: bro -b -s src-port-lte-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-lte-nomatch.out +# @TEST-EXEC: zeek -b -s src-port-lt -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-lt.out +# @TEST-EXEC: zeek -b -s src-port-lt-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-lt-nomatch.out +# @TEST-EXEC: zeek -b -s src-port-lte1 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-lte1.out +# @TEST-EXEC: zeek -b -s src-port-lte2 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-lte2.out +# @TEST-EXEC: zeek -b -s src-port-lte-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-lte-nomatch.out -# @TEST-EXEC: bro -b -s src-port-gt -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-gt.out -# @TEST-EXEC: bro -b -s src-port-gt-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-gt-nomatch.out -# @TEST-EXEC: bro -b -s src-port-gte1 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-gte1.out -# @TEST-EXEC: bro -b -s src-port-gte2 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-gte2.out -# @TEST-EXEC: bro -b -s src-port-gte-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-gte-nomatch.out +# @TEST-EXEC: zeek -b -s src-port-gt -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-gt.out +# @TEST-EXEC: zeek -b -s src-port-gt-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-gt-nomatch.out +# @TEST-EXEC: zeek -b -s src-port-gte1 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-gte1.out +# @TEST-EXEC: zeek -b -s src-port-gte2 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-gte2.out +# @TEST-EXEC: zeek -b -s src-port-gte-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-gte-nomatch.out # @TEST-EXEC: btest-diff src-port-eq.out # @TEST-EXEC: btest-diff src-port-eq-nomatch.out diff --git a/testing/btest/signatures/udp-packetwise-match.zeek b/testing/btest/signatures/udp-packetwise-match.zeek index 706b632dd7..feb531c37c 100644 --- a/testing/btest/signatures/udp-packetwise-match.zeek +++ b/testing/btest/signatures/udp-packetwise-match.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/udp-signature-test.pcap %INPUT | sort >out +# @TEST-EXEC: zeek -r $TRACES/udp-signature-test.pcap %INPUT | sort >out # @TEST-EXEC: btest-diff out @load-sigs test.sig diff --git a/testing/btest/signatures/udp-payload-size.zeek b/testing/btest/signatures/udp-payload-size.zeek index efc5411feb..c1c6a6d49b 100644 --- a/testing/btest/signatures/udp-payload-size.zeek +++ b/testing/btest/signatures/udp-payload-size.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/ntp.pcap %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/ntp.pcap %INPUT >output # @TEST-EXEC: btest-diff output @TEST-START-FILE a.sig diff --git a/testing/scripts/gen-zeexygen-docs.sh b/testing/scripts/gen-zeexygen-docs.sh index 66287b01aa..729c08e987 100755 --- a/testing/scripts/gen-zeexygen-docs.sh +++ b/testing/scripts/gen-zeexygen-docs.sh @@ -25,12 +25,12 @@ case $output_dir in esac cd $build_dir -. bro-path-dev.sh +. zeek-path-dev.sh export BRO_SEED_FILE=$source_dir/testing/btest/random.seed function run_zeek { - ZEEK_ALLOW_INIT_ERRORS=1 bro -X $conf_file zeexygen >/dev/null 2>$zeek_error_file + ZEEK_ALLOW_INIT_ERRORS=1 zeek -X $conf_file zeexygen >/dev/null 2>$zeek_error_file if [ $? -ne 0 ]; then echo "Failed running zeek with zeexygen config file $conf_file" diff --git a/testing/scripts/has-writer b/testing/scripts/has-writer index d6cdf28d12..e50feec8e9 100755 --- a/testing/scripts/has-writer +++ b/testing/scripts/has-writer @@ -1,6 +1,6 @@ #! /usr/bin/env bash # # Returns true if Bro has been compiled with support for writer type -# $1. The type name must match the plugin name that "bro -N" prints. +# $1. The type name must match the plugin name that "zeek -N" prints. -bro -N | grep -q $1 >/dev/null +zeek -N | grep -q $1 >/dev/null diff --git a/testing/scripts/travis-job b/testing/scripts/travis-job index d872d774fc..767984b44e 100644 --- a/testing/scripts/travis-job +++ b/testing/scripts/travis-job @@ -247,7 +247,7 @@ run() { for cf in $COREFILES; do echo echo "############# Begin stack trace for $cf ###############" - gdb build/src/bro -c "$cf" -ex "thread apply all bt" -ex "set pagination 0" -batch; + gdb build/src/zeek -c "$cf" -ex "thread apply all bt" -ex "set pagination 0" -batch; echo "############# End stack trace for $cf #################" echo done diff --git a/bro-config.h.in b/zeek-config.h.in similarity index 100% rename from bro-config.h.in rename to zeek-config.h.in diff --git a/bro-config.in b/zeek-config.in similarity index 80% rename from bro-config.in rename to zeek-config.in index 9228271394..247e512c3f 100755 --- a/bro-config.in +++ b/zeek-config.in @@ -12,12 +12,12 @@ cmake_dir=@CMAKE_INSTALL_PREFIX@/share/bro/cmake include_dir=@CMAKE_INSTALL_PREFIX@/include/bro bropath=@DEFAULT_BROPATH@ bro_dist=@BRO_DIST@ -binpac_root=@BRO_CONFIG_BINPAC_ROOT_DIR@ -caf_root=@BRO_CONFIG_CAF_ROOT_DIR@ -broker_root=@BRO_CONFIG_BROKER_ROOT_DIR@ +binpac_root=@ZEEK_CONFIG_BINPAC_ROOT_DIR@ +caf_root=@ZEEK_CONFIG_CAF_ROOT_DIR@ +broker_root=@ZEEK_CONFIG_BROKER_ROOT_DIR@ usage="\ -Usage: bro-config [--version] [--build_type] [--prefix] [--script_dir] [--site_dir] [--plugin_dir] [--config_dir] [--python_dir] [--include_dir] [--cmake_dir] [--bropath] [--bro_dist] [--binpac_root] [--caf_root] [--broker_root]" +Usage: zeek-config [--version] [--build_type] [--prefix] [--script_dir] [--site_dir] [--plugin_dir] [--config_dir] [--python_dir] [--include_dir] [--cmake_dir] [--bropath] [--bro_dist] [--binpac_root] [--caf_root] [--broker_root]" if [ $# -eq 0 ] ; then echo "${usage}" 1>&2 diff --git a/bro-path-dev.in b/zeek-path-dev.in similarity index 100% rename from bro-path-dev.in rename to zeek-path-dev.in diff --git a/zeek-wrapper.in b/zeek-wrapper.in new file mode 100755 index 0000000000..91c08b5a5a --- /dev/null +++ b/zeek-wrapper.in @@ -0,0 +1,27 @@ +#! /usr/bin/env bash +# +# Wrapper to continue supporting old names of executables. +# This will print a deprecation warning to stderr if (1) stdin/stdout/stderr +# are all connected to a tty, and (2) the environment variable ZEEK_IS_BRO +# is unset. + +function deprecated { +cat >&2 < Date: Thu, 2 May 2019 00:12:03 +0000 Subject: [PATCH 051/247] Updating submodule. --- aux/broctl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/broctl b/aux/broctl index 39ae4a469d..4dac52cb18 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 39ae4a469d6ae86c12b49020b361da4fcab24b5b +Subproject commit 4dac52cb18657f579ffb917146fe3881cdfcc96d From a8281ff9f94274cba9bbcdcd90ce5093db411511 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 1 May 2019 22:42:10 -0700 Subject: [PATCH 052/247] Fix a ref counnting bug in DNS_Mgr --- src/DNS_Mgr.cc | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index b92c057eba..3be59981a7 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -289,10 +289,13 @@ ListVal* DNS_Mapping::Addrs() TableVal* DNS_Mapping::AddrsSet() { ListVal* l = Addrs(); - if ( l ) - return l->ConvertToSet(); - else + + if ( ! l ) return empty_addr_set(); + + auto rval = l->ConvertToSet(); + Unref(l); + return rval; } StringVal* DNS_Mapping::Host() From 6db576195c4417bac663a05a12bd4b712c47ff2a Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 1 May 2019 22:46:10 -0700 Subject: [PATCH 053/247] Improve DNS_Mgr I/O loop: prevent starvation due to busy Broker --- src/DNS_Mgr.cc | 15 +++++++++++++-- src/DNS_Mgr.h | 1 + 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index 3be59981a7..11f1e30037 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -392,6 +392,7 @@ DNS_Mgr::DNS_Mgr(DNS_MgrMode arg_mode) successful = 0; failed = 0; nb_dns = nullptr; + next_timestamp = -1.0; } DNS_Mgr::~DNS_Mgr() @@ -1252,8 +1253,17 @@ void DNS_Mgr::GetFds(iosource::FD_Set* read, iosource::FD_Set* write, double DNS_Mgr::NextTimestamp(double* network_time) { - // This is kind of cheating ... - return asyncs_timeouts.size() ? timer_mgr->Time() : -1.0; + if ( asyncs_timeouts.empty() ) + // No pending requests. + return -1.0; + + if ( next_timestamp < 0 ) + // Store the timestamp to help prevent starvation by some other + // IOSource always trying to use the same timestamp + // (assuming network_time does actually increase). + next_timestamp = timer_mgr->Time(); + + return next_timestamp; } void DNS_Mgr::CheckAsyncAddrRequest(const IPAddr& addr, bool timeout) @@ -1382,6 +1392,7 @@ void DNS_Mgr::Flush() void DNS_Mgr::Process() { DoProcess(false); + next_timestamp = -1.0; } void DNS_Mgr::DoProcess(bool flush) diff --git a/src/DNS_Mgr.h b/src/DNS_Mgr.h index f6f62bd1ec..7c7ddc8738 100644 --- a/src/DNS_Mgr.h +++ b/src/DNS_Mgr.h @@ -236,6 +236,7 @@ protected: unsigned long num_requests; unsigned long successful; unsigned long failed; + double next_timestamp; }; extern DNS_Mgr* dns_mgr; From 5bccb44ad4b11d6f141e440e7a2c2cd6d1c711ba Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 1 May 2019 22:50:47 -0700 Subject: [PATCH 054/247] Remove dead code from DNS_Mgr --- src/DNS_Mgr.cc | 8 ++++---- src/DNS_Mgr.h | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index 11f1e30037..db8100ca2b 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -1369,7 +1369,7 @@ void DNS_Mgr::CheckAsyncHostRequest(const char* host, bool timeout) void DNS_Mgr::Flush() { - DoProcess(false); + DoProcess(); HostMap::iterator it; for ( it = host_mappings.begin(); it != host_mappings.end(); ++it ) @@ -1391,11 +1391,11 @@ void DNS_Mgr::Flush() void DNS_Mgr::Process() { - DoProcess(false); + DoProcess(); next_timestamp = -1.0; } -void DNS_Mgr::DoProcess(bool flush) +void DNS_Mgr::DoProcess() { if ( ! nb_dns ) return; @@ -1404,7 +1404,7 @@ void DNS_Mgr::DoProcess(bool flush) { AsyncRequest* req = asyncs_timeouts.top(); - if ( req->time + DNS_TIMEOUT > current_time() || flush ) + if ( req->time + DNS_TIMEOUT > current_time() ) break; if ( req->IsAddrReq() ) diff --git a/src/DNS_Mgr.h b/src/DNS_Mgr.h index 7c7ddc8738..7fa805461c 100644 --- a/src/DNS_Mgr.h +++ b/src/DNS_Mgr.h @@ -132,7 +132,7 @@ protected: void CheckAsyncTextRequest(const char* host, bool timeout); // Process outstanding requests. - void DoProcess(bool flush); + void DoProcess(); // IOSource interface. void GetFds(iosource::FD_Set* read, iosource::FD_Set* write, From 5bb2a6b1c0d12a4000b55938a26e4c1e51f86d97 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 1 May 2019 22:51:54 -0700 Subject: [PATCH 055/247] Fix DNS_Mgr priority_queue usage It was sorting by memory address stored in AsyncRequest pointers rather than their actual timestamp. --- src/DNS_Mgr.h | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/DNS_Mgr.h b/src/DNS_Mgr.h index 7fa805461c..5aac420303 100644 --- a/src/DNS_Mgr.h +++ b/src/DNS_Mgr.h @@ -228,7 +228,14 @@ protected: typedef list QueuedList; QueuedList asyncs_queued; - typedef priority_queue TimeoutQueue; + struct AsyncRequestCompare { + bool operator()(const AsyncRequest* a, const AsyncRequest* b) + { + return a->time > b->time; + } + }; + + typedef priority_queue, AsyncRequestCompare> TimeoutQueue; TimeoutQueue asyncs_timeouts; int asyncs_pending; From fd11c63efe94ae6967bb7a31e03a7aea556d9686 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 1 May 2019 22:55:43 -0700 Subject: [PATCH 056/247] Remove an unhelpful/optimistic DNS_Mgr optimization DNS_Mgr is always "idle", so Process() is always called when the fd signals there's really something ready (except when flushing at termination-time), so checking whether all pending request maps are empty within Process() doesn't help much. If they are empty, but there's somehow something to pull off the socket, the main loop is just going to keep trying to call Process() until it gets read (which would be bad if it's preventing another IOSource from getting real work done). --- src/DNS_Mgr.cc | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index db8100ca2b..4edff2088c 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -1418,9 +1418,6 @@ void DNS_Mgr::DoProcess() delete req; } - if ( asyncs_addrs.size() == 0 && asyncs_names.size() == 0 && asyncs_texts.size() == 0 ) - return; - if ( AnswerAvailable(0) <= 0 ) return; From 46799f75407391a1caa65c99f6a4b87afa3ba56a Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 1 May 2019 23:08:52 -0700 Subject: [PATCH 057/247] Fix timing out DNS lookups that were already resolved This could happen in the case of making repeated lookup requests for the same thing within a short period of time: cleaning up an old request that already got resolved would mistakenly see a new, yet-to-be-resolved request with identical host/addr and mistakenly assume it's in need of being timed out. --- src/DNS_Mgr.cc | 15 +++++++++------ src/DNS_Mgr.h | 8 ++++++-- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index 4edff2088c..c52e6086f4 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -1407,12 +1407,15 @@ void DNS_Mgr::DoProcess() if ( req->time + DNS_TIMEOUT > current_time() ) break; - if ( req->IsAddrReq() ) - CheckAsyncAddrRequest(req->host, true); - else if ( req->is_txt ) - CheckAsyncTextRequest(req->name.c_str(), true); - else - CheckAsyncHostRequest(req->name.c_str(), true); + if ( ! req->processed ) + { + if ( req->IsAddrReq() ) + CheckAsyncAddrRequest(req->host, true); + else if ( req->is_txt ) + CheckAsyncTextRequest(req->name.c_str(), true); + else + CheckAsyncHostRequest(req->name.c_str(), true); + } asyncs_timeouts.pop(); delete req; diff --git a/src/DNS_Mgr.h b/src/DNS_Mgr.h index 5aac420303..9f9fe4ccc3 100644 --- a/src/DNS_Mgr.h +++ b/src/DNS_Mgr.h @@ -172,12 +172,13 @@ protected: struct AsyncRequest { double time; + bool is_txt; + bool processed; IPAddr host; string name; - bool is_txt; CallbackList callbacks; - AsyncRequest() : time(0.0), is_txt(false) { } + AsyncRequest() : time(0.0), is_txt(false), processed(false) { } bool IsAddrReq() const { return name.length() == 0; } @@ -190,6 +191,7 @@ protected: delete *i; } callbacks.clear(); + processed = true; } void Resolved(TableVal* addrs) @@ -201,6 +203,7 @@ protected: delete *i; } callbacks.clear(); + processed = true; } void Timeout() @@ -212,6 +215,7 @@ protected: delete *i; } callbacks.clear(); + processed = true; } }; From 5d44735209b8285bd04e15847ff81f038e001a3a Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Thu, 2 May 2019 12:06:39 -0700 Subject: [PATCH 058/247] Remove deprecated functions/events This commit removed functions/events that have been deprecated in Bro 2.6. It also removes the detection code that checks if the old communication framework is used (since all the functions that are checked were removed). Addresses parts of GH-243 --- NEWS | 54 +- doc | 2 +- scripts/base/init-bare.zeek | 7 +- scripts/base/utils/addrs.zeek | 18 - .../protocols/dhcp/deprecated_events.zeek | 272 ---------- scripts/test-all-policy.zeek | 1 - scripts/zeexygen/__load__.zeek | 1 - src/Net.h | 2 - src/analyzer/protocol/ssl/events.bif | 42 +- .../protocol/ssl/tls-handshake-analyzer.pac | 8 - src/bro.bif | 477 +----------------- src/main.cc | 82 --- src/scan.l | 1 - src/strings.bif | 205 +------- .../btest/Baseline/bifs.cat_string_array/out | 3 - testing/btest/Baseline/bifs.decode_base64/out | 6 - testing/btest/Baseline/bifs.encode_base64/out | 3 - testing/btest/Baseline/bifs.join_string/out | 3 - testing/btest/Baseline/bifs.merge_pattern/out | 2 - .../btest/Baseline/bifs.sort_string_array/out | 4 - testing/btest/Baseline/bifs.split/out | 32 -- .../btest/Baseline/core.old_comm_usage/out | 2 - .../Baseline/coverage.bare-mode-errors/errors | 20 +- testing/btest/bifs/cat_string_array.zeek | 14 - testing/btest/bifs/checkpoint_state.zeek | 10 - testing/btest/bifs/decode_base64.zeek | 6 - testing/btest/bifs/encode_base64.zeek | 4 - testing/btest/bifs/join_string.zeek | 8 +- testing/btest/bifs/merge_pattern.zeek | 17 - testing/btest/bifs/sort_string_array.zeek | 17 - testing/btest/bifs/split.zeek | 58 --- testing/btest/core/old_comm_usage.zeek | 7 - .../doc/zeexygen/comment_retrieval_bifs.zeek | 6 +- 33 files changed, 82 insertions(+), 1312 deletions(-) delete mode 100644 scripts/policy/protocols/dhcp/deprecated_events.zeek delete mode 100644 testing/btest/Baseline/bifs.cat_string_array/out delete mode 100644 testing/btest/Baseline/bifs.merge_pattern/out delete mode 100644 testing/btest/Baseline/bifs.sort_string_array/out delete mode 100644 testing/btest/Baseline/bifs.split/out delete mode 100644 testing/btest/Baseline/core.old_comm_usage/out delete mode 100644 testing/btest/bifs/cat_string_array.zeek delete mode 100644 testing/btest/bifs/checkpoint_state.zeek delete mode 100644 testing/btest/bifs/merge_pattern.zeek delete mode 100644 testing/btest/bifs/sort_string_array.zeek delete mode 100644 testing/btest/bifs/split.zeek delete mode 100644 testing/btest/core/old_comm_usage.zeek diff --git a/NEWS b/NEWS index ac489af4e8..2dd94ccc4b 100644 --- a/NEWS +++ b/NEWS @@ -190,10 +190,62 @@ Changed Functionality Removed Functionality --------------------- +- A number of functions that were deprecated in version 2.6 or below and completely + removed from this release. Most of the functions were used for the old communication + code. + + - ``find_ip_addresses`` + - ``cat_string_array`` + - ``cat_string_array_n`` + - ``complete_handshake`` + - ``connect`` + - ``decode_base64_custom`` + - ``disconnect`` + - ``enable_communication`` + - ``encode_base64_custom`` + - ``get_event_peer`` + - ``get_local_event_peer`` + - ``join_string_array`` + - ``listen`` + - ``merge_pattern`` + - ``request_remote_events`` + - ``request_remote_logs`` + - ``request_remote_sync`` + - ``resume_state_updates`` + - ``send_capture_filter`` + - ``send_current_packet`` + - ``send_id`` + - ``send_ping`` + - ``set_accept_state`` + - ``set_compression_level`` + - ``sort_string_array`` + - ``split1`` + - ``split_all`` + - ``split`` + - ``suspend_state_updates`` + - ``terminate_communication`` + - ``split`` + - ``send_state`` + - ``checkpoint_state`` + - ``rescan_state`` + +- The following events were deprecated in version 2.6 or below and are completely + removed from this release: + + - ``ssl_server_curve`` + - ``dhcp_ack`` + - ``dhcp_decline`` + - ``dhcp_discover`` + - ``dhcp_inform`` + - ``dhcp_nak`` + - ``dhcp_offer`` + - ``dhcp_release`` + - ``dhcp_request`` + Deprecated Functionality ------------------------ -- The ``str_shell_escape` function is now deprecated, use ``safe_shell_quote`` +- The ``str_shell_escape`` function is now deprecated, use ``safe_shell_quote`` instead. The later will automatically return a value that is enclosed in double-quotes. diff --git a/doc b/doc index 856db2bb40..5915e8d7e2 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit 856db2bb4014d15a94cb336d7e5e8ca1d4627b1e +Subproject commit 5915e8d7e24a77bb9bc2a7061790f8efbe871458 diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek index 7c4fe2e5b8..d8c3212533 100644 --- a/scripts/base/init-bare.zeek +++ b/scripts/base/init-bare.zeek @@ -783,14 +783,11 @@ type peer_id: count; ## A communication peer. ## -## .. zeek:see:: complete_handshake disconnect finished_send_state -## get_event_peer get_local_event_peer remote_capture_filter +## .. zeek:see:: finished_send_state remote_capture_filter ## remote_connection_closed remote_connection_error ## remote_connection_established remote_connection_handshake_done ## remote_event_registered remote_log_peer remote_pong -## request_remote_events request_remote_logs request_remote_sync -## send_capture_filter send_current_packet send_id send_ping send_state -## set_accept_state set_compression_level +## send_state ## ## .. todo::The type's name is too narrow these days, should rename. type event_peer: record { diff --git a/scripts/base/utils/addrs.zeek b/scripts/base/utils/addrs.zeek index 9d165936ef..be4c0c94c1 100644 --- a/scripts/base/utils/addrs.zeek +++ b/scripts/base/utils/addrs.zeek @@ -87,24 +87,6 @@ function is_valid_ip(ip_str: string): bool return F; } -## Extracts all IP (v4 or v6) address strings from a given string. -## -## input: a string that may contain an IP address anywhere within it. -## -## Returns: an array containing all valid IP address strings found in *input*. -function find_ip_addresses(input: string): string_array &deprecated - { - local parts = split_string_all(input, ip_addr_regex); - local output: string_array; - - for ( i in parts ) - { - if ( i % 2 == 1 && is_valid_ip(parts[i]) ) - output[|output|] = parts[i]; - } - return output; - } - ## Extracts all IP (v4 or v6) address strings from a given string. ## ## input: a string that may contain an IP address anywhere within it. diff --git a/scripts/policy/protocols/dhcp/deprecated_events.zeek b/scripts/policy/protocols/dhcp/deprecated_events.zeek deleted file mode 100644 index 553d13bc05..0000000000 --- a/scripts/policy/protocols/dhcp/deprecated_events.zeek +++ /dev/null @@ -1,272 +0,0 @@ -##! Bro 2.6 removed certain DHCP events, but scripts in the Bro -##! ecosystem are still relying on those events. As a transition, this -##! script will handle the new event, and generate the old events, -##! which are marked as deprecated. Note: This script should be -##! removed in the next Bro version after 2.6. - -@load base/protocols/dhcp - -## A DHCP message. -## -## .. note:: This type is included to support the deprecated events dhcp_ack, -## dhcp_decline, dhcp_discover, dhcp_inform, dhcp_nak, dhcp_offer, -## dhcp_release and dhcp_request and is thus similarly deprecated -## itself. Use :zeek:see:`dhcp_message` instead. -## -## .. zeek:see:: dhcp_message dhcp_ack dhcp_decline dhcp_discover -## dhcp_inform dhcp_nak dhcp_offer dhcp_release dhcp_request -type dhcp_msg: record { - op: count; ##< Message OP code. 1 = BOOTREQUEST, 2 = BOOTREPLY - m_type: count; ##< The type of DHCP message. - xid: count; ##< Transaction ID of a DHCP session. - h_addr: string; ##< Hardware address of the client. - ciaddr: addr; ##< Original IP address of the client. - yiaddr: addr; ##< IP address assigned to the client. -}; - -## A list of router addresses offered by a DHCP server. -## -## .. note:: This type is included to support the deprecated events dhcp_ack -## and dhcp_offer and is thus similarly deprecated -## itself. Use :zeek:see:`dhcp_message` instead. -## -## .. zeek:see:: dhcp_message dhcp_ack dhcp_offer -type dhcp_router_list: table[count] of addr; - -## Generated for DHCP messages of type *DHCPDISCOVER* (client broadcast to locate -## available servers). -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## req_addr: The specific address requested by the client. -## -## host_name: The value of the host name option, if specified by the client. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request -## dhcp_decline dhcp_ack dhcp_nak dhcp_release dhcp_inform -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -## .. note:: Bro does not support broadcast packets (as used by the DHCP -## protocol). It treats broadcast addresses just like any other and -## associates packets into transport-level flows in the same way as usual. -## -global dhcp_discover: event(c: connection, msg: dhcp_msg, req_addr: addr, host_name: string) &deprecated; - -## Generated for DHCP messages of type *DHCPOFFER* (server to client in response -## to DHCPDISCOVER with offer of configuration parameters). -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## mask: The subnet mask specified by the message. -## -## router: The list of routers specified by the message. -## -## lease: The least interval specified by the message. -## -## serv_addr: The server address specified by the message. -## -## host_name: Optional host name value. May differ from the host name requested -## from the client. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_request dhcp_decline -## dhcp_ack dhcp_nak dhcp_release dhcp_inform -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -## .. note:: Bro does not support broadcast packets (as used by the DHCP -## protocol). It treats broadcast addresses just like any other and -## associates packets into transport-level flows in the same way as usual. -## -global dhcp_offer: event(c: connection, msg: dhcp_msg, mask: addr, router: dhcp_router_list, lease: interval, serv_addr: addr, host_name: string) &deprecated; - -## Generated for DHCP messages of type *DHCPREQUEST* (Client message to servers either -## (a) requesting offered parameters from one server and implicitly declining offers -## from all others, (b) confirming correctness of previously allocated address after, -## e.g., system reboot, or (c) extending the lease on a particular network address.) -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## req_addr: The client address specified by the message. -## -## serv_addr: The server address specified by the message. -## -## host_name: The value of the host name option, if specified by the client. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_decline -## dhcp_ack dhcp_nak dhcp_release dhcp_inform -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -## .. note:: Bro does not support broadcast packets (as used by the DHCP -## protocol). It treats broadcast addresses just like any other and -## associates packets into transport-level flows in the same way as usual. -## -global dhcp_request: event(c: connection, msg: dhcp_msg, req_addr: addr, serv_addr: addr, host_name: string) &deprecated; - -## Generated for DHCP messages of type *DHCPDECLINE* (Client to server indicating -## network address is already in use). -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## host_name: Optional host name value. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request -## dhcp_ack dhcp_nak dhcp_release dhcp_inform -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -## .. note:: Bro does not support broadcast packets (as used by the DHCP -## protocol). It treats broadcast addresses just like any other and -## associates packets into transport-level flows in the same way as usual. -## -global dhcp_decline: event(c: connection, msg: dhcp_msg, host_name: string) &deprecated; - -## Generated for DHCP messages of type *DHCPACK* (Server to client with configuration -## parameters, including committed network address). -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## mask: The subnet mask specified by the message. -## -## router: The list of routers specified by the message. -## -## lease: The least interval specified by the message. -## -## serv_addr: The server address specified by the message. -## -## host_name: Optional host name value. May differ from the host name requested -## from the client. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request -## dhcp_decline dhcp_nak dhcp_release dhcp_inform -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -global dhcp_ack: event(c: connection, msg: dhcp_msg, mask: addr, router: dhcp_router_list, lease: interval, serv_addr: addr, host_name: string) &deprecated; - -## Generated for DHCP messages of type *DHCPNAK* (Server to client indicating client's -## notion of network address is incorrect (e.g., client has moved to new subnet) or -## client's lease has expired). -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## host_name: Optional host name value. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request -## dhcp_decline dhcp_ack dhcp_release dhcp_inform -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -## .. note:: Bro does not support broadcast packets (as used by the DHCP -## protocol). It treats broadcast addresses just like any other and -## associates packets into transport-level flows in the same way as usual. -## -global dhcp_nak: event(c: connection, msg: dhcp_msg, host_name: string) &deprecated; - -## Generated for DHCP messages of type *DHCPRELEASE* (Client to server relinquishing -## network address and cancelling remaining lease). -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## host_name: The value of the host name option, if specified by the client. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request -## dhcp_decline dhcp_ack dhcp_nak dhcp_inform -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -global dhcp_release: event(c: connection, msg: dhcp_msg, host_name: string) &deprecated; - -## Generated for DHCP messages of type *DHCPINFORM* (Client to server, asking only for -## local configuration parameters; client already has externally configured network -## address). -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## host_name: The value of the host name option, if specified by the client. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request -## dhcp_decline dhcp_ack dhcp_nak dhcp_release -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -## .. note:: Bro does not support broadcast packets (as used by the DHCP -## protocol). It treats broadcast addresses just like any other and -## associates packets into transport-level flows in the same way as usual. -## -global dhcp_inform: event(c: connection, msg: dhcp_msg, host_name: string) &deprecated; - -event dhcp_message(c: connection, is_orig: bool, msg: DHCP::Msg, options: DHCP::Options) - { - local old_msg: dhcp_msg = [$op=msg$op, $m_type=msg$m_type, $xid=msg$xid, - $h_addr=msg$chaddr, $ciaddr=msg$ciaddr, $yiaddr=msg$yiaddr]; - - local routers = dhcp_router_list(); - - if ( options?$routers ) - for ( i in options$routers ) - routers[|routers|] = options$routers[i]; - - # These fields are technically optional, but aren't listed as such in the event. - # We give it some defaults in order to suppress errors. - local ar = ( options?$addr_request ) ? options$addr_request : 0.0.0.0; - local hn = ( options?$host_name ) ? options$host_name : ""; - local le = ( options?$lease ) ? options$lease : 0 secs; - local sm = ( options?$subnet_mask ) ? options$subnet_mask : 255.255.255.255; - local sa = ( options?$serv_addr ) ? options$serv_addr : 0.0.0.0; - - switch ( DHCP::message_types[msg$m_type] ) { - case "DISCOVER": - event dhcp_discover(c, old_msg, ar, hn); - break; - case "OFFER": - event dhcp_offer(c, old_msg, sm, routers, le, sa, hn); - break; - case "REQUEST": - event dhcp_request(c, old_msg, ar, sa, hn); - break; - case "DECLINE": - event dhcp_decline(c, old_msg, hn); - break; - case "ACK": - event dhcp_ack(c, old_msg, sm, routers, le, sa, hn); - break; - case "NAK": - event dhcp_nak(c, old_msg, hn); - break; - case "RELEASE": - event dhcp_release(c, old_msg, hn); - break; - case "INFORM": - event dhcp_inform(c, old_msg, hn); - break; - default: - # This isn't a weird, it's just a DHCP message type the old scripts don't handle - break; - } - } diff --git a/scripts/test-all-policy.zeek b/scripts/test-all-policy.zeek index 26408b6d44..0968c038ee 100644 --- a/scripts/test-all-policy.zeek +++ b/scripts/test-all-policy.zeek @@ -63,7 +63,6 @@ @load protocols/conn/mac-logging.zeek @load protocols/conn/vlan-logging.zeek @load protocols/conn/weirds.zeek -#@load protocols/dhcp/deprecated_events.zeek @load protocols/dhcp/msg-orig.zeek @load protocols/dhcp/software.zeek @load protocols/dhcp/sub-opts.zeek diff --git a/scripts/zeexygen/__load__.zeek b/scripts/zeexygen/__load__.zeek index ac9d2c008b..d074fe3660 100644 --- a/scripts/zeexygen/__load__.zeek +++ b/scripts/zeexygen/__load__.zeek @@ -6,7 +6,6 @@ @load frameworks/control/controller.zeek @load frameworks/files/extract-all-files.zeek @load policy/misc/dump-events.zeek -@load policy/protocols/dhcp/deprecated_events.zeek @load policy/protocols/smb/__load__.zeek @load ./example.zeek diff --git a/src/Net.h b/src/Net.h index bdc84ec74f..caea61c436 100644 --- a/src/Net.h +++ b/src/Net.h @@ -83,8 +83,6 @@ extern iosource::PktDumper* pkt_dumper; // where to save packets extern char* writefile; -extern int old_comm_usage_count; - // Script file we have already scanned (or are in the process of scanning). // They are identified by inode number. struct ScannedFile { diff --git a/src/analyzer/protocol/ssl/events.bif b/src/analyzer/protocol/ssl/events.bif index 03a2a93868..e00dd83cc6 100644 --- a/src/analyzer/protocol/ssl/events.bif +++ b/src/analyzer/protocol/ssl/events.bif @@ -73,7 +73,7 @@ event ssl_client_hello%(c: connection, version: count, record_version: count, po ## sent in TLSv1.3 or SSLv2. ## ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_extension -## ssl_session_ticket_handshake x509_certificate ssl_server_curve +## ssl_session_ticket_handshake x509_certificate ## ssl_dh_server_params ssl_handshake_message ssl_change_cipher_spec ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params ## ssl_rsa_client_pms @@ -116,7 +116,7 @@ event ssl_extension%(c: connection, is_orig: bool, code: count, val: string%); ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_ec_point_formats ssl_extension_application_layer_protocol_negotiation -## ssl_extension_server_name ssl_server_curve ssl_extension_signature_algorithm +## ssl_extension_server_name ssl_extension_signature_algorithm ## ssl_extension_key_share ssl_rsa_client_pms ssl_server_signature ## ssl_extension_psk_key_exchange_modes ssl_extension_supported_versions ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params @@ -136,7 +136,7 @@ event ssl_extension_elliptic_curves%(c: connection, is_orig: bool, curves: index ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_elliptic_curves ssl_extension_application_layer_protocol_negotiation -## ssl_extension_server_name ssl_server_curve ssl_extension_signature_algorithm +## ssl_extension_server_name ssl_extension_signature_algorithm ## ssl_extension_key_share ## ssl_extension_psk_key_exchange_modes ssl_extension_supported_versions ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params @@ -157,7 +157,7 @@ event ssl_extension_ec_point_formats%(c: connection, is_orig: bool, point_format ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_elliptic_curves ssl_extension_application_layer_protocol_negotiation -## ssl_extension_server_name ssl_server_curve ssl_extension_key_share +## ssl_extension_server_name ssl_extension_key_share ## ssl_extension_psk_key_exchange_modes ssl_extension_supported_versions ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params ## ssl_rsa_client_pms ssl_server_signature @@ -176,32 +176,12 @@ event ssl_extension_signature_algorithm%(c: connection, is_orig: bool, signature ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_elliptic_curves ssl_extension_application_layer_protocol_negotiation -## ssl_extension_server_name ssl_server_curve +## ssl_extension_server_name ## ssl_extension_psk_key_exchange_modes ssl_extension_supported_versions ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params ## ssl_rsa_client_pms ssl_server_signature event ssl_extension_key_share%(c: connection, is_orig: bool, curves: index_vec%); -## Generated if a named curve is chosen by the server for an SSL/TLS connection. -## The curve is sent by the server in the ServerKeyExchange message as defined -## in :rfc:`4492`, in case an ECDH or ECDHE cipher suite is chosen. -## -## c: The connection. -## -## curve: The curve. -## -## .. note:: This event is deprecated and superseded by the ssl_ecdh_server_params -## event. This event will be removed in a future version of Bro. -## -## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello -## ssl_session_ticket_handshake ssl_extension -## ssl_extension_elliptic_curves ssl_extension_application_layer_protocol_negotiation -## ssl_extension_server_name ssl_extension_key_share -## ssl_extension_psk_key_exchange_modes ssl_extension_supported_versions -## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params -## ssl_rsa_client_pms ssl_server_signature -event ssl_server_curve%(c: connection, curve: count%) &deprecated; - ## Generated if a server uses an ECDH-anon or ECDHE cipher suite using a named curve ## This event contains the named curve name and the server ECDH parameters contained ## in the ServerKeyExchange message as defined in :rfc:`4492`. @@ -213,7 +193,7 @@ event ssl_server_curve%(c: connection, curve: count%) &deprecated; ## point: The server's ECDH public key. ## ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello -## ssl_session_ticket_handshake ssl_server_curve ssl_server_signature +## ssl_session_ticket_handshake ssl_server_signature ## ssl_dh_client_params ssl_ecdh_client_params ssl_rsa_client_pms event ssl_ecdh_server_params%(c: connection, curve: count, point: string%); @@ -230,7 +210,7 @@ event ssl_ecdh_server_params%(c: connection, curve: count, point: string%); ## Ys: The server's DH public key. ## ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello -## ssl_session_ticket_handshake ssl_server_curve ssl_server_signature +## ssl_session_ticket_handshake ssl_server_signature ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params ## ssl_rsa_client_pms event ssl_dh_server_params%(c: connection, p: string, q: string, Ys: string%); @@ -253,7 +233,7 @@ event ssl_dh_server_params%(c: connection, p: string, q: string, Ys: string%); ## message is used for signing. ## ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello -## ssl_session_ticket_handshake ssl_server_curve ssl_rsa_client_pms +## ssl_session_ticket_handshake ssl_rsa_client_pms ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params event ssl_server_signature%(c: connection, signature_and_hashalgorithm: SSL::SignatureAndHashAlgorithm, signature: string%); @@ -266,7 +246,7 @@ event ssl_server_signature%(c: connection, signature_and_hashalgorithm: SSL::Sig ## point: The client's ECDH public key. ## ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello -## ssl_session_ticket_handshake ssl_server_curve ssl_server_signature +## ssl_session_ticket_handshake ssl_server_signature ## ssl_dh_client_params ssl_ecdh_server_params ssl_rsa_client_pms event ssl_ecdh_client_params%(c: connection, point: string%); @@ -279,7 +259,7 @@ event ssl_ecdh_client_params%(c: connection, point: string%); ## Yc: The client's DH public key. ## ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello -## ssl_session_ticket_handshake ssl_server_curve ssl_server_signature +## ssl_session_ticket_handshake ssl_server_signature ## ssl_ecdh_server_params ssl_ecdh_client_params ssl_rsa_client_pms event ssl_dh_client_params%(c: connection, Yc: string%); @@ -292,7 +272,7 @@ event ssl_dh_client_params%(c: connection, Yc: string%); ## pms: The encrypted pre-master secret. ## ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello -## ssl_session_ticket_handshake ssl_server_curve ssl_server_signature +## ssl_session_ticket_handshake ssl_server_signature ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params event ssl_rsa_client_pms%(c: connection, pms: string%); diff --git a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac index ecaaf8c20d..e19f43241c 100644 --- a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac +++ b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac @@ -320,10 +320,6 @@ refine connection Handshake_Conn += { if ( ${kex.curve_type} != NAMED_CURVE ) return true; - if ( ssl_server_curve ) - BifEvent::generate_ssl_server_curve(bro_analyzer(), - bro_analyzer()->Conn(), ${kex.params.curve}); - if ( ssl_ecdh_server_params ) BifEvent::generate_ssl_ecdh_server_params(bro_analyzer(), bro_analyzer()->Conn(), ${kex.params.curve}, new StringVal(${kex.params.point}.length(), (const char*)${kex.params.point}.data())); @@ -355,10 +351,6 @@ refine connection Handshake_Conn += { if ( ${kex.curve_type} != NAMED_CURVE ) return true; - if ( ssl_server_curve ) - BifEvent::generate_ssl_server_curve(bro_analyzer(), - bro_analyzer()->Conn(), ${kex.params.curve}); - if ( ssl_ecdh_server_params ) BifEvent::generate_ssl_ecdh_server_params(bro_analyzer(), bro_analyzer()->Conn(), ${kex.params.curve}, new StringVal(${kex.params.point}.length(), (const char*)${kex.params.point}.data())); diff --git a/src/bro.bif b/src/bro.bif index 7493d5618b..d6a4fe3bc9 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -1512,7 +1512,7 @@ function cat%(...%): string ## Returns: A concatenation of all arguments with *sep* between each one and ## empty strings replaced with *def*. ## -## .. zeek:see:: cat string_cat cat_string_array cat_string_array_n +## .. zeek:see:: cat string_cat function cat_sep%(sep: string, def: string, ...%): string %{ ODesc d; @@ -1579,7 +1579,7 @@ function cat_sep%(sep: string, def: string, ...%): string ## number of additional arguments for the given format specifier, ## :zeek:id:`fmt` generates a run-time error. ## -## .. zeek:see:: cat cat_sep string_cat cat_string_array cat_string_array_n +## .. zeek:see:: cat cat_sep string_cat function fmt%(...%): string %{ if ( @ARGC@ == 0 ) @@ -2839,29 +2839,6 @@ function encode_base64%(s: string, a: string &default=""%): string } %} - -## Encodes a Base64-encoded string with a custom alphabet. -## -## s: The string to encode. -## -## a: The custom alphabet. The string must consist of 64 unique -## characters. The empty string indicates the default alphabet. -## -## Returns: The encoded version of *s*. -## -## .. zeek:see:: encode_base64 -function encode_base64_custom%(s: string, a: string%): string &deprecated - %{ - BroString* t = encode_base64(s->AsString(), a->AsString()); - if ( t ) - return new StringVal(t); - else - { - reporter->Error("error in encoding string %s", s->CheckString()); - return val_mgr->GetEmptyString(); - } - %} - ## Decodes a Base64-encoded string. ## ## s: The Base64-encoded string. @@ -2917,28 +2894,6 @@ function decode_base64_conn%(cid: conn_id, s: string, a: string &default=""%): s } %} -## Decodes a Base64-encoded string with a custom alphabet. -## -## s: The Base64-encoded string. -## -## a: The custom alphabet. The string must consist of 64 unique characters. -## The empty string indicates the default alphabet. -## -## Returns: The decoded version of *s*. -## -## .. zeek:see:: decode_base64 decode_base64_conn -function decode_base64_custom%(s: string, a: string%): string &deprecated - %{ - BroString* t = decode_base64(s->AsString(), a->AsString()); - if ( t ) - return new StringVal(t); - else - { - reporter->Error("error in decoding string %s", s->CheckString()); - return val_mgr->GetEmptyString(); - } - %} - %%{ typedef struct { uint32 time_low; @@ -2982,29 +2937,6 @@ function uuid_to_string%(uuid: string%): string return new StringVal(s); %} -## Merges and compiles two regular expressions at initialization time. -## -## p1: The first pattern. -## -## p2: The second pattern. -## -## Returns: The compiled pattern of the concatenation of *p1* and *p2*. -## -## .. zeek:see:: convert_for_pattern string_to_pattern -## -## .. note:: -## -## This function must be called at Zeek startup time, e.g., in the event -## :zeek:id:`zeek_init`. -function merge_pattern%(p1: pattern, p2: pattern%): pattern &deprecated - %{ - RE_Matcher* re = new RE_Matcher(); - re->AddPat(p1->PatternText()); - re->AddPat(p2->PatternText()); - re->Compile(); - return new PatternVal(re); - %} - %%{ char* to_pat_str(int sn, const char* ss) { @@ -3037,7 +2969,7 @@ char* to_pat_str(int sn, const char* ss) ## Returns: An escaped version of *s* that has the structure of a valid ## :zeek:type:`pattern`. ## -## .. zeek:see:: merge_pattern string_to_pattern +## .. zeek:see:: string_to_pattern ## function convert_for_pattern%(s: string%): string %{ @@ -3057,7 +2989,7 @@ function convert_for_pattern%(s: string%): string ## ## Returns: *s* as :zeek:type:`pattern`. ## -## .. zeek:see:: convert_for_pattern merge_pattern +## .. zeek:see:: convert_for_pattern ## ## .. note:: ## @@ -4940,56 +4872,6 @@ function uninstall_dst_net_filter%(snet: subnet%) : bool return val_mgr->GetBool(sessions->GetPacketFilter()->RemoveDst(snet)); %} -# =========================================================================== -# -# Communication -# -# =========================================================================== - -## Enables the communication system. By default, the communication is off until -## explicitly enabled, and all other calls to communication-related functions -## will be ignored until done so. -function enable_communication%(%): any &deprecated - %{ - if ( bro_start_network_time != 0.0 ) - { - builtin_error("communication must be enabled in zeek_init"); - return 0; - } - - if ( using_communication ) - // Ignore duplicate calls. - return 0; - - using_communication = 1; - remote_serializer->Enable(); - return 0; - %} - -## Flushes in-memory state tagged with the :zeek:attr:`&persistent` attribute -## to disk. The function writes the state to the file ``.state/state.bst`` in -## the directory where Bro was started. -## -## Returns: True on success. -## -## .. zeek:see:: rescan_state -function checkpoint_state%(%) : bool - %{ - return val_mgr->GetBool(persistence_serializer->WriteState(true)); - %} - -## Reads persistent state and populates the in-memory data structures -## accordingly. Persistent state is read from the ``.state`` directory. -## This function is the dual to :zeek:id:`checkpoint_state`. -## -## Returns: True on success. -## -## .. zeek:see:: checkpoint_state -function rescan_state%(%) : bool - %{ - return val_mgr->GetBool(persistence_serializer->ReadAll(false, true)); - %} - ## Writes the binary event stream generated by the core to a given file. ## Use the ``-x `` command line switch to replay saved events. ## @@ -5028,165 +4910,6 @@ function capture_state_updates%(filename: string%) : bool (const char*) filename->CheckString())); %} -## Establishes a connection to a remote Bro or Broccoli instance. -## -## ip: The IP address of the remote peer. -## -## zone_id: If *ip* is a non-global IPv6 address, a particular :rfc:`4007` -## ``zone_id`` can given here. An empty string, ``""``, means -## not to add any ``zone_id``. -## -## p: The port of the remote peer. -## -## our_class: If a non-empty string, then the remote (listening) peer checks it -## against its class name in its peer table and terminates the -## connection if they don't match. -## -## retry: If the connection fails, try to reconnect with the peer after this -## time interval. -## -## ssl: If true, use SSL to encrypt the session. -## -## Returns: A locally unique ID of the new peer. -## -## .. zeek:see:: disconnect -## listen -## request_remote_events -## request_remote_sync -## request_remote_logs -## request_remote_events -## set_accept_state -## set_compression_level -## send_state -## send_id -function connect%(ip: addr, zone_id: string, p: port, our_class: string, retry: interval, ssl: bool%) : count &deprecated - %{ - return val_mgr->GetCount(uint32(remote_serializer->Connect(ip->AsAddr(), - zone_id->CheckString(), p->Port(), our_class->CheckString(), - retry, ssl))); - %} - -## Terminate the connection with a peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## Returns: True on success. -## -## .. zeek:see:: connect listen -function disconnect%(p: event_peer%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->CloseConnection(id)); - %} - -## Subscribes to all events from a remote peer whose names match a given -## pattern. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## handlers: The pattern describing the events to request from peer *p*. -## -## Returns: True on success. -## -## .. zeek:see:: request_remote_sync -## request_remote_logs -## set_accept_state -function request_remote_events%(p: event_peer, handlers: pattern%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->RequestEvents(id, handlers)); - %} - -## Requests synchronization of IDs with a remote peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## auth: If true, the local instance considers its current state authoritative -## and sends it to *p* right after the handshake. -## -## Returns: True on success. -## -## .. zeek:see:: request_remote_events -## request_remote_logs -## set_accept_state -function request_remote_sync%(p: event_peer, auth: bool%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->RequestSync(id, auth)); - %} - -## Requests logs from a remote peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## Returns: True on success. -## -## .. zeek:see:: request_remote_events -## request_remote_sync -function request_remote_logs%(p: event_peer%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->RequestLogs(id)); - %} - -## Sets a boolean flag indicating whether Bro accepts state from a remote peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## accept: True if Bro accepts state from peer *p*, or false otherwise. -## -## Returns: True on success. -## -## .. zeek:see:: request_remote_events -## request_remote_sync -## set_compression_level -function set_accept_state%(p: event_peer, accept: bool%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->SetAcceptState(id, accept)); - %} - -## Sets the compression level of the session with a remote peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## level: Allowed values are in the range *[0, 9]*, where 0 is the default and -## means no compression. -## -## Returns: True on success. -## -## .. zeek:see:: set_accept_state -function set_compression_level%(p: event_peer, level: count%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->SetCompressionLevel(id, level)); - %} - -## Listens on a given IP address and port for remote connections. -## -## ip: The IP address to bind to. -## -## p: The TCP port to listen on. -## -## ssl: If true, Bro uses SSL to encrypt the session. -## -## ipv6: If true, enable listening on IPv6 addresses. -## -## zone_id: If *ip* is a non-global IPv6 address, a particular :rfc:`4007` -## ``zone_id`` can given here. An empty string, ``""``, means -## not to add any ``zone_id``. -## -## retry_interval: If address *ip* is found to be already in use, this is -## the interval at which to automatically retry binding. -## -## Returns: True on success. -## -## .. zeek:see:: connect disconnect -function listen%(ip: addr, p: port, ssl: bool, ipv6: bool, zone_id: string, retry_interval: interval%) : bool &deprecated - %{ - return val_mgr->GetBool(remote_serializer->Listen(ip->AsAddr(), p->Port(), ssl, ipv6, zone_id->CheckString(), retry_interval)); - %} - ## Checks whether the last raised event came from a remote peer. ## ## Returns: True if the last raised event came from a remote peer. @@ -5195,179 +4918,11 @@ function is_remote_event%(%) : bool return val_mgr->GetBool(mgr.CurrentSource() != SOURCE_LOCAL); %} -## Sends all persistent state to a remote peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## Returns: True on success. -## -## .. zeek:see:: send_id send_ping send_current_packet send_capture_filter -function send_state%(p: event_peer%) : bool - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(persistence_serializer->SendState(id, true)); - %} - -## Sends a global identifier to a remote peer, which then might install it -## locally. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## id: The identifier to send. -## -## Returns: True on success. -## -## .. zeek:see:: send_state send_ping send_current_packet send_capture_filter -function send_id%(p: event_peer, id: string%) : bool &deprecated - %{ - RemoteSerializer::PeerID pid = p->AsRecordVal()->Lookup(0)->AsCount(); - - ID* i = global_scope()->Lookup(id->CheckString()); - if ( ! i ) - { - reporter->Error("send_id: no global id %s", id->CheckString()); - return val_mgr->GetBool(0); - } - - SerialInfo info(remote_serializer); - return val_mgr->GetBool(remote_serializer->SendID(&info, pid, *i)); - %} - -## Gracefully finishes communication by first making sure that all remaining -## data from parent and child has been sent out. -## -## Returns: True if the termination process has been started successfully. -function terminate_communication%(%) : bool &deprecated - %{ - return val_mgr->GetBool(remote_serializer->Terminate()); - %} - -## Signals a remote peer that the local Bro instance finished the initial -## handshake. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## Returns: True on success. -function complete_handshake%(p: event_peer%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->CompleteHandshake(id)); - %} - -## Sends a ping event to a remote peer. In combination with an event handler -## for :zeek:id:`remote_pong`, this function can be used to measure latency -## between two peers. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## seq: A sequence number (also included by :zeek:id:`remote_pong`). -## -## Returns: True if sending the ping succeeds. -## -## .. zeek:see:: send_state send_id send_current_packet send_capture_filter -function send_ping%(p: event_peer, seq: count%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->SendPing(id, seq)); - %} - -## Sends the currently processed packet to a remote peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## Returns: True if sending the packet succeeds. -## -## .. zeek:see:: send_id send_state send_ping send_capture_filter -## dump_packet dump_current_packet get_current_packet -function send_current_packet%(p: event_peer%) : bool &deprecated - %{ - const Packet* pkt; - - if ( ! current_pktsrc || - ! current_pktsrc->GetCurrentPacket(&pkt) ) - return val_mgr->GetBool(0); - - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - - SerialInfo info(remote_serializer); - return val_mgr->GetBool(remote_serializer->SendPacket(&info, id, *pkt)); - %} - -## Returns the peer who generated the last event. -## -## Note, this function is deprecated. It works correctly only for local events and -## events received through the legacy communication system. It does *not* work for -## events received through Broker and will report an error in that case. -## -## Returns: The ID of the peer who generated the last event. -## -## .. zeek:see:: get_local_event_peer -function get_event_peer%(%) : event_peer &deprecated - %{ - SourceID src = mgr.CurrentSource(); - - if ( src == SOURCE_LOCAL ) - { - RecordVal* p = mgr.GetLocalPeerVal(); - Ref(p); - return p; - } - - if ( src == SOURCE_BROKER ) - { - reporter->Error("get_event_peer() does not support Broker events"); - RecordVal* p = mgr.GetLocalPeerVal(); - Ref(p); - return p; - } - - if ( ! remote_serializer ) - reporter->InternalError("remote_serializer not initialized"); - - Val* v = remote_serializer->GetPeerVal(src); - if ( ! v ) - { - reporter->Error("peer %d does not exist anymore", int(src)); - RecordVal* p = mgr.GetLocalPeerVal(); - Ref(p); - return p; - } - - return v; - %} - -## Returns the local peer ID. -## -## Returns: The peer ID of the local Bro instance. -## -## .. zeek:see:: get_event_peer -function get_local_event_peer%(%) : event_peer &deprecated - %{ - RecordVal* p = mgr.GetLocalPeerVal(); - Ref(p); - return p; - %} - -## Sends a capture filter to a remote peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## s: The capture filter. -## -## Returns: True if sending the packet succeeds. -## -## .. zeek:see:: send_id send_state send_ping send_current_packet -function send_capture_filter%(p: event_peer, s: string%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->SendCaptureFilter(id, s->CheckString())); - %} - ## Stops Bro's packet processing. This function is used to synchronize ## distributed trace processing with communication enabled ## (*pseudo-realtime* mode). ## -## .. zeek:see:: continue_processing suspend_state_updates resume_state_updates +## .. zeek:see:: continue_processing function suspend_processing%(%) : any %{ net_suspend_processing(); @@ -5376,33 +4931,13 @@ function suspend_processing%(%) : any ## Resumes Bro's packet processing. ## -## .. zeek:see:: suspend_processing suspend_state_updates resume_state_updates +## .. zeek:see:: suspend_processing function continue_processing%(%) : any %{ net_continue_processing(); return 0; %} -## Stops propagating :zeek:attr:`&synchronized` accesses. -## -## .. zeek:see:: suspend_processing continue_processing resume_state_updates -function suspend_state_updates%(%) : any &deprecated - %{ - if ( remote_serializer ) - remote_serializer->SuspendStateUpdates(); - return 0; - %} - -## Resumes propagating :zeek:attr:`&synchronized` accesses. -## -## .. zeek:see:: suspend_processing continue_processing suspend_state_updates -function resume_state_updates%(%) : any &deprecated - %{ - if ( remote_serializer ) - remote_serializer->ResumeStateUpdates(); - return 0; - %} - # =========================================================================== # # Internal Functions diff --git a/src/main.cc b/src/main.cc index afd3106986..6ea1a74b99 100644 --- a/src/main.cc +++ b/src/main.cc @@ -116,7 +116,6 @@ char* command_line_policy = 0; vector params; set requested_plugins; char* proc_status_file = 0; -int old_comm_usage_count = 0; OpaqueType* md5_type = 0; OpaqueType* sha1_type = 0; @@ -427,70 +426,6 @@ static void bro_new_handler() out_of_memory("new"); } -static auto old_comm_ids = std::set{ - "connect", - "disconnect", - "request_remote_events", - "request_remote_sync", - "request_remote_logs", - "set_accept_state", - "set_compression_level", - "listen", - "send_id", - "terminate_communication", - "complete_handshake", - "send_ping", - "send_current_packet", - "get_event_peer", - "send_capture_filter", - "suspend_state_updates", - "resume_state_updates", -}; - -static bool is_old_comm_usage(const ID* id) - { - auto name = id->Name(); - - if ( old_comm_ids.find(name) == old_comm_ids.end() ) - return false; - - return true; - } - -class OldCommUsageTraversalCallback : public TraversalCallback { -public: - virtual TraversalCode PreExpr(const Expr* expr) override - { - switch ( expr->Tag() ) { - case EXPR_CALL: - { - const CallExpr* call = static_cast(expr); - auto func = call->Func(); - - if ( func->Tag() == EXPR_NAME ) - { - const NameExpr* ne = static_cast(func); - auto id = ne->Id(); - - if ( is_old_comm_usage(id) ) - ++old_comm_usage_count; - } - } - break; - default: - break; - } - - return TC_CONTINUE; - } -}; - -static void find_old_comm_usages() - { - OldCommUsageTraversalCallback cb; - traverse_all(&cb); - } - int main(int argc, char** argv) { std::set_new_handler(bro_new_handler); @@ -918,23 +853,6 @@ int main(int argc, char** argv) yyparse(); is_parsing = false; - find_old_comm_usages(); - - if ( old_comm_usage_count ) - { - auto old_comm_ack_id = global_scope()->Lookup("old_comm_usage_is_ok"); - - if ( ! old_comm_ack_id->ID_Val()->AsBool() ) - reporter->FatalError("Detected old, deprecated communication " - "system usages that will not work unless " - "you explicitly take action to initizialize " - "and set up the old comm. system. " - "Set the 'old_comm_usage_is_ok' flag " - "to bypass this error if you've taken such " - "actions, but the suggested solution is to " - "port scripts to use the new Broker API."); - } - RecordVal::ResizeParseTimeRecords(); init_general_global_var(); diff --git a/src/scan.l b/src/scan.l index 4da90394e7..fd54cfab40 100644 --- a/src/scan.l +++ b/src/scan.l @@ -326,7 +326,6 @@ when return TOK_WHEN; } &synchronized { - ++old_comm_usage_count; deprecated_attr(yytext); return TOK_ATTR_SYNCHRONIZED; } diff --git a/src/strings.bif b/src/strings.bif index ef584ee7af..110dbaea9e 100644 --- a/src/strings.bif +++ b/src/strings.bif @@ -55,9 +55,9 @@ function levenshtein_distance%(s1: string, s2: string%): count ## ## Returns: The concatenation of all (string) arguments. ## -## .. zeek:see:: cat cat_sep cat_string_array cat_string_array_n +## .. zeek:see:: cat cat_sep ## fmt -## join_string_vec join_string_array +## join_string_vec function string_cat%(...%): string %{ int n = 0; @@ -112,85 +112,8 @@ int vs_to_string_array(vector& vs, TableVal* tbl, } return 1; } - -BroString* cat_string_array_n(TableVal* tbl, int start, int end) - { - vector vs; - string_array_to_vs(tbl, start, end, vs); - return concatenate(vs); - } %%} -## Concatenates all elements in an array of strings. -## -## a: The :zeek:type:`string_array` (``table[count] of string``). -## -## Returns: The concatenation of all elements in *a*. -## -## .. zeek:see:: cat cat_sep string_cat cat_string_array_n -## fmt -## join_string_vec join_string_array -function cat_string_array%(a: string_array%): string &deprecated - %{ - TableVal* tbl = a->AsTableVal(); - return new StringVal(cat_string_array_n(tbl, 1, a->AsTable()->Length())); - %} - -## Concatenates a specific range of elements in an array of strings. -## -## a: The :zeek:type:`string_array` (``table[count] of string``). -## -## start: The array index of the first element of the range. -## -## end: The array index of the last element of the range. -## -## Returns: The concatenation of the range *[start, end]* in *a*. -## -## .. zeek:see:: cat string_cat cat_string_array -## fmt -## join_string_vec join_string_array -function cat_string_array_n%(a: string_array, start: count, end: count%): string &deprecated - %{ - TableVal* tbl = a->AsTableVal(); - return new StringVal(cat_string_array_n(tbl, start, end)); - %} - -## Joins all values in the given array of strings with a separator placed -## between each element. -## -## sep: The separator to place between each element. -## -## a: The :zeek:type:`string_array` (``table[count] of string``). -## -## Returns: The concatenation of all elements in *a*, with *sep* placed -## between each element. -## -## .. zeek:see:: cat cat_sep string_cat cat_string_array cat_string_array_n -## fmt -## join_string_vec -function join_string_array%(sep: string, a: string_array%): string &deprecated - %{ - vector vs; - TableVal* tbl = a->AsTableVal(); - int n = a->AsTable()->Length(); - - for ( int i = 1; i <= n; ++i ) - { - Val* ind = val_mgr->GetCount(i); - Val* v = tbl->Lookup(ind); - if ( ! v ) - return 0; - - vs.push_back(v->AsString()); - Unref(ind); - - if ( i < n ) - vs.push_back(sep->AsString()); - } - - return new StringVal(concatenate(vs)); - %} - ## Joins all values in the given vector of strings with a separator placed ## between each element. ## @@ -201,9 +124,8 @@ function join_string_array%(sep: string, a: string_array%): string &deprecated ## Returns: The concatenation of all elements in *vec*, with *sep* placed ## between each element. ## -## .. zeek:see:: cat cat_sep string_cat cat_string_array cat_string_array_n +## .. zeek:see:: cat cat_sep string_cat ## fmt -## join_string_array function join_string_vec%(vec: string_vec, sep: string%): string %{ ODesc d; @@ -231,39 +153,6 @@ function join_string_vec%(vec: string_vec, sep: string%): string return new StringVal(s); %} -## Sorts an array of strings. -## -## a: The :zeek:type:`string_array` (``table[count] of string``). -## -## Returns: A sorted copy of *a*. -## -## .. zeek:see:: sort -function sort_string_array%(a: string_array%): string_array &deprecated - %{ - TableVal* tbl = a->AsTableVal(); - int n = a->AsTable()->Length(); - - vector vs; - string_array_to_vs(tbl, 1, n, vs); - - unsigned int i, j; - for ( i = 0; i < vs.size(); ++i ) - { - const BroString* x = vs[i]; - for ( j = i; j > 0; --j ) - if ( Bstr_cmp(vs[j-1], x) <= 0 ) - break; - else - vs[j] = vs[j-1]; - vs[j] = x; - } - // sort(vs.begin(), vs.end(), Bstr_cmp); - - TableVal* b = new TableVal(string_array); - vs_to_string_array(vs, b, 1, n); - return b; - %} - ## Returns an edited version of a string that applies a special ## "backspace character" (usually ``\x08`` for backspace or ``\x7f`` for DEL). ## For example, ``edit("hello there", "e")`` returns ``"llo t"``. @@ -549,26 +438,6 @@ Val* do_sub(StringVal* str_val, RE_Matcher* re, StringVal* repl, int do_all) } %%} -## Splits a string into an array of strings according to a pattern. -## -## str: The string to split. -## -## re: The pattern describing the element separator in *str*. -## -## Returns: An array of strings where each element corresponds to a substring -## in *str* separated by *re*. -## -## .. zeek:see:: split1 split_all split_n str_split split_string1 split_string_all split_string_n str_split -## -## .. note:: The returned table starts at index 1. Note that conceptually the -## return value is meant to be a vector and this might change in the -## future. -## -function split%(str: string, re: pattern%): string_array &deprecated - %{ - return do_split(str, re, 0, 0); - %} - ## Splits a string into an array of strings according to a pattern. ## ## str: The string to split. @@ -585,26 +454,6 @@ function split_string%(str: string, re: pattern%): string_vec return do_split_string(str, re, 0, 0); %} -## Splits a string *once* into a two-element array of strings according to a -## pattern. This function is the same as :zeek:id:`split`, but *str* is only -## split once (if possible) at the earliest position and an array of two strings -## is returned. -## -## str: The string to split. -## -## re: The pattern describing the separator to split *str* in two pieces. -## -## Returns: An array of strings with two elements in which the first represents -## the substring in *str* up to the first occurence of *re*, and the -## second everything after *re*. An array of one string is returned -## when *s* cannot be split. -## -## .. zeek:see:: split split_all split_n str_split split_string split_string_all split_string_n str_split -function split1%(str: string, re: pattern%): string_array &deprecated - %{ - return do_split(str, re, 0, 1); - %} - ## Splits a string *once* into a two-element array of strings according to a ## pattern. This function is the same as :zeek:id:`split_string`, but *str* is ## only split once (if possible) at the earliest position and an array of two @@ -625,26 +474,6 @@ function split_string1%(str: string, re: pattern%): string_vec return do_split_string(str, re, 0, 1); %} -## Splits a string into an array of strings according to a pattern. This -## function is the same as :zeek:id:`split`, except that the separators are -## returned as well. For example, ``split_all("a-b--cd", /(\-)+/)`` returns -## ``{"a", "-", "b", "--", "cd"}``: odd-indexed elements do not match the -## pattern and even-indexed ones do. -## -## str: The string to split. -## -## re: The pattern describing the element separator in *str*. -## -## Returns: An array of strings where each two successive elements correspond -## to a substring in *str* of the part not matching *re* (odd-indexed) -## and the part that matches *re* (even-indexed). -## -## .. zeek:see:: split split1 split_n str_split split_string split_string1 split_string_n str_split -function split_all%(str: string, re: pattern%): string_array &deprecated - %{ - return do_split(str, re, 1, 0); - %} - ## Splits a string into an array of strings according to a pattern. This ## function is the same as :zeek:id:`split_string`, except that the separators ## are returned as well. For example, ``split_string_all("a-b--cd", /(\-)+/)`` @@ -665,32 +494,6 @@ function split_string_all%(str: string, re: pattern%): string_vec return do_split_string(str, re, 1, 0); %} -## Splits a string a given number of times into an array of strings according -## to a pattern. This function is similar to :zeek:id:`split1` and -## :zeek:id:`split_all`, but with customizable behavior with respect to -## including separators in the result and the number of times to split. -## -## str: The string to split. -## -## re: The pattern describing the element separator in *str*. -## -## incl_sep: A flag indicating whether to include the separator matches in the -## result (as in :zeek:id:`split_all`). -## -## max_num_sep: The number of times to split *str*. -## -## Returns: An array of strings where, if *incl_sep* is true, each two -## successive elements correspond to a substring in *str* of the part -## not matching *re* (odd-indexed) and the part that matches *re* -## (even-indexed). -## -## .. zeek:see:: split split1 split_all str_split split_string split_string1 split_string_all str_split -function split_n%(str: string, re: pattern, - incl_sep: bool, max_num_sep: count%): string_array &deprecated - %{ - return do_split(str, re, incl_sep, max_num_sep); - %} - ## Splits a string a given number of times into an array of strings according ## to a pattern. This function is similar to :zeek:id:`split_string1` and ## :zeek:id:`split_string_all`, but with customizable behavior with respect to @@ -1022,7 +825,7 @@ function str_smith_waterman%(s1: string, s2: string, params: sw_params%) : sw_su ## ## Returns: A vector of strings. ## -## .. zeek:see:: split split1 split_all split_n +## .. zeek:see:: split_string split_string1 split_string_all split_string_n function str_split%(s: string, idx: index_vec%): string_vec %{ vector* idx_v = idx->AsVector(); diff --git a/testing/btest/Baseline/bifs.cat_string_array/out b/testing/btest/Baseline/bifs.cat_string_array/out deleted file mode 100644 index 963f826db9..0000000000 --- a/testing/btest/Baseline/bifs.cat_string_array/out +++ /dev/null @@ -1,3 +0,0 @@ -isatest -thisisatest -isa diff --git a/testing/btest/Baseline/bifs.decode_base64/out b/testing/btest/Baseline/bifs.decode_base64/out index aa265d2148..bb04766fd8 100644 --- a/testing/btest/Baseline/bifs.decode_base64/out +++ b/testing/btest/Baseline/bifs.decode_base64/out @@ -6,9 +6,3 @@ bro bro bro bro -bro -bro -bro -bro -bro -bro diff --git a/testing/btest/Baseline/bifs.encode_base64/out b/testing/btest/Baseline/bifs.encode_base64/out index 3008115853..cacea20cca 100644 --- a/testing/btest/Baseline/bifs.encode_base64/out +++ b/testing/btest/Baseline/bifs.encode_base64/out @@ -2,9 +2,6 @@ YnJv YnJv YnJv }n-v -YnJv -YnJv -}n-v cGFkZGluZw== cGFkZGluZzE= cGFkZGluZzEy diff --git a/testing/btest/Baseline/bifs.join_string/out b/testing/btest/Baseline/bifs.join_string/out index e916fc304a..dbfa4c1e52 100644 --- a/testing/btest/Baseline/bifs.join_string/out +++ b/testing/btest/Baseline/bifs.join_string/out @@ -1,6 +1,3 @@ -this * is * a * test -thisisatest -mytest this__is__another__test thisisanothertest Test diff --git a/testing/btest/Baseline/bifs.merge_pattern/out b/testing/btest/Baseline/bifs.merge_pattern/out deleted file mode 100644 index fe8ebc3c01..0000000000 --- a/testing/btest/Baseline/bifs.merge_pattern/out +++ /dev/null @@ -1,2 +0,0 @@ -match -match diff --git a/testing/btest/Baseline/bifs.sort_string_array/out b/testing/btest/Baseline/bifs.sort_string_array/out deleted file mode 100644 index 533844768d..0000000000 --- a/testing/btest/Baseline/bifs.sort_string_array/out +++ /dev/null @@ -1,4 +0,0 @@ -a -is -test -this diff --git a/testing/btest/Baseline/bifs.split/out b/testing/btest/Baseline/bifs.split/out deleted file mode 100644 index 0ec2541f3d..0000000000 --- a/testing/btest/Baseline/bifs.split/out +++ /dev/null @@ -1,32 +0,0 @@ -t -s is a t -t ---------------------- -t -s is a test ---------------------- -t -hi -s is a t -es -t ---------------------- -t -s is a test ---------------------- -t -hi -s is a test ---------------------- -[, thi, s i, s a tes, t] ---------------------- -X-Mailer -Testing Test (http://www.example.com) ---------------------- -A -= - B -= - C -= - D diff --git a/testing/btest/Baseline/core.old_comm_usage/out b/testing/btest/Baseline/core.old_comm_usage/out deleted file mode 100644 index cf4820d82e..0000000000 --- a/testing/btest/Baseline/core.old_comm_usage/out +++ /dev/null @@ -1,2 +0,0 @@ -warning in /Users/jon/projects/bro/bro/testing/btest/.tmp/core.old_comm_usage/old_comm_usage.zeek, line 6: deprecated (terminate_communication) -fatal error: Detected old, deprecated communication system usages that will not work unless you explicitly take action to initizialize and set up the old comm. system. Set the 'old_comm_usage_is_ok' flag to bypass this error if you've taken such actions, but the suggested solution is to port scripts to use the new Broker API. diff --git a/testing/btest/Baseline/coverage.bare-mode-errors/errors b/testing/btest/Baseline/coverage.bare-mode-errors/errors index 6595a63eb3..72de702972 100644 --- a/testing/btest/Baseline/coverage.bare-mode-errors/errors +++ b/testing/btest/Baseline/coverage.bare-mode-errors/errors @@ -1,18 +1,2 @@ -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 245: deprecated (dhcp_discover) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 248: deprecated (dhcp_offer) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 251: deprecated (dhcp_request) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 254: deprecated (dhcp_decline) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 257: deprecated (dhcp_ack) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 260: deprecated (dhcp_nak) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 263: deprecated (dhcp_release) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 266: deprecated (dhcp_inform) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from /Users/jon/projects/bro/bro/testing/btest/../../scripts//zeexygen/__load__.zeek:10 "Use '@load base/protocols/smb' instead" -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 245: deprecated (dhcp_discover) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 248: deprecated (dhcp_offer) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 251: deprecated (dhcp_request) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 254: deprecated (dhcp_decline) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 257: deprecated (dhcp_ack) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 260: deprecated (dhcp_nak) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 263: deprecated (dhcp_release) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 266: deprecated (dhcp_inform) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from command line arguments "Use '@load base/protocols/smb' instead" +warning in /Users/johanna/bro/master/scripts/policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from /Users/johanna/bro/master/testing/btest/../../scripts//zeexygen/__load__.zeek:9 "Use '@load base/protocols/smb' instead" +warning in /Users/johanna/bro/master/testing/btest/../../scripts//policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from command line arguments "Use '@load base/protocols/smb' instead" diff --git a/testing/btest/bifs/cat_string_array.zeek b/testing/btest/bifs/cat_string_array.zeek deleted file mode 100644 index f9aa3f266d..0000000000 --- a/testing/btest/bifs/cat_string_array.zeek +++ /dev/null @@ -1,14 +0,0 @@ -# -# @TEST-EXEC: bro -b %INPUT >out -# @TEST-EXEC: btest-diff out - -event zeek_init() - { - local a: string_array = { - [0] = "this", [1] = "is", [2] = "a", [3] = "test" - }; - - print cat_string_array(a); - print cat_string_array_n(a, 0, |a|-1); - print cat_string_array_n(a, 1, 2); - } diff --git a/testing/btest/bifs/checkpoint_state.zeek b/testing/btest/bifs/checkpoint_state.zeek deleted file mode 100644 index e9eeeccb75..0000000000 --- a/testing/btest/bifs/checkpoint_state.zeek +++ /dev/null @@ -1,10 +0,0 @@ -# -# @TEST-EXEC: bro -b %INPUT -# @TEST-EXEC: test -f .state/state.bst - -event zeek_init() - { - local a = checkpoint_state(); - if ( a != T ) - exit(1); - } diff --git a/testing/btest/bifs/decode_base64.zeek b/testing/btest/bifs/decode_base64.zeek index 2d552a2523..ee3e5bd066 100644 --- a/testing/btest/bifs/decode_base64.zeek +++ b/testing/btest/bifs/decode_base64.zeek @@ -9,14 +9,8 @@ print decode_base64("YnJv"); print decode_base64("YnJv", default_alphabet); print decode_base64("YnJv", ""); # should use default alpabet print decode_base64("}n-v", my_alphabet); -print decode_base64_custom("YnJv", default_alphabet); -print decode_base64_custom("YnJv", ""); # should use default alpabet -print decode_base64_custom("}n-v", my_alphabet); print decode_base64("YnJv"); print decode_base64("YnJv", default_alphabet); print decode_base64("YnJv", ""); # should use default alpabet print decode_base64("}n-v", my_alphabet); -print decode_base64_custom("YnJv", default_alphabet); -print decode_base64_custom("YnJv", ""); # should use default alpabet -print decode_base64_custom("}n-v", my_alphabet); diff --git a/testing/btest/bifs/encode_base64.zeek b/testing/btest/bifs/encode_base64.zeek index bbad715ecc..32d0c57e3c 100644 --- a/testing/btest/bifs/encode_base64.zeek +++ b/testing/btest/bifs/encode_base64.zeek @@ -10,10 +10,6 @@ print encode_base64("bro", default_alphabet); print encode_base64("bro", ""); # should use default alpabet print encode_base64("bro", my_alphabet); -print encode_base64_custom("bro", default_alphabet); -print encode_base64_custom("bro", ""); # should use default alpabet -print encode_base64_custom("bro", my_alphabet); - print encode_base64("padding"); print encode_base64("padding1"); print encode_base64("padding12"); diff --git a/testing/btest/bifs/join_string.zeek b/testing/btest/bifs/join_string.zeek index 1ea1afa5c2..c0d30d58f4 100644 --- a/testing/btest/bifs/join_string.zeek +++ b/testing/btest/bifs/join_string.zeek @@ -4,8 +4,8 @@ event zeek_init() { - local a: string_array = { - [1] = "this", [2] = "is", [3] = "a", [4] = "test" + local a: string_array = { + [1] = "this", [2] = "is", [3] = "a", [4] = "test" }; local b: string_array = { [1] = "mytest" }; local c: string_vec = vector( "this", "is", "another", "test" ); @@ -14,10 +14,6 @@ event zeek_init() e[3] = "hi"; e[5] = "there"; - print join_string_array(" * ", a); - print join_string_array("", a); - print join_string_array("x", b); - print join_string_vec(c, "__"); print join_string_vec(c, ""); print join_string_vec(d, "-"); diff --git a/testing/btest/bifs/merge_pattern.zeek b/testing/btest/bifs/merge_pattern.zeek deleted file mode 100644 index 2d99137b56..0000000000 --- a/testing/btest/bifs/merge_pattern.zeek +++ /dev/null @@ -1,17 +0,0 @@ -# -# @TEST-EXEC: bro -b %INPUT >out -# @TEST-EXEC: btest-diff out - -event zeek_init() - { - local a = /foo/; - local b = /b[a-z]+/; - local c = merge_pattern(a, b); - - if ( "bar" == c ) - print "match"; - - if ( "foo" == c ) - print "match"; - - } diff --git a/testing/btest/bifs/sort_string_array.zeek b/testing/btest/bifs/sort_string_array.zeek deleted file mode 100644 index 3d3949d89b..0000000000 --- a/testing/btest/bifs/sort_string_array.zeek +++ /dev/null @@ -1,17 +0,0 @@ -# -# @TEST-EXEC: bro -b %INPUT >out -# @TEST-EXEC: btest-diff out - -event zeek_init() - { - local a: string_array = { - [1] = "this", [2] = "is", [3] = "a", [4] = "test" - }; - - local b = sort_string_array(a); - - print b[1]; - print b[2]; - print b[3]; - print b[4]; - } diff --git a/testing/btest/bifs/split.zeek b/testing/btest/bifs/split.zeek deleted file mode 100644 index 2485c3af1f..0000000000 --- a/testing/btest/bifs/split.zeek +++ /dev/null @@ -1,58 +0,0 @@ -# -# @TEST-EXEC: bro -b %INPUT >out -# @TEST-EXEC: btest-diff out - -event zeek_init() - { - local a = "this is a test"; - local pat = /hi|es/; - local idx = vector( 3, 6, 13); - - local b = split(a, pat); - local c = split1(a, pat); - local d = split_all(a, pat); - local e1 = split_n(a, pat, F, 1); - local e2 = split_n(a, pat, T, 1); - - print b[1]; - print b[2]; - print b[3]; - print "---------------------"; - print c[1]; - print c[2]; - print "---------------------"; - print d[1]; - print d[2]; - print d[3]; - print d[4]; - print d[5]; - print "---------------------"; - print e1[1]; - print e1[2]; - print "---------------------"; - print e2[1]; - print e2[2]; - print e2[3]; - print "---------------------"; - print str_split(a, idx); - print "---------------------"; - - a = "X-Mailer: Testing Test (http://www.example.com)"; - pat = /:[[:blank:]]*/; - local f = split1(a, pat); - - print f[1]; - print f[2]; - print "---------------------"; - - a = "A = B = C = D"; - pat = /=/; - local g = split_all(a, pat); - print g[1]; - print g[2]; - print g[3]; - print g[4]; - print g[5]; - print g[6]; - print g[7]; - } diff --git a/testing/btest/core/old_comm_usage.zeek b/testing/btest/core/old_comm_usage.zeek deleted file mode 100644 index 8f4e3854aa..0000000000 --- a/testing/btest/core/old_comm_usage.zeek +++ /dev/null @@ -1,7 +0,0 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 -# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out - -event zeek_init() - { - terminate_communication(); - } diff --git a/testing/btest/doc/zeexygen/comment_retrieval_bifs.zeek b/testing/btest/doc/zeexygen/comment_retrieval_bifs.zeek index f3c1be6b14..70130cd0f9 100644 --- a/testing/btest/doc/zeexygen/comment_retrieval_bifs.zeek +++ b/testing/btest/doc/zeexygen/comment_retrieval_bifs.zeek @@ -17,11 +17,7 @@ global print_lines: function(lines: string, prefix: string &default=""); ## And some more comments on the function implementation. function print_lines(lines: string, prefix: string) { - local v: vector of string; - local line_table = split(lines, /\n/); - - for ( i in line_table ) - v[i] = line_table[i]; + local v = split_string(lines, /\n/); for ( i in v ) print fmt("%s%s", prefix, v[i]); From 61c84a0a406520796dcc0a809a4e02c781641f84 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Thu, 2 May 2019 13:02:38 -0700 Subject: [PATCH 059/247] Remove synchrnized and persistent attributes. Code that was used by them is still there. --- src/Attr.cc | 2 -- src/Attr.h | 2 -- src/ID.cc | 33 --------------------------------- src/RemoteSerializer.cc | 3 ++- src/StateAccess.cc | 12 ------------ src/Val.h | 7 ++----- src/Var.cc | 20 -------------------- src/parse.y | 5 ----- src/scan.l | 10 ---------- 9 files changed, 4 insertions(+), 90 deletions(-) diff --git a/src/Attr.cc b/src/Attr.cc index d3a347e8d1..3473adcaf3 100644 --- a/src/Attr.cc +++ b/src/Attr.cc @@ -438,8 +438,6 @@ void Attributes::CheckAttr(Attr* a) } break; - case ATTR_PERSISTENT: - case ATTR_SYNCHRONIZED: case ATTR_TRACKED: // FIXME: Check here for global ID? break; diff --git a/src/Attr.h b/src/Attr.h index bfb7c4803c..4a1110bc04 100644 --- a/src/Attr.h +++ b/src/Attr.h @@ -23,8 +23,6 @@ typedef enum { ATTR_EXPIRE_READ, ATTR_EXPIRE_WRITE, ATTR_EXPIRE_CREATE, - ATTR_PERSISTENT, - ATTR_SYNCHRONIZED, ATTR_ENCRYPT, ATTR_RAW_OUTPUT, ATTR_MERGEABLE, diff --git a/src/ID.cc b/src/ID.cc index 0ae1656533..806a7040bc 100644 --- a/src/ID.cc +++ b/src/ID.cc @@ -78,12 +78,6 @@ void ID::SetVal(Val* v, Opcode op, bool arg_weak_ref) MutableVal::Properties props = 0; - if ( attrs && attrs->FindAttr(ATTR_SYNCHRONIZED) ) - props |= MutableVal::SYNCHRONIZED; - - if ( attrs && attrs->FindAttr(ATTR_PERSISTENT) ) - props |= MutableVal::PERSISTENT; - if ( attrs && attrs->FindAttr(ATTR_TRACKED) ) props |= MutableVal::TRACKED; @@ -198,27 +192,12 @@ void ID::UpdateValAttrs() if ( val && val->IsMutableVal() ) { - if ( attrs->FindAttr(ATTR_SYNCHRONIZED) ) - props |= MutableVal::SYNCHRONIZED; - - if ( attrs->FindAttr(ATTR_PERSISTENT) ) - props |= MutableVal::PERSISTENT; - if ( attrs->FindAttr(ATTR_TRACKED) ) props |= MutableVal::TRACKED; val->AsMutableVal()->AddProperties(props); } - if ( ! IsInternalGlobal() ) - { - if ( attrs->FindAttr(ATTR_SYNCHRONIZED) ) - remote_serializer->Register(this); - - if ( attrs->FindAttr(ATTR_PERSISTENT) ) - persistence_serializer->Register(this); - } - if ( val && val->Type()->Tag() == TYPE_TABLE ) val->AsTableVal()->SetAttrs(attrs); @@ -281,12 +260,6 @@ void ID::RemoveAttr(attr_tag a) { MutableVal::Properties props = 0; - if ( a == ATTR_SYNCHRONIZED ) - props |= MutableVal::SYNCHRONIZED; - - if ( a == ATTR_PERSISTENT ) - props |= MutableVal::PERSISTENT; - if ( a == ATTR_TRACKED ) props |= MutableVal::TRACKED; @@ -473,12 +446,6 @@ ID* ID::Unserialize(UnserialInfo* info) } } - if ( id->FindAttr(ATTR_PERSISTENT) ) - persistence_serializer->Register(id); - - if ( id->FindAttr(ATTR_SYNCHRONIZED) ) - remote_serializer->Register(id); - return id; } diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc index 3abd8e6423..152a8b4e34 100644 --- a/src/RemoteSerializer.cc +++ b/src/RemoteSerializer.cc @@ -2946,7 +2946,8 @@ void RemoteSerializer::GotID(ID* id, Val* val) assert(global_scope()->Lookup(id->Name())); // Only synchronized values can arrive here. - assert(((MutableVal*) val)->GetProperties() & MutableVal::SYNCHRONIZED); + // FIXME: Johanna, rip me out. + // assert(((MutableVal*) val)->GetProperties() & MutableVal::SYNCHRONIZED); DBG_LOG(DBG_COMM, "got ID %s from peer\n", id->Name()); } diff --git a/src/StateAccess.cc b/src/StateAccess.cc index 72ed9ef236..bbf5b3a9ec 100644 --- a/src/StateAccess.cc +++ b/src/StateAccess.cc @@ -876,23 +876,11 @@ void StateAccess::Log(StateAccess* access) if ( access->target_type == TYPE_ID ) { - if ( access->target.id->FindAttr(ATTR_SYNCHRONIZED) ) - synchronized = true; - - if ( access->target.id->FindAttr(ATTR_PERSISTENT) ) - persistent = true; - if ( access->target.id->FindAttr(ATTR_TRACKED) ) tracked = true; } else { - if ( access->target.val->GetProperties() & MutableVal::SYNCHRONIZED ) - synchronized = true; - - if ( access->target.val->GetProperties() & MutableVal::PERSISTENT ) - persistent = true; - if ( access->target.val->GetProperties() & MutableVal::TRACKED ) tracked = true; } diff --git a/src/Val.h b/src/Val.h index 63e790848d..2d915bcc6f 100644 --- a/src/Val.h +++ b/src/Val.h @@ -524,9 +524,6 @@ public: // values. (In any case, don't forget to call the parent's method.) typedef char Properties; - static const int PERSISTENT = 0x01; - static const int SYNCHRONIZED = 0x02; - // Tracked by NotifierRegistry, not recursive. static const int TRACKED = 0x04; @@ -540,10 +537,10 @@ public: bool LoggingAccess() const { #ifndef DEBUG - return props & (SYNCHRONIZED|PERSISTENT|TRACKED); + return props & TRACKED; #else return debug_logger.IsVerbose() || - (props & (SYNCHRONIZED|PERSISTENT|TRACKED)); + (props & TRACKED); #endif } diff --git a/src/Var.cc b/src/Var.cc index fb27b7261f..98651bf900 100644 --- a/src/Var.cc +++ b/src/Var.cc @@ -142,26 +142,6 @@ static void make_var(ID* id, BroType* t, init_class c, Expr* init, } } - if ( id->FindAttr(ATTR_PERSISTENT) || id->FindAttr(ATTR_SYNCHRONIZED) ) - { - if ( dt == VAR_CONST ) - { - id->Error("&persistent/synchronized with constant"); - return; - } - else if ( dt == VAR_OPTION ) - { - id->Error("&persistent/synchronized with option"); - return; - } - - if ( ! id->IsGlobal() ) - { - id->Error("&persistant/synchronized with non-global"); - return; - } - } - if ( do_init ) { if ( c == INIT_NONE && dt == VAR_REDEF && t->IsTable() && diff --git a/src/parse.y b/src/parse.y index 0e363eb321..fb99f14e87 100644 --- a/src/parse.y +++ b/src/parse.y @@ -25,7 +25,6 @@ %token TOK_ATTR_OPTIONAL TOK_ATTR_REDEF TOK_ATTR_ROTATE_INTERVAL %token TOK_ATTR_ROTATE_SIZE TOK_ATTR_DEL_FUNC TOK_ATTR_EXPIRE_FUNC %token TOK_ATTR_EXPIRE_CREATE TOK_ATTR_EXPIRE_READ TOK_ATTR_EXPIRE_WRITE -%token TOK_ATTR_PERSISTENT TOK_ATTR_SYNCHRONIZED %token TOK_ATTR_RAW_OUTPUT TOK_ATTR_MERGEABLE %token TOK_ATTR_PRIORITY TOK_ATTR_LOG TOK_ATTR_ERROR_HANDLER %token TOK_ATTR_TYPE_COLUMN TOK_ATTR_DEPRECATED @@ -1308,10 +1307,6 @@ attr: { $$ = new Attr(ATTR_EXPIRE_READ, $3); } | TOK_ATTR_EXPIRE_WRITE '=' expr { $$ = new Attr(ATTR_EXPIRE_WRITE, $3); } - | TOK_ATTR_PERSISTENT - { $$ = new Attr(ATTR_PERSISTENT); } - | TOK_ATTR_SYNCHRONIZED - { $$ = new Attr(ATTR_SYNCHRONIZED); } | TOK_ATTR_ENCRYPT { $$ = new Attr(ATTR_ENCRYPT); } | TOK_ATTR_ENCRYPT '=' expr diff --git a/src/scan.l b/src/scan.l index fd54cfab40..40ca523daf 100644 --- a/src/scan.l +++ b/src/scan.l @@ -310,11 +310,6 @@ when return TOK_WHEN; return TOK_ATTR_MERGEABLE; } -&persistent { - deprecated_attr(yytext); - return TOK_ATTR_PERSISTENT; - } - &rotate_interval { deprecated_attr(yytext); return TOK_ATTR_ROTATE_INTERVAL; @@ -325,11 +320,6 @@ when return TOK_WHEN; return TOK_ATTR_ROTATE_SIZE; } -&synchronized { - deprecated_attr(yytext); - return TOK_ATTR_SYNCHRONIZED; - } - @deprecated.* { auto num_files = file_stack.length(); auto comment = skip_whitespace(yytext + 11); From ca1b1dd6bb32bee9cb883330855aa3f8b2d75ab5 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Thu, 2 May 2019 13:45:36 -0700 Subject: [PATCH 060/247] Remove PersistenceSerializer. --- src/Attr.cc | 1 - src/CMakeLists.txt | 1 - src/Conn.cc | 8 +- src/Conn.h | 12 +- src/ID.cc | 9 - src/PersistenceSerializer.cc | 577 ----------------------------------- src/PersistenceSerializer.h | 165 ---------- src/RemoteSerializer.h | 1 - src/Serializer.cc | 2 - src/Sessions.cc | 5 - src/StateAccess.cc | 23 +- src/Timer.cc | 1 - src/Timer.h | 1 - src/main.cc | 27 -- src/parse.y | 2 +- 15 files changed, 5 insertions(+), 830 deletions(-) delete mode 100644 src/PersistenceSerializer.cc delete mode 100644 src/PersistenceSerializer.h diff --git a/src/Attr.cc b/src/Attr.cc index 3473adcaf3..1f555dab23 100644 --- a/src/Attr.cc +++ b/src/Attr.cc @@ -14,7 +14,6 @@ const char* attr_name(attr_tag t) "&rotate_interval", "&rotate_size", "&add_func", "&delete_func", "&expire_func", "&read_expire", "&write_expire", "&create_expire", - "&persistent", "&synchronized", "&encrypt", "&raw_output", "&mergeable", "&priority", "&group", "&log", "&error_handler", "&type_column", diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 94aca30eb9..dcf787043e 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -287,7 +287,6 @@ set(bro_SRCS OpaqueVal.cc OSFinger.cc PacketFilter.cc - PersistenceSerializer.cc Pipe.cc PolicyFile.cc PrefixTable.cc diff --git a/src/Conn.cc b/src/Conn.cc index 83ad6c08f6..d607550e8a 100644 --- a/src/Conn.cc +++ b/src/Conn.cc @@ -151,7 +151,6 @@ Connection::Connection(NetSessions* s, HashKey* k, double t, const ConnID* id, is_active = 1; skip = 0; weird = 0; - persistent = 0; suppress_event = 0; @@ -951,15 +950,11 @@ bool Connection::DoSerialize(SerialInfo* info) const SERIALIZE_BIT(weird) && SERIALIZE_BIT(finished) && SERIALIZE_BIT(record_packets) && - SERIALIZE_BIT(record_contents) && - SERIALIZE_BIT(persistent); + SERIALIZE_BIT(record_contents); } bool Connection::DoUnserialize(UnserialInfo* info) { - // Make sure this is initialized for the condition in Unserialize(). - persistent = 0; - DO_UNSERIALIZE(BroObj); // Build the hash key first. Some of the recursive *::Unserialize() @@ -1022,7 +1017,6 @@ bool Connection::DoUnserialize(UnserialInfo* info) UNSERIALIZE_BIT(finished); UNSERIALIZE_BIT(record_packets); UNSERIALIZE_BIT(record_contents); - UNSERIALIZE_BIT(persistent); // Hmm... Why does each connection store a sessions ptr? sessions = ::sessions; diff --git a/src/Conn.h b/src/Conn.h index fc1baf4b07..fb7f5be0b4 100644 --- a/src/Conn.h +++ b/src/Conn.h @@ -12,7 +12,6 @@ #include "Val.h" #include "Timer.h" #include "Serializer.h" -#include "PersistenceSerializer.h" #include "RuleMatcher.h" #include "IPAddr.h" #include "TunnelEncapsulation.h" @@ -228,14 +227,6 @@ public: return 1; } - void MakePersistent() - { - persistent = 1; - persistence_serializer->Register(this); - } - - bool IsPersistent() { return persistent; } - void Describe(ODesc* d) const override; void IDString(ODesc* d) const; @@ -315,7 +306,7 @@ public: protected: - Connection() { persistent = 0; } + Connection() { } // Add the given timer to expire at time t. If do_expire // is true, then the timer is also evaluated when Bro terminates, @@ -361,7 +352,6 @@ protected: unsigned int weird:1; unsigned int finished:1; unsigned int record_packets:1, record_contents:1; - unsigned int persistent:1; unsigned int record_current_packet:1, record_current_content:1; unsigned int saw_first_orig_packet:1, saw_first_resp_packet:1; diff --git a/src/ID.cc b/src/ID.cc index 806a7040bc..8b8db85faa 100644 --- a/src/ID.cc +++ b/src/ID.cc @@ -11,7 +11,6 @@ #include "File.h" #include "Serializer.h" #include "RemoteSerializer.h" -#include "PersistenceSerializer.h" #include "Scope.h" #include "Traverse.h" #include "zeexygen/Manager.h" @@ -310,9 +309,6 @@ void ID::CopyFrom(const ID* id) offset = id->offset ; infer_return_type = id->infer_return_type; - if ( FindAttr(ATTR_PERSISTENT) ) - persistence_serializer->Unregister(this); - if ( id->type ) Ref(id->type); if ( id->val && ! id->weak_ref ) @@ -333,10 +329,6 @@ void ID::CopyFrom(const ID* id) #ifdef DEBUG UpdateValID(); #endif - - if ( FindAttr(ATTR_PERSISTENT) ) - persistence_serializer->Unregister(this); - } #endif ID* ID::Unserialize(UnserialInfo* info) @@ -371,7 +363,6 @@ ID* ID::Unserialize(UnserialInfo* info) { if ( info->id_policy != UnserialInfo::InstantiateNew ) { - persistence_serializer->Unregister(current); remote_serializer->Unregister(current); } diff --git a/src/PersistenceSerializer.cc b/src/PersistenceSerializer.cc deleted file mode 100644 index 6f4082314f..0000000000 --- a/src/PersistenceSerializer.cc +++ /dev/null @@ -1,577 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include -#include - -#include "PersistenceSerializer.h" -#include "RemoteSerializer.h" -#include "Conn.h" -#include "Event.h" -#include "Reporter.h" -#include "Net.h" - -static void persistence_serializer_delete_func(void* val) - { - time_t* t = reinterpret_cast(val); - free(t); - } - -class IncrementalWriteTimer : public Timer { -public: - IncrementalWriteTimer(double t, PersistenceSerializer::SerialStatus* s) - : Timer(t, TIMER_INCREMENTAL_WRITE), status(s) {} - - void Dispatch(double t, int is_expire); - - PersistenceSerializer::SerialStatus* status; -}; - -void IncrementalWriteTimer::Dispatch(double t, int is_expire) - { - // Never suspend when we're finishing up. - if ( terminating ) - status->info.may_suspend = false; - - persistence_serializer->RunSerialization(status); - } - -PersistenceSerializer::PersistenceSerializer() - { - dir = 0; - files.SetDeleteFunc(persistence_serializer_delete_func); - } - -PersistenceSerializer::~PersistenceSerializer() - { - } - -void PersistenceSerializer::Register(ID* id) - { - if ( id->Type()->Tag() == TYPE_FUNC ) - { - Error("can't register functions as persistent ID"); - return; - } - - DBG_LOG(DBG_STATE, "&persistent %s", id->Name()); - - HashKey key(id->Name()); - if ( persistent_ids.Lookup(&key) ) - return; - - Ref(id); - persistent_ids.Insert(&key, id); - } - -void PersistenceSerializer::Unregister(ID* id) - { - HashKey key(id->Name()); - Unref((ID*) persistent_ids.Remove(&key)); - } - -void PersistenceSerializer::Register(Connection* conn) - { - if ( persistent_conns.Lookup(conn->Key()) ) - return; - - Ref(conn); - HashKey* k = conn->Key(); - HashKey* new_key = new HashKey(k->Key(), k->Size(), k->Hash()); - persistent_conns.Insert(new_key, conn); - delete new_key; - } - -void PersistenceSerializer::Unregister(Connection* conn) - { - Unref(persistent_conns.RemoveEntry(conn->Key())); - } - -bool PersistenceSerializer::CheckTimestamp(const char* file) - { - struct stat s; - if ( stat(file, &s) < 0 ) - return false; - - if ( ! S_ISREG(s.st_mode) ) - return false; - - bool changed = true; - - HashKey* key = new HashKey(file, strlen(file)); - time_t* t = files.Lookup(key); - - if ( ! t ) - { - t = (time_t*) malloc(sizeof(time_t)); - if ( ! t ) - out_of_memory("saving file timestamp"); - files.Insert(key, t); - } - - else if ( *t >= s.st_mtime ) - changed = false; - - *t = s.st_mtime; - - delete key; - return changed; - } - -bool PersistenceSerializer::CheckForFile(UnserialInfo* info, const char* file, - bool delete_file) - { - bool ret = true; - if ( CheckTimestamp(file) ) - { - // Need to copy the filename here, as it may be passed - // in via fmt(). - const char* f = copy_string(file); - - bool ret = Read(info, f); - - if ( delete_file && unlink(f) < 0 ) - Error(fmt("can't delete file %s: %s", f, strerror(errno))); - - delete [] f; - } - - return ret; - } - -bool PersistenceSerializer::ReadAll(bool is_init, bool delete_files) - { -#ifdef USE_PERFTOOLS_DEBUG - HeapLeakChecker::Disabler disabler; -#endif - - assert(dir); - - UnserialInfo config_info(this); - config_info.id_policy = is_init ? - UnserialInfo::Replace : UnserialInfo::CopyCurrentToNew; - - if ( ! CheckForFile(&config_info, fmt("%s/config.bst", dir), - delete_files) ) - return false; - - UnserialInfo state_info(this); - state_info.id_policy = UnserialInfo::CopyNewToCurrent; - if ( ! CheckForFile(&state_info, fmt("%s/state.bst", dir), - delete_files) ) - return false; - - return true; - } - -bool PersistenceSerializer::MoveFileUp(const char* dir, const char* file) - { - char oldname[PATH_MAX]; - char newname[PATH_MAX]; - - safe_snprintf(oldname, PATH_MAX, "%s/.tmp/%s", dir, file ); - safe_snprintf(newname, PATH_MAX, "%s/%s", dir, file ); - - if ( rename(oldname, newname) < 0 ) - { - Error(fmt("can't move %s to %s: %s", oldname, newname, - strerror(errno))); - return false; - } - - CheckTimestamp(newname); - return true; - } - -#if 0 -void PersistenceSerializer::RaiseFinishedSendState() - { - val_list* vl = new val_list; - vl->append(new AddrVal(htonl(remote_host))); - vl->append(val_mgr->GetPort(remote_port)); - - mgr.QueueEvent(finished_send_state, vl); - reporter->Log("Serialization done."); - } -#endif - -void PersistenceSerializer::GotEvent(const char* name, double time, - EventHandlerPtr event, val_list* args) - { - mgr.QueueEvent(event, std::move(*args)); - delete args; - } - -void PersistenceSerializer::GotFunctionCall(const char* name, double time, - Func* func, val_list* args) - { - try - { - func->Call(args); - } - - catch ( InterpreterException& e ) - { /* Already reported. */ } - } - -void PersistenceSerializer::GotStateAccess(StateAccess* s) - { - s->Replay(); - delete s; - } - -void PersistenceSerializer::GotTimer(Timer* s) - { - reporter->Error("PersistenceSerializer::GotTimer not implemented"); - } - -void PersistenceSerializer::GotConnection(Connection* c) - { - Unref(c); - } - -void PersistenceSerializer::GotID(ID* id, Val* /* val */) - { - Unref(id); - } - -void PersistenceSerializer::GotPacket(Packet* p) - { - reporter->Error("PersistenceSerializer::GotPacket not implemented"); - } - -bool PersistenceSerializer::LogAccess(const StateAccess& s) - { - if ( ! IsSerializationRunning() ) - return true; - - loop_over_list(running, i) - { - running[i]->accesses.append(new StateAccess(s)); - } - - return true; - } - -bool PersistenceSerializer::WriteState(bool may_suspend) - { - SerialStatus* status = - new SerialStatus(this, SerialStatus::WritingState); - - status->info.may_suspend = may_suspend; - - status->ids = &persistent_ids; - status->conns = &persistent_conns; - status->filename = "state.bst"; - - return RunSerialization(status); - } - -bool PersistenceSerializer::WriteConfig(bool may_suspend) - { - if ( mgr.IsDraining() && may_suspend ) - // Events which trigger checkpoint are flushed. Ignore; we'll - // checkpoint at termination in any case. - return true; - - SerialStatus* status = - new SerialStatus(this, SerialStatus::WritingConfig); - - status->info.may_suspend = may_suspend; - status->info.clear_containers = true; - status->ids = global_scope()->GetIDs(); - status->filename = "config.bst"; - - return RunSerialization(status); - } - -bool PersistenceSerializer::SendState(SourceID peer, bool may_suspend) - { - SerialStatus* status = - new SerialStatus(remote_serializer, SerialStatus::SendingState); - - status->info.may_suspend = may_suspend; - status->ids = &persistent_ids; - status->conns = &persistent_conns; - status->peer = peer; - - reporter->Info("Sending state..."); - - return RunSerialization(status); - } - -bool PersistenceSerializer::SendConfig(SourceID peer, bool may_suspend) - { - SerialStatus* status = - new SerialStatus(remote_serializer, SerialStatus::SendingConfig); - - status->info.may_suspend = may_suspend; - status->info.clear_containers = true; - status->ids = global_scope()->GetIDs(); - status->peer = peer; - - reporter->Info("Sending config..."); - - return RunSerialization(status); - } - -bool PersistenceSerializer::RunSerialization(SerialStatus* status) - { - Continuation* cont = &status->info.cont; - - if ( cont->NewInstance() ) - { - // Serialization is starting. Initialize. - - // See if there is already a serialization of this type running. - loop_over_list(running, i) - { - if ( running[i]->type == status->type ) - { - reporter->Warning("Serialization of type %d already running.", status->type); - return false; - } - } - - running.append(status); - - // Initialize. - if ( ! (ensure_dir(dir) && ensure_dir(fmt("%s/.tmp", dir))) ) - return false; - - if ( ! OpenFile(fmt("%s/.tmp/%s", dir, status->filename), false) ) - return false; - - if ( ! PrepareForWriting() ) - return false; - - if ( status->ids ) - { - status->id_cookie = status->ids->InitForIteration(); - status->ids->MakeRobustCookie(status->id_cookie); - } - - if ( status->conns ) - { - status->conn_cookie = status->conns->InitForIteration(); - status->conns->MakeRobustCookie(status->conn_cookie); - } - } - - else if ( cont->ChildSuspended() ) - { - // One of our former Serialize() calls suspended itself. - // We have to call it again. - - if ( status->id_cookie ) - { - if ( ! DoIDSerialization(status, status->current.id) ) - return false; - - if ( cont->ChildSuspended() ) - { - // Oops, it did it again. - timer_mgr->Add(new IncrementalWriteTimer(network_time + state_write_delay, status)); - return true; - } - } - - else if ( status->conn_cookie ) - { - if ( ! DoConnSerialization(status, status->current.conn) ) - return false; - - if ( cont->ChildSuspended() ) - { - // Oops, it did it again. - timer_mgr->Add(new IncrementalWriteTimer(network_time + state_write_delay, status)); - return true; - } - } - - else - reporter->InternalError("unknown suspend state"); - } - - else if ( cont->Resuming() ) - cont->Resume(); - - else - reporter->InternalError("unknown continuation state"); - - if ( status->id_cookie ) - { - ID* id; - - while ( (id = status->ids->NextEntry(status->id_cookie)) ) - { - if ( ! DoIDSerialization(status, id) ) - return false; - - if ( cont->ChildSuspended() ) - { - timer_mgr->Add(new IncrementalWriteTimer(network_time + state_write_delay, status)); - return true; - } - - if ( status->info.may_suspend ) - { - timer_mgr->Add(new IncrementalWriteTimer(network_time + state_write_delay, status)); - cont->Suspend(); - return true; - } - } - - // Cookie has been set to 0 by NextEntry(). - } - - if ( status->conn_cookie ) - { - Connection* conn; - while ( (conn = status->conns->NextEntry(status->conn_cookie)) ) - { - if ( ! DoConnSerialization(status, conn) ) - return false; - - if ( cont->ChildSuspended() ) - { - timer_mgr->Add(new IncrementalWriteTimer(network_time + state_write_delay, status)); - return true; - } - - if ( status->info.may_suspend ) - { - timer_mgr->Add(new IncrementalWriteTimer(network_time + state_write_delay, status)); - cont->Suspend(); - return true; - } - - } - - // Cookie has been set to 0 by NextEntry(). - } - - DBG_LOG(DBG_STATE, "finished serialization; %d accesses pending", - status->accesses.length()); - - if ( status->accesses.length() ) - { - // Serialize pending state accesses. - // FIXME: Does this need to suspend? - StateAccess* access; - loop_over_list(status->accesses, i) - { - // Serializing a StateAccess will not suspend. - if ( ! DoAccessSerialization(status, status->accesses[i]) ) - return false; - - delete status->accesses[i]; - } - } - - // Finalize. - CloseFile(); - - bool ret = MoveFileUp(dir, status->filename); - - loop_over_list(running, i) - { - if ( running[i]->type == status->type ) - { - running.remove_nth(i); - break; - } - } - - delete status; - return ret; - } - -bool PersistenceSerializer::DoIDSerialization(SerialStatus* status, ID* id) - { - bool success = false; - Continuation* cont = &status->info.cont; - - status->current.id = id; - - switch ( status->type ) { - case SerialStatus::WritingState: - case SerialStatus::WritingConfig: - cont->SaveContext(); - success = Serialize(&status->info, *id); - cont->RestoreContext(); - break; - - case SerialStatus::SendingState: - case SerialStatus::SendingConfig: - cont->SaveContext(); - success = remote_serializer->SendID(&status->info, - status->peer, *id); - cont->RestoreContext(); - break; - - default: - reporter->InternalError("unknown serialization type"); - } - - return success; - } - -bool PersistenceSerializer::DoConnSerialization(SerialStatus* status, - Connection* conn) - { - bool success = false; - Continuation* cont = &status->info.cont; - - status->current.conn = conn; - - switch ( status->type ) { - case SerialStatus::WritingState: - case SerialStatus::WritingConfig: - cont->SaveContext(); - success = Serialize(&status->info, *conn); - cont->RestoreContext(); - break; - - case SerialStatus::SendingState: - case SerialStatus::SendingConfig: - cont->SaveContext(); - success = remote_serializer->SendConnection(&status->info, - status->peer, *conn); - cont->RestoreContext(); - break; - - default: - reporter->InternalError("unknown serialization type"); - } - - return success; - } - -bool PersistenceSerializer::DoAccessSerialization(SerialStatus* status, - StateAccess* access) - { - bool success = false; - DisableSuspend suspend(&status->info); - - switch ( status->type ) { - case SerialStatus::WritingState: - case SerialStatus::WritingConfig: - success = Serialize(&status->info, *access); - break; - - case SerialStatus::SendingState: - case SerialStatus::SendingConfig: - success = remote_serializer->SendAccess(&status->info, - status->peer, *access); - break; - - default: - reporter->InternalError("unknown serialization type"); - } - - return success; - } diff --git a/src/PersistenceSerializer.h b/src/PersistenceSerializer.h deleted file mode 100644 index 99d8da88c4..0000000000 --- a/src/PersistenceSerializer.h +++ /dev/null @@ -1,165 +0,0 @@ -// Implements persistance for Bro's data structures. - -#ifndef persistence_serializer_h -#define persistence_serializer_h - -#include "Serializer.h" -#include "List.h" - -class StateAccess; - -class PersistenceSerializer : public FileSerializer { -public: - PersistenceSerializer(); - - ~PersistenceSerializer() override; - - // Define the directory where to store the data. - void SetDir(const char* arg_dir) { dir = copy_string(arg_dir); } - - // Register/unregister the ID/connection to be saved by WriteAll(). - void Register(ID* id); - void Unregister(ID* id); - void Register(Connection* conn); - void Unregister(Connection* conn); - - // Read all data that has been changed since last scan of directory. - // is_init should be true for the first read upon start-up. All existing - // state will be cleared. If delete_files is true, file which have been - // read are removed (even if the read was unsuccessful!). - bool ReadAll(bool is_init, bool delete_files); - - // Each of the following four methods may suspend operation. - // If they do, they install a Timer which resumes after some - // amount of time. If a function is called again before it - // has completely finished its task, it will do nothing and - // return false. - - bool WriteState(bool may_suspend); - - // Writes Bro's configuration (w/o dynamic state). - bool WriteConfig(bool may_suspend); - - // Sends all registered state to remote host - // (by leveraging the remote_serializer). - bool SendState(SourceID peer, bool may_suspend); - - // Sends Bro's config to remote host - // (by leveraging the remote_serializer). - bool SendConfig(SourceID peer, bool may_suspend); - - // Returns true if a serialization is currently running. - bool IsSerializationRunning() const { return running.length(); } - - // Tells the serializer that this access was performed. If a - // serialization is going on, it may store it. (Need only be called if - // IsSerializationRunning() returns true.) - bool LogAccess(const StateAccess& s); - -protected: - friend class RemoteSerializer; - friend class IncrementalWriteTimer; - - void GotID(ID* id, Val* val) override; - void GotEvent(const char* name, double time, - EventHandlerPtr event, val_list* args) override; - void GotFunctionCall(const char* name, double time, - Func* func, val_list* args) override; - void GotStateAccess(StateAccess* s) override; - void GotTimer(Timer* t) override; - void GotConnection(Connection* c) override; - void GotPacket(Packet* packet) override; - - // If file has changed since last check, read it. - bool CheckForFile(UnserialInfo* info, const char* file, - bool delete_file); - - // Returns true if it's a regular file and has a more recent timestamp - // than last time we checked it. - bool CheckTimestamp(const char* file); - - // Move file from /tmp/ to /. Afterwards, call - // CheckTimestamp() with /. - bool MoveFileUp(const char* dir, const char* file); - - // Generates an error message, terminates current serialization, - // and returns false. - bool SerialError(const char* msg); - - // Start a new serialization. - struct SerialStatus; - bool RunSerialization(SerialStatus* status); - - // Helpers for RunSerialization. - bool DoIDSerialization(SerialStatus* status, ID* id); - bool DoConnSerialization(SerialStatus* status, Connection* conn); - bool DoAccessSerialization(SerialStatus* status, StateAccess* access); - - typedef PDict(ID) id_map; - - declare(PDict, Connection); - typedef PDict(Connection) conn_map; - - struct SerialStatus { - enum Type { - WritingState, WritingConfig, - SendingState, SendingConfig, - }; - - SerialStatus(Serializer* s, Type arg_type) : info(s) - { - type = arg_type; - ids = 0; - id_cookie = 0; - conns = 0; - conn_cookie = 0; - peer = SOURCE_LOCAL; - filename = 0; - } - - Type type; - SerialInfo info; - - // IDs to serialize. - id_map* ids; - IterCookie* id_cookie; - - // Connections to serialize. - conn_map* conns; - IterCookie* conn_cookie; - - // Accesses performed while we're serializing. - declare(PList,StateAccess); - typedef PList(StateAccess) state_access_list; - state_access_list accesses; - - // The ID/Conn we're currently serializing. - union { - ID* id; - Connection* conn; - } current; - - // Only set if type is Writing{State,Config}. - const char* filename; - - // Only set if type is Sending{State,Config}. - SourceID peer; - }; - - const char* dir; - - declare(PList, SerialStatus); - PList(SerialStatus) running; - - id_map persistent_ids; - conn_map persistent_conns; - - // To keep track of files' modification times. - declare(PDict, time_t); - typedef PDict(time_t) file_map; - file_map files; -}; - -extern PersistenceSerializer* persistence_serializer; - -#endif diff --git a/src/RemoteSerializer.h b/src/RemoteSerializer.h index 28ca495f17..0882f9f8ec 100644 --- a/src/RemoteSerializer.h +++ b/src/RemoteSerializer.h @@ -166,7 +166,6 @@ public: static void Log(LogLevel level, const char* msg); protected: - friend class PersistenceSerializer; friend class IncrementalSendTimer; // Maximum size of serialization caches. diff --git a/src/Serializer.cc b/src/Serializer.cc index 2c32283c56..5a75184fac 100644 --- a/src/Serializer.cc +++ b/src/Serializer.cc @@ -508,8 +508,6 @@ bool Serializer::UnserializeConnection(UnserialInfo* info) if ( info->install_conns ) { - if ( c->IsPersistent() && c->Key() ) - persistence_serializer->Register(c); Ref(c); sessions->Insert(c); } diff --git a/src/Sessions.cc b/src/Sessions.cc index 3507c46e53..f2d6e27219 100644 --- a/src/Sessions.cc +++ b/src/Sessions.cc @@ -1101,9 +1101,6 @@ void NetSessions::Remove(Connection* c) tcp_stats.StateLeft(to->state, tr->state); } - if ( c->IsPersistent() ) - persistence_serializer->Unregister(c); - c->Done(); if ( connection_state_remove ) @@ -1194,8 +1191,6 @@ void NetSessions::Insert(Connection* c) // Some clean-ups similar to those in Remove() (but invisible // to the script layer). old->CancelTimers(); - if ( old->IsPersistent() ) - persistence_serializer->Unregister(old); delete old->Key(); old->ClearKey(); Unref(old); diff --git a/src/StateAccess.cc b/src/StateAccess.cc index bbf5b3a9ec..958e67f5a7 100644 --- a/src/StateAccess.cc +++ b/src/StateAccess.cc @@ -5,7 +5,6 @@ #include "NetVar.h" #include "DebugLogger.h" #include "RemoteSerializer.h" -#include "PersistenceSerializer.h" int StateAccess::replaying = 0; @@ -870,8 +869,6 @@ void StateAccess::Describe(ODesc* d) const void StateAccess::Log(StateAccess* access) { - bool synchronized = false; - bool persistent = false; bool tracked = false; if ( access->target_type == TYPE_ID ) @@ -885,30 +882,14 @@ void StateAccess::Log(StateAccess* access) tracked = true; } - if ( synchronized ) - { - if ( state_serializer ) - { - SerialInfo info(state_serializer); - state_serializer->Serialize(&info, *access); - } - - SerialInfo info(remote_serializer); - remote_serializer->SendAccess(&info, *access); - } - - if ( persistent && persistence_serializer->IsSerializationRunning() ) - persistence_serializer->LogAccess(*access); - if ( tracked ) notifiers.AccessPerformed(*access); #ifdef DEBUG ODesc desc; access->Describe(&desc); - DBG_LOG(DBG_STATE, "operation: %s%s [%s%s]", - desc.Description(), replaying > 0 ? " (replay)" : "", - persistent ? "P" : "", synchronized ? "S" : ""); + DBG_LOG(DBG_STATE, "operation: %s%s", + desc.Description(), replaying > 0 ? " (replay)" : ""); #endif delete access; diff --git a/src/Timer.cc b/src/Timer.cc index 101733028c..154fde4188 100644 --- a/src/Timer.cc +++ b/src/Timer.cc @@ -21,7 +21,6 @@ const char* TimerNames[] = { "FlowWeirdTimer", "FragTimer", "IncrementalSendTimer", - "IncrementalWriteTimer", "InterconnTimer", "IPTunnelInactivityTimer", "NetbiosExpireTimer", diff --git a/src/Timer.h b/src/Timer.h index 8d6de857a0..2f32d23e3e 100644 --- a/src/Timer.h +++ b/src/Timer.h @@ -26,7 +26,6 @@ enum TimerType { TIMER_FLOW_WEIRD_EXPIRE, TIMER_FRAG, TIMER_INCREMENTAL_SEND, - TIMER_INCREMENTAL_WRITE, TIMER_INTERCONN, TIMER_IP_TUNNEL_INACTIVITY, TIMER_NB_EXPIRE, diff --git a/src/main.cc b/src/main.cc index 6ea1a74b99..ce9e49ea7a 100644 --- a/src/main.cc +++ b/src/main.cc @@ -40,7 +40,6 @@ extern "C" { #include "Anon.h" #include "Serializer.h" #include "RemoteSerializer.h" -#include "PersistenceSerializer.h" #include "EventRegistry.h" #include "Stats.h" #include "Brofiler.h" @@ -101,7 +100,6 @@ name_list prefixes; Stmt* stmts; EventHandlerPtr net_done = 0; RuleMatcher* rule_matcher = 0; -PersistenceSerializer* persistence_serializer = 0; FileSerializer* event_serializer = 0; FileSerializer* state_serializer = 0; RemoteSerializer* remote_serializer = 0; @@ -167,7 +165,6 @@ void usage(int code = 1) fprintf(stderr, " -d|--debug-policy | activate policy file debugging\n"); fprintf(stderr, " -e|--exec | augment loaded policies by given code\n"); fprintf(stderr, " -f|--filter | tcpdump filter\n"); - fprintf(stderr, " -g|--dump-config | dump current config into .state dir\n"); fprintf(stderr, " -h|--help | command line help\n"); fprintf(stderr, " -i|--iface | read from given interface\n"); fprintf(stderr, " -p|--prefix | add given prefix to policy file resolution\n"); @@ -291,9 +288,6 @@ void done_with_network() true); } - // Save state before expiring the remaining events/timers. - persistence_serializer->WriteState(false); - if ( profiling_logger ) profiling_logger->Log(); @@ -371,7 +365,6 @@ void terminate_bro() delete zeexygen_mgr; delete timer_mgr; - delete persistence_serializer; delete event_serializer; delete state_serializer; delete event_registry; @@ -452,7 +445,6 @@ int main(int argc, char** argv) char* debug_streams = 0; int parse_only = false; int bare_mode = false; - int dump_cfg = false; int do_watchdog = 0; int override_ignore_checksums = 0; int rule_debug = 0; @@ -464,7 +456,6 @@ int main(int argc, char** argv) {"parse-only", no_argument, 0, 'a'}, {"bare-mode", no_argument, 0, 'b'}, {"debug-policy", no_argument, 0, 'd'}, - {"dump-config", no_argument, 0, 'g'}, {"exec", required_argument, 0, 'e'}, {"filter", required_argument, 0, 'f'}, {"help", no_argument, 0, 'h'}, @@ -565,10 +556,6 @@ int main(int argc, char** argv) user_pcap_filter = optarg; break; - case 'g': - dump_cfg = true; - break; - case 'h': usage(0); break; @@ -795,7 +782,6 @@ int main(int argc, char** argv) dns_mgr->SetDir(".state"); iosource_mgr = new iosource::Manager(); - persistence_serializer = new PersistenceSerializer(); remote_serializer = new RemoteSerializer(); event_registry = new EventRegistry(); analyzer_mgr = new analyzer::Manager(); @@ -1012,13 +998,9 @@ int main(int argc, char** argv) exit(0); } - persistence_serializer->SetDir((const char *)state_dir->AsString()->CheckString()); - // Print the ID. if ( id_name ) { - persistence_serializer->ReadAll(true, false); - ID* id = global_scope()->Lookup(id_name); if ( ! id ) reporter->FatalError("No such ID: %s\n", id_name); @@ -1032,14 +1014,6 @@ int main(int argc, char** argv) exit(0); } - persistence_serializer->ReadAll(true, true); - - if ( dump_cfg ) - { - persistence_serializer->WriteConfig(false); - exit(0); - } - if ( profiling_interval > 0 ) { profiling_logger = new ProfileLogger(profiling_file->AsFile(), @@ -1205,7 +1179,6 @@ int main(int argc, char** argv) } else { - persistence_serializer->WriteState(false); terminate_bro(); } diff --git a/src/parse.y b/src/parse.y index fb99f14e87..e53f2a3054 100644 --- a/src/parse.y +++ b/src/parse.y @@ -5,7 +5,7 @@ // Switching parser table type fixes ambiguity problems. %define lr.type ielr -%expect 141 +%expect 129 %token TOK_ADD TOK_ADD_TO TOK_ADDR TOK_ANY %token TOK_ATENDIF TOK_ATELSE TOK_ATIF TOK_ATIFDEF TOK_ATIFNDEF From f2f06d66c0fa47b931e5680ce950fef2a5f14e97 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 2 May 2019 20:49:23 -0700 Subject: [PATCH 061/247] Remove previously deprecated policy/protocols/smb/__load__ --- CHANGES | 4 ++++ NEWS | 3 +++ VERSION | 2 +- doc | 2 +- scripts/policy/protocols/smb/__load__.zeek | 3 --- scripts/test-all-policy.zeek | 1 - scripts/zeexygen/__load__.zeek | 1 - testing/btest/Baseline/coverage.bare-mode-errors/errors | 2 -- 8 files changed, 9 insertions(+), 9 deletions(-) delete mode 100644 scripts/policy/protocols/smb/__load__.zeek diff --git a/CHANGES b/CHANGES index c8d5cf61b8..a232ce3d5c 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.6-261 | 2019-05-02 20:49:23 -0700 + + * Remove previously deprecated policy/protocols/smb/__load__ (Jon Siwek, Corelight) + 2.6-260 | 2019-05-02 19:16:48 -0700 * GH-243: Remove deprecated functions/events from 2.6 and earlier (Johanna Amann, Corelight) diff --git a/NEWS b/NEWS index e7c88fee8a..b9bd761b07 100644 --- a/NEWS +++ b/NEWS @@ -243,6 +243,9 @@ Removed Functionality - ``dhcp_request`` - ``finished_send_state`` +- The deprecated script ``policy/protocols/smb/__load__.bro`` was removed. + Instead of ``@load policy/protocols/smb`` use ``@load base/protocols/smb``. + Deprecated Functionality ------------------------ diff --git a/VERSION b/VERSION index c40efd81c6..55568b13e8 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-260 +2.6-261 diff --git a/doc b/doc index ed52b61d93..f897256ad2 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit ed52b61d9300141cfa868759faed9c66142a80af +Subproject commit f897256ad219b644b99a14873473e0276cf430f6 diff --git a/scripts/policy/protocols/smb/__load__.zeek b/scripts/policy/protocols/smb/__load__.zeek deleted file mode 100644 index 9e826f7fd6..0000000000 --- a/scripts/policy/protocols/smb/__load__.zeek +++ /dev/null @@ -1,3 +0,0 @@ -@deprecated "Use '@load base/protocols/smb' instead" - -@load base/protocols/smb diff --git a/scripts/test-all-policy.zeek b/scripts/test-all-policy.zeek index 0968c038ee..0eadf0ff57 100644 --- a/scripts/test-all-policy.zeek +++ b/scripts/test-all-policy.zeek @@ -83,7 +83,6 @@ @load protocols/modbus/track-memmap.zeek @load protocols/mysql/software.zeek @load protocols/rdp/indicate_ssl.zeek -#@load protocols/smb/__load__.zeek @load protocols/smb/log-cmds.zeek @load protocols/smtp/blocklists.zeek @load protocols/smtp/detect-suspicious-orig.zeek diff --git a/scripts/zeexygen/__load__.zeek b/scripts/zeexygen/__load__.zeek index d074fe3660..00555c57bd 100644 --- a/scripts/zeexygen/__load__.zeek +++ b/scripts/zeexygen/__load__.zeek @@ -6,7 +6,6 @@ @load frameworks/control/controller.zeek @load frameworks/files/extract-all-files.zeek @load policy/misc/dump-events.zeek -@load policy/protocols/smb/__load__.zeek @load ./example.zeek diff --git a/testing/btest/Baseline/coverage.bare-mode-errors/errors b/testing/btest/Baseline/coverage.bare-mode-errors/errors index 72de702972..e69de29bb2 100644 --- a/testing/btest/Baseline/coverage.bare-mode-errors/errors +++ b/testing/btest/Baseline/coverage.bare-mode-errors/errors @@ -1,2 +0,0 @@ -warning in /Users/johanna/bro/master/scripts/policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from /Users/johanna/bro/master/testing/btest/../../scripts//zeexygen/__load__.zeek:9 "Use '@load base/protocols/smb' instead" -warning in /Users/johanna/bro/master/testing/btest/../../scripts//policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from command line arguments "Use '@load base/protocols/smb' instead" From 84ca12fdb41fe5568de7d48e69edb5b048cde569 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 2 May 2019 21:39:01 -0700 Subject: [PATCH 062/247] Rename Zeexygen to Zeekygen --- CHANGES | 4 + NEWS | 4 +- VERSION | 2 +- doc | 2 +- man/bro.8 | 4 +- scripts/{zeexygen => zeekygen}/README | 2 +- scripts/{zeexygen => zeekygen}/__load__.zeek | 0 scripts/{zeexygen => zeekygen}/example.zeek | 30 +++---- src/CMakeLists.txt | 2 +- src/DebugLogger.cc | 2 +- src/DebugLogger.h | 2 +- src/ID.cc | 4 +- src/Type.cc | 22 ++--- src/main.cc | 24 +++--- src/parse.y | 26 +++--- src/plugin/ComponentManager.h | 4 +- src/scan.l | 12 +-- src/{zeexygen => zeekygen}/CMakeLists.txt | 8 +- src/{zeexygen => zeekygen}/Configuration.cc | 12 +-- src/{zeexygen => zeekygen}/Configuration.h | 14 ++-- src/{zeexygen => zeekygen}/IdentifierInfo.cc | 4 +- src/{zeexygen => zeekygen}/IdentifierInfo.h | 16 ++-- src/{zeexygen => zeekygen}/Info.h | 10 +-- src/{zeexygen => zeekygen}/Manager.cc | 48 +++++------ src/{zeexygen => zeekygen}/Manager.h | 34 ++++---- src/{zeexygen => zeekygen}/PackageInfo.cc | 8 +- src/{zeexygen => zeekygen}/PackageInfo.h | 8 +- .../ReStructuredTextTable.cc | 2 +- .../ReStructuredTextTable.h | 8 +- src/{zeexygen => zeekygen}/ScriptInfo.cc | 46 +++++------ src/{zeexygen => zeekygen}/ScriptInfo.h | 12 +-- src/{zeexygen => zeekygen}/Target.cc | 50 ++++++------ src/{zeexygen => zeekygen}/Target.h | 14 ++-- src/{zeexygen => zeekygen}/utils.cc | 18 ++--- src/{zeexygen => zeekygen}/utils.h | 12 +-- .../zeexygen.bif => zeekygen/zeekygen.bif} | 24 +++--- .../btest/Baseline/core.plugins.hooks/output | 6 +- .../canonified_loaded_scripts.log | 2 +- .../canonified_loaded_scripts.log | 2 +- .../.stderr | 0 .../.stdout | 0 .../output | 0 .../out | 0 .../autogen-reST-enums.rst | 0 .../example.rst | 80 +++++++++---------- .../autogen-reST-func-params.rst | 0 .../test.rst | 78 +++++++++--------- .../test.rst | 16 ++-- .../test.rst | 4 +- .../autogen-reST-records.rst | 0 .../doc.zeekygen.script_index/test.rst | 5 ++ .../test.rst | 10 +-- .../autogen-reST-type-aliases.rst | 20 ++--- .../autogen-reST-vectors.rst | 0 .../doc.zeexygen.script_index/test.rst | 5 -- testing/btest/Baseline/plugins.hooks/output | 6 +- testing/btest/coverage/broxygen.sh | 10 +-- ...oxygen-docs.sh => sphinx-zeekygen-docs.sh} | 8 +- .../{zeexygen => zeekygen}/command_line.zeek | 0 .../comment_retrieval_bifs.zeek | 0 .../doc/{zeexygen => zeekygen}/enums.zeek | 4 +- testing/btest/doc/zeekygen/example.zeek | 8 ++ .../{zeexygen => zeekygen}/func-params.zeek | 4 +- testing/btest/doc/zeekygen/identifier.zeek | 9 +++ testing/btest/doc/zeekygen/package.zeek | 9 +++ testing/btest/doc/zeekygen/package_index.zeek | 9 +++ .../doc/{zeexygen => zeekygen}/records.zeek | 4 +- testing/btest/doc/zeekygen/script_index.zeek | 9 +++ .../btest/doc/zeekygen/script_summary.zeek | 9 +++ .../{zeexygen => zeekygen}/type-aliases.zeek | 8 +- .../doc/{zeexygen => zeekygen}/vectors.zeek | 4 +- testing/btest/doc/zeexygen/example.zeek | 8 -- testing/btest/doc/zeexygen/identifier.zeek | 9 --- testing/btest/doc/zeexygen/package.zeek | 9 --- testing/btest/doc/zeexygen/package_index.zeek | 9 --- testing/btest/doc/zeexygen/script_index.zeek | 9 --- .../btest/doc/zeexygen/script_summary.zeek | 9 --- ...exygen-docs.sh => update-zeekygen-docs.sh} | 8 +- 78 files changed, 444 insertions(+), 440 deletions(-) rename scripts/{zeexygen => zeekygen}/README (77%) rename scripts/{zeexygen => zeekygen}/__load__.zeek (100%) rename scripts/{zeexygen => zeekygen}/example.zeek (90%) rename src/{zeexygen => zeekygen}/CMakeLists.txt (73%) rename src/{zeexygen => zeekygen}/Configuration.cc (87%) rename src/{zeexygen => zeekygen}/Configuration.h (80%) rename src/{zeexygen => zeekygen}/IdentifierInfo.cc (97%) rename src/{zeexygen => zeekygen}/IdentifierInfo.h (92%) rename src/{zeexygen => zeekygen}/Info.h (89%) rename src/{zeexygen => zeekygen}/Manager.cc (87%) rename src/{zeexygen => zeekygen}/Manager.h (89%) rename src/{zeexygen => zeekygen}/PackageInfo.cc (85%) rename src/{zeexygen => zeekygen}/PackageInfo.h (89%) rename src/{zeexygen => zeekygen}/ReStructuredTextTable.cc (98%) rename src/{zeexygen => zeekygen}/ReStructuredTextTable.h (92%) rename src/{zeexygen => zeekygen}/ScriptInfo.cc (86%) rename src/{zeexygen => zeekygen}/ScriptInfo.h (92%) rename src/{zeexygen => zeekygen}/Target.cc (90%) rename src/{zeexygen => zeekygen}/Target.h (97%) rename src/{zeexygen => zeekygen}/utils.cc (83%) rename src/{zeexygen => zeekygen}/utils.h (88%) rename src/{zeexygen/zeexygen.bif => zeekygen/zeekygen.bif} (81%) rename testing/btest/Baseline/{doc.zeexygen.all_scripts => doc.zeekygen.all_scripts}/.stderr (100%) rename testing/btest/Baseline/{doc.zeexygen.all_scripts => doc.zeekygen.all_scripts}/.stdout (100%) rename testing/btest/Baseline/{doc.zeexygen.command_line => doc.zeekygen.command_line}/output (100%) rename testing/btest/Baseline/{doc.zeexygen.comment_retrieval_bifs => doc.zeekygen.comment_retrieval_bifs}/out (100%) rename testing/btest/Baseline/{doc.zeexygen.enums => doc.zeekygen.enums}/autogen-reST-enums.rst (100%) rename testing/btest/Baseline/{doc.zeexygen.example => doc.zeekygen.example}/example.rst (77%) rename testing/btest/Baseline/{doc.zeexygen.func-params => doc.zeekygen.func-params}/autogen-reST-func-params.rst (100%) rename testing/btest/Baseline/{doc.zeexygen.identifier => doc.zeekygen.identifier}/test.rst (70%) rename testing/btest/Baseline/{doc.zeexygen.package => doc.zeekygen.package}/test.rst (70%) rename testing/btest/Baseline/{doc.zeexygen.package_index => doc.zeekygen.package_index}/test.rst (68%) rename testing/btest/Baseline/{doc.zeexygen.records => doc.zeekygen.records}/autogen-reST-records.rst (100%) create mode 100644 testing/btest/Baseline/doc.zeekygen.script_index/test.rst rename testing/btest/Baseline/{doc.zeexygen.script_summary => doc.zeekygen.script_summary}/test.rst (71%) rename testing/btest/Baseline/{doc.zeexygen.type-aliases => doc.zeekygen.type-aliases}/autogen-reST-type-aliases.rst (60%) rename testing/btest/Baseline/{doc.zeexygen.vectors => doc.zeekygen.vectors}/autogen-reST-vectors.rst (100%) delete mode 100644 testing/btest/Baseline/doc.zeexygen.script_index/test.rst rename testing/btest/coverage/{sphinx-broxygen-docs.sh => sphinx-zeekygen-docs.sh} (85%) rename testing/btest/doc/{zeexygen => zeekygen}/command_line.zeek (100%) rename testing/btest/doc/{zeexygen => zeekygen}/comment_retrieval_bifs.zeek (100%) rename testing/btest/doc/{zeexygen => zeekygen}/enums.zeek (89%) create mode 100644 testing/btest/doc/zeekygen/example.zeek rename testing/btest/doc/{zeexygen => zeekygen}/func-params.zeek (83%) create mode 100644 testing/btest/doc/zeekygen/identifier.zeek create mode 100644 testing/btest/doc/zeekygen/package.zeek create mode 100644 testing/btest/doc/zeekygen/package_index.zeek rename testing/btest/doc/{zeexygen => zeekygen}/records.zeek (84%) create mode 100644 testing/btest/doc/zeekygen/script_index.zeek create mode 100644 testing/btest/doc/zeekygen/script_summary.zeek rename testing/btest/doc/{zeexygen => zeekygen}/type-aliases.zeek (81%) rename testing/btest/doc/{zeexygen => zeekygen}/vectors.zeek (83%) delete mode 100644 testing/btest/doc/zeexygen/example.zeek delete mode 100644 testing/btest/doc/zeexygen/identifier.zeek delete mode 100644 testing/btest/doc/zeexygen/package.zeek delete mode 100644 testing/btest/doc/zeexygen/package_index.zeek delete mode 100644 testing/btest/doc/zeexygen/script_index.zeek delete mode 100644 testing/btest/doc/zeexygen/script_summary.zeek rename testing/scripts/{gen-zeexygen-docs.sh => update-zeekygen-docs.sh} (88%) diff --git a/CHANGES b/CHANGES index a232ce3d5c..c011e1ca3b 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.6-262 | 2019-05-02 21:39:01 -0700 + + * Rename Zeexygen to Zeekygen (Jon Siwek, Corelight) + 2.6-261 | 2019-05-02 20:49:23 -0700 * Remove previously deprecated policy/protocols/smb/__load__ (Jon Siwek, Corelight) diff --git a/NEWS b/NEWS index b9bd761b07..16c51b3c2b 100644 --- a/NEWS +++ b/NEWS @@ -180,10 +180,10 @@ Changed Functionality and aren't counted as true gaps. - The Broxygen component, which is used to generate our Doxygen-like - scripting API documentation has been renamed to Zeexygen. This likely has + scripting API documentation has been renamed to Zeekygen. This likely has no breaking or visible changes for most users, except in the case one used it to generate their own documentation via the ``--broxygen`` flag, - which is now named ``--zeexygen``. Besides that, the various documentation + which is now named ``--zeekygen``. Besides that, the various documentation in scripts has also been updated to replace Sphinx cross-referencing roles and directives like ":bro:see:" with ":zeek:zee:". diff --git a/VERSION b/VERSION index 55568b13e8..1733e8d0df 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-261 +2.6-262 diff --git a/doc b/doc index f897256ad2..8aa690e20d 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit f897256ad219b644b99a14873473e0276cf430f6 +Subproject commit 8aa690e20d19f79805d7f680e454e4ea10231add diff --git a/man/bro.8 b/man/bro.8 index a4c54d48f6..37c20bf0c5 100644 --- a/man/bro.8 +++ b/man/bro.8 @@ -99,7 +99,7 @@ Record process status in file \fB\-W\fR,\ \-\-watchdog activate watchdog timer .TP -\fB\-X\fR,\ \-\-zeexygen +\fB\-X\fR,\ \-\-zeekygen generate documentation based on config file .TP \fB\-\-pseudo\-realtime[=\fR] @@ -150,7 +150,7 @@ ASCII log file extension Output file for script execution statistics .TP .B BRO_DISABLE_BROXYGEN -Disable Zeexygen (Broxygen) documentation support +Disable Zeekygen (Broxygen) documentation support .SH AUTHOR .B bro was written by The Bro Project . diff --git a/scripts/zeexygen/README b/scripts/zeekygen/README similarity index 77% rename from scripts/zeexygen/README rename to scripts/zeekygen/README index f099b09833..94982b0730 100644 --- a/scripts/zeexygen/README +++ b/scripts/zeekygen/README @@ -1,4 +1,4 @@ This package is loaded during the process which automatically generates -reference documentation for all Zeek scripts (i.e. "Zeexygen"). Its only +reference documentation for all Zeek scripts (i.e. "Zeekygen"). Its only purpose is to provide an easy way to load all known Zeek scripts plus any extra scripts needed or used by the documentation process. diff --git a/scripts/zeexygen/__load__.zeek b/scripts/zeekygen/__load__.zeek similarity index 100% rename from scripts/zeexygen/__load__.zeek rename to scripts/zeekygen/__load__.zeek diff --git a/scripts/zeexygen/example.zeek b/scripts/zeekygen/example.zeek similarity index 90% rename from scripts/zeexygen/example.zeek rename to scripts/zeekygen/example.zeek index 69affed96a..1fcdd8390b 100644 --- a/scripts/zeexygen/example.zeek +++ b/scripts/zeekygen/example.zeek @@ -1,4 +1,4 @@ -##! This is an example script that demonstrates Zeexygen-style +##! This is an example script that demonstrates Zeekygen-style ##! documentation. It generally will make most sense when viewing ##! the script's raw source code and comparing to the HTML-rendered ##! version. @@ -13,12 +13,12 @@ ##! There's also a custom role to reference any identifier node in ##! the Zeek Sphinx domain that's good for "see alsos", e.g. ##! -##! See also: :zeek:see:`ZeexygenExample::a_var`, -##! :zeek:see:`ZeexygenExample::ONE`, :zeek:see:`SSH::Info` +##! See also: :zeek:see:`ZeekygenExample::a_var`, +##! :zeek:see:`ZeekygenExample::ONE`, :zeek:see:`SSH::Info` ##! ##! And a custom directive does the equivalent references: ##! -##! .. zeek:see:: ZeexygenExample::a_var ZeexygenExample::ONE SSH::Info +##! .. zeek:see:: ZeekygenExample::a_var ZeekygenExample::ONE SSH::Info # Comments that use a single pound sign (#) are not significant to # a script's auto-generated documentation, but ones that use a @@ -30,7 +30,7 @@ # variable declarations to associate with the last-declared identifier. # # Generally, the auto-doc comments (##) are associated with the -# next declaration/identifier found in the script, but Zeexygen +# next declaration/identifier found in the script, but Zeekygen # will track/render identifiers regardless of whether they have any # of these special comments associated with them. # @@ -49,19 +49,19 @@ # "module" statements are self-documenting, don't use any ``##`` style # comments with them. -module ZeexygenExample; +module ZeekygenExample; # Redefinitions of "Notice::Type" are self-documenting, but # more information can be supplied in two different ways. redef enum Notice::Type += { ## Any number of this type of comment - ## will document "Zeexygen_One". - Zeexygen_One, - Zeexygen_Two, ##< Any number of this type of comment - ##< will document "ZEEXYGEN_TWO". - Zeexygen_Three, + ## will document "Zeekygen_One". + Zeekygen_One, + Zeekygen_Two, ##< Any number of this type of comment + ##< will document "ZEEKYGEN_TWO". + Zeekygen_Three, ## Omitting comments is fine, and so is mixing ``##`` and ``##<``, but - Zeexygen_Four, ##< it's probably best to use only one style consistently. + Zeekygen_Four, ##< it's probably best to use only one style consistently. }; # All redefs are automatically tracked. Comments of the "##" form can be use @@ -110,7 +110,7 @@ export { type ComplexRecord: record { field1: count; ##< Counts something. field2: bool; ##< Toggles something. - field3: SimpleRecord; ##< Zeexygen automatically tracks types + field3: SimpleRecord; ##< Zeekygen automatically tracks types ##< and cross-references are automatically ##< inserted in to generated docs. msg: string &default="blah"; ##< Attributes are self-documenting. @@ -163,9 +163,9 @@ export { ## Summarize "an_event" here. ## Give more details about "an_event" here. ## - ## ZeexygenExample::a_function should not be confused as a parameter + ## ZeekygenExample::a_function should not be confused as a parameter ## in the generated docs, but it also doesn't generate a cross-reference - ## link. Use the see role instead: :zeek:see:`ZeexygenExample::a_function`. + ## link. Use the see role instead: :zeek:see:`ZeekygenExample::a_function`. ## ## name: Describe the argument here. global an_event: event(name: string); diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 94aca30eb9..262aaf07a5 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -143,7 +143,7 @@ set(bro_PLUGIN_LIBS CACHE INTERNAL "plugin libraries" FORCE) add_subdirectory(analyzer) add_subdirectory(broker) -add_subdirectory(zeexygen) +add_subdirectory(zeekygen) add_subdirectory(file_analysis) add_subdirectory(input) add_subdirectory(iosource) diff --git a/src/DebugLogger.cc b/src/DebugLogger.cc index baddd2bdd8..8df6a5ef55 100644 --- a/src/DebugLogger.cc +++ b/src/DebugLogger.cc @@ -18,7 +18,7 @@ DebugLogger::Stream DebugLogger::streams[NUM_DBGS] = { { "dpd", 0, false }, { "tm", 0, false }, { "logging", 0, false }, {"input", 0, false }, { "threading", 0, false }, { "file_analysis", 0, false }, - { "plugins", 0, false }, { "zeexygen", 0, false }, + { "plugins", 0, false }, { "zeekygen", 0, false }, { "pktio", 0, false }, { "broker", 0, false }, { "scripts", 0, false} }; diff --git a/src/DebugLogger.h b/src/DebugLogger.h index 8026e8ba3c..dab9fd9758 100644 --- a/src/DebugLogger.h +++ b/src/DebugLogger.h @@ -30,7 +30,7 @@ enum DebugStream { DBG_THREADING, // Threading system DBG_FILE_ANALYSIS, // File analysis DBG_PLUGINS, // Plugin system - DBG_ZEEXYGEN, // Zeexygen + DBG_ZEEKYGEN, // Zeekygen DBG_PKTIO, // Packet sources and dumpers. DBG_BROKER, // Broker communication DBG_SCRIPTS, // Script initialization diff --git a/src/ID.cc b/src/ID.cc index 0ae1656533..e11625667a 100644 --- a/src/ID.cc +++ b/src/ID.cc @@ -14,7 +14,7 @@ #include "PersistenceSerializer.h" #include "Scope.h" #include "Traverse.h" -#include "zeexygen/Manager.h" +#include "zeekygen/Manager.h" ID::ID(const char* arg_name, IDScope arg_scope, bool arg_is_export) { @@ -680,7 +680,7 @@ void ID::DescribeReSTShort(ODesc* d) const if ( is_type ) d->Add(type_name(t)); else - d->Add(zeexygen_mgr->GetEnumTypeName(Name()).c_str()); + d->Add(zeekygen_mgr->GetEnumTypeName(Name()).c_str()); break; default: diff --git a/src/Type.cc b/src/Type.cc index 78c75a12df..19bed81412 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -8,8 +8,8 @@ #include "Scope.h" #include "Serializer.h" #include "Reporter.h" -#include "zeexygen/Manager.h" -#include "zeexygen/utils.h" +#include "zeekygen/Manager.h" +#include "zeekygen/utils.h" #include #include @@ -1197,8 +1197,8 @@ void RecordType::DescribeFieldsReST(ODesc* d, bool func_args) const if ( func_args ) continue; - using zeexygen::IdentifierInfo; - IdentifierInfo* doc = zeexygen_mgr->GetIdentifierInfo(GetName()); + using zeekygen::IdentifierInfo; + IdentifierInfo* doc = zeekygen_mgr->GetIdentifierInfo(GetName()); if ( ! doc ) { @@ -1217,7 +1217,7 @@ void RecordType::DescribeFieldsReST(ODesc* d, bool func_args) const field_from_script != type_from_script ) { d->PushIndent(); - d->Add(zeexygen::redef_indication(field_from_script).c_str()); + d->Add(zeekygen::redef_indication(field_from_script).c_str()); d->PopIndent(); } @@ -1237,7 +1237,7 @@ void RecordType::DescribeFieldsReST(ODesc* d, bool func_args) const { string s = cmnts[i]; - if ( zeexygen::prettify_params(s) ) + if ( zeekygen::prettify_params(s) ) d->NL(); d->Add(s.c_str()); @@ -1505,7 +1505,7 @@ void EnumType::CheckAndAddName(const string& module_name, const char* name, if ( deprecated ) id->MakeDeprecated(); - zeexygen_mgr->Identifier(id); + zeekygen_mgr->Identifier(id); } else { @@ -1618,8 +1618,8 @@ void EnumType::DescribeReST(ODesc* d, bool roles_only) const else d->Add(fmt(".. zeek:enum:: %s %s", it->second.c_str(), GetName().c_str())); - using zeexygen::IdentifierInfo; - IdentifierInfo* doc = zeexygen_mgr->GetIdentifierInfo(it->second); + using zeekygen::IdentifierInfo; + IdentifierInfo* doc = zeekygen_mgr->GetIdentifierInfo(it->second); if ( ! doc ) { @@ -1634,7 +1634,7 @@ void EnumType::DescribeReST(ODesc* d, bool roles_only) const if ( doc->GetDeclaringScript() ) enum_from_script = doc->GetDeclaringScript()->Name(); - IdentifierInfo* type_doc = zeexygen_mgr->GetIdentifierInfo(GetName()); + IdentifierInfo* type_doc = zeekygen_mgr->GetIdentifierInfo(GetName()); if ( type_doc && type_doc->GetDeclaringScript() ) type_from_script = type_doc->GetDeclaringScript()->Name(); @@ -1644,7 +1644,7 @@ void EnumType::DescribeReST(ODesc* d, bool roles_only) const { d->NL(); d->PushIndent(); - d->Add(zeexygen::redef_indication(enum_from_script).c_str()); + d->Add(zeekygen::redef_indication(enum_from_script).c_str()); d->PopIndent(); } diff --git a/src/main.cc b/src/main.cc index 6ea1a74b99..160e6fd1d3 100644 --- a/src/main.cc +++ b/src/main.cc @@ -55,7 +55,7 @@ extern "C" { #include "analyzer/Tag.h" #include "plugin/Manager.h" #include "file_analysis/Manager.h" -#include "zeexygen/Manager.h" +#include "zeekygen/Manager.h" #include "iosource/Manager.h" #include "broker/Manager.h" @@ -91,7 +91,7 @@ input::Manager* input_mgr = 0; plugin::Manager* plugin_mgr = 0; analyzer::Manager* analyzer_mgr = 0; file_analysis::Manager* file_mgr = 0; -zeexygen::Manager* zeexygen_mgr = 0; +zeekygen::Manager* zeekygen_mgr = 0; iosource::Manager* iosource_mgr = 0; bro_broker::Manager* broker_mgr = 0; @@ -193,7 +193,7 @@ void usage(int code = 1) fprintf(stderr, " -T|--re-level | set 'RE_level' for rules\n"); fprintf(stderr, " -U|--status-file | Record process status in file\n"); fprintf(stderr, " -W|--watchdog | activate watchdog timer\n"); - fprintf(stderr, " -X|--zeexygen | generate documentation based on config file\n"); + fprintf(stderr, " -X|--zeekygen | generate documentation based on config file\n"); #ifdef USE_PERFTOOLS_DEBUG fprintf(stderr, " -m|--mem-leaks | show leaks [perftools]\n"); @@ -213,7 +213,7 @@ void usage(int code = 1) fprintf(stderr, " $BRO_SEED_FILE | file to load seeds from (not set)\n"); fprintf(stderr, " $BRO_LOG_SUFFIX | ASCII log file extension (.%s)\n", logging::writer::Ascii::LogExt().c_str()); fprintf(stderr, " $BRO_PROFILER_FILE | Output file for script execution statistics (not set)\n"); - fprintf(stderr, " $BRO_DISABLE_BROXYGEN | Disable Zeexygen documentation support (%s)\n", getenv("BRO_DISABLE_BROXYGEN") ? "set" : "not set"); + fprintf(stderr, " $BRO_DISABLE_BROXYGEN | Disable Zeekygen documentation support (%s)\n", getenv("BRO_DISABLE_BROXYGEN") ? "set" : "not set"); fprintf(stderr, " $ZEEK_DNS_RESOLVER | IPv4/IPv6 address of DNS resolver to use (%s)\n", getenv("ZEEK_DNS_RESOLVER") ? getenv("ZEEK_DNS_RESOLVER") : "not set, will use first IPv4 address from /etc/resolv.conf"); fprintf(stderr, "\n"); @@ -369,7 +369,7 @@ void terminate_bro() plugin_mgr->FinishPlugins(); - delete zeexygen_mgr; + delete zeekygen_mgr; delete timer_mgr; delete persistence_serializer; delete event_serializer; @@ -469,7 +469,7 @@ int main(int argc, char** argv) {"filter", required_argument, 0, 'f'}, {"help", no_argument, 0, 'h'}, {"iface", required_argument, 0, 'i'}, - {"zeexygen", required_argument, 0, 'X'}, + {"zeekygen", required_argument, 0, 'X'}, {"prefix", required_argument, 0, 'p'}, {"readfile", required_argument, 0, 'r'}, {"rulefile", required_argument, 0, 's'}, @@ -521,7 +521,7 @@ int main(int argc, char** argv) if ( p ) add_to_name_list(p, ':', prefixes); - string zeexygen_config; + string zeekygen_config; #ifdef USE_IDMEF string libidmef_dtd_path = "idmef-message.dtd"; @@ -674,7 +674,7 @@ int main(int argc, char** argv) break; case 'X': - zeexygen_config = optarg; + zeekygen_config = optarg; break; #ifdef USE_PERFTOOLS_DEBUG @@ -756,7 +756,7 @@ int main(int argc, char** argv) timer_mgr = new PQ_TimerMgr(""); // timer_mgr = new CQ_TimerMgr(); - zeexygen_mgr = new zeexygen::Manager(zeexygen_config, bro_argv[0]); + zeekygen_mgr = new zeekygen::Manager(zeekygen_config, bro_argv[0]); add_essential_input_file("base/init-bare.zeek"); add_essential_input_file("base/init-frameworks-and-bifs.zeek"); @@ -807,7 +807,7 @@ int main(int argc, char** argv) plugin_mgr->InitPreScript(); analyzer_mgr->InitPreScript(); file_mgr->InitPreScript(); - zeexygen_mgr->InitPreScript(); + zeekygen_mgr->InitPreScript(); bool missing_plugin = false; @@ -876,7 +876,7 @@ int main(int argc, char** argv) exit(1); plugin_mgr->InitPostScript(); - zeexygen_mgr->InitPostScript(); + zeekygen_mgr->InitPostScript(); broker_mgr->InitPostScript(); if ( print_plugins ) @@ -906,7 +906,7 @@ int main(int argc, char** argv) } reporter->InitOptions(); - zeexygen_mgr->GenerateDocs(); + zeekygen_mgr->GenerateDocs(); if ( user_pcap_filter ) { diff --git a/src/parse.y b/src/parse.y index 0e363eb321..076e73f53e 100644 --- a/src/parse.y +++ b/src/parse.y @@ -88,7 +88,7 @@ #include "Scope.h" #include "Reporter.h" #include "Brofiler.h" -#include "zeexygen/Manager.h" +#include "zeekygen/Manager.h" #include #include @@ -1039,7 +1039,7 @@ type_decl: $$ = new TypeDecl($3, $1, $4, (in_record > 0)); if ( in_record > 0 && cur_decl_type_id ) - zeexygen_mgr->RecordField(cur_decl_type_id, $$, ::filename); + zeekygen_mgr->RecordField(cur_decl_type_id, $$, ::filename); } ; @@ -1073,7 +1073,7 @@ decl: TOK_MODULE TOK_ID ';' { current_module = $2; - zeexygen_mgr->ModuleUsage(::filename, current_module); + zeekygen_mgr->ModuleUsage(::filename, current_module); } | TOK_EXPORT '{' { is_export = true; } decl_list '}' @@ -1082,36 +1082,36 @@ decl: | TOK_GLOBAL def_global_id opt_type init_class opt_init opt_attr ';' { add_global($2, $3, $4, $5, $6, VAR_REGULAR); - zeexygen_mgr->Identifier($2); + zeekygen_mgr->Identifier($2); } | TOK_OPTION def_global_id opt_type init_class opt_init opt_attr ';' { add_global($2, $3, $4, $5, $6, VAR_OPTION); - zeexygen_mgr->Identifier($2); + zeekygen_mgr->Identifier($2); } | TOK_CONST def_global_id opt_type init_class opt_init opt_attr ';' { add_global($2, $3, $4, $5, $6, VAR_CONST); - zeexygen_mgr->Identifier($2); + zeekygen_mgr->Identifier($2); } | TOK_REDEF global_id opt_type init_class opt_init opt_attr ';' { add_global($2, $3, $4, $5, $6, VAR_REDEF); - zeexygen_mgr->Redef($2, ::filename); + zeekygen_mgr->Redef($2, ::filename); } | TOK_REDEF TOK_ENUM global_id TOK_ADD_TO '{' - { parser_redef_enum($3); zeexygen_mgr->Redef($3, ::filename); } + { parser_redef_enum($3); zeekygen_mgr->Redef($3, ::filename); } enum_body '}' ';' { - // Zeexygen already grabbed new enum IDs as the type created them. + // Zeekygen already grabbed new enum IDs as the type created them. } | TOK_REDEF TOK_RECORD global_id - { cur_decl_type_id = $3; zeexygen_mgr->Redef($3, ::filename); } + { cur_decl_type_id = $3; zeekygen_mgr->Redef($3, ::filename); } TOK_ADD_TO '{' { ++in_record; } type_decl_list @@ -1127,12 +1127,12 @@ decl: } | TOK_TYPE global_id ':' - { cur_decl_type_id = $2; zeexygen_mgr->StartType($2); } + { cur_decl_type_id = $2; zeekygen_mgr->StartType($2); } type opt_attr ';' { cur_decl_type_id = 0; add_type($2, $5, $6); - zeexygen_mgr->Identifier($2); + zeekygen_mgr->Identifier($2); } | func_hdr func_body @@ -1167,7 +1167,7 @@ func_hdr: begin_func($2, current_module.c_str(), FUNC_FLAVOR_FUNCTION, 0, $3, $4); $$ = $3; - zeexygen_mgr->Identifier($2); + zeekygen_mgr->Identifier($2); } | TOK_EVENT event_id func_params opt_attr { diff --git a/src/plugin/ComponentManager.h b/src/plugin/ComponentManager.h index 22bd2dd302..399c704551 100644 --- a/src/plugin/ComponentManager.h +++ b/src/plugin/ComponentManager.h @@ -10,7 +10,7 @@ #include "Var.h" #include "Val.h" #include "Reporter.h" -#include "zeexygen/Manager.h" +#include "zeekygen/Manager.h" namespace plugin { @@ -134,7 +134,7 @@ ComponentManager::ComponentManager(const string& arg_module, const string& tag_enum_type = new EnumType(module + "::" + local_id); ::ID* id = install_ID(local_id.c_str(), module.c_str(), true, true); add_type(id, tag_enum_type, 0); - zeexygen_mgr->Identifier(id); + zeekygen_mgr->Identifier(id); } template diff --git a/src/scan.l b/src/scan.l index fd54cfab40..6b2610ee3f 100644 --- a/src/scan.l +++ b/src/scan.l @@ -29,7 +29,7 @@ #include "Traverse.h" #include "analyzer/Analyzer.h" -#include "zeexygen/Manager.h" +#include "zeekygen/Manager.h" #include "plugin/Manager.h" @@ -162,19 +162,19 @@ ESCSEQ (\\([^\n]|[0-7]+|x[[:xdigit:]]+)) %% ##!.* { - zeexygen_mgr->SummaryComment(::filename, yytext + 3); + zeekygen_mgr->SummaryComment(::filename, yytext + 3); } ##<.* { string hint(cur_enum_type && last_id_tok ? make_full_var_name(current_module.c_str(), last_id_tok) : ""); - zeexygen_mgr->PostComment(yytext + 3, hint); + zeekygen_mgr->PostComment(yytext + 3, hint); } ##.* { if ( yytext[2] != '#' ) - zeexygen_mgr->PreComment(yytext + 2); + zeekygen_mgr->PreComment(yytext + 2); } #{OWS}@no-test.* return TOK_NO_TEST; @@ -375,7 +375,7 @@ when return TOK_WHEN; string loader = ::filename; // load_files may change ::filename, save copy string loading = find_relative_script_file(new_file); (void) load_files(new_file); - zeexygen_mgr->ScriptDependency(loader, loading); + zeekygen_mgr->ScriptDependency(loader, loading); } @load-sigs{WS}{FILE} { @@ -719,7 +719,7 @@ static int load_files(const char* orig_file) else file_stack.append(new FileInfo); - zeexygen_mgr->Script(file_path); + zeekygen_mgr->Script(file_path); DBG_LOG(DBG_SCRIPTS, "Loading %s", file_path.c_str()); diff --git a/src/zeexygen/CMakeLists.txt b/src/zeekygen/CMakeLists.txt similarity index 73% rename from src/zeexygen/CMakeLists.txt rename to src/zeekygen/CMakeLists.txt index 43060866a9..de50378f5a 100644 --- a/src/zeexygen/CMakeLists.txt +++ b/src/zeekygen/CMakeLists.txt @@ -7,7 +7,7 @@ include_directories(BEFORE ${CMAKE_CURRENT_BINARY_DIR} ) -set(zeexygen_SRCS +set(zeekygen_SRCS Manager.cc Info.h PackageInfo.cc @@ -19,7 +19,7 @@ set(zeexygen_SRCS utils.cc ) -bif_target(zeexygen.bif) -bro_add_subdir_library(zeexygen ${zeexygen_SRCS}) +bif_target(zeekygen.bif) +bro_add_subdir_library(zeekygen ${zeekygen_SRCS}) -add_dependencies(bro_zeexygen generate_outputs) +add_dependencies(bro_zeekygen generate_outputs) diff --git a/src/zeexygen/Configuration.cc b/src/zeekygen/Configuration.cc similarity index 87% rename from src/zeexygen/Configuration.cc rename to src/zeekygen/Configuration.cc index 7b1f5e35fd..dbbbebf578 100644 --- a/src/zeexygen/Configuration.cc +++ b/src/zeekygen/Configuration.cc @@ -11,7 +11,7 @@ #include #include -using namespace zeexygen; +using namespace zeekygen; using namespace std; static TargetFactory create_target_factory() @@ -37,7 +37,7 @@ Config::Config(const string& arg_file, const string& delim) ifstream f(file.c_str()); if ( ! f.is_open() ) - reporter->FatalError("failed to open Zeexygen config file '%s': %s", + reporter->FatalError("failed to open Zeekygen config file '%s': %s", file.c_str(), strerror(errno)); string line; @@ -59,20 +59,20 @@ Config::Config(const string& arg_file, const string& delim) continue; if ( tokens.size() != 3 ) - reporter->FatalError("malformed Zeexygen target in %s:%u: %s", + reporter->FatalError("malformed Zeekygen target in %s:%u: %s", file.c_str(), line_number, line.c_str()); Target* target = target_factory.Create(tokens[0], tokens[2], tokens[1]); if ( ! target ) - reporter->FatalError("unknown Zeexygen target type: %s", + reporter->FatalError("unknown Zeekygen target type: %s", tokens[0].c_str()); targets.push_back(target); } if ( f.bad() ) - reporter->InternalError("error reading Zeexygen config file '%s': %s", + reporter->InternalError("error reading Zeekygen config file '%s': %s", file.c_str(), strerror(errno)); } @@ -99,5 +99,5 @@ time_t Config::GetModificationTime() const if ( file.empty() ) return 0; - return zeexygen::get_mtime(file); + return zeekygen::get_mtime(file); } diff --git a/src/zeexygen/Configuration.h b/src/zeekygen/Configuration.h similarity index 80% rename from src/zeexygen/Configuration.h rename to src/zeekygen/Configuration.h index a0da9761bc..97ca125275 100644 --- a/src/zeexygen/Configuration.h +++ b/src/zeekygen/Configuration.h @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef ZEEXYGEN_CONFIGURATION_H -#define ZEEXYGEN_CONFIGURATION_H +#ifndef ZEEKYGEN_CONFIGURATION_H +#define ZEEKYGEN_CONFIGURATION_H #include "Info.h" #include "Target.h" @@ -9,7 +9,7 @@ #include #include -namespace zeexygen { +namespace zeekygen { /** * Manages the generation of reStructuredText documents corresponding to @@ -22,8 +22,8 @@ class Config { public: /** - * Read a Zeexygen configuration file, parsing all targets in it. - * @param file The file containing a list of Zeexygen targets. If it's + * Read a Zeekygen configuration file, parsing all targets in it. + * @param file The file containing a list of Zeekygen targets. If it's * an empty string most methods are a no-op. * @param delim The delimiter between target fields. */ @@ -41,7 +41,7 @@ public: void FindDependencies(const std::vector& infos); /** - * Build each Zeexygen target (i.e. write out the reST documents to disk). + * Build each Zeekygen target (i.e. write out the reST documents to disk). */ void GenerateDocs() const; @@ -58,6 +58,6 @@ private: TargetFactory target_factory; }; -} // namespace zeexygen +} // namespace zeekygen #endif diff --git a/src/zeexygen/IdentifierInfo.cc b/src/zeekygen/IdentifierInfo.cc similarity index 97% rename from src/zeexygen/IdentifierInfo.cc rename to src/zeekygen/IdentifierInfo.cc index ebb15373bf..5c494799b4 100644 --- a/src/zeexygen/IdentifierInfo.cc +++ b/src/zeekygen/IdentifierInfo.cc @@ -7,7 +7,7 @@ #include "Val.h" using namespace std; -using namespace zeexygen; +using namespace zeekygen; IdentifierInfo::IdentifierInfo(ID* arg_id, ScriptInfo* script) : Info(), @@ -128,7 +128,7 @@ string IdentifierInfo::DoReStructuredText(bool roles_only) const { string s = comments[i]; - if ( zeexygen::prettify_params(s) ) + if ( zeekygen::prettify_params(s) ) d.NL(); d.Add(s.c_str()); diff --git a/src/zeexygen/IdentifierInfo.h b/src/zeekygen/IdentifierInfo.h similarity index 92% rename from src/zeexygen/IdentifierInfo.h rename to src/zeekygen/IdentifierInfo.h index a930f67feb..868dd3781b 100644 --- a/src/zeexygen/IdentifierInfo.h +++ b/src/zeekygen/IdentifierInfo.h @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef ZEEXYGEN_IDENTIFIERINFO_H -#define ZEEXYGEN_IDENTIFIERINFO_H +#ifndef ZEEKYGEN_IDENTIFIERINFO_H +#define ZEEKYGEN_IDENTIFIERINFO_H #include "Info.h" #include "ScriptInfo.h" @@ -14,7 +14,7 @@ #include #include -namespace zeexygen { +namespace zeekygen { class ScriptInfo; @@ -42,7 +42,7 @@ public: * Add a comment associated with the identifier. If the identifier is a * record type and it's in the middle of parsing fields, the comment is * associated with the last field that was parsed. - * @param comment A string extracted from Zeexygen-style comment. + * @param comment A string extracted from Zeekygen-style comment. */ void AddComment(const std::string& comment) { last_field_seen ? last_field_seen->comments.push_back(comment) @@ -102,13 +102,13 @@ public: std::string GetDeclaringScriptForField(const std::string& field) const; /** - * @return All Zeexygen comments associated with the identifier. + * @return All Zeekygen comments associated with the identifier. */ std::vector GetComments() const; /** * @param field A record field name. - * @return All Zeexygen comments associated with the record field. + * @return All Zeekygen comments associated with the record field. */ std::vector GetFieldComments(const std::string& field) const; @@ -118,7 +118,7 @@ public: struct Redefinition { std::string from_script; /**< Name of script doing the redef. */ std::string new_val_desc; /**< Description of new value bound to ID. */ - std::vector comments; /**< Zeexygen comments on redef. */ + std::vector comments; /**< Zeekygen comments on redef. */ }; /** @@ -159,6 +159,6 @@ private: ScriptInfo* declaring_script; }; -} // namespace zeexygen +} // namespace zeekygen #endif diff --git a/src/zeexygen/Info.h b/src/zeekygen/Info.h similarity index 89% rename from src/zeexygen/Info.h rename to src/zeekygen/Info.h index 46fba7b7b6..f6e09cb498 100644 --- a/src/zeexygen/Info.h +++ b/src/zeekygen/Info.h @@ -1,15 +1,15 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef ZEEXYGEN_INFO_H -#define ZEEXYGEN_INFO_H +#ifndef ZEEKYGEN_INFO_H +#define ZEEKYGEN_INFO_H #include #include -namespace zeexygen { +namespace zeekygen { /** - * Abstract base class for any thing that Zeexygen can document. + * Abstract base class for any thing that Zeekygen can document. */ class Info { @@ -68,6 +68,6 @@ private: { } }; -} // namespace zeexygen +} // namespace zeekygen #endif diff --git a/src/zeexygen/Manager.cc b/src/zeekygen/Manager.cc similarity index 87% rename from src/zeexygen/Manager.cc rename to src/zeekygen/Manager.cc index d638705d8b..5cddac0901 100644 --- a/src/zeexygen/Manager.cc +++ b/src/zeekygen/Manager.cc @@ -7,7 +7,7 @@ #include #include -using namespace zeexygen; +using namespace zeekygen; using namespace std; static void DbgAndWarn(const char* msg) @@ -19,7 +19,7 @@ static void DbgAndWarn(const char* msg) return; reporter->Warning("%s", msg); - DBG_LOG(DBG_ZEEXYGEN, "%s", msg); + DBG_LOG(DBG_ZEEKYGEN, "%s", msg); } static void WarnMissingScript(const char* type, const ID* id, @@ -28,7 +28,7 @@ static void WarnMissingScript(const char* type, const ID* id, if ( script == "" ) return; - DbgAndWarn(fmt("Can't generate Zeexygen doumentation for %s %s, " + DbgAndWarn(fmt("Can't generate Zeekygen doumentation for %s %s, " "lookup of %s failed", type, id->Name(), script.c_str())); } @@ -83,7 +83,7 @@ Manager::Manager(const string& arg_config, const string& bro_command) // a PATH component that starts with a tilde (such as "~/bin"). A simple // workaround is to just run bro with a relative or absolute path. if ( path_to_bro.empty() || stat(path_to_bro.c_str(), &s) < 0 ) - reporter->InternalError("Zeexygen can't get mtime of bro binary %s (try again by specifying the absolute or relative path to Bro): %s", + reporter->InternalError("Zeekygen can't get mtime of bro binary %s (try again by specifying the absolute or relative path to Bro): %s", path_to_bro.c_str(), strerror(errno)); bro_mtime = s.st_mtime; @@ -129,7 +129,7 @@ void Manager::Script(const string& path) if ( scripts.GetInfo(name) ) { - DbgAndWarn(fmt("Duplicate Zeexygen script documentation: %s", + DbgAndWarn(fmt("Duplicate Zeekygen script documentation: %s", name.c_str())); return; } @@ -137,7 +137,7 @@ void Manager::Script(const string& path) ScriptInfo* info = new ScriptInfo(name, path); scripts.map[name] = info; all_info.push_back(info); - DBG_LOG(DBG_ZEEXYGEN, "Made ScriptInfo %s", name.c_str()); + DBG_LOG(DBG_ZEEKYGEN, "Made ScriptInfo %s", name.c_str()); if ( ! info->IsPkgLoader() ) return; @@ -146,7 +146,7 @@ void Manager::Script(const string& path) if ( packages.GetInfo(name) ) { - DbgAndWarn(fmt("Duplicate Zeexygen package documentation: %s", + DbgAndWarn(fmt("Duplicate Zeekygen package documentation: %s", name.c_str())); return; } @@ -154,7 +154,7 @@ void Manager::Script(const string& path) PackageInfo* pkginfo = new PackageInfo(name); packages.map[name] = pkginfo; all_info.push_back(pkginfo); - DBG_LOG(DBG_ZEEXYGEN, "Made PackageInfo %s", name.c_str()); + DBG_LOG(DBG_ZEEKYGEN, "Made PackageInfo %s", name.c_str()); } void Manager::ScriptDependency(const string& path, const string& dep) @@ -164,7 +164,7 @@ void Manager::ScriptDependency(const string& path, const string& dep) if ( dep.empty() ) { - DbgAndWarn(fmt("Empty Zeexygen script doc dependency: %s", + DbgAndWarn(fmt("Empty Zeekygen script doc dependency: %s", path.c_str())); return; } @@ -175,17 +175,17 @@ void Manager::ScriptDependency(const string& path, const string& dep) if ( ! script_info ) { - DbgAndWarn(fmt("Failed to add Zeexygen script doc dependency %s " + DbgAndWarn(fmt("Failed to add Zeekygen script doc dependency %s " "for %s", depname.c_str(), name.c_str())); return; } script_info->AddDependency(depname); - DBG_LOG(DBG_ZEEXYGEN, "Added script dependency %s for %s", + DBG_LOG(DBG_ZEEKYGEN, "Added script dependency %s for %s", depname.c_str(), name.c_str()); for ( size_t i = 0; i < comment_buffer.size(); ++i ) - DbgAndWarn(fmt("Discarded extraneous Zeexygen comment: %s", + DbgAndWarn(fmt("Discarded extraneous Zeekygen comment: %s", comment_buffer[i].c_str())); } @@ -199,13 +199,13 @@ void Manager::ModuleUsage(const string& path, const string& module) if ( ! script_info ) { - DbgAndWarn(fmt("Failed to add Zeexygen module usage %s in %s", + DbgAndWarn(fmt("Failed to add Zeekygen module usage %s in %s", module.c_str(), name.c_str())); return; } script_info->AddModule(module); - DBG_LOG(DBG_ZEEXYGEN, "Added module usage %s in %s", + DBG_LOG(DBG_ZEEKYGEN, "Added module usage %s in %s", module.c_str(), name.c_str()); } @@ -246,7 +246,7 @@ void Manager::StartType(ID* id) if ( id->GetLocationInfo() == &no_location ) { - DbgAndWarn(fmt("Can't generate zeexygen doumentation for %s, " + DbgAndWarn(fmt("Can't generate zeekygen doumentation for %s, " "no location available", id->Name())); return; } @@ -261,7 +261,7 @@ void Manager::StartType(ID* id) } incomplete_type = CreateIdentifierInfo(id, script_info); - DBG_LOG(DBG_ZEEXYGEN, "Made IdentifierInfo (incomplete) %s, in %s", + DBG_LOG(DBG_ZEEKYGEN, "Made IdentifierInfo (incomplete) %s, in %s", id->Name(), script.c_str()); } @@ -279,7 +279,7 @@ void Manager::Identifier(ID* id) { if ( incomplete_type->Name() == id->Name() ) { - DBG_LOG(DBG_ZEEXYGEN, "Finished document for type %s", id->Name()); + DBG_LOG(DBG_ZEEKYGEN, "Finished document for type %s", id->Name()); incomplete_type->CompletedTypeDecl(); incomplete_type = 0; return; @@ -309,7 +309,7 @@ void Manager::Identifier(ID* id) { // Internally-created identifier (e.g. file/proto analyzer enum tags). // Handled specially since they don't have a script location. - DBG_LOG(DBG_ZEEXYGEN, "Made internal IdentifierInfo %s", + DBG_LOG(DBG_ZEEKYGEN, "Made internal IdentifierInfo %s", id->Name()); CreateIdentifierInfo(id, 0); return; @@ -325,7 +325,7 @@ void Manager::Identifier(ID* id) } CreateIdentifierInfo(id, script_info); - DBG_LOG(DBG_ZEEXYGEN, "Made IdentifierInfo %s, in script %s", + DBG_LOG(DBG_ZEEKYGEN, "Made IdentifierInfo %s, in script %s", id->Name(), script.c_str()); } @@ -339,7 +339,7 @@ void Manager::RecordField(const ID* id, const TypeDecl* field, if ( ! idd ) { - DbgAndWarn(fmt("Can't generate zeexygen doumentation for " + DbgAndWarn(fmt("Can't generate zeekygen doumentation for " "record field %s, unknown record: %s", field->id, id->Name())); return; @@ -348,7 +348,7 @@ void Manager::RecordField(const ID* id, const TypeDecl* field, string script = NormalizeScriptPath(path); idd->AddRecordField(field, script, comment_buffer); comment_buffer.clear(); - DBG_LOG(DBG_ZEEXYGEN, "Document record field %s, identifier %s, script %s", + DBG_LOG(DBG_ZEEKYGEN, "Document record field %s, identifier %s, script %s", field->id, id->Name(), script.c_str()); } @@ -365,7 +365,7 @@ void Manager::Redef(const ID* id, const string& path) if ( ! id_info ) { - DbgAndWarn(fmt("Can't generate zeexygen doumentation for " + DbgAndWarn(fmt("Can't generate zeekygen doumentation for " "redef of %s, identifier lookup failed", id->Name())); return; @@ -384,7 +384,7 @@ void Manager::Redef(const ID* id, const string& path) script_info->AddRedef(id_info); comment_buffer.clear(); last_identifier_seen = id_info; - DBG_LOG(DBG_ZEEXYGEN, "Added redef of %s from %s", + DBG_LOG(DBG_ZEEKYGEN, "Added redef of %s from %s", id->Name(), from_script.c_str()); } @@ -421,7 +421,7 @@ void Manager::PostComment(const string& comment, const string& id_hint) if ( last_identifier_seen ) last_identifier_seen->AddComment(RemoveLeadingSpace(comment)); else - DbgAndWarn(fmt("Discarded unassociated Zeexygen comment %s", + DbgAndWarn(fmt("Discarded unassociated Zeekygen comment %s", comment.c_str())); return; diff --git a/src/zeexygen/Manager.h b/src/zeekygen/Manager.h similarity index 89% rename from src/zeexygen/Manager.h rename to src/zeekygen/Manager.h index 5b2142e047..ad4d98f668 100644 --- a/src/zeexygen/Manager.h +++ b/src/zeekygen/Manager.h @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef ZEEXYGEN_MANAGER_H -#define ZEEXYGEN_MANAGER_H +#ifndef ZEEKYGEN_MANAGER_H +#define ZEEKYGEN_MANAGER_H #include "Configuration.h" #include "Info.h" @@ -21,7 +21,7 @@ #include #include -namespace zeexygen { +namespace zeekygen { /** * Map of info objects. Just a wrapper around std::map to improve code @@ -54,7 +54,7 @@ public: /** * Ctor. - * @param config Path to a Zeexygen config file if documentation is to be + * @param config Path to a Zeekygen config file if documentation is to be * written to disk. * @param bro_command The command used to invoke the bro process. * It's used when checking for out-of-date targets. If the bro binary is @@ -80,7 +80,7 @@ public: void InitPostScript(); /** - * Builds all Zeexygen targets specified by config file and write out + * Builds all Zeekygen targets specified by config file and write out * documentation to disk. */ void GenerateDocs() const; @@ -140,24 +140,24 @@ public: void Redef(const ID* id, const std::string& path); /** - * Register Zeexygen script summary content. + * Register Zeekygen script summary content. * @param path Absolute path to a Bro script. - * @param comment Zeexygen-style summary comment ("##!") to associate with + * @param comment Zeekygen-style summary comment ("##!") to associate with * script given by \a path. */ void SummaryComment(const std::string& path, const std::string& comment); /** - * Register a Zeexygen comment ("##") for an upcoming identifier (i.e. + * Register a Zeekygen comment ("##") for an upcoming identifier (i.e. * this content is buffered and consumed by next identifier/field * declaration. - * @param comment Content of the Zeexygen comment. + * @param comment Content of the Zeekygen comment. */ void PreComment(const std::string& comment); /** - * Register a Zeexygen comment ("##<") for the last identifier seen. - * @param comment Content of the Zeexygen comment. + * Register a Zeekygen comment ("##<") for the last identifier seen. + * @param comment Content of the Zeekygen comment. * @param identifier_hint Expected name of identifier with which to * associate \a comment. */ @@ -197,11 +197,11 @@ public: { return packages.GetInfo(name); } /** - * Check if a Zeexygen target is up-to-date. - * @param target_file output file of a Zeexygen target. + * Check if a Zeekygen target is up-to-date. + * @param target_file output file of a Zeekygen target. * @param dependencies all dependencies of the target. * @return true if modification time of \a target_file is newer than - * modification time of Bro binary, Zeexygen config file, and all + * modification time of Bro binary, Zeekygen config file, and all * dependencies, else false. */ template @@ -241,7 +241,7 @@ bool Manager::IsUpToDate(const string& target_file, // Doesn't exist. return false; - reporter->InternalError("Zeexygen failed to stat target file '%s': %s", + reporter->InternalError("Zeekygen failed to stat target file '%s': %s", target_file.c_str(), strerror(errno)); } @@ -258,8 +258,8 @@ bool Manager::IsUpToDate(const string& target_file, return true; } -} // namespace zeexygen +} // namespace zeekygen -extern zeexygen::Manager* zeexygen_mgr; +extern zeekygen::Manager* zeekygen_mgr; #endif diff --git a/src/zeexygen/PackageInfo.cc b/src/zeekygen/PackageInfo.cc similarity index 85% rename from src/zeexygen/PackageInfo.cc rename to src/zeekygen/PackageInfo.cc index 1fd607fd08..4fe1ba8ad9 100644 --- a/src/zeexygen/PackageInfo.cc +++ b/src/zeekygen/PackageInfo.cc @@ -9,7 +9,7 @@ #include using namespace std; -using namespace zeexygen; +using namespace zeekygen; PackageInfo::PackageInfo(const string& arg_name) : Info(), @@ -23,7 +23,7 @@ PackageInfo::PackageInfo(const string& arg_name) ifstream f(readme_file.c_str()); if ( ! f.is_open() ) - reporter->InternalWarning("Zeexygen failed to open '%s': %s", + reporter->InternalWarning("Zeekygen failed to open '%s': %s", readme_file.c_str(), strerror(errno)); string line; @@ -32,7 +32,7 @@ PackageInfo::PackageInfo(const string& arg_name) readme.push_back(line); if ( f.bad() ) - reporter->InternalWarning("Zeexygen error reading '%s': %s", + reporter->InternalWarning("Zeekygen error reading '%s': %s", readme_file.c_str(), strerror(errno)); } @@ -54,5 +54,5 @@ time_t PackageInfo::DoGetModificationTime() const if ( readme_file.empty() ) return 0; - return zeexygen::get_mtime(readme_file); + return zeekygen::get_mtime(readme_file); } diff --git a/src/zeexygen/PackageInfo.h b/src/zeekygen/PackageInfo.h similarity index 89% rename from src/zeexygen/PackageInfo.h rename to src/zeekygen/PackageInfo.h index 977f31fece..4db2718944 100644 --- a/src/zeexygen/PackageInfo.h +++ b/src/zeekygen/PackageInfo.h @@ -1,14 +1,14 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef ZEEXYGEN_PACKAGEINFO_H -#define ZEEXYGEN_PACKAGEINFO_H +#ifndef ZEEKYGEN_PACKAGEINFO_H +#define ZEEKYGEN_PACKAGEINFO_H #include "Info.h" #include #include -namespace zeexygen { +namespace zeekygen { /** * Information about a Bro script package. @@ -45,6 +45,6 @@ private: std::vector readme; }; -} // namespace zeexygen +} // namespace zeekygen #endif diff --git a/src/zeexygen/ReStructuredTextTable.cc b/src/zeekygen/ReStructuredTextTable.cc similarity index 98% rename from src/zeexygen/ReStructuredTextTable.cc rename to src/zeekygen/ReStructuredTextTable.cc index c8306313e5..55c576a2a4 100644 --- a/src/zeexygen/ReStructuredTextTable.cc +++ b/src/zeekygen/ReStructuredTextTable.cc @@ -5,7 +5,7 @@ #include using namespace std; -using namespace zeexygen; +using namespace zeekygen; ReStructuredTextTable::ReStructuredTextTable(size_t arg_num_cols) : num_cols(arg_num_cols), rows(), longest_row_in_column() diff --git a/src/zeexygen/ReStructuredTextTable.h b/src/zeekygen/ReStructuredTextTable.h similarity index 92% rename from src/zeexygen/ReStructuredTextTable.h rename to src/zeekygen/ReStructuredTextTable.h index 9a4059ca83..aefa8aaa26 100644 --- a/src/zeexygen/ReStructuredTextTable.h +++ b/src/zeekygen/ReStructuredTextTable.h @@ -1,12 +1,12 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef ZEEXYGEN_RESTTABLE_H -#define ZEEXYGEN_RESTTABLE_H +#ifndef ZEEKYGEN_RESTTABLE_H +#define ZEEKYGEN_RESTTABLE_H #include #include -namespace zeexygen { +namespace zeekygen { /** * A reST table with arbitrary number of columns. @@ -48,6 +48,6 @@ private: std::vector longest_row_in_column; }; -} // namespace zeexygen +} // namespace zeekygen #endif diff --git a/src/zeexygen/ScriptInfo.cc b/src/zeekygen/ScriptInfo.cc similarity index 86% rename from src/zeexygen/ScriptInfo.cc rename to src/zeekygen/ScriptInfo.cc index 47769c615a..d55b42b7bc 100644 --- a/src/zeexygen/ScriptInfo.cc +++ b/src/zeekygen/ScriptInfo.cc @@ -10,7 +10,7 @@ #include "Desc.h" using namespace std; -using namespace zeexygen; +using namespace zeekygen; bool IdInfoComp::operator ()(const IdentifierInfo* lhs, const IdentifierInfo* rhs) const @@ -24,11 +24,11 @@ static vector summary_comment(const vector& cmnts) for ( size_t i = 0; i < cmnts.size(); ++i ) { - size_t end = zeexygen::end_of_first_sentence(cmnts[i]); + size_t end = zeekygen::end_of_first_sentence(cmnts[i]); if ( end == string::npos ) { - if ( zeexygen::is_all_whitespace(cmnts[i]) ) + if ( zeekygen::is_all_whitespace(cmnts[i]) ) break; rval.push_back(cmnts[i]); @@ -86,7 +86,7 @@ static string make_summary(const string& heading, char underline, char border, add_summary_rows(d, summary_comment((*it)->GetComments()), &table); } - return zeexygen::make_heading(heading, underline) + table.AsString(border) + return zeekygen::make_heading(heading, underline) + table.AsString(border) + "\n"; } @@ -115,7 +115,7 @@ static string make_redef_summary(const string& heading, char underline, add_summary_rows(d, summary_comment(iit->comments), &table); } - return zeexygen::make_heading(heading, underline) + table.AsString(border) + return zeekygen::make_heading(heading, underline) + table.AsString(border) + "\n"; } @@ -125,7 +125,7 @@ static string make_details(const string& heading, char underline, if ( id_list.empty() ) return ""; - string rval = zeexygen::make_heading(heading, underline); + string rval = zeekygen::make_heading(heading, underline); for ( id_info_list::const_iterator it = id_list.begin(); it != id_list.end(); ++it ) @@ -143,7 +143,7 @@ static string make_redef_details(const string& heading, char underline, if ( id_set.empty() ) return ""; - string rval = zeexygen::make_heading(heading, underline); + string rval = zeekygen::make_heading(heading, underline); for ( id_info_set::const_iterator it = id_set.begin(); it != id_set.end(); ++it ) @@ -178,13 +178,13 @@ void ScriptInfo::DoInitPostScript() IdentifierInfo* info = it->second; ID* id = info->GetID(); - if ( ! zeexygen::is_public_api(id) ) + if ( ! zeekygen::is_public_api(id) ) continue; if ( id->AsType() ) { types.push_back(info); - DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a type", + DBG_LOG(DBG_ZEEKYGEN, "Filter id '%s' in '%s' as a type", id->Name(), name.c_str()); continue; } @@ -193,17 +193,17 @@ void ScriptInfo::DoInitPostScript() { switch ( id->Type()->AsFuncType()->Flavor() ) { case FUNC_FLAVOR_HOOK: - DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a hook", + DBG_LOG(DBG_ZEEKYGEN, "Filter id '%s' in '%s' as a hook", id->Name(), name.c_str()); hooks.push_back(info); break; case FUNC_FLAVOR_EVENT: - DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a event", + DBG_LOG(DBG_ZEEKYGEN, "Filter id '%s' in '%s' as a event", id->Name(), name.c_str()); events.push_back(info); break; case FUNC_FLAVOR_FUNCTION: - DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a function", + DBG_LOG(DBG_ZEEKYGEN, "Filter id '%s' in '%s' as a function", id->Name(), name.c_str()); functions.push_back(info); break; @@ -219,13 +219,13 @@ void ScriptInfo::DoInitPostScript() { if ( id->FindAttr(ATTR_REDEF) ) { - DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a redef_option", + DBG_LOG(DBG_ZEEKYGEN, "Filter id '%s' in '%s' as a redef_option", id->Name(), name.c_str()); redef_options.push_back(info); } else { - DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a constant", + DBG_LOG(DBG_ZEEKYGEN, "Filter id '%s' in '%s' as a constant", id->Name(), name.c_str()); constants.push_back(info); } @@ -234,7 +234,7 @@ void ScriptInfo::DoInitPostScript() } else if ( id->IsOption() ) { - DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as an runtime option", + DBG_LOG(DBG_ZEEKYGEN, "Filter id '%s' in '%s' as an runtime option", id->Name(), name.c_str()); options.push_back(info); @@ -246,7 +246,7 @@ void ScriptInfo::DoInitPostScript() // documentation. continue; - DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a state variable", + DBG_LOG(DBG_ZEEKYGEN, "Filter id '%s' in '%s' as a state variable", id->Name(), name.c_str()); state_vars.push_back(info); } @@ -275,7 +275,7 @@ string ScriptInfo::DoReStructuredText(bool roles_only) const string rval; rval += ":tocdepth: 3\n\n"; - rval += zeexygen::make_heading(name, '='); + rval += zeekygen::make_heading(name, '='); for ( string_set::const_iterator it = module_usages.begin(); it != module_usages.end(); ++it ) @@ -329,7 +329,7 @@ string ScriptInfo::DoReStructuredText(bool roles_only) const //rval += fmt(":Source File: :download:`/scripts/%s`\n", name.c_str()); rval += "\n"; - rval += zeexygen::make_heading("Summary", '~'); + rval += zeekygen::make_heading("Summary", '~'); rval += make_summary("Runtime Options", '#', '=', options); rval += make_summary("Redefinable Options", '#', '=', redef_options); rval += make_summary("Constants", '#', '=', constants); @@ -340,7 +340,7 @@ string ScriptInfo::DoReStructuredText(bool roles_only) const rval += make_summary("Hooks", '#', '=', hooks); rval += make_summary("Functions", '#', '=', functions); rval += "\n"; - rval += zeexygen::make_heading("Detailed Interface", '~'); + rval += zeekygen::make_heading("Detailed Interface", '~'); rval += make_details("Runtime Options", '#', options); rval += make_details("Redefinable Options", '#', redef_options); rval += make_details("Constants", '#', constants); @@ -356,25 +356,25 @@ string ScriptInfo::DoReStructuredText(bool roles_only) const time_t ScriptInfo::DoGetModificationTime() const { - time_t most_recent = zeexygen::get_mtime(path); + time_t most_recent = zeekygen::get_mtime(path); for ( string_set::const_iterator it = dependencies.begin(); it != dependencies.end(); ++it ) { - Info* info = zeexygen_mgr->GetScriptInfo(*it); + Info* info = zeekygen_mgr->GetScriptInfo(*it); if ( ! info ) { for (const string& ext : script_extensions) { string pkg_name = *it + "/__load__" + ext; - info = zeexygen_mgr->GetScriptInfo(pkg_name); + info = zeekygen_mgr->GetScriptInfo(pkg_name); if ( info ) break; } if ( ! info ) - reporter->InternalWarning("Zeexygen failed to get mtime of %s", + reporter->InternalWarning("Zeekygen failed to get mtime of %s", it->c_str()); continue; } diff --git a/src/zeexygen/ScriptInfo.h b/src/zeekygen/ScriptInfo.h similarity index 92% rename from src/zeexygen/ScriptInfo.h rename to src/zeekygen/ScriptInfo.h index fb0f0c15ae..dde7560544 100644 --- a/src/zeexygen/ScriptInfo.h +++ b/src/zeekygen/ScriptInfo.h @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef ZEEXYGEN_SCRIPTINFO_H -#define ZEEXYGEN_SCRIPTINFO_H +#ifndef ZEEKYGEN_SCRIPTINFO_H +#define ZEEKYGEN_SCRIPTINFO_H #include "Info.h" #include "IdentifierInfo.h" @@ -12,7 +12,7 @@ #include #include -namespace zeexygen { +namespace zeekygen { class IdentifierInfo; @@ -39,7 +39,7 @@ public: ScriptInfo(const std::string& name, const std::string& path); /** - * Associate a Zeexygen summary comment ("##!") with the script. + * Associate a Zeekygen summary comment ("##!") with the script. * @param comment String extracted from the comment. */ void AddComment(const std::string& comment) @@ -83,7 +83,7 @@ public: { return is_pkg_loader; } /** - * @return All the scripts Zeexygen summary comments. + * @return All the scripts Zeekygen summary comments. */ std::vector GetComments() const; @@ -119,6 +119,6 @@ private: id_info_set redefs; }; -} // namespace zeexygen +} // namespace zeekygen #endif diff --git a/src/zeexygen/Target.cc b/src/zeekygen/Target.cc similarity index 90% rename from src/zeexygen/Target.cc rename to src/zeekygen/Target.cc index 406f6ffe4d..0e40defee3 100644 --- a/src/zeexygen/Target.cc +++ b/src/zeekygen/Target.cc @@ -16,7 +16,7 @@ #include using namespace std; -using namespace zeexygen; +using namespace zeekygen; static void write_plugin_section_heading(FILE* f, const plugin::Plugin* p) { @@ -123,13 +123,13 @@ static void write_plugin_bif_items(FILE* f, const plugin::Plugin* p, for ( it = bifitems.begin(); it != bifitems.end(); ++it ) { - zeexygen::IdentifierInfo* doc = zeexygen_mgr->GetIdentifierInfo( + zeekygen::IdentifierInfo* doc = zeekygen_mgr->GetIdentifierInfo( it->GetID()); if ( doc ) fprintf(f, "%s\n\n", doc->ReStructuredText().c_str()); else - reporter->InternalWarning("Zeexygen ID lookup failed: %s\n", + reporter->InternalWarning("Zeekygen ID lookup failed: %s\n", it->GetID().c_str()); } } @@ -138,10 +138,10 @@ static void WriteAnalyzerTagDefn(FILE* f, const string& module) { string tag_id = module + "::Tag"; - zeexygen::IdentifierInfo* doc = zeexygen_mgr->GetIdentifierInfo(tag_id); + zeekygen::IdentifierInfo* doc = zeekygen_mgr->GetIdentifierInfo(tag_id); if ( ! doc ) - reporter->InternalError("Zeexygen failed analyzer tag lookup: %s", + reporter->InternalError("Zeekygen failed analyzer tag lookup: %s", tag_id.c_str()); fprintf(f, "%s\n", doc->ReStructuredText().c_str()); @@ -177,7 +177,7 @@ static vector filter_matches(const vector& from, Target* t) if ( t->MatchesPattern(d) ) { - DBG_LOG(DBG_ZEEXYGEN, "'%s' matched pattern for target '%s'", + DBG_LOG(DBG_ZEEKYGEN, "'%s' matched pattern for target '%s'", d->Name().c_str(), t->Name().c_str()); rval.push_back(d); } @@ -194,14 +194,14 @@ TargetFile::TargetFile(const string& arg_name) string dir = SafeDirname(name).result; if ( ! ensure_intermediate_dirs(dir.c_str()) ) - reporter->FatalError("Zeexygen failed to make dir %s", + reporter->FatalError("Zeekygen failed to make dir %s", dir.c_str()); } f = fopen(name.c_str(), "w"); if ( ! f ) - reporter->FatalError("Zeexygen failed to open '%s' for writing: %s", + reporter->FatalError("Zeekygen failed to open '%s' for writing: %s", name.c_str(), strerror(errno)); } @@ -210,7 +210,7 @@ TargetFile::~TargetFile() if ( f ) fclose(f); - DBG_LOG(DBG_ZEEXYGEN, "Wrote out-of-date target '%s'", name.c_str()); + DBG_LOG(DBG_ZEEKYGEN, "Wrote out-of-date target '%s'", name.c_str()); } @@ -245,11 +245,11 @@ void AnalyzerTarget::DoFindDependencies(const std::vector& infos) void AnalyzerTarget::DoGenerate() const { - if ( zeexygen_mgr->IsUpToDate(Name(), vector()) ) + if ( zeekygen_mgr->IsUpToDate(Name(), vector()) ) return; if ( Pattern() != "*" ) - reporter->InternalWarning("Zeexygen only implements analyzer target" + reporter->InternalWarning("Zeekygen only implements analyzer target" " pattern '*'"); TargetFile file(Name()); @@ -313,7 +313,7 @@ void PackageTarget::DoFindDependencies(const vector& infos) pkg_deps = filter_matches(infos, this); if ( pkg_deps.empty() ) - reporter->FatalError("No match for Zeexygen target '%s' pattern '%s'", + reporter->FatalError("No match for Zeekygen target '%s' pattern '%s'", Name().c_str(), Pattern().c_str()); for ( size_t i = 0; i < infos.size(); ++i ) @@ -329,7 +329,7 @@ void PackageTarget::DoFindDependencies(const vector& infos) pkg_deps[j]->Name().size())) continue; - DBG_LOG(DBG_ZEEXYGEN, "Script %s associated with package %s", + DBG_LOG(DBG_ZEEKYGEN, "Script %s associated with package %s", script->Name().c_str(), pkg_deps[j]->Name().c_str()); pkg_manifest[pkg_deps[j]].push_back(script); script_deps.push_back(script); @@ -339,8 +339,8 @@ void PackageTarget::DoFindDependencies(const vector& infos) void PackageTarget::DoGenerate() const { - if ( zeexygen_mgr->IsUpToDate(Name(), script_deps) && - zeexygen_mgr->IsUpToDate(Name(), pkg_deps) ) + if ( zeekygen_mgr->IsUpToDate(Name(), script_deps) && + zeekygen_mgr->IsUpToDate(Name(), pkg_deps) ) return; TargetFile file(Name()); @@ -382,13 +382,13 @@ void PackageIndexTarget::DoFindDependencies(const vector& infos) pkg_deps = filter_matches(infos, this); if ( pkg_deps.empty() ) - reporter->FatalError("No match for Zeexygen target '%s' pattern '%s'", + reporter->FatalError("No match for Zeekygen target '%s' pattern '%s'", Name().c_str(), Pattern().c_str()); } void PackageIndexTarget::DoGenerate() const { - if ( zeexygen_mgr->IsUpToDate(Name(), pkg_deps) ) + if ( zeekygen_mgr->IsUpToDate(Name(), pkg_deps) ) return; TargetFile file(Name()); @@ -402,7 +402,7 @@ void ScriptTarget::DoFindDependencies(const vector& infos) script_deps = filter_matches(infos, this); if ( script_deps.empty() ) - reporter->FatalError("No match for Zeexygen target '%s' pattern '%s'", + reporter->FatalError("No match for Zeekygen target '%s' pattern '%s'", Name().c_str(), Pattern().c_str()); if ( ! IsDir() ) @@ -483,7 +483,7 @@ void ScriptTarget::DoGenerate() const vector dep; dep.push_back(script_deps[i]); - if ( zeexygen_mgr->IsUpToDate(target_filename, dep) ) + if ( zeekygen_mgr->IsUpToDate(target_filename, dep) ) continue; TargetFile file(target_filename); @@ -508,7 +508,7 @@ void ScriptTarget::DoGenerate() const reporter->Warning("Failed to unlink %s: %s", f.c_str(), strerror(errno)); - DBG_LOG(DBG_ZEEXYGEN, "Delete stale script file %s", f.c_str()); + DBG_LOG(DBG_ZEEKYGEN, "Delete stale script file %s", f.c_str()); } return; @@ -516,7 +516,7 @@ void ScriptTarget::DoGenerate() const // Target is a single file, all matching scripts get written there. - if ( zeexygen_mgr->IsUpToDate(Name(), script_deps) ) + if ( zeekygen_mgr->IsUpToDate(Name(), script_deps) ) return; TargetFile file(Name()); @@ -527,7 +527,7 @@ void ScriptTarget::DoGenerate() const void ScriptSummaryTarget::DoGenerate() const { - if ( zeexygen_mgr->IsUpToDate(Name(), script_deps) ) + if ( zeekygen_mgr->IsUpToDate(Name(), script_deps) ) return; TargetFile file(Name()); @@ -552,7 +552,7 @@ void ScriptSummaryTarget::DoGenerate() const void ScriptIndexTarget::DoGenerate() const { - if ( zeexygen_mgr->IsUpToDate(Name(), script_deps) ) + if ( zeekygen_mgr->IsUpToDate(Name(), script_deps) ) return; TargetFile file(Name()); @@ -577,13 +577,13 @@ void IdentifierTarget::DoFindDependencies(const vector& infos) id_deps = filter_matches(infos, this); if ( id_deps.empty() ) - reporter->FatalError("No match for Zeexygen target '%s' pattern '%s'", + reporter->FatalError("No match for Zeekygen target '%s' pattern '%s'", Name().c_str(), Pattern().c_str()); } void IdentifierTarget::DoGenerate() const { - if ( zeexygen_mgr->IsUpToDate(Name(), id_deps) ) + if ( zeekygen_mgr->IsUpToDate(Name(), id_deps) ) return; TargetFile file(Name()); diff --git a/src/zeexygen/Target.h b/src/zeekygen/Target.h similarity index 97% rename from src/zeexygen/Target.h rename to src/zeekygen/Target.h index ef3c8b2e00..1129fe42ed 100644 --- a/src/zeexygen/Target.h +++ b/src/zeekygen/Target.h @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef ZEEXYGEN_TARGET_H -#define ZEEXYGEN_TARGET_H +#ifndef ZEEKYGEN_TARGET_H +#define ZEEKYGEN_TARGET_H #include "Info.h" #include "PackageInfo.h" @@ -13,7 +13,7 @@ #include #include -namespace zeexygen { +namespace zeekygen { /** * Helper class to create files in arbitrary file paths and automatically @@ -39,7 +39,7 @@ struct TargetFile { }; /** - * A Zeexygen target abstract base class. A target is generally any portion of + * A Zeekygen target abstract base class. A target is generally any portion of * documentation that Bro can build. It's identified by a type (e.g. script, * identifier, package), a pattern (e.g. "example.zeek", "HTTP::Info"), and * a path to an output file. @@ -125,7 +125,7 @@ public: /** * Register a new target type. - * @param type_name The target type name as it will appear in Zeexygen + * @param type_name The target type name as it will appear in Zeekygen * config files. */ template @@ -136,7 +136,7 @@ public: /** * Instantiate a target. - * @param type_name The target type name as it appears in Zeexygen config + * @param type_name The target type name as it appears in Zeekygen config * files. * @param name The output file name of the target. * @param pattern The dependency pattern of the target. @@ -384,6 +384,6 @@ private: std::vector id_deps; }; -} // namespace zeexygen +} // namespace zeekygen #endif diff --git a/src/zeexygen/utils.cc b/src/zeekygen/utils.cc similarity index 83% rename from src/zeexygen/utils.cc rename to src/zeekygen/utils.cc index 5cf76c1af6..b04790ee92 100644 --- a/src/zeexygen/utils.cc +++ b/src/zeekygen/utils.cc @@ -7,10 +7,10 @@ #include #include -using namespace zeexygen; +using namespace zeekygen; using namespace std; -bool zeexygen::prettify_params(string& s) +bool zeekygen::prettify_params(string& s) { size_t identifier_start_pos = 0; bool in_identifier = false; @@ -76,29 +76,29 @@ bool zeexygen::prettify_params(string& s) return false; } -bool zeexygen::is_public_api(const ID* id) +bool zeekygen::is_public_api(const ID* id) { return (id->Scope() == SCOPE_GLOBAL) || (id->Scope() == SCOPE_MODULE && id->IsExport()); } -time_t zeexygen::get_mtime(const string& filename) +time_t zeekygen::get_mtime(const string& filename) { struct stat s; if ( stat(filename.c_str(), &s) < 0 ) - reporter->InternalError("Zeexygen failed to stat file '%s': %s", + reporter->InternalError("Zeekygen failed to stat file '%s': %s", filename.c_str(), strerror(errno)); return s.st_mtime; } -string zeexygen::make_heading(const string& heading, char underline) +string zeekygen::make_heading(const string& heading, char underline) { return heading + "\n" + string(heading.size(), underline) + "\n"; } -size_t zeexygen::end_of_first_sentence(const string& s) +size_t zeekygen::end_of_first_sentence(const string& s) { size_t rval = 0; @@ -119,7 +119,7 @@ size_t zeexygen::end_of_first_sentence(const string& s) return rval; } -bool zeexygen::is_all_whitespace(const string& s) +bool zeekygen::is_all_whitespace(const string& s) { for ( size_t i = 0; i < s.size(); ++i ) if ( ! isspace(s[i]) ) @@ -128,7 +128,7 @@ bool zeexygen::is_all_whitespace(const string& s) return true; } -string zeexygen::redef_indication(const string& from_script) +string zeekygen::redef_indication(const string& from_script) { return fmt("(present if :doc:`/scripts/%s` is loaded)", from_script.c_str()); diff --git a/src/zeexygen/utils.h b/src/zeekygen/utils.h similarity index 88% rename from src/zeexygen/utils.h rename to src/zeekygen/utils.h index b9a99a71f7..07430f66ba 100644 --- a/src/zeexygen/utils.h +++ b/src/zeekygen/utils.h @@ -1,18 +1,18 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef ZEEXYGEN_UTILS_H -#define ZEEXYGEN_UTILS_H +#ifndef ZEEKYGEN_UTILS_H +#define ZEEKYGEN_UTILS_H #include "ID.h" #include -namespace zeexygen { +namespace zeekygen { /** - * Transform content of a Zeexygen comment which may contain function + * Transform content of a Zeekygen comment which may contain function * parameter or return value documentation to a prettier reST format. - * @param s Content from a Zeexygen comment to transform. "id: ..." and + * @param s Content from a Zeekygen comment to transform. "id: ..." and * "Returns: ..." change to ":id: ..." and ":returns: ...". * @return Whether any content in \a s was transformed. */ @@ -62,6 +62,6 @@ bool is_all_whitespace(const std::string& s); */ std::string redef_indication(const std::string& from_script); -} // namespace zeexygen +} // namespace zeekygen #endif diff --git a/src/zeexygen/zeexygen.bif b/src/zeekygen/zeekygen.bif similarity index 81% rename from src/zeexygen/zeexygen.bif rename to src/zeekygen/zeekygen.bif index f7ce04d292..e10ee9f3ec 100644 --- a/src/zeexygen/zeexygen.bif +++ b/src/zeekygen/zeekygen.bif @@ -3,7 +3,7 @@ ##! Functions for querying script, package, or variable documentation. %%{ -#include "zeexygen/Manager.h" +#include "zeekygen/Manager.h" #include "util.h" static StringVal* comments_to_val(const vector& comments) @@ -12,7 +12,7 @@ static StringVal* comments_to_val(const vector& comments) } %%} -## Retrieve the Zeexygen-style comments (``##``) associated with an identifier +## Retrieve the Zeekygen-style comments (``##``) associated with an identifier ## (e.g. a variable or type). ## ## name: a script-level identifier for which to retrieve comments. @@ -21,8 +21,8 @@ static StringVal* comments_to_val(const vector& comments) ## identifier, an empty string is returned. function get_identifier_comments%(name: string%): string %{ - using namespace zeexygen; - IdentifierInfo* d = zeexygen_mgr->GetIdentifierInfo(name->CheckString()); + using namespace zeekygen; + IdentifierInfo* d = zeekygen_mgr->GetIdentifierInfo(name->CheckString()); if ( ! d ) return val_mgr->GetEmptyString(); @@ -30,7 +30,7 @@ function get_identifier_comments%(name: string%): string return comments_to_val(d->GetComments()); %} -## Retrieve the Zeexygen-style summary comments (``##!``) associated with +## Retrieve the Zeekygen-style summary comments (``##!``) associated with ## a Bro script. ## ## name: the name of a Bro script. It must be a relative path to where @@ -41,8 +41,8 @@ function get_identifier_comments%(name: string%): string ## *name* is not a known script, an empty string is returned. function get_script_comments%(name: string%): string %{ - using namespace zeexygen; - ScriptInfo* d = zeexygen_mgr->GetScriptInfo(name->CheckString()); + using namespace zeekygen; + ScriptInfo* d = zeekygen_mgr->GetScriptInfo(name->CheckString()); if ( ! d ) return val_mgr->GetEmptyString(); @@ -59,8 +59,8 @@ function get_script_comments%(name: string%): string ## package, an empty string is returned. function get_package_readme%(name: string%): string %{ - using namespace zeexygen; - PackageInfo* d = zeexygen_mgr->GetPackageInfo(name->CheckString()); + using namespace zeekygen; + PackageInfo* d = zeekygen_mgr->GetPackageInfo(name->CheckString()); if ( ! d ) return val_mgr->GetEmptyString(); @@ -68,7 +68,7 @@ function get_package_readme%(name: string%): string return comments_to_val(d->GetReadme()); %} -## Retrieve the Zeexygen-style comments (``##``) associated with a record field. +## Retrieve the Zeekygen-style comments (``##``) associated with a record field. ## ## name: the name of a record type and a field within it formatted like ## a typical record field access: "$". @@ -78,7 +78,7 @@ function get_package_readme%(name: string%): string ## type, an empty string is returned. function get_record_field_comments%(name: string%): string %{ - using namespace zeexygen; + using namespace zeekygen; string accessor = name->CheckString(); size_t i = accessor.find('$'); @@ -87,7 +87,7 @@ function get_record_field_comments%(name: string%): string string id = accessor.substr(0, i); - IdentifierInfo* d = zeexygen_mgr->GetIdentifierInfo(id); + IdentifierInfo* d = zeekygen_mgr->GetIdentifierInfo(id); if ( ! d ) return val_mgr->GetEmptyString(); diff --git a/testing/btest/Baseline/core.plugins.hooks/output b/testing/btest/Baseline/core.plugins.hooks/output index 2725e48507..138d019b34 100644 --- a/testing/btest/Baseline/core.plugins.hooks/output +++ b/testing/btest/Baseline/core.plugins.hooks/output @@ -275,7 +275,7 @@ 0.000000 MetaHookPost LoadFile(./average) -> -1 0.000000 MetaHookPost LoadFile(./bloom-filter.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(./bro.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(./zeexygen.bif.bro) -> -1 +0.000000 MetaHookPost LoadFile(./zeekygen.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(./cardinality-counter.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(./const.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(./consts) -> -1 @@ -855,7 +855,7 @@ 0.000000 MetaHookPre LoadFile(./average) 0.000000 MetaHookPre LoadFile(./bloom-filter.bif.bro) 0.000000 MetaHookPre LoadFile(./bro.bif.bro) -0.000000 MetaHookPre LoadFile(./zeexygen.bif.bro) +0.000000 MetaHookPre LoadFile(./zeekygen.bif.bro) 0.000000 MetaHookPre LoadFile(./cardinality-counter.bif.bro) 0.000000 MetaHookPre LoadFile(./const.bif.bro) 0.000000 MetaHookPre LoadFile(./consts) @@ -1435,7 +1435,7 @@ 0.000000 | HookLoadFile ./average.bro/bro 0.000000 | HookLoadFile ./bloom-filter.bif.bro/bro 0.000000 | HookLoadFile ./bro.bif.bro/bro -0.000000 | HookLoadFile ./zeexygen.bif.bro/bro +0.000000 | HookLoadFile ./zeekygen.bif.bro/bro 0.000000 | HookLoadFile ./cardinality-counter.bif.bro/bro 0.000000 | HookLoadFile ./const.bif.bro/bro 0.000000 | HookLoadFile ./consts.bif.bro/bro diff --git a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log index 1976784e41..a4caf4f6be 100644 --- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log @@ -55,7 +55,7 @@ scripts/base/init-frameworks-and-bifs.zeek scripts/base/utils/patterns.zeek scripts/base/frameworks/files/magic/__load__.zeek build/scripts/base/bif/__load__.zeek - build/scripts/base/bif/zeexygen.bif.zeek + build/scripts/base/bif/zeekygen.bif.zeek build/scripts/base/bif/pcap.bif.zeek build/scripts/base/bif/bloom-filter.bif.zeek build/scripts/base/bif/cardinality-counter.bif.zeek diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log index 7951d68e2b..4c33718ad2 100644 --- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log @@ -55,7 +55,7 @@ scripts/base/init-frameworks-and-bifs.zeek scripts/base/utils/patterns.zeek scripts/base/frameworks/files/magic/__load__.zeek build/scripts/base/bif/__load__.zeek - build/scripts/base/bif/zeexygen.bif.zeek + build/scripts/base/bif/zeekygen.bif.zeek build/scripts/base/bif/pcap.bif.zeek build/scripts/base/bif/bloom-filter.bif.zeek build/scripts/base/bif/cardinality-counter.bif.zeek diff --git a/testing/btest/Baseline/doc.zeexygen.all_scripts/.stderr b/testing/btest/Baseline/doc.zeekygen.all_scripts/.stderr similarity index 100% rename from testing/btest/Baseline/doc.zeexygen.all_scripts/.stderr rename to testing/btest/Baseline/doc.zeekygen.all_scripts/.stderr diff --git a/testing/btest/Baseline/doc.zeexygen.all_scripts/.stdout b/testing/btest/Baseline/doc.zeekygen.all_scripts/.stdout similarity index 100% rename from testing/btest/Baseline/doc.zeexygen.all_scripts/.stdout rename to testing/btest/Baseline/doc.zeekygen.all_scripts/.stdout diff --git a/testing/btest/Baseline/doc.zeexygen.command_line/output b/testing/btest/Baseline/doc.zeekygen.command_line/output similarity index 100% rename from testing/btest/Baseline/doc.zeexygen.command_line/output rename to testing/btest/Baseline/doc.zeekygen.command_line/output diff --git a/testing/btest/Baseline/doc.zeexygen.comment_retrieval_bifs/out b/testing/btest/Baseline/doc.zeekygen.comment_retrieval_bifs/out similarity index 100% rename from testing/btest/Baseline/doc.zeexygen.comment_retrieval_bifs/out rename to testing/btest/Baseline/doc.zeekygen.comment_retrieval_bifs/out diff --git a/testing/btest/Baseline/doc.zeexygen.enums/autogen-reST-enums.rst b/testing/btest/Baseline/doc.zeekygen.enums/autogen-reST-enums.rst similarity index 100% rename from testing/btest/Baseline/doc.zeexygen.enums/autogen-reST-enums.rst rename to testing/btest/Baseline/doc.zeekygen.enums/autogen-reST-enums.rst diff --git a/testing/btest/Baseline/doc.zeexygen.example/example.rst b/testing/btest/Baseline/doc.zeekygen.example/example.rst similarity index 77% rename from testing/btest/Baseline/doc.zeexygen.example/example.rst rename to testing/btest/Baseline/doc.zeekygen.example/example.rst index 4ea8dfe0c3..141a06cc2a 100644 --- a/testing/btest/Baseline/doc.zeexygen.example/example.rst +++ b/testing/btest/Baseline/doc.zeekygen.example/example.rst @@ -1,10 +1,10 @@ :tocdepth: 3 -zeexygen/example.zeek +zeekygen/example.zeek ===================== -.. zeek:namespace:: ZeexygenExample +.. zeek:namespace:: ZeekygenExample -This is an example script that demonstrates Zeexygen-style +This is an example script that demonstrates Zeekygen-style documentation. It generally will make most sense when viewing the script's raw source code and comparing to the HTML-rendered version. @@ -19,14 +19,14 @@ purpose. They are transferred directly in to the generated There's also a custom role to reference any identifier node in the Zeek Sphinx domain that's good for "see alsos", e.g. -See also: :zeek:see:`ZeexygenExample::a_var`, -:zeek:see:`ZeexygenExample::ONE`, :zeek:see:`SSH::Info` +See also: :zeek:see:`ZeekygenExample::a_var`, +:zeek:see:`ZeekygenExample::ONE`, :zeek:see:`SSH::Info` And a custom directive does the equivalent references: -.. zeek:see:: ZeexygenExample::a_var ZeexygenExample::ONE SSH::Info +.. zeek:see:: ZeekygenExample::a_var ZeekygenExample::ONE SSH::Info -:Namespace: ZeexygenExample +:Namespace: ZeekygenExample :Imports: :doc:`base/frameworks/notice `, :doc:`base/protocols/http `, :doc:`policy/frameworks/software/vulnerable.zeek ` Summary @@ -34,25 +34,25 @@ Summary Redefinable Options ################### ======================================================================================= ======================================================= -:zeek:id:`ZeexygenExample::an_option`: :zeek:type:`set` :zeek:attr:`&redef` Add documentation for "an_option" here. -:zeek:id:`ZeexygenExample::option_with_init`: :zeek:type:`interval` :zeek:attr:`&redef` Default initialization will be generated automatically. +:zeek:id:`ZeekygenExample::an_option`: :zeek:type:`set` :zeek:attr:`&redef` Add documentation for "an_option" here. +:zeek:id:`ZeekygenExample::option_with_init`: :zeek:type:`interval` :zeek:attr:`&redef` Default initialization will be generated automatically. ======================================================================================= ======================================================= State Variables ############### ========================================================================== ======================================================================== -:zeek:id:`ZeexygenExample::a_var`: :zeek:type:`bool` Put some documentation for "a_var" here. -:zeek:id:`ZeexygenExample::summary_test`: :zeek:type:`string` The first sentence for a particular identifier's summary text ends here. -:zeek:id:`ZeexygenExample::var_without_explicit_type`: :zeek:type:`string` Types are inferred, that information is self-documenting. +:zeek:id:`ZeekygenExample::a_var`: :zeek:type:`bool` Put some documentation for "a_var" here. +:zeek:id:`ZeekygenExample::summary_test`: :zeek:type:`string` The first sentence for a particular identifier's summary text ends here. +:zeek:id:`ZeekygenExample::var_without_explicit_type`: :zeek:type:`string` Types are inferred, that information is self-documenting. ========================================================================== ======================================================================== Types ##### ==================================================================================== =========================================================== -:zeek:type:`ZeexygenExample::ComplexRecord`: :zeek:type:`record` :zeek:attr:`&redef` General documentation for a type "ComplexRecord" goes here. -:zeek:type:`ZeexygenExample::Info`: :zeek:type:`record` An example record to be used with a logging stream. -:zeek:type:`ZeexygenExample::SimpleEnum`: :zeek:type:`enum` Documentation for the "SimpleEnum" type goes here. -:zeek:type:`ZeexygenExample::SimpleRecord`: :zeek:type:`record` General documentation for a type "SimpleRecord" goes here. +:zeek:type:`ZeekygenExample::ComplexRecord`: :zeek:type:`record` :zeek:attr:`&redef` General documentation for a type "ComplexRecord" goes here. +:zeek:type:`ZeekygenExample::Info`: :zeek:type:`record` An example record to be used with a logging stream. +:zeek:type:`ZeekygenExample::SimpleEnum`: :zeek:type:`enum` Documentation for the "SimpleEnum" type goes here. +:zeek:type:`ZeekygenExample::SimpleRecord`: :zeek:type:`record` General documentation for a type "SimpleRecord" goes here. ==================================================================================== =========================================================== Redefinitions @@ -60,21 +60,21 @@ Redefinitions =============================================================== ==================================================================== :zeek:type:`Log::ID`: :zeek:type:`enum` :zeek:type:`Notice::Type`: :zeek:type:`enum` -:zeek:type:`ZeexygenExample::SimpleEnum`: :zeek:type:`enum` Document the "SimpleEnum" redef here with any special info regarding +:zeek:type:`ZeekygenExample::SimpleEnum`: :zeek:type:`enum` Document the "SimpleEnum" redef here with any special info regarding the *redef* itself. -:zeek:type:`ZeexygenExample::SimpleRecord`: :zeek:type:`record` Document the record extension *redef* itself here. +:zeek:type:`ZeekygenExample::SimpleRecord`: :zeek:type:`record` Document the record extension *redef* itself here. =============================================================== ==================================================================== Events ###### ======================================================== ========================== -:zeek:id:`ZeexygenExample::an_event`: :zeek:type:`event` Summarize "an_event" here. +:zeek:id:`ZeekygenExample::an_event`: :zeek:type:`event` Summarize "an_event" here. ======================================================== ========================== Functions ######### ============================================================= ======================================= -:zeek:id:`ZeexygenExample::a_function`: :zeek:type:`function` Summarize purpose of "a_function" here. +:zeek:id:`ZeekygenExample::a_function`: :zeek:type:`function` Summarize purpose of "a_function" here. ============================================================= ======================================= @@ -82,7 +82,7 @@ Detailed Interface ~~~~~~~~~~~~~~~~~~ Redefinable Options ################### -.. zeek:id:: ZeexygenExample::an_option +.. zeek:id:: ZeekygenExample::an_option :Type: :zeek:type:`set` [:zeek:type:`addr`, :zeek:type:`addr`, :zeek:type:`string`] :Attributes: :zeek:attr:`&redef` @@ -91,7 +91,7 @@ Redefinable Options Add documentation for "an_option" here. The type/attribute information is all generated automatically. -.. zeek:id:: ZeexygenExample::option_with_init +.. zeek:id:: ZeekygenExample::option_with_init :Type: :zeek:type:`interval` :Attributes: :zeek:attr:`&redef` @@ -102,7 +102,7 @@ Redefinable Options State Variables ############### -.. zeek:id:: ZeexygenExample::a_var +.. zeek:id:: ZeekygenExample::a_var :Type: :zeek:type:`bool` @@ -110,7 +110,7 @@ State Variables isn't a function/event/hook is classified as a "state variable" in the generated docs. -.. zeek:id:: ZeexygenExample::summary_test +.. zeek:id:: ZeekygenExample::summary_test :Type: :zeek:type:`string` @@ -118,7 +118,7 @@ State Variables And this second sentence doesn't show in the short description provided by the table of all identifiers declared by this script. -.. zeek:id:: ZeexygenExample::var_without_explicit_type +.. zeek:id:: ZeekygenExample::var_without_explicit_type :Type: :zeek:type:`string` :Default: ``"this works"`` @@ -127,7 +127,7 @@ State Variables Types ##### -.. zeek:type:: ZeexygenExample::ComplexRecord +.. zeek:type:: ZeekygenExample::ComplexRecord :Type: :zeek:type:`record` @@ -137,8 +137,8 @@ Types field2: :zeek:type:`bool` Toggles something. - field3: :zeek:type:`ZeexygenExample::SimpleRecord` - Zeexygen automatically tracks types + field3: :zeek:type:`ZeekygenExample::SimpleRecord` + Zeekygen automatically tracks types and cross-references are automatically inserted in to generated docs. @@ -148,7 +148,7 @@ Types General documentation for a type "ComplexRecord" goes here. -.. zeek:type:: ZeexygenExample::Info +.. zeek:type:: ZeekygenExample::Info :Type: :zeek:type:`record` @@ -164,33 +164,33 @@ Types fields plus the extensions and the scripts which contributed to it (provided they are also @load'ed). -.. zeek:type:: ZeexygenExample::SimpleEnum +.. zeek:type:: ZeekygenExample::SimpleEnum :Type: :zeek:type:`enum` - .. zeek:enum:: ZeexygenExample::ONE ZeexygenExample::SimpleEnum + .. zeek:enum:: ZeekygenExample::ONE ZeekygenExample::SimpleEnum Documentation for particular enum values is added like this. And can also span multiple lines. - .. zeek:enum:: ZeexygenExample::TWO ZeexygenExample::SimpleEnum + .. zeek:enum:: ZeekygenExample::TWO ZeekygenExample::SimpleEnum Or this style is valid to document the preceding enum value. - .. zeek:enum:: ZeexygenExample::THREE ZeexygenExample::SimpleEnum + .. zeek:enum:: ZeekygenExample::THREE ZeekygenExample::SimpleEnum - .. zeek:enum:: ZeexygenExample::FOUR ZeexygenExample::SimpleEnum + .. zeek:enum:: ZeekygenExample::FOUR ZeekygenExample::SimpleEnum And some documentation for "FOUR". - .. zeek:enum:: ZeexygenExample::FIVE ZeexygenExample::SimpleEnum + .. zeek:enum:: ZeekygenExample::FIVE ZeekygenExample::SimpleEnum Also "FIVE". Documentation for the "SimpleEnum" type goes here. It can span multiple lines. -.. zeek:type:: ZeexygenExample::SimpleRecord +.. zeek:type:: ZeekygenExample::SimpleRecord :Type: :zeek:type:`record` @@ -210,23 +210,23 @@ Types Events ###### -.. zeek:id:: ZeexygenExample::an_event +.. zeek:id:: ZeekygenExample::an_event :Type: :zeek:type:`event` (name: :zeek:type:`string`) Summarize "an_event" here. Give more details about "an_event" here. - ZeexygenExample::a_function should not be confused as a parameter + ZeekygenExample::a_function should not be confused as a parameter in the generated docs, but it also doesn't generate a cross-reference - link. Use the see role instead: :zeek:see:`ZeexygenExample::a_function`. + link. Use the see role instead: :zeek:see:`ZeekygenExample::a_function`. :name: Describe the argument here. Functions ######### -.. zeek:id:: ZeexygenExample::a_function +.. zeek:id:: ZeekygenExample::a_function :Type: :zeek:type:`function` (tag: :zeek:type:`string`, msg: :zeek:type:`string`) : :zeek:type:`string` diff --git a/testing/btest/Baseline/doc.zeexygen.func-params/autogen-reST-func-params.rst b/testing/btest/Baseline/doc.zeekygen.func-params/autogen-reST-func-params.rst similarity index 100% rename from testing/btest/Baseline/doc.zeexygen.func-params/autogen-reST-func-params.rst rename to testing/btest/Baseline/doc.zeekygen.func-params/autogen-reST-func-params.rst diff --git a/testing/btest/Baseline/doc.zeexygen.identifier/test.rst b/testing/btest/Baseline/doc.zeekygen.identifier/test.rst similarity index 70% rename from testing/btest/Baseline/doc.zeexygen.identifier/test.rst rename to testing/btest/Baseline/doc.zeekygen.identifier/test.rst index 128e1c6a5f..34c4ae71a6 100644 --- a/testing/btest/Baseline/doc.zeexygen.identifier/test.rst +++ b/testing/btest/Baseline/doc.zeekygen.identifier/test.rst @@ -1,91 +1,91 @@ -.. zeek:id:: ZeexygenExample::Zeexygen_One +.. zeek:id:: ZeekygenExample::Zeekygen_One :Type: :zeek:type:`Notice::Type` Any number of this type of comment - will document "Zeexygen_One". + will document "Zeekygen_One". -.. zeek:id:: ZeexygenExample::Zeexygen_Two +.. zeek:id:: ZeekygenExample::Zeekygen_Two :Type: :zeek:type:`Notice::Type` Any number of this type of comment - will document "ZEEXYGEN_TWO". + will document "ZEEKYGEN_TWO". -.. zeek:id:: ZeexygenExample::Zeexygen_Three +.. zeek:id:: ZeekygenExample::Zeekygen_Three :Type: :zeek:type:`Notice::Type` -.. zeek:id:: ZeexygenExample::Zeexygen_Four +.. zeek:id:: ZeekygenExample::Zeekygen_Four :Type: :zeek:type:`Notice::Type` Omitting comments is fine, and so is mixing ``##`` and ``##<``, but it's probably best to use only one style consistently. -.. zeek:id:: ZeexygenExample::LOG +.. zeek:id:: ZeekygenExample::LOG :Type: :zeek:type:`Log::ID` -.. zeek:type:: ZeexygenExample::SimpleEnum +.. zeek:type:: ZeekygenExample::SimpleEnum :Type: :zeek:type:`enum` - .. zeek:enum:: ZeexygenExample::ONE ZeexygenExample::SimpleEnum + .. zeek:enum:: ZeekygenExample::ONE ZeekygenExample::SimpleEnum Documentation for particular enum values is added like this. And can also span multiple lines. - .. zeek:enum:: ZeexygenExample::TWO ZeexygenExample::SimpleEnum + .. zeek:enum:: ZeekygenExample::TWO ZeekygenExample::SimpleEnum Or this style is valid to document the preceding enum value. - .. zeek:enum:: ZeexygenExample::THREE ZeexygenExample::SimpleEnum + .. zeek:enum:: ZeekygenExample::THREE ZeekygenExample::SimpleEnum - .. zeek:enum:: ZeexygenExample::FOUR ZeexygenExample::SimpleEnum + .. zeek:enum:: ZeekygenExample::FOUR ZeekygenExample::SimpleEnum And some documentation for "FOUR". - .. zeek:enum:: ZeexygenExample::FIVE ZeexygenExample::SimpleEnum + .. zeek:enum:: ZeekygenExample::FIVE ZeekygenExample::SimpleEnum Also "FIVE". Documentation for the "SimpleEnum" type goes here. It can span multiple lines. -.. zeek:id:: ZeexygenExample::ONE +.. zeek:id:: ZeekygenExample::ONE - :Type: :zeek:type:`ZeexygenExample::SimpleEnum` + :Type: :zeek:type:`ZeekygenExample::SimpleEnum` Documentation for particular enum values is added like this. And can also span multiple lines. -.. zeek:id:: ZeexygenExample::TWO +.. zeek:id:: ZeekygenExample::TWO - :Type: :zeek:type:`ZeexygenExample::SimpleEnum` + :Type: :zeek:type:`ZeekygenExample::SimpleEnum` Or this style is valid to document the preceding enum value. -.. zeek:id:: ZeexygenExample::THREE +.. zeek:id:: ZeekygenExample::THREE - :Type: :zeek:type:`ZeexygenExample::SimpleEnum` + :Type: :zeek:type:`ZeekygenExample::SimpleEnum` -.. zeek:id:: ZeexygenExample::FOUR +.. zeek:id:: ZeekygenExample::FOUR - :Type: :zeek:type:`ZeexygenExample::SimpleEnum` + :Type: :zeek:type:`ZeekygenExample::SimpleEnum` And some documentation for "FOUR". -.. zeek:id:: ZeexygenExample::FIVE +.. zeek:id:: ZeekygenExample::FIVE - :Type: :zeek:type:`ZeexygenExample::SimpleEnum` + :Type: :zeek:type:`ZeekygenExample::SimpleEnum` Also "FIVE". -.. zeek:type:: ZeexygenExample::SimpleRecord +.. zeek:type:: ZeekygenExample::SimpleRecord :Type: :zeek:type:`record` @@ -103,7 +103,7 @@ The way fields can be documented is similar to what's already seen for enums. -.. zeek:type:: ZeexygenExample::ComplexRecord +.. zeek:type:: ZeekygenExample::ComplexRecord :Type: :zeek:type:`record` @@ -113,8 +113,8 @@ field2: :zeek:type:`bool` Toggles something. - field3: :zeek:type:`ZeexygenExample::SimpleRecord` - Zeexygen automatically tracks types + field3: :zeek:type:`ZeekygenExample::SimpleRecord` + Zeekygen automatically tracks types and cross-references are automatically inserted in to generated docs. @@ -124,7 +124,7 @@ General documentation for a type "ComplexRecord" goes here. -.. zeek:type:: ZeexygenExample::Info +.. zeek:type:: ZeekygenExample::Info :Type: :zeek:type:`record` @@ -140,7 +140,7 @@ fields plus the extensions and the scripts which contributed to it (provided they are also @load'ed). -.. zeek:id:: ZeexygenExample::an_option +.. zeek:id:: ZeekygenExample::an_option :Type: :zeek:type:`set` [:zeek:type:`addr`, :zeek:type:`addr`, :zeek:type:`string`] :Attributes: :zeek:attr:`&redef` @@ -149,7 +149,7 @@ Add documentation for "an_option" here. The type/attribute information is all generated automatically. -.. zeek:id:: ZeexygenExample::option_with_init +.. zeek:id:: ZeekygenExample::option_with_init :Type: :zeek:type:`interval` :Attributes: :zeek:attr:`&redef` @@ -158,7 +158,7 @@ Default initialization will be generated automatically. More docs can be added here. -.. zeek:id:: ZeexygenExample::a_var +.. zeek:id:: ZeekygenExample::a_var :Type: :zeek:type:`bool` @@ -166,14 +166,14 @@ isn't a function/event/hook is classified as a "state variable" in the generated docs. -.. zeek:id:: ZeexygenExample::var_without_explicit_type +.. zeek:id:: ZeekygenExample::var_without_explicit_type :Type: :zeek:type:`string` :Default: ``"this works"`` Types are inferred, that information is self-documenting. -.. zeek:id:: ZeexygenExample::summary_test +.. zeek:id:: ZeekygenExample::summary_test :Type: :zeek:type:`string` @@ -181,7 +181,7 @@ And this second sentence doesn't show in the short description provided by the table of all identifiers declared by this script. -.. zeek:id:: ZeexygenExample::a_function +.. zeek:id:: ZeekygenExample::a_function :Type: :zeek:type:`function` (tag: :zeek:type:`string`, msg: :zeek:type:`string`) : :zeek:type:`string` @@ -200,26 +200,26 @@ :returns: Describe the return type here. -.. zeek:id:: ZeexygenExample::an_event +.. zeek:id:: ZeekygenExample::an_event :Type: :zeek:type:`event` (name: :zeek:type:`string`) Summarize "an_event" here. Give more details about "an_event" here. - ZeexygenExample::a_function should not be confused as a parameter + ZeekygenExample::a_function should not be confused as a parameter in the generated docs, but it also doesn't generate a cross-reference - link. Use the see role instead: :zeek:see:`ZeexygenExample::a_function`. + link. Use the see role instead: :zeek:see:`ZeekygenExample::a_function`. :name: Describe the argument here. -.. zeek:id:: ZeexygenExample::function_without_proto +.. zeek:id:: ZeekygenExample::function_without_proto :Type: :zeek:type:`function` (tag: :zeek:type:`string`) : :zeek:type:`string` -.. zeek:type:: ZeexygenExample::PrivateRecord +.. zeek:type:: ZeekygenExample::PrivateRecord :Type: :zeek:type:`record` diff --git a/testing/btest/Baseline/doc.zeexygen.package/test.rst b/testing/btest/Baseline/doc.zeekygen.package/test.rst similarity index 70% rename from testing/btest/Baseline/doc.zeexygen.package/test.rst rename to testing/btest/Baseline/doc.zeekygen.package/test.rst index 345b2b6847..6ced7b797e 100644 --- a/testing/btest/Baseline/doc.zeexygen.package/test.rst +++ b/testing/btest/Baseline/doc.zeekygen.package/test.rst @@ -1,19 +1,19 @@ :orphan: -Package: zeexygen +Package: zeekygen ================= This package is loaded during the process which automatically generates -reference documentation for all Zeek scripts (i.e. "Zeexygen"). Its only +reference documentation for all Zeek scripts (i.e. "Zeekygen"). Its only purpose is to provide an easy way to load all known Zeek scripts plus any extra scripts needed or used by the documentation process. -:doc:`/scripts/zeexygen/__load__.zeek` +:doc:`/scripts/zeekygen/__load__.zeek` -:doc:`/scripts/zeexygen/example.zeek` +:doc:`/scripts/zeekygen/example.zeek` - This is an example script that demonstrates Zeexygen-style + This is an example script that demonstrates Zeekygen-style documentation. It generally will make most sense when viewing the script's raw source code and comparing to the HTML-rendered version. @@ -28,10 +28,10 @@ extra scripts needed or used by the documentation process. There's also a custom role to reference any identifier node in the Zeek Sphinx domain that's good for "see alsos", e.g. - See also: :zeek:see:`ZeexygenExample::a_var`, - :zeek:see:`ZeexygenExample::ONE`, :zeek:see:`SSH::Info` + See also: :zeek:see:`ZeekygenExample::a_var`, + :zeek:see:`ZeekygenExample::ONE`, :zeek:see:`SSH::Info` And a custom directive does the equivalent references: - .. zeek:see:: ZeexygenExample::a_var ZeexygenExample::ONE SSH::Info + .. zeek:see:: ZeekygenExample::a_var ZeekygenExample::ONE SSH::Info diff --git a/testing/btest/Baseline/doc.zeexygen.package_index/test.rst b/testing/btest/Baseline/doc.zeekygen.package_index/test.rst similarity index 68% rename from testing/btest/Baseline/doc.zeexygen.package_index/test.rst rename to testing/btest/Baseline/doc.zeekygen.package_index/test.rst index 4a854e9736..df9907bd1b 100644 --- a/testing/btest/Baseline/doc.zeexygen.package_index/test.rst +++ b/testing/btest/Baseline/doc.zeekygen.package_index/test.rst @@ -1,7 +1,7 @@ -:doc:`zeexygen ` +:doc:`zeekygen ` This package is loaded during the process which automatically generates - reference documentation for all Zeek scripts (i.e. "Zeexygen"). Its only + reference documentation for all Zeek scripts (i.e. "Zeekygen"). Its only purpose is to provide an easy way to load all known Zeek scripts plus any extra scripts needed or used by the documentation process. diff --git a/testing/btest/Baseline/doc.zeexygen.records/autogen-reST-records.rst b/testing/btest/Baseline/doc.zeekygen.records/autogen-reST-records.rst similarity index 100% rename from testing/btest/Baseline/doc.zeexygen.records/autogen-reST-records.rst rename to testing/btest/Baseline/doc.zeekygen.records/autogen-reST-records.rst diff --git a/testing/btest/Baseline/doc.zeekygen.script_index/test.rst b/testing/btest/Baseline/doc.zeekygen.script_index/test.rst new file mode 100644 index 0000000000..1ca04759bb --- /dev/null +++ b/testing/btest/Baseline/doc.zeekygen.script_index/test.rst @@ -0,0 +1,5 @@ +.. toctree:: + :maxdepth: 1 + + zeekygen/__load__.zeek + zeekygen/example.zeek diff --git a/testing/btest/Baseline/doc.zeexygen.script_summary/test.rst b/testing/btest/Baseline/doc.zeekygen.script_summary/test.rst similarity index 71% rename from testing/btest/Baseline/doc.zeexygen.script_summary/test.rst rename to testing/btest/Baseline/doc.zeekygen.script_summary/test.rst index 3dd189ca77..7f3885b86e 100644 --- a/testing/btest/Baseline/doc.zeexygen.script_summary/test.rst +++ b/testing/btest/Baseline/doc.zeekygen.script_summary/test.rst @@ -1,5 +1,5 @@ -:doc:`/scripts/zeexygen/example.zeek` - This is an example script that demonstrates Zeexygen-style +:doc:`/scripts/zeekygen/example.zeek` + This is an example script that demonstrates Zeekygen-style documentation. It generally will make most sense when viewing the script's raw source code and comparing to the HTML-rendered version. @@ -14,10 +14,10 @@ There's also a custom role to reference any identifier node in the Zeek Sphinx domain that's good for "see alsos", e.g. - See also: :zeek:see:`ZeexygenExample::a_var`, - :zeek:see:`ZeexygenExample::ONE`, :zeek:see:`SSH::Info` + See also: :zeek:see:`ZeekygenExample::a_var`, + :zeek:see:`ZeekygenExample::ONE`, :zeek:see:`SSH::Info` And a custom directive does the equivalent references: - .. zeek:see:: ZeexygenExample::a_var ZeexygenExample::ONE SSH::Info + .. zeek:see:: ZeekygenExample::a_var ZeekygenExample::ONE SSH::Info diff --git a/testing/btest/Baseline/doc.zeexygen.type-aliases/autogen-reST-type-aliases.rst b/testing/btest/Baseline/doc.zeekygen.type-aliases/autogen-reST-type-aliases.rst similarity index 60% rename from testing/btest/Baseline/doc.zeexygen.type-aliases/autogen-reST-type-aliases.rst rename to testing/btest/Baseline/doc.zeekygen.type-aliases/autogen-reST-type-aliases.rst index 7f60859a5a..4dfae471c4 100644 --- a/testing/btest/Baseline/doc.zeexygen.type-aliases/autogen-reST-type-aliases.rst +++ b/testing/btest/Baseline/doc.zeekygen.type-aliases/autogen-reST-type-aliases.rst @@ -1,16 +1,16 @@ -.. zeek:type:: ZeexygenTest::TypeAlias +.. zeek:type:: ZeekygenTest::TypeAlias :Type: :zeek:type:`bool` This is just an alias for a builtin type ``bool``. -.. zeek:type:: ZeexygenTest::NotTypeAlias +.. zeek:type:: ZeekygenTest::NotTypeAlias :Type: :zeek:type:`bool` This type should get its own comments, not associated w/ TypeAlias. -.. zeek:type:: ZeexygenTest::OtherTypeAlias +.. zeek:type:: ZeekygenTest::OtherTypeAlias :Type: :zeek:type:`bool` @@ -19,25 +19,25 @@ one doesn't have to click through the full type alias chain to find out what the actual type is... -.. zeek:id:: ZeexygenTest::a +.. zeek:id:: ZeekygenTest::a - :Type: :zeek:type:`ZeexygenTest::TypeAlias` + :Type: :zeek:type:`ZeekygenTest::TypeAlias` But this should reference a type of ``TypeAlias``. -.. zeek:id:: ZeexygenTest::b +.. zeek:id:: ZeekygenTest::b - :Type: :zeek:type:`ZeexygenTest::OtherTypeAlias` + :Type: :zeek:type:`ZeekygenTest::OtherTypeAlias` And this should reference a type of ``OtherTypeAlias``. -.. zeek:type:: ZeexygenTest::MyRecord +.. zeek:type:: ZeekygenTest::MyRecord :Type: :zeek:type:`record` - f1: :zeek:type:`ZeexygenTest::TypeAlias` + f1: :zeek:type:`ZeekygenTest::TypeAlias` - f2: :zeek:type:`ZeexygenTest::OtherTypeAlias` + f2: :zeek:type:`ZeekygenTest::OtherTypeAlias` f3: :zeek:type:`bool` diff --git a/testing/btest/Baseline/doc.zeexygen.vectors/autogen-reST-vectors.rst b/testing/btest/Baseline/doc.zeekygen.vectors/autogen-reST-vectors.rst similarity index 100% rename from testing/btest/Baseline/doc.zeexygen.vectors/autogen-reST-vectors.rst rename to testing/btest/Baseline/doc.zeekygen.vectors/autogen-reST-vectors.rst diff --git a/testing/btest/Baseline/doc.zeexygen.script_index/test.rst b/testing/btest/Baseline/doc.zeexygen.script_index/test.rst deleted file mode 100644 index eab6c439b2..0000000000 --- a/testing/btest/Baseline/doc.zeexygen.script_index/test.rst +++ /dev/null @@ -1,5 +0,0 @@ -.. toctree:: - :maxdepth: 1 - - zeexygen/__load__.zeek - zeexygen/example.zeek diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output index aa27d73819..0fea39bacc 100644 --- a/testing/btest/Baseline/plugins.hooks/output +++ b/testing/btest/Baseline/plugins.hooks/output @@ -785,7 +785,7 @@ 0.000000 MetaHookPost LoadFile(0, .<...>/utils.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/variance.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/weird.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/zeexygen.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/zeekygen.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, <...>/__load__.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, <...>/__preload__.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, <...>/hooks.zeek) -> -1 @@ -1688,7 +1688,7 @@ 0.000000 MetaHookPre LoadFile(0, .<...>/utils.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/variance.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/weird.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/zeexygen.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/zeekygen.bif.zeek) 0.000000 MetaHookPre LoadFile(0, <...>/__load__.zeek) 0.000000 MetaHookPre LoadFile(0, <...>/__preload__.zeek) 0.000000 MetaHookPre LoadFile(0, <...>/hooks.zeek) @@ -2599,7 +2599,7 @@ 0.000000 | HookLoadFile .<...>/variance.zeek 0.000000 | HookLoadFile .<...>/video.sig 0.000000 | HookLoadFile .<...>/weird.zeek -0.000000 | HookLoadFile .<...>/zeexygen.bif.zeek +0.000000 | HookLoadFile .<...>/zeekygen.bif.zeek 0.000000 | HookLoadFile <...>/__load__.zeek 0.000000 | HookLoadFile <...>/__preload__.zeek 0.000000 | HookLoadFile <...>/hooks.zeek diff --git a/testing/btest/coverage/broxygen.sh b/testing/btest/coverage/broxygen.sh index 4dd12f27fe..6bc43d9c90 100644 --- a/testing/btest/coverage/broxygen.sh +++ b/testing/btest/coverage/broxygen.sh @@ -1,12 +1,12 @@ # This check piggy-backs on the test-all-policy.zeek test, assuming that every # loadable script is referenced there. The only additional check here is -# that the zeexygen package should even load scripts that are commented -# out in test-all-policy.zeek because the zeexygen package is only loaded +# that the zeekygen package should even load scripts that are commented +# out in test-all-policy.zeek because the zeekygen package is only loaded # when generated documentation and will terminate has soon as zeek_init # is handled, even if a script will e.g. put Zeek into listen mode or otherwise # cause it to not terminate after scripts are parsed. -# @TEST-EXEC: bash %INPUT $DIST/scripts/test-all-policy.zeek $DIST/scripts/zeexygen/__load__.zeek +# @TEST-EXEC: bash %INPUT $DIST/scripts/test-all-policy.zeek $DIST/scripts/zeekygen/__load__.zeek error_count=0 @@ -22,10 +22,10 @@ if [ $# -ne 2 ]; then fi all_loads=$(egrep "#[[:space:]]*@load.*" $1 | sed 's/#[[:space:]]*@load[[:space:]]*//g') -zeexygen_loads=$(egrep "@load.*" $2 | sed 's/@load[[:space:]]*//g') +zeekygen_loads=$(egrep "@load.*" $2 | sed 's/@load[[:space:]]*//g') for f in $all_loads; do - echo "$zeexygen_loads" | grep -q $f || error_msg "$f not loaded in zeexygen/__load__.zeek" + echo "$zeekygen_loads" | grep -q $f || error_msg "$f not loaded in zeekygen/__load__.zeek" done if [ $error_count -gt 0 ]; then diff --git a/testing/btest/coverage/sphinx-broxygen-docs.sh b/testing/btest/coverage/sphinx-zeekygen-docs.sh similarity index 85% rename from testing/btest/coverage/sphinx-broxygen-docs.sh rename to testing/btest/coverage/sphinx-zeekygen-docs.sh index d508a8361f..b5e3d7262c 100644 --- a/testing/btest/coverage/sphinx-broxygen-docs.sh +++ b/testing/btest/coverage/sphinx-zeekygen-docs.sh @@ -1,11 +1,11 @@ -# This script checks whether the reST docs generated by zeexygen are stale. +# This script checks whether the reST docs generated by zeekygen are stale. # If this test fails when testing the master branch, then simply run: # -# testing/scripts/gen-zeexygen-docs.sh +# testing/scripts/update-zeekygen-docs.sh # # and then commit the changes. # -# @TEST-EXEC: bash $SCRIPTS/gen-zeexygen-docs.sh ./doc +# @TEST-EXEC: bash $SCRIPTS/update-zeekygen-docs.sh ./doc # @TEST-EXEC: bash %INPUT if [ -n "$TRAVIS_PULL_REQUEST" ]; then @@ -33,7 +33,7 @@ function check_diff echo "If this fails in the master branch or when merging to master," 1>&2 echo "re-run the following command:" 1>&2 echo "" 1>&2 - echo " $SCRIPTS/gen-zeexygen-docs.sh" 1>&2 + echo " $SCRIPTS/update-zeekygen-docs.sh" 1>&2 echo "" 1>&2 echo "Then commit/push the changes in the zeek-docs repo" 1>&2 echo "(the doc/ directory in the zeek repo)." 1>&2 diff --git a/testing/btest/doc/zeexygen/command_line.zeek b/testing/btest/doc/zeekygen/command_line.zeek similarity index 100% rename from testing/btest/doc/zeexygen/command_line.zeek rename to testing/btest/doc/zeekygen/command_line.zeek diff --git a/testing/btest/doc/zeexygen/comment_retrieval_bifs.zeek b/testing/btest/doc/zeekygen/comment_retrieval_bifs.zeek similarity index 100% rename from testing/btest/doc/zeexygen/comment_retrieval_bifs.zeek rename to testing/btest/doc/zeekygen/comment_retrieval_bifs.zeek diff --git a/testing/btest/doc/zeexygen/enums.zeek b/testing/btest/doc/zeekygen/enums.zeek similarity index 89% rename from testing/btest/doc/zeexygen/enums.zeek rename to testing/btest/doc/zeekygen/enums.zeek index a385a36a6c..59115a4631 100644 --- a/testing/btest/doc/zeexygen/enums.zeek +++ b/testing/btest/doc/zeekygen/enums.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeekygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-enums.rst -@TEST-START-FILE zeexygen.config +@TEST-START-FILE zeekygen.config identifier TestEnum* autogen-reST-enums.rst @TEST-END-FILE diff --git a/testing/btest/doc/zeekygen/example.zeek b/testing/btest/doc/zeekygen/example.zeek new file mode 100644 index 0000000000..b4c7c713ef --- /dev/null +++ b/testing/btest/doc/zeekygen/example.zeek @@ -0,0 +1,8 @@ +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -X zeekygen.config %INPUT +# @TEST-EXEC: btest-diff example.rst + +@TEST-START-FILE zeekygen.config +script zeekygen/example.zeek example.rst +@TEST-END-FILE + +@load zeekygen/example diff --git a/testing/btest/doc/zeexygen/func-params.zeek b/testing/btest/doc/zeekygen/func-params.zeek similarity index 83% rename from testing/btest/doc/zeexygen/func-params.zeek rename to testing/btest/doc/zeekygen/func-params.zeek index 5facba3e05..2b87aa2ea1 100644 --- a/testing/btest/doc/zeexygen/func-params.zeek +++ b/testing/btest/doc/zeekygen/func-params.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeekygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-func-params.rst -@TEST-START-FILE zeexygen.config +@TEST-START-FILE zeekygen.config identifier test_func_params* autogen-reST-func-params.rst @TEST-END-FILE diff --git a/testing/btest/doc/zeekygen/identifier.zeek b/testing/btest/doc/zeekygen/identifier.zeek new file mode 100644 index 0000000000..383c43be09 --- /dev/null +++ b/testing/btest/doc/zeekygen/identifier.zeek @@ -0,0 +1,9 @@ +# @TEST-PORT: BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeekygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-diff test.rst + +@TEST-START-FILE zeekygen.config +identifier ZeekygenExample::* test.rst +@TEST-END-FILE + +@load zeekygen diff --git a/testing/btest/doc/zeekygen/package.zeek b/testing/btest/doc/zeekygen/package.zeek new file mode 100644 index 0000000000..7cb30cff21 --- /dev/null +++ b/testing/btest/doc/zeekygen/package.zeek @@ -0,0 +1,9 @@ +# @TEST-PORT: BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeekygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-diff test.rst + +@TEST-START-FILE zeekygen.config +package zeekygen test.rst +@TEST-END-FILE + +@load zeekygen diff --git a/testing/btest/doc/zeekygen/package_index.zeek b/testing/btest/doc/zeekygen/package_index.zeek new file mode 100644 index 0000000000..4d746509b5 --- /dev/null +++ b/testing/btest/doc/zeekygen/package_index.zeek @@ -0,0 +1,9 @@ +# @TEST-PORT: BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeekygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-diff test.rst + +@TEST-START-FILE zeekygen.config +package_index zeekygen test.rst +@TEST-END-FILE + +@load zeekygen diff --git a/testing/btest/doc/zeexygen/records.zeek b/testing/btest/doc/zeekygen/records.zeek similarity index 84% rename from testing/btest/doc/zeexygen/records.zeek rename to testing/btest/doc/zeekygen/records.zeek index 0c1f668df9..67757f0c61 100644 --- a/testing/btest/doc/zeexygen/records.zeek +++ b/testing/btest/doc/zeekygen/records.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeekygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-records.rst -@TEST-START-FILE zeexygen.config +@TEST-START-FILE zeekygen.config identifier TestRecord* autogen-reST-records.rst @TEST-END-FILE diff --git a/testing/btest/doc/zeekygen/script_index.zeek b/testing/btest/doc/zeekygen/script_index.zeek new file mode 100644 index 0000000000..5db6141a0b --- /dev/null +++ b/testing/btest/doc/zeekygen/script_index.zeek @@ -0,0 +1,9 @@ +# @TEST-PORT: BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeekygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-diff test.rst + +@TEST-START-FILE zeekygen.config +script_index zeekygen/* test.rst +@TEST-END-FILE + +@load zeekygen diff --git a/testing/btest/doc/zeekygen/script_summary.zeek b/testing/btest/doc/zeekygen/script_summary.zeek new file mode 100644 index 0000000000..c3d647ea0c --- /dev/null +++ b/testing/btest/doc/zeekygen/script_summary.zeek @@ -0,0 +1,9 @@ +# @TEST-PORT: BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeekygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-diff test.rst + +@TEST-START-FILE zeekygen.config +script_summary zeekygen/example.zeek test.rst +@TEST-END-FILE + +@load zeekygen diff --git a/testing/btest/doc/zeexygen/type-aliases.zeek b/testing/btest/doc/zeekygen/type-aliases.zeek similarity index 81% rename from testing/btest/doc/zeexygen/type-aliases.zeek rename to testing/btest/doc/zeekygen/type-aliases.zeek index 40a6e24417..e42b953d58 100644 --- a/testing/btest/doc/zeexygen/type-aliases.zeek +++ b/testing/btest/doc/zeekygen/type-aliases.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeekygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-type-aliases.rst -@TEST-START-FILE zeexygen.config -identifier ZeexygenTest::* autogen-reST-type-aliases.rst +@TEST-START-FILE zeekygen.config +identifier ZeekygenTest::* autogen-reST-type-aliases.rst @TEST-END-FILE -module ZeexygenTest; +module ZeekygenTest; export { ## This is just an alias for a builtin type ``bool``. diff --git a/testing/btest/doc/zeexygen/vectors.zeek b/testing/btest/doc/zeekygen/vectors.zeek similarity index 83% rename from testing/btest/doc/zeexygen/vectors.zeek rename to testing/btest/doc/zeekygen/vectors.zeek index 8a16a58149..431413a337 100644 --- a/testing/btest/doc/zeexygen/vectors.zeek +++ b/testing/btest/doc/zeekygen/vectors.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeekygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-vectors.rst -@TEST-START-FILE zeexygen.config +@TEST-START-FILE zeekygen.config identifier test_vector* autogen-reST-vectors.rst @TEST-END-FILE diff --git a/testing/btest/doc/zeexygen/example.zeek b/testing/btest/doc/zeexygen/example.zeek deleted file mode 100644 index 53179dac39..0000000000 --- a/testing/btest/doc/zeexygen/example.zeek +++ /dev/null @@ -1,8 +0,0 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -X zeexygen.config %INPUT -# @TEST-EXEC: btest-diff example.rst - -@TEST-START-FILE zeexygen.config -script zeexygen/example.zeek example.rst -@TEST-END-FILE - -@load zeexygen/example diff --git a/testing/btest/doc/zeexygen/identifier.zeek b/testing/btest/doc/zeexygen/identifier.zeek deleted file mode 100644 index 38a4f274ad..0000000000 --- a/testing/btest/doc/zeexygen/identifier.zeek +++ /dev/null @@ -1,9 +0,0 @@ -# @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-diff test.rst - -@TEST-START-FILE zeexygen.config -identifier ZeexygenExample::* test.rst -@TEST-END-FILE - -@load zeexygen diff --git a/testing/btest/doc/zeexygen/package.zeek b/testing/btest/doc/zeexygen/package.zeek deleted file mode 100644 index 7038b5b50a..0000000000 --- a/testing/btest/doc/zeexygen/package.zeek +++ /dev/null @@ -1,9 +0,0 @@ -# @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-diff test.rst - -@TEST-START-FILE zeexygen.config -package zeexygen test.rst -@TEST-END-FILE - -@load zeexygen diff --git a/testing/btest/doc/zeexygen/package_index.zeek b/testing/btest/doc/zeexygen/package_index.zeek deleted file mode 100644 index 3a0c92ca71..0000000000 --- a/testing/btest/doc/zeexygen/package_index.zeek +++ /dev/null @@ -1,9 +0,0 @@ -# @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-diff test.rst - -@TEST-START-FILE zeexygen.config -package_index zeexygen test.rst -@TEST-END-FILE - -@load zeexygen diff --git a/testing/btest/doc/zeexygen/script_index.zeek b/testing/btest/doc/zeexygen/script_index.zeek deleted file mode 100644 index f92513d632..0000000000 --- a/testing/btest/doc/zeexygen/script_index.zeek +++ /dev/null @@ -1,9 +0,0 @@ -# @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-diff test.rst - -@TEST-START-FILE zeexygen.config -script_index zeexygen/* test.rst -@TEST-END-FILE - -@load zeexygen diff --git a/testing/btest/doc/zeexygen/script_summary.zeek b/testing/btest/doc/zeexygen/script_summary.zeek deleted file mode 100644 index 9378417f08..0000000000 --- a/testing/btest/doc/zeexygen/script_summary.zeek +++ /dev/null @@ -1,9 +0,0 @@ -# @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-diff test.rst - -@TEST-START-FILE zeexygen.config -script_summary zeexygen/example.zeek test.rst -@TEST-END-FILE - -@load zeexygen diff --git a/testing/scripts/gen-zeexygen-docs.sh b/testing/scripts/update-zeekygen-docs.sh similarity index 88% rename from testing/scripts/gen-zeexygen-docs.sh rename to testing/scripts/update-zeekygen-docs.sh index 66287b01aa..19369ae46a 100755 --- a/testing/scripts/gen-zeexygen-docs.sh +++ b/testing/scripts/update-zeekygen-docs.sh @@ -11,9 +11,9 @@ unset BRO_DEFAULT_CONNECT_RETRY dir="$( cd "$( dirname "$0" )" && pwd )" source_dir="$( cd $dir/../.. && pwd )" build_dir=$source_dir/build -conf_file=$build_dir/zeexygen-test.conf +conf_file=$build_dir/zeekygen-test.conf output_dir=$source_dir/doc -zeek_error_file=$build_dir/zeexygen-test-stderr.txt +zeek_error_file=$build_dir/zeekygen-test-stderr.txt if [ -n "$1" ]; then output_dir=$1 @@ -30,10 +30,10 @@ export BRO_SEED_FILE=$source_dir/testing/btest/random.seed function run_zeek { - ZEEK_ALLOW_INIT_ERRORS=1 bro -X $conf_file zeexygen >/dev/null 2>$zeek_error_file + ZEEK_ALLOW_INIT_ERRORS=1 bro -X $conf_file zeekygen >/dev/null 2>$zeek_error_file if [ $? -ne 0 ]; then - echo "Failed running zeek with zeexygen config file $conf_file" + echo "Failed running zeek with zeekygen config file $conf_file" echo "See stderr in $zeek_error_file" exit 1 fi From c640dd70cc4229b07192a9739ece5f90d02151da Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 2 May 2019 22:49:40 -0700 Subject: [PATCH 063/247] Install local.zeek as symlink to pre-existing local.bro This a convenience for those that are upgrading. If we didn't do this, then deployments can silently break until the user intervenes since BroControl now prefers to load the initially-vanilla local.zeek instead of the formerly-customized local.bro. --- CHANGES | 9 +++++++++ NEWS | 11 +++++++---- VERSION | 2 +- scripts/CMakeLists.txt | 23 +++++++++++++++++++++-- 4 files changed, 38 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index c011e1ca3b..11e3ec5d8f 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,13 @@ +2.6-263 | 2019-05-02 22:49:40 -0700 + + * Install local.zeek as symlink to pre-existing local.bro (Jon Siwek, Corelight) + + This a convenience for those that are upgrading. If we didn't do + this, then deployments can silently break until the user intervenes + since BroControl now prefers to load the initially-vanilla local.zeek + instead of the formerly-customized local.bro. + 2.6-262 | 2019-05-02 21:39:01 -0700 * Rename Zeexygen to Zeekygen (Jon Siwek, Corelight) diff --git a/NEWS b/NEWS index 16c51b3c2b..082ad782b1 100644 --- a/NEWS +++ b/NEWS @@ -80,10 +80,13 @@ Changed Functionality --------------------- - ``$prefix/share/bro/site/local.bro`` has been renamed to - ``local.zeek``. If you have made customizations to that file, it - will no longer be loaded by default by BroControl (ZeekControl), - but you can simply copy it to ``local.zeek`. You may also want to - remove old ``local.bro`` files to avoid potential confusion. + ``local.zeek``. If you have a ``local.bro`` file from a previous + installation, possibly with customizations made to it, the new + version of Zeek will install a ``local.zeek`` file that is a symlink + to the pre-existing ``local.bro``. In that case, you may want to + just copy ``local.bro`` into the new ``local.zeek`` location to + avoid confusion, but things are otherwise meant to work properly + without intervention. - All scripts ending in ``.bro`` that ship with the Zeek source tree have been renamed to ``.zeek``. diff --git a/VERSION b/VERSION index 1733e8d0df..733b341e51 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-262 +2.6-263 diff --git a/scripts/CMakeLists.txt b/scripts/CMakeLists.txt index 189c9b9df8..9a3f596add 100644 --- a/scripts/CMakeLists.txt +++ b/scripts/CMakeLists.txt @@ -8,8 +8,27 @@ install(DIRECTORY ./ DESTINATION ${BRO_SCRIPT_INSTALL_PATH} FILES_MATCHING PATTERN "*.fp" ) -# Install all local* scripts as config files since they are meant to be -# user modify-able. +if ( NOT BINARY_PACKAGING_MODE ) + # If the user has a local.bro file from a previous installation, prefer to + # symlink local.zeek to it to avoid breaking their custom configuration -- + # because BroControl will now prefer to load local.zeek rather than local.bro + # and we're about to install a default version of local.zeek. + + set(_local_bro_dst ${BRO_SCRIPT_INSTALL_PATH}/site/local.bro) + set(_local_zeek_dst ${BRO_SCRIPT_INSTALL_PATH}/site/local.zeek) + + install(CODE " + if ( \"\$ENV{DESTDIR}\" STREQUAL \"\" ) + if ( EXISTS \"${_local_bro_dst}\" AND NOT EXISTS \"${_local_zeek_dst}\" ) + message(STATUS \"WARNING: installed ${_local_zeek_dst} as symlink to ${_local_bro_dst}\") + execute_process(COMMAND \"${CMAKE_COMMAND}\" -E create_symlink + \"${_local_bro_dst}\" \"${_local_zeek_dst}\") + endif () + endif () + ") +endif () + +# Install local script as a config file since it's meant to be modified directly. InstallPackageConfigFile( ${CMAKE_CURRENT_SOURCE_DIR}/site/local.zeek ${BRO_SCRIPT_INSTALL_PATH}/site From eda761080690debd64d25eab0bc027c185ef743a Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 3 May 2019 11:16:38 -0700 Subject: [PATCH 064/247] Fix sporadic openflow/broker test failure Looked like a possible race condition in how the test was structured: an endpoint sees its peer got lost and likewise exits immediately before having a chance to process events the peer had sent just before exiting. Fix is to reverse which endpoint initiates the termination sequence so we can be sure we see the required events. --- CHANGES | 4 +++ VERSION | 2 +- .../frameworks/openflow/broker-basic.zeek | 31 +++++++------------ 3 files changed, 17 insertions(+), 20 deletions(-) diff --git a/CHANGES b/CHANGES index 11e3ec5d8f..7ac58d9f4a 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.6-264 | 2019-05-03 11:16:38 -0700 + + * Fix sporadic openflow/broker test failure (Jon Siwek, Corelight) + 2.6-263 | 2019-05-02 22:49:40 -0700 * Install local.zeek as symlink to pre-existing local.bro (Jon Siwek, Corelight) diff --git a/VERSION b/VERSION index 733b341e51..70f4699737 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-263 +2.6-264 diff --git a/testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek b/testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek index 3cce7bda1e..70c7203170 100644 --- a/testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek +++ b/testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek @@ -55,14 +55,26 @@ event connection_established(c: connection) OpenFlow::flow_mod(of_controller, match_rev, flow_mod); } +global msg_count: count = 0; + +function got_message() + { + ++msg_count; + + if ( msg_count == 6 ) + terminate(); + } + event OpenFlow::flow_mod_success(name: string, match: OpenFlow::ofp_match, flow_mod: OpenFlow::ofp_flow_mod, msg: string) { print "Flow_mod_success"; + got_message(); } event OpenFlow::flow_mod_failure(name: string, match: OpenFlow::ofp_match, flow_mod: OpenFlow::ofp_flow_mod, msg: string) { print "Flow_mod_failure"; + got_message(); } @TEST-END-FILE @@ -73,13 +85,6 @@ event OpenFlow::flow_mod_failure(name: string, match: OpenFlow::ofp_match, flow_ redef exit_only_after_terminate = T; -global msg_count: count = 0; - -event die() - { - terminate(); - } - event zeek_init() { Broker::subscribe("bro/openflow"); @@ -96,28 +101,16 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string) terminate(); } -function got_message() - { - ++msg_count; - - if ( msg_count >= 4 ) - { - schedule 2sec { die() }; - } - } - event OpenFlow::broker_flow_mod(name: string, dpid: count, match: OpenFlow::ofp_match, flow_mod: OpenFlow::ofp_flow_mod) { print "got flow_mod", dpid, match, flow_mod; Broker::publish("bro/openflow", OpenFlow::flow_mod_success, name, match, flow_mod, ""); Broker::publish("bro/openflow", OpenFlow::flow_mod_failure, name, match, flow_mod, ""); - got_message(); } event OpenFlow::broker_flow_clear(name: string, dpid: count) { print "flow_clear", dpid; - got_message(); } @TEST-END-FILE From dcd645453082b1bef5e004338dcf3dbadb00e4f5 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Fri, 3 May 2019 13:07:21 -0700 Subject: [PATCH 065/247] Remove RemoteSerializer and related code/types. Also removes broccoli from the source tree. --- .gitmodules | 3 - CMakeLists.txt | 2 - NEWS | 6 + aux/broccoli | 1 - configure | 6 - .../base/frameworks/cluster/nodes/logger.zeek | 3 - .../frameworks/cluster/nodes/manager.zeek | 3 - .../base/frameworks/cluster/nodes/proxy.zeek | 4 - .../frameworks/packet-filter/cluster.zeek | 8 +- scripts/base/init-bare.zeek | 87 - src/CMakeLists.txt | 1 - src/ChunkedIO.cc | 3 +- src/Event.cc | 18 - src/Event.h | 3 - src/EventHandler.cc | 18 - src/EventHandler.h | 7 - src/EventRegistry.cc | 2 +- src/Expr.cc | 1 - src/Func.cc | 1 - src/ID.cc | 6 - src/Net.cc | 9 +- src/Net.h | 4 - src/NetVar.cc | 21 - src/NetVar.h | 10 - src/RemoteSerializer.cc | 4586 ----------------- src/RemoteSerializer.h | 524 -- src/SerialInfo.h | 2 + src/Serializer.cc | 1 - src/Sessions.h | 1 - src/StateAccess.cc | 208 +- src/StateAccess.h | 2 - src/Stmt.cc | 4 - src/Timer.cc | 1 - src/Timer.h | 1 - src/Val.cc | 36 +- src/Var.cc | 1 - src/analyzer/protocol/tcp/TCP_Reassembler.cc | 1 + src/analyzer/protocol/tcp/functions.bif | 1 + src/bro.bif | 6 +- src/broker/Data.cc | 1 + src/broker/Manager.h | 1 + src/event.bif | 195 - src/file_analysis/analyzer/extract/Extract.cc | 1 + src/input/Manager.h | 1 - src/iosource/Packet.cc | 2 + src/iosource/PktSrc.cc | 24 - src/logging/Manager.cc | 41 +- src/logging/Manager.h | 6 - src/logging/WriterBackend.cc | 1 + src/logging/WriterBackend.h | 2 - src/logging/WriterFrontend.cc | 12 - src/main.cc | 13 - src/threading/SerialTypes.cc | 4 +- src/threading/SerialTypes.h | 3 - .../Baseline/coverage.bare-mode-errors/errors | 4 + 55 files changed, 79 insertions(+), 5834 deletions(-) delete mode 160000 aux/broccoli delete mode 100644 src/RemoteSerializer.cc delete mode 100644 src/RemoteSerializer.h diff --git a/.gitmodules b/.gitmodules index 5efc3b0fb8..c7a9313543 100644 --- a/.gitmodules +++ b/.gitmodules @@ -4,9 +4,6 @@ [submodule "aux/binpac"] path = aux/binpac url = https://github.com/zeek/binpac -[submodule "aux/broccoli"] - path = aux/broccoli - url = https://github.com/zeek/broccoli [submodule "aux/broctl"] path = aux/broctl url = https://github.com/zeek/broctl diff --git a/CMakeLists.txt b/CMakeLists.txt index cfe0b29ed9..c2110d3da8 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -326,7 +326,6 @@ include(CheckOptionalBuildSources) CheckOptionalBuildSources(aux/broctl Broctl INSTALL_BROCTL) CheckOptionalBuildSources(aux/bro-aux Bro-Aux INSTALL_AUX_TOOLS) -CheckOptionalBuildSources(aux/broccoli Broccoli INSTALL_BROCCOLI) ######################################################################## ## Packaging Setup @@ -366,7 +365,6 @@ message( "\nCXXFLAGS: ${CMAKE_CXX_FLAGS} ${CMAKE_CXX_FLAGS_${BuildType}}" "\nCPP: ${CMAKE_CXX_COMPILER}" "\n" - "\nBroccoli: ${INSTALL_BROCCOLI}" "\nBroctl: ${INSTALL_BROCTL}" "\nAux. Tools: ${INSTALL_AUX_TOOLS}" "\n" diff --git a/NEWS b/NEWS index 2dd94ccc4b..bd3cb601c0 100644 --- a/NEWS +++ b/NEWS @@ -241,6 +241,12 @@ Removed Functionality - ``dhcp_offer`` - ``dhcp_release`` - ``dhcp_request`` + - ``remote_state_access_performed`` + - ``remote_state_inconsistency`` + - ``remote_log_peer`` + - ``remote_log`` + - ``finished_send_state`` + - ``remote_pong`` Deprecated Functionality ------------------------ diff --git a/aux/broccoli b/aux/broccoli deleted file mode 160000 index 8668422406..0000000000 --- a/aux/broccoli +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 8668422406cb74f4f0c574a0c9b6365a21f3e81a diff --git a/configure b/configure index 98bfc5308d..12ef158d9b 100755 --- a/configure +++ b/configure @@ -51,7 +51,6 @@ Usage: $0 [OPTION]... [VAR=VALUE]... (automatically on when perftools is present on Linux) --enable-perftools-debug use Google's perftools for debugging --enable-jemalloc link against jemalloc - --enable-broccoli build or install the Broccoli library (deprecated) --enable-static-broker build broker statically (ignored if --with-broker is specified) --enable-static-binpac build binpac statically (ignored if --with-binpac is specified) --disable-broctl don't install Broctl @@ -140,7 +139,6 @@ append_cache_entry ENABLE_PERFTOOLS BOOL false append_cache_entry ENABLE_PERFTOOLS_DEBUG BOOL false append_cache_entry ENABLE_JEMALLOC BOOL false append_cache_entry BUILD_SHARED_LIBS BOOL true -append_cache_entry INSTALL_BROCCOLI BOOL false append_cache_entry INSTALL_AUX_TOOLS BOOL true append_cache_entry INSTALL_BROCTL BOOL true append_cache_entry CPACK_SOURCE_IGNORE_FILES STRING @@ -221,10 +219,6 @@ while [ $# -ne 0 ]; do --enable-jemalloc) append_cache_entry ENABLE_JEMALLOC BOOL true ;; - --enable-broccoli) - append_cache_entry DISABLE_RUBY_BINDINGS BOOL true - append_cache_entry INSTALL_BROCCOLI BOOL yes - ;; --enable-static-broker) append_cache_entry BUILD_STATIC_BROKER BOOL true ;; diff --git a/scripts/base/frameworks/cluster/nodes/logger.zeek b/scripts/base/frameworks/cluster/nodes/logger.zeek index 39dcb751df..03a422e460 100644 --- a/scripts/base/frameworks/cluster/nodes/logger.zeek +++ b/scripts/base/frameworks/cluster/nodes/logger.zeek @@ -24,6 +24,3 @@ redef Log::default_mail_alarms_interval = 24 hrs; ## Use the cluster's archive logging script. redef Log::default_rotation_postprocessor_cmd = "archive-log"; - -## We're processing essentially *only* remote events. -redef max_remote_events_processed = 10000; diff --git a/scripts/base/frameworks/cluster/nodes/manager.zeek b/scripts/base/frameworks/cluster/nodes/manager.zeek index e54b090522..8858025a25 100644 --- a/scripts/base/frameworks/cluster/nodes/manager.zeek +++ b/scripts/base/frameworks/cluster/nodes/manager.zeek @@ -21,6 +21,3 @@ redef Log::default_rotation_interval = 24 hrs; ## Use the cluster's delete-log script. redef Log::default_rotation_postprocessor_cmd = "delete-log"; - -## We're processing essentially *only* remote events. -redef max_remote_events_processed = 10000; diff --git a/scripts/base/frameworks/cluster/nodes/proxy.zeek b/scripts/base/frameworks/cluster/nodes/proxy.zeek index e38a5e9109..df2a7c552b 100644 --- a/scripts/base/frameworks/cluster/nodes/proxy.zeek +++ b/scripts/base/frameworks/cluster/nodes/proxy.zeek @@ -5,10 +5,6 @@ @prefixes += cluster-proxy -## The proxy only syncs state; does not forward events. -redef forward_remote_events = F; -redef forward_remote_state_changes = T; - ## Don't do any local logging. redef Log::enable_local_logging = F; diff --git a/scripts/base/frameworks/packet-filter/cluster.zeek b/scripts/base/frameworks/packet-filter/cluster.zeek index 6e41a6045f..b1e1ceaddf 100644 --- a/scripts/base/frameworks/packet-filter/cluster.zeek +++ b/scripts/base/frameworks/packet-filter/cluster.zeek @@ -4,11 +4,11 @@ module PacketFilter; -event remote_connection_handshake_done(p: event_peer) &priority=3 +event Cluster::hello(name: string, id: string) &priority=-3 { - if ( Cluster::local_node_type() == Cluster::WORKER && - p$descr in Cluster::nodes && - Cluster::nodes[p$descr]$node_type == Cluster::MANAGER ) + if ( Cluster::local_node_type() == Cluster::WORKER && + name in Cluster::nodes && + Cluster::nodes[name]$node_type == Cluster::MANAGER ) { # This ensures that a packet filter is installed and logged # after the manager connects to us. diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek index d8c3212533..4f9d30ab11 100644 --- a/scripts/base/init-bare.zeek +++ b/scripts/base/init-bare.zeek @@ -775,32 +775,6 @@ type IPAddrAnonymizationClass: enum { OTHER_ADDR, }; -## A locally unique ID identifying a communication peer. The ID is returned by -## :zeek:id:`connect`. -## -## .. zeek:see:: connect -type peer_id: count; - -## A communication peer. -## -## .. zeek:see:: finished_send_state remote_capture_filter -## remote_connection_closed remote_connection_error -## remote_connection_established remote_connection_handshake_done -## remote_event_registered remote_log_peer remote_pong -## send_state -## -## .. todo::The type's name is too narrow these days, should rename. -type event_peer: record { - id: peer_id; ##< Locally unique ID of peer (returned by :zeek:id:`connect`). - host: addr; ##< The IP address of the peer. - ## Either the port we connected to at the peer; or our port the peer - ## connected to if the session is remotely initiated. - p: port; - is_local: bool; ##< True if this record describes the local process. - descr: string; ##< The peer's :zeek:see:`peer_description`. - class: string &optional; ##< The self-assigned *class* of the peer. -}; - ## Deprecated. ## ## .. zeek:see:: rotate_file rotate_file_by_name rotate_interval @@ -1970,10 +1944,6 @@ const watchdog_interval = 10 sec &redef; ## "process all expired timers with each new packet". const max_timer_expires = 300 &redef; -## With a similar trade-off, this gives the number of remote events -## to process in a batch before interleaving other activity. -const max_remote_events_processed = 10 &redef; - # These need to match the definitions in Login.h. # # .. zeek:see:: get_login_state @@ -4740,71 +4710,14 @@ const packet_filter_default = F &redef; ## Maximum size of regular expression groups for signature matching. const sig_max_group_size = 50 &redef; -## Deprecated. No longer functional. -const enable_syslog = F &redef; - ## Description transmitted to remote communication peers for identification. const peer_description = "bro" &redef; -## If true, broadcast events received from one peer to all other peers. -## -## .. zeek:see:: forward_remote_state_changes -## -## .. note:: This option is only temporary and will disappear once we get a -## more sophisticated script-level communication framework. -const forward_remote_events = F &redef; - -## If true, broadcast state updates received from one peer to all other peers. -## -## .. zeek:see:: forward_remote_events -## -## .. note:: This option is only temporary and will disappear once we get a -## more sophisticated script-level communication framework. -const forward_remote_state_changes = F &redef; - ## The number of IO chunks allowed to be buffered between the child ## and parent process of remote communication before Bro starts dropping ## connections to remote peers in an attempt to catch up. const chunked_io_buffer_soft_cap = 800000 &redef; -## Place-holder constant indicating "no peer". -const PEER_ID_NONE = 0; - -# Signature payload pattern types. -# todo:: use enum to help autodoc -# todo:: Still used? -#const SIG_PATTERN_PAYLOAD = 0; -#const SIG_PATTERN_HTTP = 1; -#const SIG_PATTERN_FTP = 2; -#const SIG_PATTERN_FINGER = 3; - -# Deprecated. -# todo::Should use the new logging framework directly. -const REMOTE_LOG_INFO = 1; ##< Deprecated. -const REMOTE_LOG_ERROR = 2; ##< Deprecated. - -# Source of logging messages from the communication framework. -# todo:: these should go into an enum to make them autodoc'able. -const REMOTE_SRC_CHILD = 1; ##< Message from the child process. -const REMOTE_SRC_PARENT = 2; ##< Message from the parent process. -const REMOTE_SRC_SCRIPT = 3; ##< Message from a policy script. - -## Synchronize trace processing at a regular basis in pseudo-realtime mode. -## -## .. zeek:see:: remote_trace_sync_peers -const remote_trace_sync_interval = 0 secs &redef; - -## Number of peers across which to synchronize trace processing in -## pseudo-realtime mode. -## -## .. zeek:see:: remote_trace_sync_interval -const remote_trace_sync_peers = 0 &redef; - -## Whether for :zeek:attr:`&synchronized` state to send the old value as a -## consistency check. -const remote_check_sync_consistency = F &redef; - -## Reassemble the beginning of all TCP connections before doing ## signature matching. Enabling this provides more accurate matching at the ## expense of CPU cycles. ## diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index dcf787043e..b15bc1fd36 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -295,7 +295,6 @@ set(bro_SRCS RandTest.cc RE.cc Reassem.cc - RemoteSerializer.cc Rule.cc RuleAction.cc RuleCondition.cc diff --git a/src/ChunkedIO.cc b/src/ChunkedIO.cc index d2cdbc6425..c57ab34dc8 100644 --- a/src/ChunkedIO.cc +++ b/src/ChunkedIO.cc @@ -14,7 +14,6 @@ #include "bro-config.h" #include "ChunkedIO.h" #include "NetVar.h" -#include "RemoteSerializer.h" ChunkedIO::ChunkedIO() : stats(), tag(), pure() { @@ -377,7 +376,7 @@ ChunkedIO::Chunk* ChunkedIOFd::ConcatChunks(Chunk* c1, Chunk* c2) void ChunkedIO::Log(const char* str) { - RemoteSerializer::Log(RemoteSerializer::LogError, str); + //RemoteSerializer::Log(RemoteSerializer::LogError, str); } bool ChunkedIOFd::Read(Chunk** chunk, bool may_block) diff --git a/src/Event.cc b/src/Event.cc index 8b87caa9b1..f033a01e40 100644 --- a/src/Event.cc +++ b/src/Event.cc @@ -189,21 +189,3 @@ void EventMgr::Describe(ODesc* d) const d->NL(); } } - -RecordVal* EventMgr::GetLocalPeerVal() - { - if ( ! src_val ) - { - src_val = new RecordVal(peer); - src_val->Assign(0, val_mgr->GetCount(0)); - src_val->Assign(1, new AddrVal("127.0.0.1")); - src_val->Assign(2, val_mgr->GetPort(0)); - src_val->Assign(3, val_mgr->GetTrue()); - - Ref(peer_description); - src_val->Assign(4, peer_description); - src_val->Assign(5, 0); // class (optional). - } - - return src_val; - } diff --git a/src/Event.h b/src/Event.h index 1b23f304f2..cafe0057d6 100644 --- a/src/Event.h +++ b/src/Event.h @@ -129,9 +129,6 @@ public: int Size() const { return num_events_queued - num_events_dispatched; } - // Returns a peer record describing the local Bro. - RecordVal* GetLocalPeerVal(); - void Describe(ODesc* d) const override; protected: diff --git a/src/EventHandler.cc b/src/EventHandler.cc index 08e8728d6f..718e6d6ae8 100644 --- a/src/EventHandler.cc +++ b/src/EventHandler.cc @@ -2,7 +2,6 @@ #include "EventHandler.h" #include "Func.h" #include "Scope.h" -#include "RemoteSerializer.h" #include "NetVar.h" #include "broker/Manager.h" @@ -28,7 +27,6 @@ EventHandler::~EventHandler() EventHandler::operator bool() const { return enabled && ((local && local->HasBodies()) - || receivers.length() || generate_always || ! auto_publish.empty()); } @@ -73,12 +71,6 @@ void EventHandler::Call(val_list* vl, bool no_remote) if ( ! no_remote ) { - loop_over_list(receivers, i) - { - SerialInfo info(remote_serializer); - remote_serializer->SendCall(&info, receivers[i], name, vl); - } - if ( ! auto_publish.empty() ) { // Send event in form [name, xs...] where xs represent the arguments. @@ -179,16 +171,6 @@ void EventHandler::NewEvent(val_list* vl) mgr.Dispatch(ev); } -void EventHandler::AddRemoteHandler(SourceID peer) - { - receivers.append(peer); - } - -void EventHandler::RemoveRemoteHandler(SourceID peer) - { - receivers.remove(peer); - } - bool EventHandler::Serialize(SerialInfo* info) const { return SERIALIZE(name); diff --git a/src/EventHandler.h b/src/EventHandler.h index bad3d278fa..216badee4b 100644 --- a/src/EventHandler.h +++ b/src/EventHandler.h @@ -26,9 +26,6 @@ public: void SetLocalHandler(Func* f); - void AddRemoteHandler(SourceID peer); - void RemoveRemoteHandler(SourceID peer); - void AutoPublish(std::string topic) { auto_publish.insert(std::move(topic)); @@ -75,10 +72,6 @@ private: bool error_handler; // this handler reports error messages. bool generate_always; - declare(List, SourceID); - typedef List(SourceID) receiver_list; - receiver_list receivers; - std::unordered_set auto_publish; }; diff --git a/src/EventRegistry.cc b/src/EventRegistry.cc index e28c7b4176..be3cf13799 100644 --- a/src/EventRegistry.cc +++ b/src/EventRegistry.cc @@ -1,6 +1,6 @@ #include "EventRegistry.h" #include "RE.h" -#include "RemoteSerializer.h" +#include "Reporter.h" void EventRegistry::Register(EventHandlerPtr handler) { diff --git a/src/Expr.cc b/src/Expr.cc index ff039ece35..eccdf1a6b8 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -10,7 +10,6 @@ #include "Scope.h" #include "Stmt.h" #include "EventRegistry.h" -#include "RemoteSerializer.h" #include "Net.h" #include "Traverse.h" #include "Trigger.h" diff --git a/src/Func.cc b/src/Func.cc index cbbbef6fa5..d34f97c197 100644 --- a/src/Func.cc +++ b/src/Func.cc @@ -42,7 +42,6 @@ #include "Sessions.h" #include "RE.h" #include "Serializer.h" -#include "RemoteSerializer.h" #include "Event.h" #include "Traverse.h" #include "Reporter.h" diff --git a/src/ID.cc b/src/ID.cc index 8b8db85faa..71f7d5f008 100644 --- a/src/ID.cc +++ b/src/ID.cc @@ -10,7 +10,6 @@ #include "Scope.h" #include "File.h" #include "Serializer.h" -#include "RemoteSerializer.h" #include "Scope.h" #include "Traverse.h" #include "zeexygen/Manager.h" @@ -361,11 +360,6 @@ ID* ID::Unserialize(UnserialInfo* info) else { - if ( info->id_policy != UnserialInfo::InstantiateNew ) - { - remote_serializer->Unregister(current); - } - switch ( info->id_policy ) { case UnserialInfo::Keep: diff --git a/src/Net.cc b/src/Net.cc index b61d365a2a..79b66e1a80 100644 --- a/src/Net.cc +++ b/src/Net.cc @@ -49,8 +49,6 @@ int reading_live = 0; int reading_traces = 0; int have_pending_timers = 0; double pseudo_realtime = 0.0; -bool using_communication = false; - double network_time = 0.0; // time according to last packet timestamp // (or current time) double processing_start_time = 0.0; // time started working on current pkt @@ -309,7 +307,7 @@ void net_run() } #endif current_iosrc = src; - auto communication_enabled = using_communication || broker_mgr->Active(); + auto communication_enabled = broker_mgr->Active(); if ( src ) src->Process(); // which will call net_packet_dispatch() @@ -372,11 +370,6 @@ void net_run() // current packet and its related events. termination_signal(); -#ifdef DEBUG_COMMUNICATION - if ( signal_val == SIGPROF && remote_serializer ) - remote_serializer->DumpDebugData(); -#endif - if ( ! reading_traces ) // Check whether we have timers scheduled for // the future on which we need to wait. diff --git a/src/Net.h b/src/Net.h index caea61c436..26a3d0f883 100644 --- a/src/Net.h +++ b/src/Net.h @@ -7,7 +7,6 @@ #include "util.h" #include "List.h" #include "Func.h" -#include "RemoteSerializer.h" #include "iosource/IOSource.h" #include "iosource/PktSrc.h" #include "iosource/PktDumper.h" @@ -67,9 +66,6 @@ extern double bro_start_network_time; // True if we're a in the process of cleaning-up just before termination. extern bool terminating; -// True if the remote serializer is to be activated. -extern bool using_communication; - // True if Bro is currently parsing scripts. extern bool is_parsing; diff --git a/src/NetVar.cc b/src/NetVar.cc index 57a5452123..37ee24914f 100644 --- a/src/NetVar.cc +++ b/src/NetVar.cc @@ -30,7 +30,6 @@ RecordType* mime_match; int watchdog_interval; int max_timer_expires; -int max_remote_events_processed; int ignore_checksums; int partial_connection_ok; @@ -173,10 +172,6 @@ StringVal* log_encryption_key; StringVal* log_rotate_base_time; StringVal* peer_description; -RecordType* peer; -int forward_remote_state_changes; -int forward_remote_events; -int remote_check_sync_consistency; bro_uint_t chunked_io_buffer_soft_cap; StringVal* ssl_ca_certificate; @@ -212,9 +207,6 @@ int dpd_ignore_ports; TableVal* likely_server_ports; -double remote_trace_sync_interval; -int remote_trace_sync_peers; - int check_for_unused_event_handlers; int dump_used_event_handlers; @@ -267,12 +259,6 @@ void init_general_global_var() peer_description = internal_val("peer_description")->AsStringVal(); - peer = internal_type("event_peer")->AsRecordType(); - forward_remote_state_changes = - opt_internal_int("forward_remote_state_changes"); - forward_remote_events = opt_internal_int("forward_remote_events"); - remote_check_sync_consistency = - opt_internal_int("remote_check_sync_consistency"); chunked_io_buffer_soft_cap = opt_internal_unsigned("chunked_io_buffer_soft_cap"); ssl_ca_certificate = internal_val("ssl_ca_certificate")->AsStringVal(); @@ -282,7 +268,6 @@ void init_general_global_var() packet_filter_default = opt_internal_int("packet_filter_default"); sig_max_group_size = opt_internal_int("sig_max_group_size"); - enable_syslog = opt_internal_int("enable_syslog"); check_for_unused_event_handlers = opt_internal_int("check_for_unused_event_handlers"); @@ -395,8 +380,6 @@ void init_net_var() watchdog_interval = int(opt_internal_double("watchdog_interval")); max_timer_expires = opt_internal_int("max_timer_expires"); - max_remote_events_processed = - opt_internal_int("max_remote_events_processed"); skip_authentication = internal_list_val("skip_authentication"); direct_login_prompts = internal_list_val("direct_login_prompts"); @@ -498,10 +481,6 @@ void init_net_var() irc_join_list = internal_type("irc_join_list")->AsTableType(); irc_servers = internal_val("irc_servers")->AsTableVal(); - remote_trace_sync_interval = - opt_internal_double("remote_trace_sync_interval"); - remote_trace_sync_peers = opt_internal_int("remote_trace_sync_peers"); - dpd_reassemble_first_packets = opt_internal_int("dpd_reassemble_first_packets"); dpd_buffer_size = opt_internal_int("dpd_buffer_size"); diff --git a/src/NetVar.h b/src/NetVar.h index 1dee27f372..92d717f50a 100644 --- a/src/NetVar.h +++ b/src/NetVar.h @@ -33,7 +33,6 @@ extern RecordType* mime_match; extern int watchdog_interval; extern int max_timer_expires; -extern int max_remote_events_processed; extern int ignore_checksums; extern int partial_connection_ok; @@ -176,10 +175,6 @@ extern StringVal* log_encryption_key; extern StringVal* log_rotate_base_time; extern StringVal* peer_description; -extern RecordType* peer; -extern int forward_remote_state_changes; -extern int forward_remote_events; -extern int remote_check_sync_consistency; extern bro_uint_t chunked_io_buffer_soft_cap; extern StringVal* ssl_ca_certificate; @@ -201,8 +196,6 @@ extern int packet_filter_default; extern int sig_max_group_size; -extern int enable_syslog; - extern TableType* irc_join_list; extern RecordType* irc_join_info; extern TableVal* irc_servers; @@ -214,9 +207,6 @@ extern int dpd_ignore_ports; extern TableVal* likely_server_ports; -extern double remote_trace_sync_interval; -extern int remote_trace_sync_peers; - extern int check_for_unused_event_handlers; extern int dump_used_event_handlers; diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc deleted file mode 100644 index 152a8b4e34..0000000000 --- a/src/RemoteSerializer.cc +++ /dev/null @@ -1,4586 +0,0 @@ -// Processes involved in the communication: -// -// (Local-Parent) <-> (Local-Child) <-> (Remote-Child) <-> (Remote-Parent) -// -// Message types (for parent<->child communication the CMsg's peer indicates -// about whom we're talking). -// -// Communication protocol version -// VERSION -// [] -// -// Send serialization -// SERIAL -// -// Terminate(d) connection -// CLOSE -// -// Close(d) all connections -// CLOSE_ALL -// -// Connect to remote side -// CONNECT_TO -// -// Connected to remote side -// CONNECTED -// -// Request events from remote side -// REQUEST_EVENTS -// -// Request synchronization of IDs with remote side -// REQUEST_SYNC -// -// Listen for connection on ip/port (ip may be INADDR_ANY) -// LISTEN -// -// Close listen ports. -// LISTEN_STOP -// -// Error caused by host -// ERROR -// -// Some statistics about the given peer connection -// STATS -// -// Requests to set a new capture_filter -// CAPTURE_FILTER -// -// Ping to peer -// PING -// -// Pong from peer -// PONG -// -// Announce our capabilities -// CAPS -// -// Activate compression (parent->child) -// COMPRESS -// -// Indicate that all following blocks are compressed (child->child) -// COMPRESS -// -// Synchronize for pseudo-realtime processing. -// Signals that we have reached sync-point number . -// SYNC_POINT -// -// Signals the child that we want to terminate. Anything sent after this may -// get lost. When the child answers with another TERMINATE it is safe to -// shutdown. -// TERMINATE -// -// Debug-only: tell child to dump recently received/sent data to disk. -// DEBUG_DUMP -// -// Valid messages between processes: -// -// Main -> Child -// CONNECT_TO -// REQUEST_EVENTS -// SERIAL -// CLOSE -// CLOSE_ALL -// LISTEN -// LISTEN_STOP -// CAPTURE_FILTER -// VERSION -// REQUEST_SYNC -// PHASE_DONE -// PING -// PONG -// CAPS -// COMPRESS -// SYNC_POINT -// DEBUG_DUMP -// REMOTE_PRINT -// -// Child -> Main -// CONNECTED -// REQUEST_EVENTS -// SERIAL -// CLOSE -// ERROR -// STATS -// VERSION -// CAPTURE_FILTER -// REQUEST_SYNC -// PHASE_DONE -// PING -// PONG -// CAPS -// LOG -// SYNC_POINT -// REMOTE_PRINT -// -// Child <-> Child -// VERSION -// SERIAL -// REQUEST_EVENTS -// CAPTURE_FILTER -// REQUEST_SYNC -// PHASE_DONE -// PING -// PONG -// CAPS -// COMPRESS -// SYNC_POINT -// REMOTE_PRINT -// -// A connection between two peers has four phases: -// -// Setup: -// Initial phase. -// VERSION messages must be exchanged. -// Ends when both peers have sent VERSION. -// Handshake: -// REQUEST_EVENTS/REQUEST_SYNC/CAPTURE_FILTER/CAPS/selected SERIALs -// may be exchanged. -// Phase ends when both peers have sent PHASE_DONE. -// State synchronization: -// Entered iff at least one of the peers has sent REQUEST_SYNC. -// The peer with the smallest runtime (incl. in VERSION msg) sends -// SERIAL messages compromising all of its state. -// Phase ends when peer sends another PHASE_DONE. -// Running: -// Peers exchange SERIAL (and PING/PONG) messages. -// Phase ends with connection tear-down by one of the peers. - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "bro-config.h" -#ifdef TIME_WITH_SYS_TIME -# include -# include -#else -# ifdef HAVE_SYS_TIME_H -# include -# else -# include -# endif -#endif -#include - -#include -#include -#include -#include - -#include "RemoteSerializer.h" -#include "Func.h" -#include "EventRegistry.h" -#include "Event.h" -#include "Net.h" -#include "NetVar.h" -#include "Scope.h" -#include "Sessions.h" -#include "File.h" -#include "Conn.h" -#include "Reporter.h" -#include "IPAddr.h" -#include "bro_inet_ntop.h" -#include "iosource/Manager.h" -#include "logging/Manager.h" -#include "logging/logging.bif.h" - -extern "C" { -#include "setsignal.h" -}; - -// Gets incremented each time there's an incompatible change -// to the communication internals. -static const unsigned short PROTOCOL_VERSION = 0x07; - -static const char MSG_NONE = 0x00; -static const char MSG_VERSION = 0x01; -static const char MSG_SERIAL = 0x02; -static const char MSG_CLOSE = 0x03; -static const char MSG_CLOSE_ALL = 0x04; -static const char MSG_ERROR = 0x05; -static const char MSG_CONNECT_TO = 0x06; -static const char MSG_CONNECTED = 0x07; -static const char MSG_REQUEST_EVENTS = 0x08; -static const char MSG_LISTEN = 0x09; -static const char MSG_LISTEN_STOP = 0x0a; -static const char MSG_STATS = 0x0b; -static const char MSG_CAPTURE_FILTER = 0x0c; -static const char MSG_REQUEST_SYNC = 0x0d; -static const char MSG_PHASE_DONE = 0x0e; -static const char MSG_PING = 0x0f; -static const char MSG_PONG = 0x10; -static const char MSG_CAPS = 0x11; -static const char MSG_COMPRESS = 0x12; -static const char MSG_LOG = 0x13; -static const char MSG_SYNC_POINT = 0x14; -static const char MSG_TERMINATE = 0x15; -static const char MSG_DEBUG_DUMP = 0x16; -static const char MSG_REMOTE_PRINT = 0x17; -static const char MSG_LOG_CREATE_WRITER = 0x18; -static const char MSG_LOG_WRITE = 0x19; -static const char MSG_REQUEST_LOGS = 0x20; - -// Update this one whenever adding a new ID: -static const char MSG_ID_MAX = MSG_REQUEST_LOGS; - -static const uint32 FINAL_SYNC_POINT = /* UINT32_MAX */ 4294967295U; - -// Buffer size for remote-print data -static const int PRINT_BUFFER_SIZE = 10 * 1024; -static const int SOCKBUF_SIZE = 1024 * 1024; - -// Buffer size for remote-log data. -static const int LOG_BUFFER_SIZE = 50 * 1024; - -struct ping_args { - uint32 seq; - double time1; // Round-trip time parent1<->parent2 - double time2; // Round-trip time child1<->parent2 - double time3; // Round-trip time child2<->parent2 -}; - -#ifdef DEBUG -# define DEBUG_COMM(msg) DBG_LOG(DBG_COMM, "%s", msg) -#else -# define DEBUG_COMM(msg) -#endif - -#define READ_CHUNK(i, c, do_if_eof, kill_me) \ - { \ - if ( ! i->Read(&c) ) \ - { \ - if ( i->Eof() ) \ - { \ - do_if_eof; \ - } \ - else \ - Error(fmt("can't read data chunk: %s", io->Error()), kill_me); \ - return false; \ - } \ - \ - if ( ! c ) \ - return true; \ - } - -#define READ_CHUNK_FROM_CHILD(c) \ - { \ - if ( ! io->Read(&c) ) \ - { \ - if ( io->Eof() ) \ - ChildDied(); \ - else \ - Error(fmt("can't read data chunk: %s", io->Error())); \ - return false; \ - } \ - \ - if ( ! c ) \ - { \ - SetIdle(io->IsIdle());\ - return true; \ - } \ - SetIdle(false); \ - } - -static const char* msgToStr(int msg) - { -# define MSG_STR(x) case x: return #x; - switch ( msg ) { - MSG_STR(MSG_VERSION) - MSG_STR(MSG_NONE) - MSG_STR(MSG_SERIAL) - MSG_STR(MSG_CLOSE) - MSG_STR(MSG_CLOSE_ALL) - MSG_STR(MSG_ERROR) - MSG_STR(MSG_CONNECT_TO) - MSG_STR(MSG_CONNECTED) - MSG_STR(MSG_REQUEST_EVENTS) - MSG_STR(MSG_LISTEN) - MSG_STR(MSG_LISTEN_STOP) - MSG_STR(MSG_STATS) - MSG_STR(MSG_CAPTURE_FILTER) - MSG_STR(MSG_REQUEST_SYNC) - MSG_STR(MSG_PHASE_DONE) - MSG_STR(MSG_PING) - MSG_STR(MSG_PONG) - MSG_STR(MSG_CAPS) - MSG_STR(MSG_COMPRESS) - MSG_STR(MSG_LOG) - MSG_STR(MSG_SYNC_POINT) - MSG_STR(MSG_TERMINATE) - MSG_STR(MSG_DEBUG_DUMP) - MSG_STR(MSG_REMOTE_PRINT) - MSG_STR(MSG_LOG_CREATE_WRITER) - MSG_STR(MSG_LOG_WRITE) - MSG_STR(MSG_REQUEST_LOGS) - default: - return "UNKNOWN_MSG"; - } - } - -static vector tokenize(const string& s, char delim) - { - vector tokens; - stringstream ss(s); - string token; - - while ( std::getline(ss, token, delim) ) - tokens.push_back(token); - - return tokens; - } - -// Start of every message between two processes. We do the low-level work -// ourselves to make this 64-bit safe. (The actual layout is an artifact of -// an earlier design that depended on how a 32-bit GCC lays out its structs ...) -class CMsg { -public: - CMsg(char type, RemoteSerializer::PeerID peer) - { - buffer[0] = type; - uint32 tmp = htonl(peer); - memcpy(buffer + 4, &tmp, sizeof(tmp)); - } - - char Type() { return buffer[0]; } - - RemoteSerializer::PeerID Peer() - { - uint32 tmp; - memcpy(&tmp, buffer + 4, sizeof(tmp)); - return ntohl(tmp); - } - - const char* Raw() { return buffer; } - -private: - char buffer[8]; -}; - -static bool sendCMsg(ChunkedIO* io, char msg_type, RemoteSerializer::PeerID id) - { - // We use the new[] operator here to avoid mismatches - // when deleting the data. - CMsg* msg = (CMsg*) new char[sizeof(CMsg)]; - new (msg) CMsg(msg_type, id); - - ChunkedIO::Chunk* c = new ChunkedIO::Chunk((char*)msg, sizeof(CMsg)); - return io->Write(c); - } - -static ChunkedIO::Chunk* makeSerialMsg(RemoteSerializer::PeerID id) - { - // We use the new[] operator here to avoid mismatches - // when deleting the data. - CMsg* msg = (CMsg*) new char[sizeof(CMsg)]; - new (msg) CMsg(MSG_SERIAL, id); - - ChunkedIO::Chunk* c = new ChunkedIO::Chunk((char*)msg, sizeof(CMsg)); - return c; - } - -inline void RemoteSerializer::SetupSerialInfo(SerialInfo* info, Peer* peer) - { - info->chunk = makeSerialMsg(peer->id); - if ( peer->caps & Peer::NO_CACHING ) - info->cache = false; - - if ( ! (peer->caps & Peer::PID_64BIT) || peer->phase != Peer::RUNNING ) - info->pid_32bit = true; - - if ( (peer->caps & Peer::NEW_CACHE_STRATEGY) && - peer->phase == Peer::RUNNING ) - info->new_cache_strategy = true; - - if ( (peer->caps & Peer::BROCCOLI_PEER) ) - info->broccoli_peer = true; - - info->include_locations = false; - } - -static bool sendToIO(ChunkedIO* io, ChunkedIO::Chunk* c) - { - if ( ! io->Write(c) ) - { - reporter->Warning("can't send chunk: %s", io->Error()); - return false; - } - - return true; - } - -static bool sendToIO(ChunkedIO* io, char msg_type, RemoteSerializer::PeerID id, - const char* str, int len = -1, bool delete_with_free = false) - { - if ( ! sendCMsg(io, msg_type, id) ) - { - reporter->Warning("can't send message of type %d: %s", msg_type, io->Error()); - return false; - } - - uint32 sz = len >= 0 ? len : strlen(str) + 1; - ChunkedIO::Chunk* c = new ChunkedIO::Chunk(const_cast(str), sz); - - if ( delete_with_free ) - c->free_func = ChunkedIO::Chunk::free_func_free; - else - c->free_func = ChunkedIO::Chunk::free_func_delete; - - return sendToIO(io, c); - } - -static bool sendToIO(ChunkedIO* io, char msg_type, RemoteSerializer::PeerID id, - int nargs, va_list ap) - { - if ( ! sendCMsg(io, msg_type, id) ) - { - reporter->Warning("can't send message of type %d: %s", msg_type, io->Error()); - return false; - } - - if ( nargs == 0 ) - return true; - - uint32* args = new uint32[nargs]; - - for ( int i = 0; i < nargs; i++ ) - args[i] = htonl(va_arg(ap, uint32)); - - ChunkedIO::Chunk* c = new ChunkedIO::Chunk((char*)args, - sizeof(uint32) * nargs); - return sendToIO(io, c); - } - -#ifdef DEBUG -static inline char* fmt_uint32s(int nargs, va_list ap) - { - static char buf[512]; - char* p = buf; - *p = '\0'; - for ( int i = 0; i < nargs; i++ ) - p += snprintf(p, sizeof(buf) - (p - buf), - " 0x%08x", va_arg(ap, uint32)); - buf[511] = '\0'; - return buf; - } -#endif - -static pid_t child_pid = 0; - -// Return true if message type is sent by a peer (rather than the child -// process itself). -static inline bool is_peer_msg(int msg) - { - return msg == MSG_VERSION || - msg == MSG_SERIAL || - msg == MSG_REQUEST_EVENTS || - msg == MSG_REQUEST_SYNC || - msg == MSG_CAPTURE_FILTER || - msg == MSG_PHASE_DONE || - msg == MSG_PING || - msg == MSG_PONG || - msg == MSG_CAPS || - msg == MSG_COMPRESS || - msg == MSG_SYNC_POINT || - msg == MSG_REMOTE_PRINT || - msg == MSG_LOG_CREATE_WRITER || - msg == MSG_LOG_WRITE || - msg == MSG_REQUEST_LOGS; - } - -bool RemoteSerializer::IsConnectedPeer(PeerID id) - { - if ( id == PEER_NONE ) - return true; - - return LookupPeer(id, true) != 0; - } - -class IncrementalSendTimer : public Timer { -public: - IncrementalSendTimer(double t, RemoteSerializer::Peer* p, SerialInfo* i) - : Timer(t, TIMER_INCREMENTAL_SEND), info(i), peer(p) {} - virtual void Dispatch(double t, int is_expire) - { - // Never suspend when we're finishing up. - if ( terminating ) - info->may_suspend = false; - - remote_serializer->SendAllSynchronized(peer, info); - } - - SerialInfo* info; - RemoteSerializer::Peer* peer; -}; - -RemoteSerializer::RemoteSerializer() - { - initialized = false; - current_peer = 0; - msgstate = TYPE; - id_counter = 1; - listening = false; - ignore_accesses = false; - propagate_accesses = 1; - current_sync_point = 0; - syncing_times = false; - io = 0; - terminating = false; - in_sync = 0; - last_flush = 0; - received_logs = 0; - current_id = 0; - current_msgtype = 0; - current_args = 0; - source_peer = 0; - - // Register as a "dont-count" source first, we may change that later. - iosource_mgr->Register(this, true); - } - -RemoteSerializer::~RemoteSerializer() - { - if ( child_pid ) - { - if ( kill(child_pid, SIGKILL) < 0 ) - reporter->Warning("warning: cannot kill child (pid %d), %s", child_pid, strerror(errno)); - - else if ( waitpid(child_pid, 0, 0) < 0 ) - reporter->Warning("warning: error encountered during waitpid(%d), %s", child_pid, strerror(errno)); - } - - delete io; - } - -void RemoteSerializer::Enable() - { - if ( initialized ) - return; - - if ( reading_traces && ! pseudo_realtime ) - { - using_communication = 0; - return; - } - - Fork(); - - Log(LogInfo, fmt("communication started, parent pid is %d, child pid is %d", getpid(), child_pid)); - initialized = 1; - } - -void RemoteSerializer::SetSocketBufferSize(int fd, int opt, const char *what, int size, int verbose) - { - int defsize = 0; - socklen_t len = sizeof(defsize); - - if ( getsockopt(fd, SOL_SOCKET, opt, (void *)&defsize, &len) < 0 ) - { - if ( verbose ) - Log(LogInfo, fmt("warning: cannot get socket buffer size (%s): %s", what, strerror(errno))); - return; - } - - for ( int trysize = size; trysize > defsize; trysize -= 1024 ) - { - if ( setsockopt(fd, SOL_SOCKET, opt, &trysize, sizeof(trysize)) >= 0 ) - { - if ( verbose ) - { - if ( trysize == size ) - Log(LogInfo, fmt("raised pipe's socket buffer size from %dK to %dK", defsize / 1024, trysize / 1024)); - else - Log(LogInfo, fmt("raised pipe's socket buffer size from %dK to %dK (%dK was requested)", defsize / 1024, trysize / 1024, size / 1024)); - } - return; - } - } - - Log(LogInfo, fmt("warning: cannot increase %s socket buffer size from %dK (%dK was requested)", what, defsize / 1024, size / 1024)); - } - -void RemoteSerializer::Fork() - { - if ( child_pid ) - return; - - // Register as a "does-count" source now. - iosource_mgr->Register(this, false); - - // If we are re-forking, remove old entries - loop_over_list(peers, i) - RemovePeer(peers[i]); - - // Create pipe for communication between parent and child. - int pipe[2]; - - if ( socketpair(AF_UNIX, SOCK_STREAM, 0, pipe) < 0 ) - { - Error(fmt("can't create pipe: %s", strerror(errno))); - return; - } - - // Try to increase the size of the socket send and receive buffers. - SetSocketBufferSize(pipe[0], SO_SNDBUF, "SO_SNDBUF", SOCKBUF_SIZE, 1); - SetSocketBufferSize(pipe[0], SO_RCVBUF, "SO_RCVBUF", SOCKBUF_SIZE, 0); - SetSocketBufferSize(pipe[1], SO_SNDBUF, "SO_SNDBUF", SOCKBUF_SIZE, 0); - SetSocketBufferSize(pipe[1], SO_RCVBUF, "SO_RCVBUF", SOCKBUF_SIZE, 0); - - child_pid = 0; - - int pid = fork(); - - if ( pid < 0 ) - { - Error(fmt("can't fork: %s", strerror(errno))); - return; - } - - if ( pid > 0 ) - { - // Parent - child_pid = pid; - - io = new ChunkedIOFd(pipe[0], "parent->child", child_pid); - if ( ! io->Init() ) - { - Error(fmt("can't init child io: %s", io->Error())); - exit(1); // FIXME: Better way to handle this? - } - - safe_close(pipe[1]); - - return; - } - else - { // child - SocketComm child; - - ChunkedIOFd* io = - new ChunkedIOFd(pipe[1], "child->parent", getppid()); - if ( ! io->Init() ) - { - Error(fmt("can't init parent io: %s", io->Error())); - exit(1); - } - - child.SetParentIO(io); - safe_close(pipe[0]); - - // Close file descriptors. - safe_close(0); - safe_close(1); - safe_close(2); - - // Be nice. - setpriority(PRIO_PROCESS, 0, 5); - - child.Run(); - reporter->InternalError("cannot be reached"); - } - } - -RemoteSerializer::PeerID RemoteSerializer::Connect(const IPAddr& ip, - const string& zone_id, uint16 port, const char* our_class, double retry, - bool use_ssl) - { - if ( ! using_communication ) - return true; - - if ( ! initialized ) - reporter->InternalError("remote serializer not initialized"); - - if ( ! child_pid ) - Fork(); - - Peer* p = AddPeer(ip, port); - p->orig = true; - - if ( our_class ) - p->our_class = our_class; - - const size_t BUFSIZE = 1024; - char* data = new char[BUFSIZE]; - snprintf(data, BUFSIZE, - "%" PRI_PTR_COMPAT_UINT",%s,%s,%" PRIu16",%" PRIu32",%d", p->id, - ip.AsString().c_str(), zone_id.c_str(), port, uint32(retry), - use_ssl); - - if ( ! SendToChild(MSG_CONNECT_TO, p, data) ) - { - RemovePeer(p); - return false; - } - - p->state = Peer::PENDING; - return p->id; - } - -bool RemoteSerializer::CloseConnection(PeerID id) - { - if ( ! using_communication ) - return true; - - Peer* peer = LookupPeer(id, true); - if ( ! peer ) - { - reporter->Error("unknown peer id %d for closing connection", int(id)); - return false; - } - - return CloseConnection(peer); - } - -bool RemoteSerializer::CloseConnection(Peer* peer) - { - if ( peer->suspended_processing ) - { - net_continue_processing(); - peer->suspended_processing = false; - } - - if ( peer->state == Peer::CLOSING ) - return true; - - FlushPrintBuffer(peer); - FlushLogBuffer(peer); - - Log(LogInfo, "closing connection", peer); - - peer->state = Peer::CLOSING; - return SendToChild(MSG_CLOSE, peer, 0); - } - -bool RemoteSerializer::RequestSync(PeerID id, bool auth) - { - if ( ! using_communication ) - return true; - - Peer* peer = LookupPeer(id, true); - if ( ! peer ) - { - reporter->Error("unknown peer id %d for request sync", int(id)); - return false; - } - - if ( peer->phase != Peer::HANDSHAKE ) - { - reporter->Error("can't request sync from peer; wrong phase %d", - peer->phase); - return false; - } - - if ( ! SendToChild(MSG_REQUEST_SYNC, peer, 1, auth ? 1 : 0) ) - return false; - - peer->sync_requested |= Peer::WE | (auth ? Peer::AUTH_WE : 0); - - return true; - } - -bool RemoteSerializer::RequestLogs(PeerID id) - { - if ( ! using_communication ) - return true; - - Peer* peer = LookupPeer(id, true); - if ( ! peer ) - { - reporter->Error("unknown peer id %d for request logs", int(id)); - return false; - } - - if ( peer->phase != Peer::HANDSHAKE ) - { - reporter->Error("can't request logs from peer; wrong phase %d", - peer->phase); - return false; - } - - if ( ! SendToChild(MSG_REQUEST_LOGS, peer, 0) ) - return false; - - return true; - } - -bool RemoteSerializer::RequestEvents(PeerID id, RE_Matcher* pattern) - { - if ( ! using_communication ) - return true; - - Peer* peer = LookupPeer(id, true); - if ( ! peer ) - { - reporter->Error("unknown peer id %d for request sync", int(id)); - return false; - } - - if ( peer->phase != Peer::HANDSHAKE ) - { - reporter->Error("can't request events from peer; wrong phase %d", - peer->phase); - return false; - } - - EventRegistry::string_list* handlers = event_registry->Match(pattern); - - // Concat the handlers' names. - int len = 0; - loop_over_list(*handlers, i) - len += strlen((*handlers)[i]) + 1; - - if ( ! len ) - { - Log(LogInfo, "warning: no events to request"); - delete handlers; - return true; - } - - char* data = new char[len]; - char* d = data; - loop_over_list(*handlers, j) - { - for ( const char* p = (*handlers)[j]; *p; *d++ = *p++ ) - ; - *d++ = '\0'; - } - - delete handlers; - - return SendToChild(MSG_REQUEST_EVENTS, peer, data, len); - } - -bool RemoteSerializer::SetAcceptState(PeerID id, bool accept) - { - Peer* p = LookupPeer(id, false); - if ( ! p ) - return true; - - p->accept_state = accept; - return true; - } - -bool RemoteSerializer::SetCompressionLevel(PeerID id, int level) - { - Peer* p = LookupPeer(id, false); - if ( ! p ) - return true; - - p->comp_level = level; - return true; - } - -bool RemoteSerializer::CompleteHandshake(PeerID id) - { - Peer* p = LookupPeer(id, false); - if ( ! p ) - return true; - - if ( p->phase != Peer::HANDSHAKE ) - { - reporter->Error("can't complete handshake; wrong phase %d", - p->phase); - return false; - } - - p->handshake_done |= Peer::WE; - - if ( ! SendToChild(MSG_PHASE_DONE, p, 0) ) - return false; - - if ( p->handshake_done == Peer::BOTH ) - HandshakeDone(p); - - return true; - } - -bool RemoteSerializer::SendCall(SerialInfo* info, PeerID id, - const char* name, val_list* vl) - { - if ( ! using_communication || terminating ) - return true; - - Peer* peer = LookupPeer(id, true); - if ( ! peer ) - return false; - - return SendCall(info, peer, name, vl); - } - -bool RemoteSerializer::SendCall(SerialInfo* info, Peer* peer, - const char* name, val_list* vl) - { - if ( peer->phase != Peer::RUNNING || terminating ) - return false; - - ++stats.events.out; - SetCache(peer->cache_out); - SetupSerialInfo(info, peer); - - if ( ! Serialize(info, name, vl) ) - { - FatalError(io->Error()); - return false; - } - - return true; - } - -bool RemoteSerializer::SendCall(SerialInfo* info, const char* name, - val_list* vl) - { - if ( ! IsOpen() || ! PropagateAccesses() || terminating ) - return true; - - loop_over_list(peers, i) - { - // Do not send event back to originating peer. - if ( peers[i] == current_peer ) - continue; - - SerialInfo new_info(*info); - if ( ! SendCall(&new_info, peers[i], name, vl) ) - return false; - } - - return true; - } - -bool RemoteSerializer::SendAccess(SerialInfo* info, Peer* peer, - const StateAccess& access) - { - if ( ! (peer->sync_requested & Peer::PEER) || terminating ) - return true; - -#ifdef DEBUG - ODesc desc; - access.Describe(&desc); - DBG_LOG(DBG_COMM, "Sending %s", desc.Description()); -#endif - - ++stats.accesses.out; - SetCache(peer->cache_out); - SetupSerialInfo(info, peer); - info->globals_as_names = true; - - if ( ! Serialize(info, access) ) - { - FatalError(io->Error()); - return false; - } - - return true; - } - -bool RemoteSerializer::SendAccess(SerialInfo* info, PeerID pid, - const StateAccess& access) - { - Peer* p = LookupPeer(pid, false); - if ( ! p ) - return true; - - return SendAccess(info, p, access); - } - -bool RemoteSerializer::SendAccess(SerialInfo* info, const StateAccess& access) - { - if ( ! IsOpen() || ! PropagateAccesses() || terminating ) - return true; - - // A real broadcast would be nice here. But the different peers have - // different serialization caches, so we cannot simply send the same - // serialization to all of them ... - loop_over_list(peers, i) - { - // Do not send access back to originating peer. - if ( peers[i] == source_peer ) - continue; - - // Only sent accesses for fully setup peers. - if ( peers[i]->phase != Peer::RUNNING ) - continue; - - SerialInfo new_info(*info); - if ( ! SendAccess(&new_info, peers[i], access) ) - return false; - } - - return true; - } - -bool RemoteSerializer::SendAllSynchronized(Peer* peer, SerialInfo* info) - { - // FIXME: When suspending ID serialization works, remove! - DisableSuspend suspend(info); - - current_peer = peer; - - Continuation* cont = &info->cont; - ptr_compat_int index; - - if ( info->cont.NewInstance() ) - { - Log(LogInfo, "starting to send full state", peer); - index = 0; - } - - else - { - index = int(ptr_compat_int(cont->RestoreState())); - if ( ! cont->ChildSuspended() ) - cont->Resume(); - } - - for ( ; index < sync_ids.length(); ++index ) - { - if ( ! sync_ids[index]->ID_Val() ) - { -#ifdef DEBUG - DBG_LOG(DBG_COMM, "Skip sync of ID with null value: %s\n", - sync_ids[index]->Name()); -#endif - continue; - } - cont->SaveContext(); - - StateAccess sa(OP_ASSIGN, sync_ids[index], - sync_ids[index]->ID_Val()); - // FIXME: When suspending ID serialization works, we need to - // addsupport to StateAccesses, too. - bool result = SendAccess(info, peer, sa); - cont->RestoreContext(); - - if ( ! result ) - return false; - - if ( cont->ChildSuspended() || info->may_suspend ) - { - double t = network_time + state_write_delay; - timer_mgr->Add(new IncrementalSendTimer(t, peer, info)); - - cont->SaveState((void*) index); - if ( info->may_suspend ) - cont->Suspend(); - - return true; - } - } - - if ( ! SendToChild(MSG_PHASE_DONE, peer, 0) ) - return false; - - suspend.Release(); - delete info; - - Log(LogInfo, "done sending full state", peer); - - return EnterPhaseRunning(peer); - } - -bool RemoteSerializer::SendID(SerialInfo* info, Peer* peer, const ID& id) - { - if ( terminating ) - return true; - - // FIXME: When suspending ID serialization works, remove! - DisableSuspend suspend(info); - - if ( info->cont.NewInstance() ) - ++stats.ids.out; - - SetCache(peer->cache_out); - SetupSerialInfo(info, peer); - info->cont.SaveContext(); - bool result = Serialize(info, id); - info->cont.RestoreContext(); - - if ( ! result ) - { - FatalError(io->Error()); - return false; - } - - return true; - } - -bool RemoteSerializer::SendID(SerialInfo* info, PeerID pid, const ID& id) - { - if ( ! using_communication || terminating ) - return true; - - Peer* peer = LookupPeer(pid, true); - if ( ! peer ) - return false; - - if ( peer->phase != Peer::RUNNING ) - return false; - - return SendID(info, peer, id); - } - -bool RemoteSerializer::SendConnection(SerialInfo* info, PeerID id, - const Connection& c) - { - if ( ! using_communication || terminating ) - return true; - - Peer* peer = LookupPeer(id, true); - if ( ! peer ) - return false; - - if ( peer->phase != Peer::RUNNING ) - return false; - - ++stats.conns.out; - SetCache(peer->cache_out); - SetupSerialInfo(info, peer); - - if ( ! Serialize(info, c) ) - { - FatalError(io->Error()); - return false; - } - - return true; - } - -bool RemoteSerializer::SendCaptureFilter(PeerID id, const char* filter) - { - if ( ! using_communication || terminating ) - return true; - - Peer* peer = LookupPeer(id, true); - if ( ! peer ) - return false; - - if ( peer->phase != Peer::HANDSHAKE ) - { - reporter->Error("can't sent capture filter to peer; wrong phase %d", peer->phase); - return false; - } - - return SendToChild(MSG_CAPTURE_FILTER, peer, copy_string(filter)); - } - -bool RemoteSerializer::SendPacket(SerialInfo* info, const Packet& p) - { - if ( ! IsOpen() || !PropagateAccesses() || terminating ) - return true; - - loop_over_list(peers, i) - { - // Only sent packet for fully setup peers. - if ( peers[i]->phase != Peer::RUNNING ) - continue; - - SerialInfo new_info(*info); - if ( ! SendPacket(&new_info, peers[i], p) ) - return false; - } - - return true; - } - -bool RemoteSerializer::SendPacket(SerialInfo* info, PeerID id, const Packet& p) - { - if ( ! using_communication || terminating ) - return true; - - Peer* peer = LookupPeer(id, true); - if ( ! peer ) - return false; - - return SendPacket(info, peer, p); - } - -bool RemoteSerializer::SendPacket(SerialInfo* info, Peer* peer, const Packet& p) - { - ++stats.packets.out; - SetCache(peer->cache_out); - SetupSerialInfo(info, peer); - - if ( ! Serialize(info, p) ) - { - FatalError(io->Error()); - return false; - } - - return true; - } - -bool RemoteSerializer::SendPing(PeerID id, uint32 seq) - { - if ( ! using_communication || terminating ) - return true; - - Peer* peer = LookupPeer(id, true); - if ( ! peer ) - return false; - - char* data = new char[sizeof(ping_args)]; - - ping_args* args = (ping_args*) data; - args->seq = htonl(seq); - args->time1 = htond(current_time(true)); - args->time2 = 0; - args->time3 = 0; - - return SendToChild(MSG_PING, peer, data, sizeof(ping_args)); - } - -bool RemoteSerializer::SendCapabilities(Peer* peer) - { - if ( peer->phase != Peer::HANDSHAKE ) - { - reporter->Error("can't sent capabilties to peer; wrong phase %d", - peer->phase); - return false; - } - - uint32 caps = 0; - - caps |= Peer::COMPRESSION; - caps |= Peer::PID_64BIT; - caps |= Peer::NEW_CACHE_STRATEGY; - - return SendToChild(MSG_CAPS, peer, 3, caps, 0, 0); - } - -bool RemoteSerializer::Listen(const IPAddr& ip, uint16 port, bool expect_ssl, - bool ipv6, const string& zone_id, double retry) - { - if ( ! using_communication ) - return true; - - if ( ! initialized ) - reporter->InternalError("remote serializer not initialized"); - - if ( ! ipv6 && ip.GetFamily() == IPv6 && - ip != IPAddr("0.0.0.0") && ip != IPAddr("::") ) - reporter->FatalError("Attempt to listen on address %s, but IPv6 " - "communication disabled", ip.AsString().c_str()); - - const size_t BUFSIZE = 1024; - char* data = new char[BUFSIZE]; - snprintf(data, BUFSIZE, "%s,%" PRIu16",%d,%d,%s,%" PRIu32, - ip.AsString().c_str(), port, expect_ssl, ipv6, zone_id.c_str(), - (uint32) retry); - - if ( ! SendToChild(MSG_LISTEN, 0, data) ) - return false; - - listening = true; - SetClosed(false); - return true; - } - -void RemoteSerializer::SendSyncPoint(uint32 point) - { - if ( ! (remote_trace_sync_interval && pseudo_realtime) || terminating ) - return; - - current_sync_point = point; - - loop_over_list(peers, i) - if ( peers[i]->phase == Peer::RUNNING && - ! SendToChild(MSG_SYNC_POINT, peers[i], - 1, current_sync_point) ) - return; - - if ( ! syncing_times ) - { - Log(LogInfo, "waiting for peers"); - syncing_times = true; - - loop_over_list(peers, i) - { - // Need to do this once per peer to correctly - // track the number of suspend calls. - net_suspend_processing(); - peers[i]->suspended_processing = true; - } - } - - CheckSyncPoints(); - } - -uint32 RemoteSerializer::SendSyncPoint() - { - Log(LogInfo, fmt("reached sync-point %u", current_sync_point)); - SendSyncPoint(current_sync_point + 1); - return current_sync_point; - } - -void RemoteSerializer::SendFinalSyncPoint() - { - Log(LogInfo, fmt("reached end of trace, sending final sync point")); - SendSyncPoint(FINAL_SYNC_POINT); - } - -bool RemoteSerializer::Terminate() - { - loop_over_list(peers, i) - { - FlushPrintBuffer(peers[i]); - FlushLogBuffer(peers[i]); - } - - Log(LogInfo, fmt("terminating...")); - - return terminating = SendToChild(MSG_TERMINATE, 0, 0); - } - -bool RemoteSerializer::StopListening() - { - if ( ! listening ) - return true; - - if ( ! SendToChild(MSG_LISTEN_STOP, 0, 0) ) - return false; - - listening = false; - SetClosed(! IsActive()); - return true; - } - -void RemoteSerializer::Register(ID* id) - { - DBG_LOG(DBG_STATE, "&synchronized %s", id->Name()); - Unregister(id); - Ref(id); - sync_ids.append(id); - } - -void RemoteSerializer::Unregister(ID* id) - { - loop_over_list(sync_ids, i) - if ( streq(sync_ids[i]->Name(), id->Name()) ) - { - Unref(sync_ids[i]); - sync_ids.remove_nth(i); - break; - } - } - -void RemoteSerializer::GetFds(iosource::FD_Set* read, iosource::FD_Set* write, - iosource::FD_Set* except) - { - read->Insert(io->Fd()); - read->Insert(io->ExtraReadFDs()); - - if ( io->CanWrite() ) - write->Insert(io->Fd()); - } - -double RemoteSerializer::NextTimestamp(double* local_network_time) - { - Poll(false); - - if ( received_logs > 0 ) - { - // If we processed logs last time, assume there's more. - SetIdle(false); - received_logs = 0; - return timer_mgr->Time(); - } - - double et = events.length() ? events[0]->time : -1; - double pt = packets.length() ? packets[0]->time : -1; - - if ( ! et ) - et = timer_mgr->Time(); - - if ( ! pt ) - pt = timer_mgr->Time(); - - if ( packets.length() ) - SetIdle(false); - - if ( et >= 0 && (et < pt || pt < 0) ) - return et; - - if ( pt >= 0 ) - { - // Return packet time as network time. - *local_network_time = packets[0]->p->time; - return pt; - } - - return -1; - } - -TimerMgr::Tag* RemoteSerializer::GetCurrentTag() - { - return packets.length() ? &packets[0]->p->tag : 0; - } - -void RemoteSerializer::Process() - { - Poll(false); - - int i = 0; - while ( events.length() ) - { - if ( max_remote_events_processed && - ++i > max_remote_events_processed ) - break; - - BufferedEvent* be = events[0]; - ::Event* event = new ::Event(be->handler, std::move(*be->args), be->src); - delete be->args; - be->args = nullptr; - - Peer* old_current_peer = current_peer; - // Prevent the source peer from getting the event back. - current_peer = LookupPeer(be->src, true); // may be null. - mgr.Dispatch(event, ! forward_remote_events); - current_peer = old_current_peer; - - assert(events[0] == be); - delete be; - events.remove_nth(0); - } - - // We shouldn't pass along more than one packet, as otherwise the - // timer mgr will not advance. - if ( packets.length() ) - { - BufferedPacket* bp = packets[0]; - const Packet* p = bp->p; - - // FIXME: The following chunk of code is copied from - // net_packet_dispatch(). We should change that function - // to accept an IOSource instead of the PktSrc. - net_update_time(p->time); - - SegmentProfiler(segment_logger, "expiring-timers"); - TimerMgr* tmgr = sessions->LookupTimerMgr(GetCurrentTag()); - current_dispatched = - tmgr->Advance(network_time, max_timer_expires); - - current_pkt = p; - current_pktsrc = 0; - current_iosrc = this; - sessions->NextPacket(p->time, p); - mgr.Drain(); - - current_pkt = 0; - current_iosrc = 0; - - delete p; - delete bp; - packets.remove_nth(0); - } - - if ( packets.length() ) - SetIdle(false); - } - -void RemoteSerializer::Finish() - { - if ( ! using_communication ) - return; - - do - Poll(true); - while ( io->CanWrite() ); - - loop_over_list(peers, i) - { - CloseConnection(peers[i]); - } - } - -bool RemoteSerializer::Poll(bool may_block) - { - if ( ! child_pid ) - return true; - - // See if there's any peer waiting for initial state synchronization. - if ( sync_pending.length() && ! in_sync ) - { - Peer* p = sync_pending[0]; - sync_pending.remove_nth(0); - HandshakeDone(p); - } - - io->Flush(); - SetIdle(false); - - switch ( msgstate ) { - case TYPE: - { - current_peer = 0; - current_msgtype = MSG_NONE; - - // CMsg follows - ChunkedIO::Chunk* c; - READ_CHUNK_FROM_CHILD(c); - - CMsg* msg = (CMsg*) c->data; - current_peer = LookupPeer(msg->Peer(), false); - current_id = msg->Peer(); - current_msgtype = msg->Type(); - current_args = 0; - - delete c; - - switch ( current_msgtype ) { - case MSG_CLOSE: - case MSG_CLOSE_ALL: - case MSG_LISTEN_STOP: - case MSG_PHASE_DONE: - case MSG_TERMINATE: - case MSG_DEBUG_DUMP: - case MSG_REQUEST_LOGS: - { - // No further argument chunk. - msgstate = TYPE; - return DoMessage(); - } - case MSG_VERSION: - case MSG_SERIAL: - case MSG_ERROR: - case MSG_CONNECT_TO: - case MSG_CONNECTED: - case MSG_REQUEST_EVENTS: - case MSG_REQUEST_SYNC: - case MSG_LISTEN: - case MSG_STATS: - case MSG_CAPTURE_FILTER: - case MSG_PING: - case MSG_PONG: - case MSG_CAPS: - case MSG_COMPRESS: - case MSG_LOG: - case MSG_SYNC_POINT: - case MSG_REMOTE_PRINT: - case MSG_LOG_CREATE_WRITER: - case MSG_LOG_WRITE: - { - // One further argument chunk. - msgstate = ARGS; - return Poll(may_block); - } - - case MSG_NONE: - InternalCommError(fmt("unexpected msg type %d", - current_msgtype)); - return true; - - default: - InternalCommError(fmt("unknown msg type %d in Poll()", - current_msgtype)); - return true; - } - } - - case ARGS: - { - // Argument chunk follows. - ChunkedIO::Chunk* c; - READ_CHUNK_FROM_CHILD(c); - - current_args = c; - msgstate = TYPE; - bool result = DoMessage(); - - delete current_args; - current_args = 0; - - return result; - } - - default: - reporter->InternalError("unknown msgstate"); - } - - reporter->InternalError("cannot be reached"); - return false; - } - -bool RemoteSerializer::DoMessage() - { - if ( current_peer && - (current_peer->state == Peer::CLOSING || - current_peer->state == Peer::CLOSED) && - is_peer_msg(current_msgtype) ) - { - // We shut the connection to this peer down, - // so we ignore all further messages. - DEBUG_COMM(fmt("parent: ignoring %s due to shutdown of peer #%" PRI_SOURCE_ID, - msgToStr(current_msgtype), - current_peer ? current_peer->id : 0)); - return true; - } - - DEBUG_COMM(fmt("parent: %s from child; peer is #%" PRI_SOURCE_ID, - msgToStr(current_msgtype), - current_peer ? current_peer->id : 0)); - - if ( current_peer && - (current_msgtype < 0 || current_msgtype > MSG_ID_MAX) ) - { - Log(LogError, "garbage message from peer, shutting down", - current_peer); - CloseConnection(current_peer); - return true; - } - - // As long as we haven't finished the version - // handshake, no other messages than MSG_VERSION - // are allowed from peer. - if ( current_peer && current_peer->phase == Peer::SETUP && - is_peer_msg(current_msgtype) && current_msgtype != MSG_VERSION ) - { - Log(LogError, "peer did not send version", current_peer); - CloseConnection(current_peer); - return true; - } - - switch ( current_msgtype ) { - case MSG_CLOSE: - PeerDisconnected(current_peer); - return true; - - case MSG_CONNECTED: - return ProcessConnected(); - - case MSG_SERIAL: - return ProcessSerialization(); - - case MSG_REQUEST_EVENTS: - return ProcessRequestEventsMsg(); - - case MSG_REQUEST_SYNC: - return ProcessRequestSyncMsg(); - - case MSG_PHASE_DONE: - return ProcessPhaseDone(); - - case MSG_ERROR: - return ProcessLogMsg(true); - - case MSG_LOG: - return ProcessLogMsg(false); - - case MSG_STATS: - return ProcessStatsMsg(); - - case MSG_CAPTURE_FILTER: - return ProcessCaptureFilterMsg(); - - case MSG_VERSION: - return ProcessVersionMsg(); - - case MSG_PING: - return ProcessPingMsg(); - - case MSG_PONG: - return ProcessPongMsg(); - - case MSG_CAPS: - return ProcessCapsMsg(); - - case MSG_SYNC_POINT: - return ProcessSyncPointMsg(); - - case MSG_TERMINATE: - assert(terminating); - iosource_mgr->Terminate(); - return true; - - case MSG_REMOTE_PRINT: - return ProcessRemotePrint(); - - case MSG_LOG_CREATE_WRITER: - return ProcessLogCreateWriter(); - - case MSG_LOG_WRITE: - return ProcessLogWrite(); - - case MSG_REQUEST_LOGS: - return ProcessRequestLogs(); - - default: - DEBUG_COMM(fmt("unexpected msg type: %d", - int(current_msgtype))); - InternalCommError(fmt("unexpected msg type in DoMessage(): %d", - int(current_msgtype))); - return true; // keep going - } - - reporter->InternalError("cannot be reached"); - return false; - } - -void RemoteSerializer::PeerDisconnected(Peer* peer) - { - assert(peer); - - if ( peer->suspended_processing ) - { - net_continue_processing(); - peer->suspended_processing = false; - } - - if ( peer->state == Peer::CLOSED || peer->state == Peer::INIT ) - return; - - if ( peer->state == Peer::PENDING ) - { - peer->state = Peer::CLOSED; - Log(LogError, "could not connect", peer); - return; - } - - Log(LogInfo, "peer disconnected", peer); - - if ( peer->phase != Peer::SETUP ) - RaiseEvent(remote_connection_closed, peer); - - if ( in_sync == peer ) - in_sync = 0; - - peer->state = Peer::CLOSED; - peer->phase = Peer::UNKNOWN; - peer->cache_in->Clear(); - peer->cache_out->Clear(); - UnregisterHandlers(peer); - } - -void RemoteSerializer::PeerConnected(Peer* peer) - { - if ( peer->state == Peer::CONNECTED ) - return; - - peer->state = Peer::CONNECTED; - peer->phase = Peer::SETUP; - peer->sent_version = Peer::NONE; - peer->sync_requested = Peer::NONE; - peer->handshake_done = Peer::NONE; - - peer->cache_in->Clear(); - peer->cache_out->Clear(); - peer->our_runtime = int(current_time(true) - bro_start_time); - peer->sync_point = 0; - peer->logs_requested = false; - - if ( ! SendCMsgToChild(MSG_VERSION, peer) ) - return; - - int len = 4 * sizeof(uint32) + peer->our_class.size() + 1; - char* data = new char[len]; - uint32* args = (uint32*) data; - - *args++ = htonl(PROTOCOL_VERSION); - *args++ = htonl(peer->cache_out->GetMaxCacheSize()); - *args++ = htonl(DATA_FORMAT_VERSION); - *args++ = htonl(peer->our_runtime); - strcpy((char*) args, peer->our_class.c_str()); - - ChunkedIO::Chunk* c = new ChunkedIO::Chunk(data, len); - - if ( peer->our_class.size() ) - Log(LogInfo, fmt("sending class \"%s\"", peer->our_class.c_str()), peer); - - if ( ! SendToChild(c) ) - { - Log(LogError, "can't send version message"); - CloseConnection(peer); - return; - } - - peer->sent_version |= Peer::WE; - Log(LogInfo, "peer connected", peer); - Log(LogInfo, "phase: version", peer); - } - -RecordVal* RemoteSerializer::MakePeerVal(Peer* peer) - { - RecordVal* v = new RecordVal(::peer); - v->Assign(0, val_mgr->GetCount(uint32(peer->id))); - // Sic! Network order for AddrVal, host order for PortVal. - v->Assign(1, new AddrVal(peer->ip)); - v->Assign(2, val_mgr->GetPort(peer->port, TRANSPORT_TCP)); - v->Assign(3, val_mgr->GetFalse()); - v->Assign(4, val_mgr->GetEmptyString()); // set when received - v->Assign(5, peer->peer_class.size() ? - new StringVal(peer->peer_class.c_str()) : 0); - return v; - } - -RemoteSerializer::Peer* RemoteSerializer::AddPeer(const IPAddr& ip, uint16 port, - PeerID id) - { - Peer* peer = new Peer; - peer->id = id != PEER_NONE ? id : id_counter++; - peer->ip = ip; - peer->port = port; - peer->state = Peer::INIT; - peer->phase = Peer::UNKNOWN; - peer->sent_version = Peer::NONE; - peer->sync_requested = Peer::NONE; - peer->handshake_done = Peer::NONE; - peer->orig = false; - peer->accept_state = false; - peer->send_state = false; - peer->logs_requested = false; - peer->caps = 0; - peer->comp_level = 0; - peer->suspended_processing = false; - peer->caps = 0; - peer->val = MakePeerVal(peer); - peer->cache_in = new SerializationCache(MAX_CACHE_SIZE); - peer->cache_out = new SerializationCache(MAX_CACHE_SIZE); - peer->sync_point = 0; - peer->print_buffer = 0; - peer->print_buffer_used = 0; - peer->log_buffer = new char[LOG_BUFFER_SIZE]; - peer->log_buffer_used = 0; - - peers.append(peer); - Log(LogInfo, "added peer", peer); - - return peer; - } - -void RemoteSerializer::UnregisterHandlers(Peer* peer) - { - // Unregister the peers for the EventHandlers. - loop_over_list(peer->handlers, i) - { - peer->handlers[i]->RemoveRemoteHandler(peer->id); - } - } - -void RemoteSerializer::RemovePeer(Peer* peer) - { - if ( peer->suspended_processing ) - { - net_continue_processing(); - peer->suspended_processing = false; - } - - peers.remove(peer); - UnregisterHandlers(peer); - - Log(LogInfo, "removed peer", peer); - - int id = peer->id; - Unref(peer->val); - delete [] peer->print_buffer; - delete [] peer->log_buffer; - delete peer->cache_in; - delete peer->cache_out; - delete peer; - - SetClosed(! IsActive()); - - if ( in_sync == peer ) - in_sync = 0; - } - -RemoteSerializer::Peer* RemoteSerializer::LookupPeer(PeerID id, - bool only_if_connected) - { - Peer* peer = 0; - loop_over_list(peers, i) - if ( peers[i]->id == id ) - { - peer = peers[i]; - break; - } - - if ( ! only_if_connected || (peer && peer->state == Peer::CONNECTED) ) - return peer; - else - return 0; - } - -bool RemoteSerializer::ProcessVersionMsg() - { - uint32* args = (uint32*) current_args->data; - uint32 version = ntohl(args[0]); - uint32 data_version = ntohl(args[2]); - - if ( PROTOCOL_VERSION != version ) - { - Log(LogError, fmt("remote protocol version mismatch: got %d, but expected %d", - version, PROTOCOL_VERSION), current_peer); - CloseConnection(current_peer); - return true; - } - - // For backwards compatibility, data_version may be null. - if ( data_version && DATA_FORMAT_VERSION != data_version ) - { - Log(LogError, fmt("remote data version mismatch: got %d, but expected %d", - data_version, DATA_FORMAT_VERSION), - current_peer); - CloseConnection(current_peer); - return true; - } - - uint32 cache_size = ntohl(args[1]); - current_peer->cache_in->SetMaxCacheSize(cache_size); - current_peer->runtime = ntohl(args[3]); - - current_peer->sent_version |= Peer::PEER; - - if ( current_args->len > 4 * sizeof(uint32) ) - { - // The peer sends us a class string. - const char* pclass = (const char*) &args[4]; - current_peer->peer_class = pclass; - if ( *pclass ) - Log(LogInfo, fmt("peer sent class \"%s\"", pclass), current_peer); - if ( current_peer->val ) - current_peer->val->Assign(5, new StringVal(pclass)); - } - - assert(current_peer->sent_version == Peer::BOTH); - current_peer->phase = Peer::HANDSHAKE; - Log(LogInfo, "phase: handshake", current_peer); - - if ( ! SendCapabilities(current_peer) ) - return false; - - RaiseEvent(remote_connection_established, current_peer); - - return true; - } - -bool RemoteSerializer::EnterPhaseRunning(Peer* peer) - { - if ( in_sync == peer ) - in_sync = 0; - - peer->phase = Peer::RUNNING; - Log(LogInfo, "phase: running", peer); - RaiseEvent(remote_connection_handshake_done, peer); - - if ( remote_trace_sync_interval ) - { - loop_over_list(peers, i) - { - if ( ! SendToChild(MSG_SYNC_POINT, peers[i], - 1, current_sync_point) ) - return false; - } - } - - return true; - } - -bool RemoteSerializer::ProcessConnected() - { - // IP and port follow. - vector args = tokenize(current_args->data, ','); - - if ( args.size() != 2 ) - { - InternalCommError("ProcessConnected() bad number of arguments"); - return false; - } - - IPAddr host = IPAddr(args[0]); - uint16 port; - - if ( ! atoi_n(args[1].size(), args[1].c_str(), 0, 10, port) ) - { - InternalCommError("ProcessConnected() bad peer port string"); - return false; - } - - if ( ! current_peer ) - { - // The other side connected to one of our listening ports. - current_peer = AddPeer(host, port, current_id); - current_peer->orig = false; - } - else if ( current_peer->orig ) - { - // It's a successful retry. - current_peer->port = port; - current_peer->accept_state = false; - Unref(current_peer->val); - current_peer->val = MakePeerVal(current_peer); - } - - PeerConnected(current_peer); - - ID* descr = global_scope()->Lookup("peer_description"); - if ( ! descr ) - reporter->InternalError("peer_description not defined"); - - SerialInfo info(this); - SendID(&info, current_peer, *descr); - - return true; - } - -bool RemoteSerializer::ProcessRequestEventsMsg() - { - if ( ! current_peer ) - return false; - - // Register new handlers. - char* p = current_args->data; - while ( p < current_args->data + current_args->len ) - { - EventHandler* handler = event_registry->Lookup(p); - if ( handler ) - { - handler->AddRemoteHandler(current_peer->id); - current_peer->handlers.append(handler); - RaiseEvent(remote_event_registered, current_peer, p); - Log(LogInfo, fmt("registered for event %s", p), - current_peer); - - // If the other side requested the print_hook event, - // we initialize the buffer. - if ( current_peer->print_buffer == 0 && - streq(p, "print_hook") ) - { - current_peer->print_buffer = - new char[PRINT_BUFFER_SIZE]; - current_peer->print_buffer_used = 0; - Log(LogInfo, "initialized print buffer", - current_peer); - } - } - else - Log(LogInfo, fmt("request for unknown event %s", p), - current_peer); - - p += strlen(p) + 1; - } - - return true; - } - -bool RemoteSerializer::ProcessRequestSyncMsg() - { - if ( ! current_peer ) - return false; - - int auth = 0; - uint32* args = (uint32*) current_args->data; - if ( ntohl(args[0]) != 0 ) - { - Log(LogInfo, "peer considers its state authoritative", current_peer); - auth = Peer::AUTH_PEER; - } - - current_peer->sync_requested |= Peer::PEER | auth; - return true; - } - -bool RemoteSerializer::ProcessRequestLogs() - { - if ( ! current_peer ) - return false; - - Log(LogInfo, "peer requested logs", current_peer); - - current_peer->logs_requested = true; - return true; - } - -bool RemoteSerializer::ProcessPhaseDone() - { - switch ( current_peer->phase ) { - case Peer::HANDSHAKE: - { - current_peer->handshake_done |= Peer::PEER; - - if ( current_peer->handshake_done == Peer::BOTH ) - HandshakeDone(current_peer); - break; - } - - case Peer::SYNC: - { - // Make sure that the other side is supposed to sent us this. - if ( current_peer->send_state ) - { - Log(LogError, "unexpected phase_done in sync phase from peer", current_peer); - CloseConnection(current_peer); - return false; - } - - if ( ! EnterPhaseRunning(current_peer) ) - { - if ( current_peer->suspended_processing ) - { - net_continue_processing(); - current_peer->suspended_processing = false; - } - - return false; - } - - if ( current_peer->suspended_processing ) - { - net_continue_processing(); - current_peer->suspended_processing = false; - } - - break; - } - - default: - Log(LogError, "unexpected phase_done", current_peer); - CloseConnection(current_peer); - } - - return true; - } - -bool RemoteSerializer::HandshakeDone(Peer* peer) - { - if ( peer->caps & Peer::COMPRESSION && peer->comp_level > 0 ) - if ( ! SendToChild(MSG_COMPRESS, peer, 1, peer->comp_level) ) - return false; - - if ( ! (peer->caps & Peer::PID_64BIT) ) - Log(LogInfo, "peer does not support 64bit PIDs; using compatibility mode", peer); - - if ( (peer->caps & Peer::NEW_CACHE_STRATEGY) ) - Log(LogInfo, "peer supports keep-in-cache; using that", peer); - - if ( (peer->caps & Peer::BROCCOLI_PEER) ) - Log(LogInfo, "peer is a Broccoli", peer); - - if ( peer->logs_requested ) - log_mgr->SendAllWritersTo(peer->id); - - if ( peer->sync_requested != Peer::NONE ) - { - if ( in_sync ) - { - Log(LogInfo, "another sync in progress, waiting...", - peer); - sync_pending.append(peer); - return true; - } - - if ( (peer->sync_requested & Peer::AUTH_PEER) && - (peer->sync_requested & Peer::AUTH_WE) ) - { - Log(LogError, "misconfiguration: authoritative state on both sides", - current_peer); - CloseConnection(peer); - return false; - } - - in_sync = peer; - peer->phase = Peer::SYNC; - - // If only one side has requested state synchronization, - // it will get all the state from the peer. - // - // If both sides have shown interest, the one considering - // itself authoritative will send the state. If none is - // authoritative, the peer which is running longest sends - // its state. - // - if ( (peer->sync_requested & Peer::BOTH) != Peer::BOTH ) - { - // One side. - if ( peer->sync_requested & Peer::PEER ) - peer->send_state = true; - else if ( peer->sync_requested & Peer::WE ) - peer->send_state = false; - else - reporter->InternalError("illegal sync_requested value"); - } - else - { - // Both. - if ( peer->sync_requested & Peer::AUTH_WE ) - peer->send_state = true; - else if ( peer->sync_requested & Peer::AUTH_PEER ) - peer->send_state = false; - else - { - if ( peer->our_runtime == peer->runtime ) - peer->send_state = peer->orig; - else - peer->send_state = (peer->our_runtime > - peer->runtime); - } - } - - Log(LogInfo, fmt("phase: sync (%s)", (peer->send_state ? "sender" : "receiver")), peer); - - if ( peer->send_state ) - { - SerialInfo* info = new SerialInfo(this); - SendAllSynchronized(peer, info); - } - - else - { - // Suspend until we got everything. - net_suspend_processing(); - peer->suspended_processing = true; - } - } - else - return EnterPhaseRunning(peer); - - return true; - } - -bool RemoteSerializer::ProcessPingMsg() - { - if ( ! current_peer ) - return false; - - if ( ! SendToChild(MSG_PONG, current_peer, - current_args->data, current_args->len) ) - return false; - - return true; - } - -bool RemoteSerializer::ProcessPongMsg() - { - if ( ! current_peer ) - return false; - - ping_args* args = (ping_args*) current_args->data; - - mgr.QueueEvent(remote_pong, { - current_peer->val->Ref(), - val_mgr->GetCount((unsigned int) ntohl(args->seq)), - new Val(current_time(true) - ntohd(args->time1), - TYPE_INTERVAL), - new Val(ntohd(args->time2), TYPE_INTERVAL), - new Val(ntohd(args->time3), TYPE_INTERVAL) - }); - return true; - } - -bool RemoteSerializer::ProcessCapsMsg() - { - if ( ! current_peer ) - return false; - - uint32* args = (uint32*) current_args->data; - current_peer->caps = ntohl(args[0]); - return true; - } - -bool RemoteSerializer::ProcessLogMsg(bool is_error) - { - Log(is_error ? LogError : LogInfo, current_args->data, 0, LogChild); - return true; - } - -bool RemoteSerializer::ProcessStatsMsg() - { - // Take the opportunity to log our stats, too. - LogStats(); - - // Split the concatenated child stats into indiviual log messages. - int count = 0; - for ( char* p = current_args->data; - p < current_args->data + current_args->len; p += strlen(p) + 1 ) - Log(LogInfo, fmt("child statistics: [%d] %s", count++, p), - current_peer); - - return true; - } - -bool RemoteSerializer::ProcessCaptureFilterMsg() - { - if ( ! current_peer ) - return false; - - RaiseEvent(remote_capture_filter, current_peer, current_args->data); - return true; - } - -bool RemoteSerializer::CheckSyncPoints() - { - if ( ! current_sync_point ) - return false; - - int ready = 0; - - loop_over_list(peers, i) - if ( peers[i]->sync_point >= current_sync_point ) - ready++; - - if ( ready < remote_trace_sync_peers ) - return false; - - if ( current_sync_point == FINAL_SYNC_POINT ) - { - Log(LogInfo, fmt("all peers reached final sync-point, going to finish")); - Terminate(); - } - else - Log(LogInfo, fmt("all peers reached sync-point %u", - current_sync_point)); - - if ( syncing_times ) - { - loop_over_list(peers, i) - { - if ( peers[i]->suspended_processing ) - { - net_continue_processing(); - peers[i]->suspended_processing = false; - } - } - - syncing_times = false; - } - - return true; - } - -bool RemoteSerializer::ProcessSyncPointMsg() - { - if ( ! current_peer ) - return false; - - uint32* args = (uint32*) current_args->data; - uint32 count = ntohl(args[0]); - - current_peer->sync_point = max(current_peer->sync_point, count); - - if ( current_peer->sync_point == FINAL_SYNC_POINT ) - Log(LogInfo, fmt("reached final sync-point"), current_peer); - else - Log(LogInfo, fmt("reached sync-point %u", current_peer->sync_point), current_peer); - - if ( syncing_times ) - CheckSyncPoints(); - - return true; - } - -bool RemoteSerializer::ProcessSerialization() - { - if ( current_peer->state == Peer::CLOSING ) - return false; - - SetCache(current_peer->cache_in); - UnserialInfo info(this); - - bool accept_state = current_peer->accept_state; - -#if 0 - // If processing is suspended, we unserialize the data but throw - // it away. - if ( current_peer->phase == Peer::RUNNING && - net_is_processing_suspended() ) - accept_state = false; -#endif - - assert(current_args); - info.chunk = current_args; - - info.install_globals = accept_state; - info.install_conns = accept_state; - info.ignore_callbacks = ! accept_state; - - if ( current_peer->phase != Peer::RUNNING ) - info.id_policy = UnserialInfo::InstantiateNew; - else - info.id_policy = accept_state ? - UnserialInfo::CopyNewToCurrent : - UnserialInfo::Keep; - - if ( ! (current_peer->caps & Peer::PID_64BIT) || - current_peer->phase != Peer::RUNNING ) - info.pid_32bit = true; - - if ( (current_peer->caps & Peer::NEW_CACHE_STRATEGY) && - current_peer->phase == Peer::RUNNING ) - info.new_cache_strategy = true; - - if ( current_peer->caps & Peer::BROCCOLI_PEER ) - info.broccoli_peer = true; - - if ( ! forward_remote_state_changes ) - ignore_accesses = true; - - source_peer = current_peer; - int i = Unserialize(&info); - source_peer = 0; - - if ( ! forward_remote_state_changes ) - ignore_accesses = false; - - if ( i < 0 ) - { - Log(LogError, "unserialization error", current_peer); - CloseConnection(current_peer); - // Error - return false; - } - - return true; - } - -bool RemoteSerializer::FlushPrintBuffer(Peer* p) - { - if ( p->state == Peer::CLOSING ) - return false; - - if ( ! (p->print_buffer && p->print_buffer_used) ) - return true; - - SendToChild(MSG_REMOTE_PRINT, p, p->print_buffer, p->print_buffer_used); - - p->print_buffer = new char[PRINT_BUFFER_SIZE]; - p->print_buffer_used = 0; - return true; - } - -bool RemoteSerializer::SendPrintHookEvent(BroFile* f, const char* txt, size_t len) - { - loop_over_list(peers, i) - { - Peer* p = peers[i]; - - if ( ! p->print_buffer ) - continue; - - const char* fname = f->Name(); - if ( ! fname ) - continue; // not a managed file. - - // We cut off everything after the max buffer size. That - // makes the code a bit easier, and we shouldn't have such - // long lines anyway. - len = min(len, PRINT_BUFFER_SIZE - strlen(fname) - 2); - - // If there's not enough space in the buffer, flush it. - - int need = strlen(fname) + 1 + len + 1; - if ( p->print_buffer_used + need > PRINT_BUFFER_SIZE ) - { - if ( ! FlushPrintBuffer(p) ) - return false; - } - - assert(p->print_buffer_used + need <= PRINT_BUFFER_SIZE); - - char* dst = p->print_buffer + p->print_buffer_used; - strcpy(dst, fname); - dst += strlen(fname) + 1; - memcpy(dst, txt, len); - dst += len; - *dst++ = '\0'; - - p->print_buffer_used = dst - p->print_buffer; - } - - return true; - } - -bool RemoteSerializer::ProcessRemotePrint() - { - if ( current_peer->state == Peer::CLOSING ) - return false; - - const char* p = current_args->data; - while ( p < current_args->data + current_args->len ) - { - const char* fname = p; - p += strlen(p) + 1; - const char* txt = p; - p += strlen(p) + 1; - - val_list* vl = new val_list(2); - BroFile* f = BroFile::GetFile(fname); - Ref(f); - vl->append(new Val(f)); - vl->append(new StringVal(txt)); - GotEvent("print_hook", -1.0, print_hook, vl); - } - - return true; - } - -bool RemoteSerializer::SendLogCreateWriter(EnumVal* id, EnumVal* writer, const logging::WriterBackend::WriterInfo& info, int num_fields, const threading::Field* const * fields) - { - loop_over_list(peers, i) - { - SendLogCreateWriter(peers[i]->id, id, writer, info, num_fields, fields); - } - - return true; - } - -bool RemoteSerializer::SendLogCreateWriter(PeerID peer_id, EnumVal* id, EnumVal* writer, const logging::WriterBackend::WriterInfo& info, int num_fields, const threading::Field* const * fields) - { - SetErrorDescr("logging"); - - ChunkedIO::Chunk* c = 0; - - Peer* peer = LookupPeer(peer_id, true); - if ( ! peer ) - return false; - - if ( peer->phase != Peer::HANDSHAKE && peer->phase != Peer::RUNNING ) - return false; - - if ( ! peer->logs_requested ) - return false; - - BinarySerializationFormat fmt; - - fmt.StartWrite(); - - bool success = fmt.Write(id->AsEnum(), "id") && - fmt.Write(writer->AsEnum(), "writer") && - fmt.Write(num_fields, "num_fields") && - info.Write(&fmt); - - if ( ! success ) - goto error; - - for ( int i = 0; i < num_fields; i++ ) - { - if ( ! fields[i]->Write(&fmt) ) - goto error; - } - - if ( ! SendToChild(MSG_LOG_CREATE_WRITER, peer, 0) ) - goto error; - - c = new ChunkedIO::Chunk; - c->len = fmt.EndWrite(&c->data); - c->free_func = ChunkedIO::Chunk::free_func_free; - - if ( ! SendToChild(c) ) - goto error; - - return true; - -error: - delete c; - - FatalError(io->Error()); - return false; - } - -bool RemoteSerializer::SendLogWrite(EnumVal* id, EnumVal* writer, string path, int num_fields, const threading::Value* const * vals) - { - loop_over_list(peers, i) - { - SendLogWrite(peers[i], id, writer, path, num_fields, vals); - } - - return true; - } - -bool RemoteSerializer::SendLogWrite(Peer* peer, EnumVal* id, EnumVal* writer, string path, int num_fields, const threading::Value* const * vals) - { - if ( peer->phase != Peer::HANDSHAKE && peer->phase != Peer::RUNNING ) - return false; - - if ( ! peer->logs_requested ) - return false; - - if ( ! peer->log_buffer ) - // Peer shutting down. - return false; - - // Serialize the log record entry. - - BinarySerializationFormat fmt; - - fmt.StartWrite(); - - bool success = fmt.Write(id->AsEnum(), "id") && - fmt.Write(writer->AsEnum(), "writer") && - fmt.Write(path, "path") && - fmt.Write(num_fields, "num_fields"); - - if ( ! success ) - goto error; - - for ( int i = 0; i < num_fields; i++ ) - { - if ( ! vals[i]->Write(&fmt) ) - goto error; - } - - // Ok, we have the binary data now. - char* data; - int len; - - len = fmt.EndWrite(&data); - - assert(len > 10); - - // Do we have not enough space in the buffer, or was the last flush a - // while ago? If so, flush first. - if ( len > (LOG_BUFFER_SIZE - peer->log_buffer_used) || (network_time - last_flush > 1.0) ) - { - if ( ! FlushLogBuffer(peer) ) - { - free(data); - return false; - } - } - - // If the data is actually larger than our complete buffer, just send it out. - if ( len > LOG_BUFFER_SIZE ) - return SendToChild(MSG_LOG_WRITE, peer, data, len, true); - - // Now we have space in the buffer, copy it into there. - memcpy(peer->log_buffer + peer->log_buffer_used, data, len); - peer->log_buffer_used += len; - assert(peer->log_buffer_used <= LOG_BUFFER_SIZE); - - free(data); - - return true; - -error: - FatalError(io->Error()); - return false; - } - -bool RemoteSerializer::FlushLogBuffer(Peer* p) - { - if ( ! p->logs_requested ) - return false; - - last_flush = network_time; - - if ( p->state == Peer::CLOSING ) - return false; - - if ( ! (p->log_buffer && p->log_buffer_used) ) - return true; - - char* data = new char[p->log_buffer_used]; - memcpy(data, p->log_buffer, p->log_buffer_used); - SendToChild(MSG_LOG_WRITE, p, data, p->log_buffer_used); - - p->log_buffer_used = 0; - return true; - } - -bool RemoteSerializer::ProcessLogCreateWriter() - { - if ( current_peer->state == Peer::CLOSING ) - return false; - -#ifdef USE_PERFTOOLS_DEBUG - // Don't track allocations here, they'll be released only after the - // main loop exists. And it's just a tiny amount anyway. - HeapLeakChecker::Disabler disabler; -#endif - - assert(current_args); - - EnumVal* id_val = 0; - EnumVal* writer_val = 0; - threading::Field** fields = 0; - int delete_fields_up_to = -1; - - BinarySerializationFormat fmt; - fmt.StartRead(current_args->data, current_args->len); - - int id, writer; - int num_fields; - logging::WriterBackend::WriterInfo* info = new logging::WriterBackend::WriterInfo(); - - bool success = fmt.Read(&id, "id") && - fmt.Read(&writer, "writer") && - fmt.Read(&num_fields, "num_fields") && - info->Read(&fmt); - - if ( ! success ) - goto error; - - fields = new threading::Field* [num_fields]; - - for ( int i = 0; i < num_fields; i++ ) - { - fields[i] = new threading::Field; - if ( ! fields[i]->Read(&fmt) ) - { - delete_fields_up_to = i + 1; - goto error; - } - } - - fmt.EndRead(); - - id_val = internal_type("Log::ID")->AsEnumType()->GetVal(id); - writer_val = internal_type("Log::Writer")->AsEnumType()->GetVal(writer); - - if ( ! log_mgr->CreateWriterForRemoteLog(id_val, writer_val, info, num_fields, fields) ) - { - info = 0; - fields = 0; - goto error; - } - - Unref(id_val); - Unref(writer_val); - - return true; - -error: - Unref(id_val); - Unref(writer_val); - delete info; - - for ( int i = 0; i < delete_fields_up_to; ++i ) - delete fields[i]; - - delete [] fields; - Error("write error for creating writer"); - return false; - } - -bool RemoteSerializer::ProcessLogWrite() - { - if ( current_peer->state == Peer::CLOSING ) - return false; - - assert(current_args); - - BinarySerializationFormat fmt; - fmt.StartRead(current_args->data, current_args->len); - - while ( fmt.BytesRead() != (int)current_args->len ) - { - // Unserialize one entry. - EnumVal* id_val = 0; - EnumVal* writer_val = 0; - threading::Value** vals = 0; - - int id, writer; - string path; - int num_fields; - - bool success = fmt.Read(&id, "id") && - fmt.Read(&writer, "writer") && - fmt.Read(&path, "path") && - fmt.Read(&num_fields, "num_fields"); - - if ( ! success ) - goto error; - - vals = new threading::Value* [num_fields]; - - for ( int i = 0; i < num_fields; i++ ) - { - vals[i] = new threading::Value; - - if ( ! vals[i]->Read(&fmt) ) - { - for ( int j = 0; j <= i; ++j ) - delete vals[j]; - - delete [] vals; - goto error; - } - } - - id_val = internal_type("Log::ID")->AsEnumType()->GetVal(id); - writer_val = internal_type("Log::Writer")->AsEnumType()->GetVal(writer); - - success = log_mgr->WriteFromRemote(id_val, writer_val, path, num_fields, vals); - - Unref(id_val); - Unref(writer_val); - - if ( ! success ) - goto error; - - } - - fmt.EndRead(); - - ++received_logs; - - return true; - -error: - Error("write error for log entry"); - return false; - } - -void RemoteSerializer::GotEvent(const char* name, double time, - EventHandlerPtr event, val_list* args) - { - if ( time >= 0 ) - { - // Marker for being called from ProcessRemotePrint(). - DEBUG_COMM("parent: got event"); - ++stats.events.in; - } - - if ( ! current_peer ) - { - Error("unserialized event from unknown peer"); - delete_vals(args); - return; - } - - BufferedEvent* e = new BufferedEvent; - - // Our time, not the time when the event was generated. - e->time = iosource_mgr->GetPktSrcs().size() ? - time_t(network_time) : time_t(timer_mgr->Time()); - - e->src = current_peer->id; - e->handler = event; - e->args = args; - - // If needed, coerce received record arguments to the expected record type. - if ( e->handler->FType() ) - { - const type_list* arg_types = e->handler->FType()->ArgTypes()->Types(); - loop_over_list(*args, i) - { - Val* v = (*args)[i]; - BroType* v_t = v->Type(); - BroType* arg_t = (*arg_types)[i]; - if ( v_t->Tag() == TYPE_RECORD && arg_t->Tag() == TYPE_RECORD ) - { - if ( ! same_type(v_t, arg_t) ) - { - Val* nv = v->AsRecordVal()->CoerceTo(arg_t->AsRecordType()); - if ( nv ) - { - args->replace(i, nv); - Unref(v); - } - } - } - } - } - - events.append(e); - } - -void RemoteSerializer::GotFunctionCall(const char* name, double time, - Func* function, val_list* args) - { - DEBUG_COMM("parent: got function call"); - ++stats.events.in; - - if ( ! current_peer ) - { - Error("unserialized function from unknown peer"); - delete_vals(args); - return; - } - - try - { - function->Call(args); - } - - catch ( InterpreterException& e ) - { /* Already reported. */ } - } - -void RemoteSerializer::GotID(ID* id, Val* val) - { - ++stats.ids.in; - - if ( ! current_peer ) - { - Error("unserialized id from unknown peer"); - Unref(id); - return; - } - - if ( current_peer->phase == Peer::HANDSHAKE && - streq(id->Name(), "peer_description") ) - { - if ( val->Type()->Tag() != TYPE_STRING ) - { - Error("peer_description not a string"); - Unref(id); - return; - } - - const char* desc = val->AsString()->CheckString(); - current_peer->val->Assign(4, new StringVal(desc)); - - Log(LogInfo, fmt("peer_description is %s", *desc ? desc : "not set"), - current_peer); - - Unref(id); - return; - } - - if ( id->Name()[0] == '#' ) - { - // This is a globally unique, non-user-visible ID. - - // Only MutableVals can be bound to names starting with '#'. - assert(val->IsMutableVal()); - - // It must be already installed in the global namespace: - // either we saw it before, or MutableVal::Unserialize() - // installed it. - assert(global_scope()->Lookup(id->Name())); - - // Only synchronized values can arrive here. - // FIXME: Johanna, rip me out. - // assert(((MutableVal*) val)->GetProperties() & MutableVal::SYNCHRONIZED); - - DBG_LOG(DBG_COMM, "got ID %s from peer\n", id->Name()); - } - - Unref(id); - } - -void RemoteSerializer::GotConnection(Connection* c) - { - ++stats.conns.in; - - // Nothing else to-do. Connection will be installed automatically - // (if allowed). - - Unref(c); - } - -void RemoteSerializer::GotStateAccess(StateAccess* s) - { - ++stats.accesses.in; - - ODesc d; - DBG_LOG(DBG_COMM, "got StateAccess: %s", (s->Describe(&d), d.Description())); - - if ( ! current_peer ) - { - Error("unserialized function from unknown peer"); - return; - } - - if ( current_peer->sync_requested & Peer::WE ) - s->Replay(); - - delete s; - } - -void RemoteSerializer::GotTimer(Timer* s) - { - reporter->Error("RemoteSerializer::GotTimer not implemented"); - } - -void RemoteSerializer::GotPacket(Packet* p) - { - ++stats.packets.in; - - BufferedPacket* bp = new BufferedPacket; - bp->time = time_t(timer_mgr->Time()); - bp->p = p; - packets.append(bp); - } - -void RemoteSerializer::Log(LogLevel level, const char* msg) - { - Log(level, msg, 0, LogParent); - } - -void RemoteSerializer::Log(LogLevel level, const char* msg, Peer* peer, - LogSrc src) - { - if ( peer ) - { - mgr.QueueEvent(remote_log_peer, { - peer->val->Ref(), - val_mgr->GetCount(level), - val_mgr->GetCount(src), - new StringVal(msg) - }); - } - else - { - mgr.QueueEvent(remote_log, { - val_mgr->GetCount(level), - val_mgr->GetCount(src), - new StringVal(msg) - }); - } - -#ifdef DEBUG - const int BUFSIZE = 1024; - char buffer[BUFSIZE]; - int len = 0; - - if ( peer ) - len += snprintf(buffer + len, sizeof(buffer) - len, "[#%d/%s:%d] ", - int(peer->id), peer->ip.AsURIString().c_str(), - peer->port); - - len += safe_snprintf(buffer + len, sizeof(buffer) - len, "%s", msg); - - DEBUG_COMM(fmt("parent: %.6f %s", current_time(), buffer)); -#endif - } - -void RemoteSerializer::RaiseEvent(EventHandlerPtr event, Peer* peer, - const char* arg) - { - val_list vl(1 + (bool)arg); - - if ( peer ) - { - Ref(peer->val); - vl.append(peer->val); - } - else - { - Val* v = mgr.GetLocalPeerVal(); - v->Ref(); - vl.append(v); - } - - if ( arg ) - vl.append(new StringVal(arg)); - - // If we only have remote sources, the network time - // will not increase as long as no peers are connected. - // Therefore, we send these events immediately. - mgr.Dispatch(new Event(event, std::move(vl), PEER_LOCAL)); - } - -void RemoteSerializer::LogStats() - { - if ( ! io ) - return; - - char buffer[512]; - io->Stats(buffer, 512); - Log(LogInfo, fmt("parent statistics: %s events=%lu/%lu operations=%lu/%lu", - buffer, stats.events.in, stats.events.out, - stats.accesses.in, stats.accesses.out)); - } - -RecordVal* RemoteSerializer::GetPeerVal(PeerID id) - { - Peer* peer = LookupPeer(id, true); - if ( ! peer ) - return 0; - - Ref(peer->val); - return peer->val; - } - -void RemoteSerializer::ChildDied() - { - Log(LogError, "child died"); - SetClosed(true); - child_pid = 0; - - // Shut down the main process as well. - terminate_processing(); - } - -bool RemoteSerializer::SendCMsgToChild(char msg_type, Peer* peer) - { - if ( ! sendCMsg(io, msg_type, peer ? peer->id : PEER_NONE) ) - { - reporter->Warning("can't send message of type %d: %s", - msg_type, io->Error()); - return false; - } - return true; - } - -bool RemoteSerializer::SendToChild(char type, Peer* peer, char* str, int len, - bool delete_with_free) - { - DEBUG_COMM(fmt("parent: (->child) %s (#%" PRI_SOURCE_ID ", %s)", msgToStr(type), peer ? peer->id : PEER_NONE, str)); - - if ( child_pid && sendToIO(io, type, peer ? peer->id : PEER_NONE, str, len, - delete_with_free) ) - return true; - - if ( delete_with_free ) - free(str); - else - delete [] str; - - if ( ! child_pid ) - return false; - - if ( io->Eof() ) - ChildDied(); - - FatalError(io->Error()); - return false; - } - -bool RemoteSerializer::SendToChild(char type, Peer* peer, int nargs, ...) - { - va_list ap; - -#ifdef DEBUG - va_start(ap, nargs); - DEBUG_COMM(fmt("parent: (->child) %s (#%" PRI_SOURCE_ID ",%s)", - msgToStr(type), peer ? peer->id : PEER_NONE, fmt_uint32s(nargs, ap))); - va_end(ap); -#endif - - if ( child_pid ) - { - va_start(ap, nargs); - bool ret = sendToIO(io, type, peer ? peer->id : PEER_NONE, nargs, ap); - va_end(ap); - - if ( ret ) - return true; - } - - if ( ! child_pid ) - return false; - - if ( io->Eof() ) - ChildDied(); - - FatalError(io->Error()); - return false; - } - -bool RemoteSerializer::SendToChild(ChunkedIO::Chunk* c) - { - DEBUG_COMM(fmt("parent: (->child) chunk of size %d", c->len)); - - if ( child_pid && sendToIO(io, c) ) - return true; - - c->free_func(c->data); - c->data = 0; - - if ( ! child_pid ) - return false; - - if ( io->Eof() ) - ChildDied(); - - FatalError(io->Error()); - return false; - } - -void RemoteSerializer::FatalError(const char* msg) - { - msg = fmt("fatal error, shutting down communication: %s", msg); - Log(LogError, msg); - reporter->Error("%s", msg); - - SetClosed(true); - - if ( kill(child_pid, SIGQUIT) < 0 ) - reporter->Warning("warning: cannot kill child pid %d, %s", child_pid, strerror(errno)); - - child_pid = 0; - using_communication = false; - io->Clear(); - - loop_over_list(peers, i) - { - // Make perftools happy. - Peer* p = peers[i]; - delete [] p->log_buffer; - delete [] p->print_buffer; - p->log_buffer = p->print_buffer = 0; - } - } - -bool RemoteSerializer::IsActive() - { - if ( listening ) - return true; - - loop_over_list(peers, i) - if ( peers[i]->state == Peer::PENDING || - peers[i]->state == Peer::CONNECTED ) - return true; - - return false; - } - -void RemoteSerializer::ReportError(const char* msg) - { - if ( current_peer && current_peer->phase != Peer::SETUP ) - RaiseEvent(remote_connection_error, current_peer, msg); - Log(LogError, msg, current_peer); - } - -void RemoteSerializer::InternalCommError(const char* msg) - { -#ifdef DEBUG_COMMUNICATION - DumpDebugData(); -#else - reporter->InternalError("%s", msg); -#endif - } - -#ifdef DEBUG_COMMUNICATION - -void RemoteSerializer::DumpDebugData() - { - Log(LogError, "dumping debug data and terminating ..."); - io->DumpDebugData("comm-dump.parent", true); - io->DumpDebugData("comm-dump.parent", false); - SendToChild(MSG_DEBUG_DUMP, 0, 0); - Terminate(); - } - -static ChunkedIO* openDump(const char* file) - { - int fd = open(file, O_RDONLY, 0600); - - if ( fd < 0 ) - { - reporter->Error("cannot open %s: %s\n", file, strerror(errno)); - return 0; - } - - return new ChunkedIOFd(fd, "dump-file"); - } - -void RemoteSerializer::ReadDumpAsMessageType(const char* file) - { - ChunkedIO* io = openDump(file); - if ( ! io ) - return; - - ChunkedIO::Chunk* chunk; - - if ( ! io->Read(&chunk, true ) ) - { - reporter->Error("cannot read %s: %s\n", file, strerror(errno)); - return; - } - - CMsg* msg = (CMsg*) chunk->data; - - delete [] chunk->data; - delete io; - } - -void RemoteSerializer::ReadDumpAsSerialization(const char* file) - { - FileSerializer s; - UnserialInfo info(&s); - info.print = stdout; - info.install_uniques = info.ignore_callbacks = true; - s.Read(&info, file, false); - } - -#endif - -//////////////////////////// - -// If true (set by signal handler), we will log some stats to parent. -static bool log_stats = false; -static bool log_prof = false; - -// How often stats are sent (in seconds). -// Perhaps we should make this configurable... -const int STATS_INTERVAL = 60; - -static RETSIGTYPE sig_handler_log(int signo) - { - // SIGALRM is the only one we get. - log_stats = true; - } - -static RETSIGTYPE sig_handler_prof(int signo) - { - log_prof = true; - } - -SocketComm::SocketComm() - { - io = 0; - - // We start the ID counter high so that IDs assigned by us - // (hopefully) don't conflict with those of our parent. - id_counter = 10000; - parent_peer = 0; - parent_msgstate = TYPE; - parent_id = RemoteSerializer::PEER_NONE; - parent_msgtype = 0; - parent_args = 0; - shutting_conns_down = false; - terminating = false; - killing = false; - - listen_port = 0; - listen_ssl = false; - enable_ipv6 = false; - bind_retry_interval = 0; - listen_next_try = 0; - - // We don't want to use the signal handlers of our parent. - (void) setsignal(SIGTERM, SIG_DFL); - (void) setsignal(SIGINT, SIG_DFL); - (void) setsignal(SIGUSR1, SIG_DFL); - (void) setsignal(SIGUSR2, SIG_DFL); - (void) setsignal(SIGCONT, SIG_DFL); - (void) setsignal(SIGCHLD, SIG_DFL); - - // Raping SIGPROF for profiling - (void) setsignal(SIGPROF, sig_handler_prof); - (void) setsignal(SIGALRM, sig_handler_log); - alarm(STATS_INTERVAL); - } - -SocketComm::~SocketComm() - { - loop_over_list(peers, i) - delete peers[i]->io; - - delete io; - CloseListenFDs(); - } - -static unsigned int first_rtime = 0; - -static void fd_vector_set(const std::vector& fds, fd_set* set, int* max) - { - for ( size_t i = 0; i < fds.size(); ++i ) - { - FD_SET(fds[i], set); - *max = ::max(fds[i], *max); - } - } - -void SocketComm::Run() - { - first_rtime = (unsigned int) current_time(true); - - while ( true ) - { - // Logging signaled? - if ( log_stats ) - LogStats(); - - // Termination signaled - if ( terminating ) - CheckFinished(); - - // Build FDSets for select. - fd_set fd_read, fd_write, fd_except; - - FD_ZERO(&fd_read); - FD_ZERO(&fd_write); - FD_ZERO(&fd_except); - - int max_fd = io->Fd(); - FD_SET(io->Fd(), &fd_read); - max_fd = std::max(max_fd, io->ExtraReadFDs().Set(&fd_read)); - - loop_over_list(peers, i) - { - if ( peers[i]->connected ) - { - FD_SET(peers[i]->io->Fd(), &fd_read); - if ( peers[i]->io->Fd() > max_fd ) - max_fd = peers[i]->io->Fd(); - max_fd = std::max(max_fd, - peers[i]->io->ExtraReadFDs().Set(&fd_read)); - } - else - { - if ( peers[i]->next_try > 0 && - time(0) > peers[i]->next_try ) - // Try reconnect. - Connect(peers[i]); - } - } - - if ( listen_next_try && time(0) > listen_next_try ) - Listen(); - - for ( size_t i = 0; i < listen_fds.size(); ++i ) - { - FD_SET(listen_fds[i], &fd_read); - if ( listen_fds[i] > max_fd ) - max_fd = listen_fds[i]; - } - - if ( io->IsFillingUp() && ! shutting_conns_down ) - { - Error("queue to parent filling up; shutting down heaviest connection"); - - const ChunkedIO::Statistics* stats = 0; - unsigned long max = 0; - Peer* max_peer = 0; - - loop_over_list(peers, i) - { - if ( ! peers[i]->connected ) - continue; - - stats = peers[i]->io->Stats(); - if ( stats->bytes_read > max ) - { - max = stats->bytes_read; - max_peer = peers[i]; - } - } - - if ( max_peer ) - CloseConnection(max_peer, true); - - shutting_conns_down = true; - } - - if ( ! io->IsFillingUp() && shutting_conns_down ) - shutting_conns_down = false; - - static long selects = 0; - static long canwrites = 0; - - ++selects; - if ( io->CanWrite() ) - ++canwrites; - - struct timeval timeout; - timeout.tv_sec = 1; - timeout.tv_usec = 0; - - int a = select(max_fd + 1, &fd_read, &fd_write, &fd_except, &timeout); - - if ( selects % 100000 == 0 ) - Log(fmt("selects=%ld canwrites=%ld pending=%lu", - selects, canwrites, io->Stats()->pending)); - - if ( a < 0 ) - // Ignore errors for now. - continue; - - if ( io->CanRead() ) - ProcessParentMessage(); - - io->Flush(); - - loop_over_list(peers, j) - { - // We have to be careful here as the peer may - // be removed when an error occurs. - Peer* current = peers[j]; - int round = 0; - while ( ++round <= 10 && j < peers.length() && - peers[j] == current && current->connected && - current->io->CanRead() ) - { - ProcessRemoteMessage(current); - } - } - - for ( size_t i = 0; i < listen_fds.size(); ++i ) - if ( FD_ISSET(listen_fds[i], &fd_read) ) - AcceptConnection(listen_fds[i]); - - // Hack to display CPU usage of the child, triggered via - // SIGPROF. - static unsigned int first_rtime = 0; - if ( first_rtime == 0 ) - first_rtime = (unsigned int) current_time(true); - - if ( log_prof ) - { - LogProf(); - log_prof = false; - } - } - } - -bool SocketComm::ProcessParentMessage() - { - switch ( parent_msgstate ) { - case TYPE: - { - parent_peer = 0; - parent_msgtype = MSG_NONE; - - // CMsg follows - ChunkedIO::Chunk* c; - if ( ! io->Read(&c) ) - { - if ( io->Eof() ) - Error("parent died", true); - - Error(fmt("can't read parent's cmsg: %s", - io->Error()), true); - return false; - } - - if ( ! c ) - return true; - - CMsg* msg = (CMsg*) c->data; - parent_peer = LookupPeer(msg->Peer(), false); - parent_id = msg->Peer(); - parent_msgtype = msg->Type(); - parent_args = 0; - - delete c; - - switch ( parent_msgtype ) { - case MSG_LISTEN_STOP: - case MSG_CLOSE: - case MSG_CLOSE_ALL: - case MSG_TERMINATE: - case MSG_PHASE_DONE: - case MSG_DEBUG_DUMP: - case MSG_REQUEST_LOGS: - { - // No further argument chunk. - parent_msgstate = TYPE; - return DoParentMessage(); - } - - case MSG_LISTEN: - case MSG_CONNECT_TO: - case MSG_COMPRESS: - case MSG_PING: - case MSG_PONG: - case MSG_REQUEST_EVENTS: - case MSG_REQUEST_SYNC: - case MSG_SERIAL: - case MSG_CAPTURE_FILTER: - case MSG_VERSION: - case MSG_CAPS: - case MSG_SYNC_POINT: - case MSG_REMOTE_PRINT: - case MSG_LOG_CREATE_WRITER: - case MSG_LOG_WRITE: - { - // One further argument chunk. - parent_msgstate = ARGS; - return ProcessParentMessage(); - } - - default: - InternalError(fmt("unknown msg type %d", parent_msgtype)); - return true; - } - } - - case ARGS: - { - // Argument chunk follows. - ChunkedIO::Chunk* c = 0; - READ_CHUNK(io, c, Error("parent died", true), true); - parent_args = c; - parent_msgstate = TYPE; - bool result = DoParentMessage(); - - if ( parent_args ) - { - delete parent_args; - parent_args = 0; - } - - return result; - } - - default: - InternalError("unknown msgstate"); - } - - // Cannot be reached. - return false; - } - -bool SocketComm::DoParentMessage() - { - switch ( parent_msgtype ) { - - case MSG_LISTEN_STOP: - { - CloseListenFDs(); - - Log("stopped listening"); - - return true; - } - - case MSG_CLOSE: - { - if ( parent_peer && parent_peer->connected ) - CloseConnection(parent_peer, false); - return true; - } - - case MSG_CLOSE_ALL: - { - loop_over_list(peers, i) - { - if ( peers[i]->connected ) - CloseConnection(peers[i], false); - } - return true; - } - - case MSG_TERMINATE: - { - terminating = true; - CheckFinished(); - return true; - } - - case MSG_DEBUG_DUMP: - { -#ifdef DEBUG_COMMUNICATION - io->DumpDebugData("comm-dump.child.pipe", true); - io->DumpDebugData("comm-dump.child.pipe", false); - - loop_over_list(peers, j) - { - RemoteSerializer::PeerID id = peers[j]->id; - peers[j]->io->DumpDebugData(fmt("comm-dump.child.peer.%d", id), true); - peers[j]->io->DumpDebugData(fmt("comm-dump.child.peer.%d", id), false); - } -#else - InternalError("DEBUG_DUMP support not compiled in"); -#endif - return true; - } - - case MSG_LISTEN: - return ProcessListen(); - - case MSG_CONNECT_TO: - return ProcessConnectTo(); - - case MSG_COMPRESS: - return ProcessParentCompress(); - - case MSG_PING: - { - // Set time2. - assert(parent_args); - ping_args* args = (ping_args*) parent_args->data; - args->time2 = htond(current_time(true)); - return ForwardChunkToPeer(); - } - - case MSG_PONG: - { - assert(parent_args); - // Calculate time delta. - ping_args* args = (ping_args*) parent_args->data; - args->time3 = htond(current_time(true) - ntohd(args->time3)); - return ForwardChunkToPeer(); - } - - case MSG_PHASE_DONE: - case MSG_REQUEST_LOGS: - { - // No argument block follows. - if ( parent_peer && parent_peer->connected ) - { - DEBUG_COMM(fmt("child: forwarding %s to peer", msgToStr(parent_msgtype))); - if ( ! SendToPeer(parent_peer, parent_msgtype, 0) ) - return false; - } - - return true; - } - - case MSG_REQUEST_EVENTS: - case MSG_REQUEST_SYNC: - case MSG_SERIAL: - case MSG_CAPTURE_FILTER: - case MSG_VERSION: - case MSG_CAPS: - case MSG_SYNC_POINT: - case MSG_REMOTE_PRINT: - case MSG_LOG_CREATE_WRITER: - case MSG_LOG_WRITE: - assert(parent_args); - return ForwardChunkToPeer(); - - default: - InternalError("ProcessParentMessage: unexpected state"); - } - - InternalError("cannot be reached"); - return false; - } - -bool SocketComm::ForwardChunkToPeer() - { - char state = parent_msgtype; - - if ( parent_peer && parent_peer->connected ) - { - DEBUG_COMM("child: forwarding with 1 arg to peer"); - - if ( ! SendToPeer(parent_peer, state, 0) ) - return false; - - if ( ! SendToPeer(parent_peer, parent_args) ) - return false; - - parent_args = 0; - } - else - { -#ifdef DEBUG - if ( parent_peer ) - DEBUG_COMM(fmt("child: not connected to #%" PRI_SOURCE_ID, parent_id)); -#endif - } - - return true; - } - -bool SocketComm::ProcessConnectTo() - { - assert(parent_args); - vector args = tokenize(parent_args->data, ','); - - if ( args.size() != 6 ) - { - Error(fmt("ProcessConnectTo() bad number of arguments")); - return false; - } - - Peer* peer = new Peer; - - if ( ! atoi_n(args[0].size(), args[0].c_str(), 0, 10, peer->id) ) - { - Error(fmt("ProccessConnectTo() bad peer id string")); - delete peer; - return false; - } - - peer->ip = IPAddr(args[1]); - peer->zone_id = args[2]; - - if ( ! atoi_n(args[3].size(), args[3].c_str(), 0, 10, peer->port) ) - { - Error(fmt("ProcessConnectTo() bad peer port string")); - delete peer; - return false; - } - - if ( ! atoi_n(args[4].size(), args[4].c_str(), 0, 10, peer->retry) ) - { - Error(fmt("ProcessConnectTo() bad peer retry string")); - delete peer; - return false; - } - - peer->ssl = false; - if ( args[5] != "0" ) - peer->ssl = true; - - return Connect(peer); - } - -bool SocketComm::ProcessListen() - { - assert(parent_args); - vector args = tokenize(parent_args->data, ','); - - if ( args.size() != 6 ) - { - Error(fmt("ProcessListen() bad number of arguments")); - return false; - } - - listen_if = args[0]; - - if ( ! atoi_n(args[1].size(), args[1].c_str(), 0, 10, listen_port) ) - { - Error(fmt("ProcessListen() bad peer port string")); - return false; - } - - listen_ssl = false; - if ( args[2] != "0" ) - listen_ssl = true; - - enable_ipv6 = false; - if ( args[3] != "0" ) - enable_ipv6 = true; - - listen_zone_id = args[4]; - - if ( ! atoi_n(args[5].size(), args[5].c_str(), 0, 10, bind_retry_interval) ) - { - Error(fmt("ProcessListen() bad peer port string")); - return false; - } - - return Listen(); - } - -bool SocketComm::ProcessParentCompress() - { - assert(parent_args); - uint32* args = (uint32*) parent_args->data; - - uint32 level = ntohl(args[0]); - - if ( ! parent_peer->compressor ) - { - parent_peer->io = new CompressedChunkedIO(parent_peer->io); - parent_peer->io->Init(); - parent_peer->compressor = true; - } - - // Signal compression to peer. - if ( ! SendToPeer(parent_peer, MSG_COMPRESS, 0) ) - return false; - - // This cast is safe. - CompressedChunkedIO* comp_io = (CompressedChunkedIO*) parent_peer->io; - comp_io->EnableCompression(level); - - Log(fmt("enabling compression (level %d)", level), parent_peer); - - return true; - } - -bool SocketComm::ProcessRemoteMessage(SocketComm::Peer* peer) - { - assert(peer); - - peer->io->Flush(); - - switch ( peer->state ) { - case MSG_NONE: - { // CMsg follows - ChunkedIO::Chunk* c; - READ_CHUNK(peer->io, c, - (CloseConnection(peer, true), peer), false) - - CMsg* msg = (CMsg*) c->data; - - DEBUG_COMM(fmt("child: %s from peer #%" PRI_SOURCE_ID, - msgToStr(msg->Type()), peer->id)); - - switch ( msg->Type() ) { - case MSG_PHASE_DONE: - case MSG_REQUEST_LOGS: - // No further argument block. - DEBUG_COMM("child: forwarding with 0 args to parent"); - if ( ! SendToParent(msg->Type(), peer, 0) ) - return false; - break; - - default: - peer->state = msg->Type(); - } - - delete c; - - break; - } - - case MSG_COMPRESS: - ProcessPeerCompress(peer); - break; - - case MSG_PING: - { - // Messages with one further argument block which we simply - // forward to our parent. - ChunkedIO::Chunk* c; - READ_CHUNK(peer->io, c, - (CloseConnection(peer, true), peer), false) - - // Set time3. - ping_args* args = (ping_args*) c->data; - args->time3 = htond(current_time(true)); - return ForwardChunkToParent(peer, c); - } - - case MSG_PONG: - { - // Messages with one further argument block which we simply - // forward to our parent. - ChunkedIO::Chunk* c; - READ_CHUNK(peer->io, c, - (CloseConnection(peer, true), peer), false) - - // Calculate time delta. - ping_args* args = (ping_args*) c->data; - args->time2 = htond(current_time(true) - ntohd(args->time2)); - return ForwardChunkToParent(peer, c); - } - - case MSG_REQUEST_EVENTS: - case MSG_REQUEST_SYNC: - case MSG_SERIAL: - case MSG_CAPTURE_FILTER: - case MSG_VERSION: - case MSG_CAPS: - case MSG_SYNC_POINT: - case MSG_REMOTE_PRINT: - case MSG_LOG_CREATE_WRITER: - case MSG_LOG_WRITE: - { - // Messages with one further argument block which we simply - // forward to our parent. - ChunkedIO::Chunk* c; - READ_CHUNK(peer->io, c, - (CloseConnection(peer, true), peer), false) - - return ForwardChunkToParent(peer, c); - } - - default: - InternalError("ProcessRemoteMessage: unexpected state"); - } - - return true; - } - -bool SocketComm::ForwardChunkToParent(Peer* peer, ChunkedIO::Chunk* c) - { - char state = peer->state; - peer->state = MSG_NONE; - - DEBUG_COMM("child: forwarding message with 1 arg to parent"); - - if ( ! SendToParent(state, peer, 0) ) - return false; - - if ( ! SendToParent(c) ) - return false; - - io->Flush(); // FIXME: Needed? - return true; - } - -bool SocketComm::ProcessPeerCompress(Peer* peer) - { - peer->state = MSG_NONE; - - if ( ! parent_peer->compressor ) - { - parent_peer->io = new CompressedChunkedIO(parent_peer->io); - parent_peer->io->Init(); - parent_peer->compressor = true; - } - - // This cast is safe here. - ((CompressedChunkedIO*) peer->io)->EnableDecompression(); - Log("enabling decompression", peer); - return true; - } - -bool SocketComm::Connect(Peer* peer) - { - int status; - addrinfo hints, *res, *res0; - memset(&hints, 0, sizeof(hints)); - - hints.ai_family = PF_UNSPEC; - hints.ai_protocol = IPPROTO_TCP; - hints.ai_socktype = SOCK_STREAM; - hints.ai_flags = AI_NUMERICHOST; - - char port_str[16]; - modp_uitoa10(peer->port, port_str); - - string gaihostname(peer->ip.AsString()); - if ( peer->zone_id != "" ) - gaihostname.append("%").append(peer->zone_id); - - status = getaddrinfo(gaihostname.c_str(), port_str, &hints, &res0); - if ( status != 0 ) - { - Error(fmt("getaddrinfo error: %s", gai_strerror(status))); - return false; - } - - int sockfd = -1; - for ( res = res0; res; res = res->ai_next ) - { - sockfd = socket(res->ai_family, res->ai_socktype, res->ai_protocol); - if ( sockfd < 0 ) - { - Error(fmt("can't create connect socket, %s", strerror(errno))); - continue; - } - - if ( connect(sockfd, res->ai_addr, res->ai_addrlen) < 0 ) - { - Error(fmt("connect failed: %s", strerror(errno)), peer); - safe_close(sockfd); - sockfd = -1; - continue; - } - - break; - } - - freeaddrinfo(res0); - - bool connected = sockfd != -1; - - if ( ! (connected || peer->retry) ) - { - CloseConnection(peer, false); - return false; - } - - Peer* existing_peer = LookupPeer(peer->id, false); - if ( existing_peer ) - { - *existing_peer = *peer; - peer = existing_peer; - } - else - peers.append(peer); - - peer->connected = connected; - peer->next_try = connected ? 0 : time(0) + peer->retry; - peer->state = MSG_NONE; - peer->io = 0; - peer->compressor = false; - - if ( connected ) - { - if ( peer->ssl ) - peer->io = new ChunkedIOSSL(sockfd, false); - else - peer->io = new ChunkedIOFd(sockfd, "child->peer"); - - if ( ! peer->io->Init() ) - { - Error(fmt("can't init peer io: %s", - peer->io->Error()), false); - return 0; - } - } - - if ( connected ) - { - Log("connected", peer); - - const size_t BUFSIZE = 1024; - char* data = new char[BUFSIZE]; - snprintf(data, BUFSIZE, "%s,%" PRIu32, peer->ip.AsString().c_str(), - peer->port); - - if ( ! SendToParent(MSG_CONNECTED, peer, data) ) - return false; - } - - return connected; - } - -bool SocketComm::CloseConnection(Peer* peer, bool reconnect) - { - if ( ! SendToParent(MSG_CLOSE, peer, 0) ) - return false; - - Log("connection closed", peer); - - if ( ! peer->retry || ! reconnect ) - { - peers.remove(peer); - delete peer->io; // This will close the fd. - delete peer; - } - else - { - delete peer->io; // This will close the fd. - peer->io = 0; - peer->connected = false; - peer->next_try = time(0) + peer->retry; - } - - if ( parent_peer == peer ) - { - parent_peer = 0; - parent_id = RemoteSerializer::PEER_NONE; - } - - return true; - } - -bool SocketComm::Listen() - { - int status, on = 1; - addrinfo hints, *res, *res0; - memset(&hints, 0, sizeof(hints)); - - IPAddr listen_ip(listen_if); - - if ( enable_ipv6 ) - { - if ( listen_ip == IPAddr("0.0.0.0") || listen_ip == IPAddr("::") ) - hints.ai_family = PF_UNSPEC; - else - hints.ai_family = (listen_ip.GetFamily() == IPv4 ? PF_INET : PF_INET6); - } - else - hints.ai_family = PF_INET; - - hints.ai_protocol = IPPROTO_TCP; - hints.ai_socktype = SOCK_STREAM; - hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST; - - char port_str[16]; - modp_uitoa10(listen_port, port_str); - - string scoped_addr(listen_if); - if ( listen_zone_id != "" ) - scoped_addr.append("%").append(listen_zone_id); - - const char* addr_str = 0; - if ( listen_ip != IPAddr("0.0.0.0") && listen_ip != IPAddr("::") ) - addr_str = scoped_addr.c_str(); - - CloseListenFDs(); - - if ( (status = getaddrinfo(addr_str, port_str, &hints, &res0)) != 0 ) - { - Error(fmt("getaddrinfo error: %s", gai_strerror(status))); - return false; - } - - for ( res = res0; res; res = res->ai_next ) - { - if ( res->ai_family != AF_INET && res->ai_family != AF_INET6 ) - { - Error(fmt("can't create listen socket: unknown address family, %d", - res->ai_family)); - continue; - } - - IPAddr a = (res->ai_family == AF_INET) ? - IPAddr(((sockaddr_in*)res->ai_addr)->sin_addr) : - IPAddr(((sockaddr_in6*)res->ai_addr)->sin6_addr); - - string l_addr_str(a.AsURIString()); - if ( listen_zone_id != "") - l_addr_str.append("%").append(listen_zone_id); - - int fd = socket(res->ai_family, res->ai_socktype, res->ai_protocol); - if ( fd < 0 ) - { - Error(fmt("can't create listen socket, %s", strerror(errno))); - continue; - } - - if ( setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) < 0 ) - Error(fmt("can't set SO_REUSEADDR, %s", strerror(errno))); - - // For IPv6 listening sockets, we don't want do dual binding to also - // get IPv4-mapped addresses because that's not as portable. e.g. - // many BSDs don't allow that. - if ( res->ai_family == AF_INET6 && - setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) < 0 ) - Error(fmt("can't set IPV6_V6ONLY, %s", strerror(errno))); - - if ( ::bind(fd, res->ai_addr, res->ai_addrlen) < 0 ) - { - Error(fmt("can't bind to %s:%s, %s", l_addr_str.c_str(), - port_str, strerror(errno))); - - if ( errno == EADDRINUSE ) - { - // Abandon completely this attempt to set up listening sockets, - // try again later. - safe_close(fd); - CloseListenFDs(); - listen_next_try = time(0) + bind_retry_interval; - freeaddrinfo(res0); - return false; - } - - safe_close(fd); - continue; - } - - if ( listen(fd, 50) < 0 ) - { - Error(fmt("can't listen on %s:%s, %s", l_addr_str.c_str(), - port_str, strerror(errno))); - safe_close(fd); - continue; - } - - listen_fds.push_back(fd); - Log(fmt("listening on %s:%s (%s)", l_addr_str.c_str(), port_str, - listen_ssl ? "ssl" : "clear")); - } - - freeaddrinfo(res0); - - listen_next_try = 0; - return listen_fds.size() > 0; - } - -bool SocketComm::AcceptConnection(int fd) - { - union { - sockaddr_storage ss; - sockaddr_in s4; - sockaddr_in6 s6; - } client; - - socklen_t len = sizeof(client.ss); - - int clientfd = accept(fd, (sockaddr*) &client.ss, &len); - if ( clientfd < 0 ) - { - Error(fmt("accept failed, %s %d", strerror(errno), errno)); - return false; - } - - if ( client.ss.ss_family != AF_INET && client.ss.ss_family != AF_INET6 ) - { - Error(fmt("accept fail, unknown address family %d", - client.ss.ss_family)); - safe_close(clientfd); - return false; - } - - Peer* peer = new Peer; - peer->id = id_counter++; - peer->ip = client.ss.ss_family == AF_INET ? - IPAddr(client.s4.sin_addr) : - IPAddr(client.s6.sin6_addr); - - peer->port = client.ss.ss_family == AF_INET ? - ntohs(client.s4.sin_port) : - ntohs(client.s6.sin6_port); - - peer->connected = true; - peer->ssl = listen_ssl; - peer->compressor = false; - - if ( peer->ssl ) - peer->io = new ChunkedIOSSL(clientfd, true); - else - peer->io = new ChunkedIOFd(clientfd, "child->peer"); - - if ( ! peer->io->Init() ) - { - Error(fmt("can't init peer io: %s", peer->io->Error()), false); - delete peer->io; - delete peer; - return false; - } - - peers.append(peer); - - Log(fmt("accepted %s connection", peer->ssl ? "SSL" : "clear"), peer); - - const size_t BUFSIZE = 1024; - char* data = new char[BUFSIZE]; - snprintf(data, BUFSIZE, "%s,%" PRIu32, peer->ip.AsString().c_str(), - peer->port); - - if ( ! SendToParent(MSG_CONNECTED, peer, data) ) - return false; - - return true; - } - -const char* SocketComm::MakeLogString(const char* msg, Peer* peer) - { - const int BUFSIZE = 1024; - static char* buffer = 0; - - if ( ! buffer ) - buffer = new char[BUFSIZE]; - - int len = 0; - - if ( peer ) - { - string scoped_addr(peer->ip.AsURIString()); - if ( peer->zone_id != "" ) - scoped_addr.append("%").append(peer->zone_id); - - len = snprintf(buffer, BUFSIZE, "[#%d/%s:%d] ", int(peer->id), - scoped_addr.c_str(), peer->port); - } - - len += safe_snprintf(buffer + len, BUFSIZE - len, "%s", msg); - return buffer; - } - -void SocketComm::CloseListenFDs() - { - for ( size_t i = 0; i < listen_fds.size(); ++i ) - safe_close(listen_fds[i]); - - listen_fds.clear(); - } - -void SocketComm::Error(const char* msg, bool kill_me) - { - if ( kill_me ) - { - fprintf(stderr, "fatal error in child: %s\n", msg); - Kill(); - } - else - { - if ( io->Eof() ) - // Can't send to parent, so fall back to stderr. - fprintf(stderr, "error in child: %s", msg); - else - SendToParent(MSG_ERROR, 0, copy_string(msg)); - } - - DEBUG_COMM(fmt("child: %s", msg)); - } - -bool SocketComm::Error(const char* msg, Peer* peer) - { - const char* buffer = MakeLogString(msg, peer); - Error(buffer); - - // If a remote peer causes an error, we shutdown the connection - // as resynchronizing is in general not possible. But we may - // try again later. - if ( peer->connected ) - CloseConnection(peer, true); - - return true; - } - -void SocketComm::Log(const char* msg, Peer* peer) - { - const char* buffer = MakeLogString(msg, peer); - SendToParent(MSG_LOG, 0, copy_string(buffer)); - DEBUG_COMM(fmt("child: %s", buffer)); - } - -void SocketComm::InternalError(const char* msg) - { - fprintf(stderr, "internal error in child: %s\n", msg); - Kill(); - } - -void SocketComm::Kill() - { - if ( killing ) - // Ignore recursive calls. - return; - - killing = true; - - LogProf(); - Log("terminating"); - - CloseListenFDs(); - - if ( kill(getpid(), SIGTERM) < 0 ) - Log(fmt("warning: cannot kill SocketComm pid %d, %s", getpid(), strerror(errno))); - - while ( 1 ) - ; // loop until killed - } - -SocketComm::Peer* SocketComm::LookupPeer(RemoteSerializer::PeerID id, - bool only_if_connected) - { - loop_over_list(peers, i) - if ( peers[i]->id == id ) - return ! only_if_connected || - peers[i]->connected ? peers[i] : 0; - return 0; - } - -bool SocketComm::LogStats() - { - if ( ! peers.length() ) - return true; - - // Concat stats of all peers into single buffer. - char* buffer = new char[peers.length() * 512]; - int pos = 0; - - loop_over_list(peers, i) - { - if ( peers[i]->connected ) - peers[i]->io->Stats(buffer+pos, 512); - else - strcpy(buffer+pos, "not connected"); - pos += strlen(buffer+pos) + 1; - } - - // Send it. - if ( ! SendToParent(MSG_STATS, 0, buffer, pos) ) - return false; - - log_stats = false; - alarm(STATS_INTERVAL); - return true; - } - -bool SocketComm::LogProf() - { - static struct rusage cld_res; - getrusage(RUSAGE_SELF, &cld_res); - - double Utime = cld_res.ru_utime.tv_sec + cld_res.ru_utime.tv_usec / 1e6; - double Stime = cld_res.ru_stime.tv_sec + cld_res.ru_stime.tv_usec / 1e6; - double Rtime = current_time(true); - - SocketComm::Log(fmt("CPU usage: user %.03f sys %.03f real %0.03f", - Utime, Stime, Rtime - first_rtime)); - - return true; - } - -void SocketComm::CheckFinished() - { - assert(terminating); - - loop_over_list(peers, i) - { - if ( ! peers[i]->connected ) - continue; - if ( ! peers[i]->io->IsIdle() ) - return; - } - - LogProf(); - Log("terminating"); - - // All done. - SendToParent(MSG_TERMINATE, 0, 0); - } - -bool SocketComm::SendToParent(char type, Peer* peer, const char* str, int len) - { -#ifdef DEBUG - // str may already by constructed with fmt() - const char* tmp = copy_string(str); - DEBUG_COMM(fmt("child: (->parent) %s (#%" PRI_SOURCE_ID ", %s)", msgToStr(type), peer ? peer->id : RemoteSerializer::PEER_NONE, tmp)); - delete [] tmp; -#endif - if ( sendToIO(io, type, peer ? peer->id : RemoteSerializer::PEER_NONE, - str, len) ) - return true; - - if ( io->Eof() ) - Error("parent died", true); - - return false; - } - -bool SocketComm::SendToParent(char type, Peer* peer, int nargs, ...) - { - va_list ap; - -#ifdef DEBUG - va_start(ap,nargs); - DEBUG_COMM(fmt("child: (->parent) %s (#%" PRI_SOURCE_ID ",%s)", msgToStr(type), peer ? peer->id : RemoteSerializer::PEER_NONE, fmt_uint32s(nargs, ap))); - va_end(ap); -#endif - - va_start(ap, nargs); - bool ret = sendToIO(io, type, - peer ? peer->id : RemoteSerializer::PEER_NONE, - nargs, ap); - va_end(ap); - - if ( ret ) - return true; - - if ( io->Eof() ) - Error("parent died", true); - - return false; - } - -bool SocketComm::SocketComm::SendToParent(ChunkedIO::Chunk* c) - { - DEBUG_COMM(fmt("child: (->parent) chunk of size %d", c->len)); - if ( sendToIO(io, c) ) - return true; - - if ( io->Eof() ) - Error("parent died", true); - - return false; - } - -bool SocketComm::SendToPeer(Peer* peer, char type, const char* str, int len) - { -#ifdef DEBUG - // str may already by constructed with fmt() - const char* tmp = copy_string(str); - DEBUG_COMM(fmt("child: (->peer) %s to #%" PRI_SOURCE_ID " (%s)", msgToStr(type), peer->id, tmp)); - delete [] tmp; -#endif - - if ( ! sendToIO(peer->io, type, RemoteSerializer::PEER_NONE, str, len) ) - { - Error(fmt("child: write error %s", io->Error()), peer); - return false; - } - - return true; - } - -bool SocketComm::SendToPeer(Peer* peer, char type, int nargs, ...) - { - va_list ap; - -#ifdef DEBUG - va_start(ap,nargs); - DEBUG_COMM(fmt("child: (->peer) %s to #%" PRI_SOURCE_ID " (%s)", - msgToStr(type), peer->id, fmt_uint32s(nargs, ap))); - va_end(ap); -#endif - - va_start(ap, nargs); - bool ret = sendToIO(peer->io, type, RemoteSerializer::PEER_NONE, - nargs, ap); - va_end(ap); - - if ( ! ret ) - { - Error(fmt("child: write error %s", io->Error()), peer); - return false; - } - - return true; - } - -bool SocketComm::SendToPeer(Peer* peer, ChunkedIO::Chunk* c) - { - DEBUG_COMM(fmt("child: (->peer) chunk of size %d to #%" PRI_SOURCE_ID, c->len, peer->id)); - if ( ! sendToIO(peer->io, c) ) - { - Error(fmt("child: write error %s", io->Error()), peer); - return false; - } - - return true; - } diff --git a/src/RemoteSerializer.h b/src/RemoteSerializer.h deleted file mode 100644 index 0882f9f8ec..0000000000 --- a/src/RemoteSerializer.h +++ /dev/null @@ -1,524 +0,0 @@ -// Communication between two Bro's. - -#ifndef REMOTE_SERIALIZER -#define REMOTE_SERIALIZER - -#include "Dict.h" -#include "List.h" -#include "Serializer.h" -#include "iosource/IOSource.h" -#include "Stats.h" -#include "File.h" -#include "logging/WriterBackend.h" - -#include -#include - -class IncrementalSendTimer; - -namespace threading { - struct Field; - struct Value; -} - -// This class handles the communication done in Bro's main loop. -class RemoteSerializer : public Serializer, public iosource::IOSource { -public: - RemoteSerializer(); - ~RemoteSerializer() override; - - // Initialize the remote serializer (calling this will fork). - void Enable(); - - // FIXME: Use SourceID directly (or rename everything to Peer*). - typedef SourceID PeerID; - static const PeerID PEER_LOCAL = SOURCE_LOCAL; - static const PeerID PEER_NONE = SOURCE_LOCAL; - - // Connect to host (returns PEER_NONE on error). - PeerID Connect(const IPAddr& ip, const string& zone_id, uint16 port, - const char* our_class, double retry, bool use_ssl); - - // Close connection to host. - bool CloseConnection(PeerID peer); - - // Request all events matching pattern from remote side. - bool RequestEvents(PeerID peer, RE_Matcher* pattern); - - // Request synchronization of IDs with remote side. If auth is true, - // we consider our current state to authoritative and send it to - // the peer right after the handshake. - bool RequestSync(PeerID peer, bool auth); - - // Requests logs from the remote side. - bool RequestLogs(PeerID id); - - // Sets flag whether we're accepting state from this peer - // (default: yes). - bool SetAcceptState(PeerID peer, bool accept); - - // Sets compression level (0-9, 0 is defaults and means no compression) - bool SetCompressionLevel(PeerID peer, int level); - - // Signal the other side that we have finished our part of - // the initial handshake. - bool CompleteHandshake(PeerID peer); - - // Start to listen. - bool Listen(const IPAddr& ip, uint16 port, bool expect_ssl, bool ipv6, - const string& zone_id, double retry); - - // Stop it. - bool StopListening(); - - // Broadcast the event/function call. - bool SendCall(SerialInfo* info, const char* name, val_list* vl); - - // Send the event/function call (only if handshake completed). - bool SendCall(SerialInfo* info, PeerID peer, const char* name, val_list* vl); - - // Broadcasts the access (only if handshake completed). - bool SendAccess(SerialInfo* info, const StateAccess& access); - - // Send the access. - bool SendAccess(SerialInfo* info, PeerID pid, const StateAccess& access); - - // Sends ID. - bool SendID(SerialInfo* info, PeerID peer, const ID& id); - - // Sends the internal connection state. - bool SendConnection(SerialInfo* info, PeerID peer, const Connection& c); - - // Send capture filter. - bool SendCaptureFilter(PeerID peer, const char* filter); - - // Send packet. - bool SendPacket(SerialInfo* info, PeerID peer, const Packet& p); - - // Broadcast packet. - bool SendPacket(SerialInfo* info, const Packet& p); - - // Broadcast ping. - bool SendPing(PeerID peer, uint32 seq); - - // Broadcast remote print. - bool SendPrintHookEvent(BroFile* f, const char* txt, size_t len); - - // Send a request to create a writer on a remote side. - bool SendLogCreateWriter(PeerID peer, EnumVal* id, EnumVal* writer, const logging::WriterBackend::WriterInfo& info, int num_fields, const threading::Field* const * fields); - - // Broadcasts a request to create a writer. - bool SendLogCreateWriter(EnumVal* id, EnumVal* writer, const logging::WriterBackend::WriterInfo& info, int num_fields, const threading::Field* const * fields); - - // Broadcast a log entry to everybody interested. - bool SendLogWrite(EnumVal* id, EnumVal* writer, string path, int num_fields, const threading::Value* const * vals); - - // Synchronzizes time with all connected peers. Returns number of - // current sync-point, or -1 on error. - uint32 SendSyncPoint(); - void SendFinalSyncPoint(); - - // Registers the ID to be &synchronized. - void Register(ID* id); - void Unregister(ID* id); - - // Stop/restart propagating state updates. - void SuspendStateUpdates() { --propagate_accesses; } - void ResumeStateUpdates() { ++propagate_accesses; } - - // Check for incoming events and queue them. - bool Poll(bool may_block); - - // Returns the corresponding record (already ref'ed). - RecordVal* GetPeerVal(PeerID id); - - // Log some statistics. - void LogStats(); - - // Tries to sent out all remaining data. - // FIXME: Do we still need this? - void Finish(); - - // Overidden from IOSource: - void GetFds(iosource::FD_Set* read, iosource::FD_Set* write, - iosource::FD_Set* except) override; - double NextTimestamp(double* local_network_time) override; - void Process() override; - TimerMgr::Tag* GetCurrentTag() override; - const char* Tag() override { return "RemoteSerializer"; } - - // Gracefully finishes communication by first making sure that all - // remaining data (parent & child) has been sent out. - virtual bool Terminate(); - -#ifdef DEBUG_COMMUNICATION - // Dump data recently read/written into files. - void DumpDebugData(); - - // Read dump file and interpret as message block. - void ReadDumpAsMessageType(const char* file); - - // Read dump file and interpret as serialization. - void ReadDumpAsSerialization(const char* file); -#endif - - enum LogLevel { LogInfo = 1, LogError = 2, }; - static void Log(LogLevel level, const char* msg); - -protected: - friend class IncrementalSendTimer; - - // Maximum size of serialization caches. - static const unsigned int MAX_CACHE_SIZE = 3000; - - // When syncing traces in pseudo-realtime mode, we wait this many - // seconds after the final sync-point to make sure that all - // remaining I/O gets propagated. - static const unsigned int FINAL_SYNC_POINT_DELAY = 5; - - declare(PList, EventHandler); - typedef PList(EventHandler) handler_list; - - struct Peer { - PeerID id; // Unique ID (non-zero) per peer. - - IPAddr ip; - - uint16 port; - handler_list handlers; - RecordVal* val; // Record of type event_source. - SerializationCache* cache_in; // One cache for each direction. - SerializationCache* cache_out; - - // TCP-level state of the connection to the peer. - // State of the connection to the peer. - enum { INIT, PENDING, CONNECTED, CLOSING, CLOSED } state; - - // Current protocol phase of the connection (see RemoteSerializer.cc) - enum { UNKNOWN, SETUP, HANDSHAKE, SYNC, RUNNING } phase; - - // Capabilities. - static const int COMPRESSION = 1; - static const int NO_CACHING = 2; - static const int PID_64BIT = 4; - static const int NEW_CACHE_STRATEGY = 8; - static const int BROCCOLI_PEER = 16; - - // Constants to remember to who did something. - static const int NONE = 0; - static const int WE = 1; - static const int PEER = 2; - static const int BOTH = WE | PEER; - - static const int AUTH_WE = 4; - static const int AUTH_PEER = 8; - - int sent_version; // Who has sent the VERSION. - int handshake_done; // Who finished its handshake phase. - int sync_requested; // Who requested sync'ed state. - - bool orig; // True if we connected to the peer. - bool accept_state; // True if we accept state from peer. - bool send_state; // True if we're supposed to initially sent our state. - int comp_level; // Compression level. - bool logs_requested; // True if the peer has requested logs. - - // True if this peer triggered a net_suspend_processing(). - bool suspended_processing; - - uint32 caps; // Capabilities announced by peer. - int runtime; // Runtime we got from the peer. - int our_runtime; // Our runtime as we told it to this peer. - string peer_class; // Class from peer ("" = no class). - string our_class; // Class we send the peer. - uint32 sync_point; // Highest sync-point received so far - char* print_buffer; // Buffer for remote print or null. - int print_buffer_used; // Number of bytes used in buffer. - char* log_buffer; // Buffer for remote log or null. - int log_buffer_used; // Number of bytes used in buffer. - }; - - // Shuts down remote serializer. - void FatalError(const char* msg); - - enum LogSrc { LogChild = 1, LogParent = 2, LogScript = 3, }; - - static void Log(LogLevel level, const char* msg, Peer* peer, LogSrc src = LogParent); - - void ReportError(const char* msg) override; - - void GotEvent(const char* name, double time, - EventHandlerPtr event, val_list* args) override; - void GotFunctionCall(const char* name, double time, - Func* func, val_list* args) override; - void GotID(ID* id, Val* val) override; - void GotStateAccess(StateAccess* s) override; - void GotTimer(Timer* t) override; - void GotConnection(Connection* c) override; - void GotPacket(Packet* packet) override; - - void Fork(); - - bool DoMessage(); - bool ProcessConnected(); - bool ProcessSerialization(); - bool ProcessRequestEventsMsg(); - bool ProcessRequestSyncMsg(); - bool ProcessVersionMsg(); - bool ProcessLogMsg(bool is_error); - bool ProcessStatsMsg(); - bool ProcessCaptureFilterMsg(); - bool ProcessPhaseDone(); - bool ProcessPingMsg(); - bool ProcessPongMsg(); - bool ProcessCapsMsg(); - bool ProcessSyncPointMsg(); - bool ProcessRemotePrint(); - bool ProcessLogCreateWriter(); - bool ProcessLogWrite(); - bool ProcessRequestLogs(); - - Peer* AddPeer(const IPAddr& ip, uint16 port, PeerID id = PEER_NONE); - Peer* LookupPeer(PeerID id, bool only_if_connected); - void RemovePeer(Peer* peer); - bool IsConnectedPeer(PeerID id); - void PeerDisconnected(Peer* peer); - void PeerConnected(Peer* peer); - RecordVal* MakePeerVal(Peer* peer); - bool HandshakeDone(Peer* peer); - bool IsActive(); - void SetupSerialInfo(SerialInfo* info, Peer* peer); - bool CheckSyncPoints(); - void SendSyncPoint(uint32 syncpoint); - bool PropagateAccesses() - { - return ignore_accesses ? - propagate_accesses > 1 : propagate_accesses > 0; - } - - bool CloseConnection(Peer* peer); - - bool SendAllSynchronized(Peer* peer, SerialInfo* info); - bool SendCall(SerialInfo* info, Peer* peer, const char* name, val_list* vl); - bool SendAccess(SerialInfo* info, Peer* peer, const StateAccess& access); - bool SendID(SerialInfo* info, Peer* peer, const ID& id); - bool SendCapabilities(Peer* peer); - bool SendPacket(SerialInfo* info, Peer* peer, const Packet& p); - bool SendLogWrite(Peer* peer, EnumVal* id, EnumVal* writer, string path, int num_fields, const threading::Value* const * vals); - - void UnregisterHandlers(Peer* peer); - void RaiseEvent(EventHandlerPtr event, Peer* peer, const char* arg = 0); - bool EnterPhaseRunning(Peer* peer); - bool FlushPrintBuffer(Peer* p); - bool FlushLogBuffer(Peer* p); - - void ChildDied(); - void InternalCommError(const char* msg); - - // Communication helpers - bool SendCMsgToChild(char msg_type, Peer* peer); - bool SendToChild(char type, Peer* peer, char* str, int len = -1, - bool delete_with_free = false); - bool SendToChild(char type, Peer* peer, int nargs, ...); // can send uints32 only - bool SendToChild(ChunkedIO::Chunk* c); - - void SetSocketBufferSize(int fd, int opt, const char *what, int size, int verbose); - -private: - enum { TYPE, ARGS } msgstate; // current state of reading comm. - Peer* current_peer; - PeerID current_id; - char current_msgtype; - ChunkedIO::Chunk* current_args; - double last_flush; - - id_list sync_ids; - - // FIXME: Check which of these are necessary... - bool initialized; - bool listening; - int propagate_accesses; - bool ignore_accesses; - bool terminating; - int received_logs; - Peer* source_peer; - PeerID id_counter; // Keeps track of assigned IDs. - uint32 current_sync_point; - bool syncing_times; - - declare(PList, Peer); - typedef PList(Peer) peer_list; - peer_list peers; - - Peer* in_sync; // Peer we're currently syncing state with. - peer_list sync_pending; // List of peers waiting to sync state. - - // Event buffer - struct BufferedEvent { - time_t time; - PeerID src; - EventHandlerPtr handler; - val_list* args; - }; - - declare(PList, BufferedEvent); - typedef PList(BufferedEvent) EventQueue; - EventQueue events; - - // Packet buffer - struct BufferedPacket { - time_t time; - Packet* p; - }; - - declare(PList, BufferedPacket); - typedef PList(BufferedPacket) PacketQueue; - PacketQueue packets; - - // Some stats - struct Statistics { - struct Pair { - Pair() : in(0), out(0) {} - unsigned long in; - unsigned long out; - }; - - Pair events; // actually events and function calls - Pair accesses; - Pair conns; - Pair packets; - Pair ids; - } stats; - -}; - -// This class handles the communication done in the forked child. -class SocketComm { -public: - SocketComm(); - ~SocketComm(); - - void SetParentIO(ChunkedIO* arg_io) { io = arg_io; } - - void Run(); // does not return - - // Log some statistics (via pipe to parent). - bool LogStats(); - - // Log CPU usage (again via pipe to parent). - bool LogProf(); - -protected: - struct Peer { - Peer() - { - id = 0; - io = 0; - port = 0; - state = 0; - connected = false; - ssl = false; - retry = 0; - next_try = 0; - compressor = false; - } - - RemoteSerializer::PeerID id; - ChunkedIO* io; - IPAddr ip; - string zone_id; - uint16 port; - char state; - bool connected; - bool ssl; - // If we get disconnected, reconnect after this many seconds. - int retry; - // Time of next connection attempt (0 if none). - time_t next_try; - // True if io is a CompressedChunkedIO. - bool compressor; - }; - - bool Listen(); - bool AcceptConnection(int listen_fd); - bool Connect(Peer* peer); - bool CloseConnection(Peer* peer, bool reconnect); - - Peer* LookupPeer(RemoteSerializer::PeerID id, bool only_if_connected); - - bool ProcessRemoteMessage(Peer* peer); - bool ProcessParentMessage(); - bool DoParentMessage(); - - bool ProcessListen(); - bool ProcessConnectTo(); - bool ProcessCompress(); - - void Log(const char* msg, Peer* peer = 0); - - // The connection to the peer will be closed. - bool Error(const char* msg, Peer* peer); - - // If kill is true, this is a fatal error and we kill ourselves. - void Error(const char* msg, bool kill = false); - - // Kill the current process. - void Kill(); - - // Check whether everything has been sent out. - void CheckFinished(); - - // Reports the error and terminates the process. - void InternalError(const char* msg); - - // Communication helpers. - bool SendToParent(char type, Peer* peer, const char* str, int len = -1); - bool SendToParent(char type, Peer* peer, int nargs, ...); // can send uints32 only - bool SendToParent(ChunkedIO::Chunk* c); - bool SendToPeer(Peer* peer, char type, const char* str, int len = -1); - bool SendToPeer(Peer* peer, char type, int nargs, ...); // can send uints32 only - bool SendToPeer(Peer* peer, ChunkedIO::Chunk* c); - bool ProcessParentCompress(); - bool ProcessPeerCompress(Peer* peer); - bool ForwardChunkToParent(Peer* p, ChunkedIO::Chunk* c); - bool ForwardChunkToPeer(); - const char* MakeLogString(const char* msg, Peer *peer); - - // Closes all file descriptors associated with listening sockets. - void CloseListenFDs(); - - // Peers we are communicating with: - declare(PList, Peer); - typedef PList(Peer) peer_list; - - RemoteSerializer::PeerID id_counter; - peer_list peers; - - ChunkedIO* io; // I/O to parent - - // Current state of reading from parent. - enum { TYPE, ARGS } parent_msgstate; - Peer* parent_peer; - RemoteSerializer::PeerID parent_id; - char parent_msgtype; - ChunkedIO::Chunk* parent_args; - - vector listen_fds; - - // If the port we're trying to bind to is already in use, we will retry - // it regularly. - string listen_if; - string listen_zone_id; // RFC 4007 IPv6 zone_id - uint16 listen_port; - bool listen_ssl; // use SSL for IO - bool enable_ipv6; // allow IPv6 listen sockets - uint32 bind_retry_interval; // retry interval for already-in-use sockets - time_t listen_next_try; // time at which to try another bind - bool shutting_conns_down; - bool terminating; - bool killing; -}; - -extern RemoteSerializer* remote_serializer; - -#endif diff --git a/src/SerialInfo.h b/src/SerialInfo.h index de2d9eeb61..616fa011b6 100644 --- a/src/SerialInfo.h +++ b/src/SerialInfo.h @@ -3,6 +3,8 @@ #ifndef serialinfo_h #define serialinfo_h +#include "ChunkedIO.h" + class SerialInfo { public: SerialInfo(Serializer* arg_s) diff --git a/src/Serializer.cc b/src/Serializer.cc index 5a75184fac..28dc6bbd01 100644 --- a/src/Serializer.cc +++ b/src/Serializer.cc @@ -18,7 +18,6 @@ #include "NetVar.h" #include "Conn.h" #include "Timer.h" -#include "RemoteSerializer.h" #include "iosource/Manager.h" Serializer::Serializer(SerializationFormat* arg_format) diff --git a/src/Sessions.h b/src/Sessions.h index b237428d25..880182c7cd 100644 --- a/src/Sessions.h +++ b/src/Sessions.h @@ -180,7 +180,6 @@ public: analyzer::tcp::TCPStateStats tcp_stats; // keeps statistics on TCP states protected: - friend class RemoteSerializer; friend class ConnCompressor; friend class TimerMgrExpireTimer; friend class IPTunnelTimer; diff --git a/src/StateAccess.cc b/src/StateAccess.cc index 958e67f5a7..134cca5db5 100644 --- a/src/StateAccess.cc +++ b/src/StateAccess.cc @@ -4,7 +4,6 @@ #include "Event.h" #include "NetVar.h" #include "DebugLogger.h" -#include "RemoteSerializer.h" int StateAccess::replaying = 0; @@ -134,100 +133,6 @@ void StateAccess::RefThem() Ref(op3); } -bool StateAccess::CheckOld(const char* op, ID* id, Val* index, - Val* should, Val* is) - { - if ( ! remote_check_sync_consistency ) - return true; - - if ( ! should && ! is ) - return true; - - // 'should == index' means that 'is' should be non-nil. - if ( should == index && is ) - return true; - - if ( should && is ) - { - // There's no general comparison for non-atomic vals currently. - if ( ! (is_atomic_val(is) && is_atomic_val(should)) ) - return true; - - if ( same_atomic_val(should, is) ) - return true; - } - - Val* arg1; - Val* arg2; - Val* arg3; - - if ( index ) - { - ODesc d; - d.SetShort(); - index->Describe(&d); - arg1 = new StringVal(fmt("%s[%s]", id->Name(), d.Description())); - } - else - arg1 = new StringVal(id->Name()); - - if ( should ) - { - ODesc d; - d.SetShort(); - should->Describe(&d); - arg2 = new StringVal(d.Description()); - } - else - arg2 = new StringVal(""); - - if ( is ) - { - ODesc d; - d.SetShort(); - is->Describe(&d); - arg3 = new StringVal(d.Description()); - } - else - arg3 = new StringVal(""); - - mgr.QueueEvent(remote_state_inconsistency, { - new StringVal(op), - arg1, - arg2, - arg3, - }); - - return false; - } - -bool StateAccess::CheckOldSet(const char* op, ID* id, Val* index, - bool should, bool is) - { - if ( ! remote_check_sync_consistency ) - return true; - - if ( should == is ) - return true; - - ODesc d; - d.SetShort(); - index->Describe(&d); - - Val* arg1 = new StringVal(fmt("%s[%s]", id->Name(), d.Description())); - Val* arg2 = new StringVal(should ? "set" : "not set"); - Val* arg3 = new StringVal(is ? "set" : "not set"); - - mgr.QueueEvent(remote_state_inconsistency, { - new StringVal(op), - arg1, - arg2, - arg3, - }); - - return false; - } - bool StateAccess::MergeTables(TableVal* dst, Val* src) { if ( src->Type()->Tag() != TYPE_TABLE ) @@ -286,7 +191,6 @@ void StateAccess::Replay() assert(op1.val); // There mustn't be a direct assignment to a unique ID. assert(target.id->Name()[0] != '#'); - CheckOld("assign", target.id, 0, op2, v); if ( t == TYPE_TABLE && v && v->AsTableVal()->FindAttr(ATTR_MERGEABLE) ) @@ -328,9 +232,6 @@ void StateAccess::Replay() break; } - CheckOld("index assign", target.id, op1.val, op3, - v->AsTableVal()->Lookup(op1.val)); - v->AsTableVal()->Assign(op1.val, op2 ? op2->Ref() : 0); } @@ -352,8 +253,6 @@ void StateAccess::Replay() break; } - CheckOld("index assign", target.id, op1.val, op3, - v->AsRecordVal()->Lookup(idx)); v->AsRecordVal()->Assign(idx, op2 ? op2->Ref() : 0); } else @@ -376,8 +275,6 @@ void StateAccess::Replay() break; } - CheckOld("index assign", target.id, op1.val, op3, - v->AsVectorVal()->Lookup(index)); v->AsVectorVal()->Assign(index, op2 ? op2->Ref() : 0); } @@ -441,8 +338,6 @@ void StateAccess::Replay() assert(op1.val); if ( t == TYPE_TABLE ) { - CheckOldSet("add", target.id, op1.val, op2 != 0, - v->AsTableVal()->Lookup(op1.val) != 0); v->AsTableVal()->Assign(op1.val, 0); } break; @@ -451,13 +346,6 @@ void StateAccess::Replay() assert(op1.val); if ( t == TYPE_TABLE ) { - if ( v->Type()->AsTableType()->IsSet() ) - CheckOldSet("delete", target.id, op1.val, op2 != 0, - v->AsTableVal()->Lookup(op1.val) != 0); - else - CheckOld("delete", target.id, op1.val, op2, - v->AsTableVal()->Lookup(op1.val)); - Unref(v->AsTableVal()->Delete(op1.val)); } break; @@ -476,14 +364,8 @@ void StateAccess::Replay() // are performed in the expire_func. StateAccess::ResumeReplay(); - if ( remote_serializer ) - remote_serializer->ResumeStateUpdates(); - tv->CallExpireFunc(op1.val->Ref()); - if ( remote_serializer ) - remote_serializer->SuspendStateUpdates(); - StateAccess::SuspendReplay(); Unref(tv->AsTableVal()->Delete(op1.val)); @@ -506,20 +388,7 @@ void StateAccess::Replay() // Update the timestamp if we have a read_expire. if ( tv->FindAttr(ATTR_EXPIRE_READ) ) { - if ( ! tv->UpdateTimestamp(op1.val) && - remote_check_sync_consistency ) - { - ODesc d; - d.SetShort(); - op1.val->Describe(&d); - - mgr.QueueEvent(remote_state_inconsistency, { - new StringVal("read"), - new StringVal(fmt("%s[%s]", target.id->Name(), d.Description())), - new StringVal("existent"), - new StringVal("not existent"), - }); - } + tv->UpdateTimestamp(op1.val); } } else @@ -532,14 +401,6 @@ void StateAccess::Replay() } --replaying; - - if ( remote_state_access_performed ) - { - mgr.QueueEventFast(remote_state_access_performed, { - new StringVal(target.id->Name()), - target.id->ID_Val()->Ref(), - }); - } } ID* StateAccess::Target() const @@ -596,50 +457,41 @@ bool StateAccess::DoSerialize(SerialInfo* info) const const Val* null = 0; - if ( remote_check_sync_consistency ) - { + switch ( opcode ) { + case OP_PRINT: + case OP_EXPIRE: + case OP_READ_IDX: + // No old. + SERIALIZE_OPTIONAL(null); + SERIALIZE_OPTIONAL(null); + break; + + case OP_INCR: + case OP_INCR_IDX: + // Always need old. SERIALIZE_OPTIONAL(op2); SERIALIZE_OPTIONAL(op3); - } + break; - else - { - switch ( opcode ) { - case OP_PRINT: - case OP_EXPIRE: - case OP_READ_IDX: - // No old. - SERIALIZE_OPTIONAL(null); - SERIALIZE_OPTIONAL(null); - break; + case OP_ASSIGN: + case OP_ADD: + case OP_DEL: + // Op2 is old. + SERIALIZE_OPTIONAL(null); + SERIALIZE_OPTIONAL(null); + break; - case OP_INCR: - case OP_INCR_IDX: - // Always need old. - SERIALIZE_OPTIONAL(op2); - SERIALIZE_OPTIONAL(op3); - break; + case OP_ASSIGN_IDX: + // Op3 is old. + SERIALIZE_OPTIONAL(op2); + SERIALIZE_OPTIONAL(null); + break; - case OP_ASSIGN: - case OP_ADD: - case OP_DEL: - // Op2 is old. - SERIALIZE_OPTIONAL(null); - SERIALIZE_OPTIONAL(null); - break; + default: + reporter->InternalError("StateAccess::DoSerialize: unknown opcode"); + } - case OP_ASSIGN_IDX: - // Op3 is old. - SERIALIZE_OPTIONAL(op2); - SERIALIZE_OPTIONAL(null); - break; - - default: - reporter->InternalError("StateAccess::DoSerialize: unknown opcode"); - } - } - - return true; + return true; } bool StateAccess::DoUnserialize(UnserialInfo* info) diff --git a/src/StateAccess.h b/src/StateAccess.h index 1e84430956..8530ec1d91 100644 --- a/src/StateAccess.h +++ b/src/StateAccess.h @@ -74,8 +74,6 @@ private: StateAccess() { target.id = 0; op1.val = op2 = op3 = 0; } void RefThem(); - bool CheckOld(const char* op, ID* id, Val* index, Val* should, Val* is); - bool CheckOldSet(const char* op, ID* id, Val* index, bool should, bool is); bool MergeTables(TableVal* dst, Val* src); DECLARE_SERIAL(StateAccess); diff --git a/src/Stmt.cc b/src/Stmt.cc index 6dba9eb251..5bf7c47d75 100644 --- a/src/Stmt.cc +++ b/src/Stmt.cc @@ -14,7 +14,6 @@ #include "Debug.h" #include "Traverse.h" #include "Trigger.h" -#include "RemoteSerializer.h" const char* stmt_name(BroStmtTag t) { @@ -301,9 +300,6 @@ Val* PrintStmt::DoExec(val_list* vals, stmt_flow_type& /* flow */) const {new Val(f), new StringVal(d.Len(), d.Description())}), true); } - - if ( remote_serializer ) - remote_serializer->SendPrintHookEvent(f, d.Description(), d.Len()); } return 0; diff --git a/src/Timer.cc b/src/Timer.cc index 154fde4188..519ceaae1e 100644 --- a/src/Timer.cc +++ b/src/Timer.cc @@ -20,7 +20,6 @@ const char* TimerNames[] = { "FileAnalysisInactivityTimer", "FlowWeirdTimer", "FragTimer", - "IncrementalSendTimer", "InterconnTimer", "IPTunnelInactivityTimer", "NetbiosExpireTimer", diff --git a/src/Timer.h b/src/Timer.h index 2f32d23e3e..2ce9f56e0b 100644 --- a/src/Timer.h +++ b/src/Timer.h @@ -25,7 +25,6 @@ enum TimerType { TIMER_FILE_ANALYSIS_INACTIVITY, TIMER_FLOW_WEIRD_EXPIRE, TIMER_FRAG, - TIMER_INCREMENTAL_SEND, TIMER_INTERCONN, TIMER_IP_TUNNEL_INACTIVITY, TIMER_NB_EXPIRE, diff --git a/src/Val.cc b/src/Val.cc index 9bc53665fc..07ae251fc2 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -21,7 +21,6 @@ #include "NetVar.h" #include "Expr.h" #include "Serializer.h" -#include "RemoteSerializer.h" #include "PrefixTable.h" #include "Conn.h" #include "Reporter.h" @@ -1562,18 +1561,9 @@ int TableVal::Assign(Val* index, HashKey* k, Val* new_val, Opcode op) else { // A set. - if ( old_entry_val && remote_check_sync_consistency ) - { - Val* has_old_val = val_mgr->GetInt(1); - StateAccess::Log( - new StateAccess(OP_ADD, this, index, - has_old_val)); - Unref(has_old_val); - } - else - StateAccess::Log( - new StateAccess(OP_ADD, this, - index, 0, 0)); + StateAccess::Log( + new StateAccess(OP_ADD, this, + index, 0, 0)); } if ( rec_index ) @@ -2057,20 +2047,12 @@ Val* TableVal::Delete(const Val* index) { if ( v ) { - if ( v->Value() && remote_check_sync_consistency ) - // A table. - StateAccess::Log( - new StateAccess(OP_DEL, this, - index, v->Value())); - else - { - // A set. - Val* has_old_val = val_mgr->GetInt(1); - StateAccess::Log( - new StateAccess(OP_DEL, this, index, - has_old_val)); - Unref(has_old_val); - } + // A set. + Val* has_old_val = val_mgr->GetInt(1); + StateAccess::Log( + new StateAccess(OP_DEL, this, index, + has_old_val)); + Unref(has_old_val); } else StateAccess::Log( diff --git a/src/Var.cc b/src/Var.cc index 98651bf900..3dd3d2702b 100644 --- a/src/Var.cc +++ b/src/Var.cc @@ -7,7 +7,6 @@ #include "Stmt.h" #include "Scope.h" #include "Serializer.h" -#include "RemoteSerializer.h" #include "EventRegistry.h" #include "Traverse.h" diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.cc b/src/analyzer/protocol/tcp/TCP_Reassembler.cc index 3a4654295d..fcd8237c55 100644 --- a/src/analyzer/protocol/tcp/TCP_Reassembler.cc +++ b/src/analyzer/protocol/tcp/TCP_Reassembler.cc @@ -1,5 +1,6 @@ #include +#include "File.h" #include "analyzer/Analyzer.h" #include "TCP_Reassembler.h" #include "analyzer/protocol/tcp/TCP.h" diff --git a/src/analyzer/protocol/tcp/functions.bif b/src/analyzer/protocol/tcp/functions.bif index 4aa218991e..c74c7ef9b5 100644 --- a/src/analyzer/protocol/tcp/functions.bif +++ b/src/analyzer/protocol/tcp/functions.bif @@ -1,5 +1,6 @@ %%{ +#include "File.h" #include "analyzer/protocol/tcp/TCP.h" %%} diff --git a/src/bro.bif b/src/bro.bif index d6a4fe3bc9..a4afb44577 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -4527,7 +4527,7 @@ function get_file_name%(f: file%): string ## after the rotation, and the time when *f* was opened/closed. ## ## .. zeek:see:: rotate_file_by_name calc_next_rotate -function rotate_file%(f: file%): rotate_info +function rotate_file%(f: file%): rotate_info &deprecated %{ RecordVal* info = f->Rotate(); if ( info ) @@ -4551,7 +4551,7 @@ function rotate_file%(f: file%): rotate_info ## after the rotation, and the time when *f* was opened/closed. ## ## .. zeek:see:: rotate_file calc_next_rotate -function rotate_file_by_name%(f: string%): rotate_info +function rotate_file_by_name%(f: string%): rotate_info &deprecated %{ RecordVal* info = new RecordVal(rotate_info); @@ -4605,7 +4605,7 @@ function rotate_file_by_name%(f: string%): rotate_info ## Returns: The duration until the next file rotation time. ## ## .. zeek:see:: rotate_file rotate_file_by_name -function calc_next_rotate%(i: interval%) : interval +function calc_next_rotate%(i: interval%) : interval &deprecated %{ const char* base_time = log_rotate_base_time ? log_rotate_base_time->AsString()->CheckString() : 0; diff --git a/src/broker/Data.cc b/src/broker/Data.cc index 754a51390b..849bad5d9b 100644 --- a/src/broker/Data.cc +++ b/src/broker/Data.cc @@ -1,4 +1,5 @@ #include "Data.h" +#include "File.h" #include "broker/data.bif.h" #include #include diff --git a/src/broker/Manager.h b/src/broker/Manager.h index a0520698da..6c1040f989 100644 --- a/src/broker/Manager.h +++ b/src/broker/Manager.h @@ -13,6 +13,7 @@ #include "Reporter.h" #include "iosource/IOSource.h" #include "Val.h" +#include "logging/WriterBackend.h" namespace bro_broker { diff --git a/src/event.bif b/src/event.bif index 3505c686a5..fd432feb84 100644 --- a/src/event.bif +++ b/src/event.bif @@ -600,201 +600,6 @@ event software_unparsed_version_found%(c: connection, host: addr, str: string%); ## generate_OS_version_event event OS_version_found%(c: connection, host: addr, OS: OS_version%); -## Generated when a connection to a remote Bro has been established. This event -## is intended primarily for use by Bro's communication framework, but it can -## also trigger additional code if helpful. -## -## p: A record describing the peer. -## -## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error -## remote_connection_handshake_done remote_event_registered remote_log remote_pong -## remote_state_access_performed remote_state_inconsistency print_hook -event remote_connection_established%(p: event_peer%); - -## Generated when a connection to a remote Bro has been closed. This event is -## intended primarily for use by Bro's communication framework, but it can -## also trigger additional code if helpful. -## -## p: A record describing the peer. -## -## .. zeek:see:: remote_capture_filter remote_connection_error -## remote_connection_established remote_connection_handshake_done -## remote_event_registered remote_log remote_pong remote_state_access_performed -## remote_state_inconsistency print_hook -event remote_connection_closed%(p: event_peer%); - -## Generated when a remote connection's initial handshake has been completed. -## This event is intended primarily for use by Bro's communication framework, -## but it can also trigger additional code if helpful. -## -## p: A record describing the peer. -## -## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error -## remote_connection_established remote_event_registered remote_log remote_pong -## remote_state_access_performed remote_state_inconsistency print_hook -event remote_connection_handshake_done%(p: event_peer%); - -## Generated for each event registered by a remote peer. This event is intended -## primarily for use by Bro's communication framework, but it can also trigger -## additional code if helpful. -## -## p: A record describing the peer. -## -## name: TODO. -## -## .. zeek:see:: remote_capture_filter remote_connection_closed -## remote_connection_error remote_connection_established -## remote_connection_handshake_done remote_log remote_pong -## remote_state_access_performed remote_state_inconsistency print_hook -event remote_event_registered%(p: event_peer, name: string%); - -## Generated when a connection to a remote Bro encountered an error. This event -## is intended primarily for use by Bro's communication framework, but it can -## also trigger additional code if helpful. -## -## p: A record describing the peer. -## -## reason: A textual description of the error. -## -## .. zeek:see:: remote_capture_filter remote_connection_closed -## remote_connection_established remote_connection_handshake_done -## remote_event_registered remote_log remote_pong remote_state_access_performed -## remote_state_inconsistency print_hook -event remote_connection_error%(p: event_peer, reason: string%); - -## Generated when a remote peer sent us a capture filter. While this event is -## intended primarily for use by Bro's communication framework, it can also -## trigger additional code if helpful. -## -## p: A record describing the peer. -## -## filter: The filter string sent by the peer. -## -## .. zeek:see:: remote_connection_closed remote_connection_error -## remote_connection_established remote_connection_handshake_done -## remote_event_registered remote_log remote_pong remote_state_access_performed -## remote_state_inconsistency print_hook -event remote_capture_filter%(p: event_peer, filter: string%); - -## Generated after a call to :zeek:id:`send_state` when all data has been -## successfully sent to the remote side. While this event is -## intended primarily for use by Bro's communication framework, it can also -## trigger additional code if helpful. -## -## p: A record describing the remote peer. -## -## .. zeek:see:: remote_capture_filter remote_connection_closed -## remote_connection_error remote_connection_established -## remote_connection_handshake_done remote_event_registered remote_log remote_pong -## remote_state_access_performed remote_state_inconsistency print_hook -event finished_send_state%(p: event_peer%); - -## Generated if state synchronization detects an inconsistency. While this -## event is intended primarily for use by Bro's communication framework, it can -## also trigger additional code if helpful. This event is only raised if -## :zeek:id:`remote_check_sync_consistency` is false. -## -## operation: The textual description of the state operation performed. -## -## id: The name of the Bro script identifier that was operated on. -## -## expected_old: A textual representation of the value of *id* that was -## expected to be found before the operation was carried out. -## -## real_old: A textual representation of the value of *id* that was actually -## found before the operation was carried out. The difference between -## *real_old* and *expected_old* is the inconsistency being reported. -## -## .. zeek:see:: remote_capture_filter remote_connection_closed -## remote_connection_error remote_connection_established -## remote_connection_handshake_done remote_event_registered remote_log remote_pong -## remote_state_access_performed print_hook remote_check_sync_consistency -event remote_state_inconsistency%(operation: string, id: string, - expected_old: string, real_old: string%); - -## Generated for communication log messages. While this event is -## intended primarily for use by Bro's communication framework, it can also -## trigger additional code if helpful. -## -## level: The log level, which is either :zeek:id:`REMOTE_LOG_INFO` or -## :zeek:id:`REMOTE_LOG_ERROR`. -## -## src: The component of the communication system that logged the message. -## Currently, this will be one of :zeek:id:`REMOTE_SRC_CHILD` (Bro's -## child process), :zeek:id:`REMOTE_SRC_PARENT` (Bro's main process), or -## :zeek:id:`REMOTE_SRC_SCRIPT` (the script level). -## -## msg: The message logged. -## -## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error -## remote_connection_established remote_connection_handshake_done -## remote_event_registered remote_pong remote_state_access_performed -## remote_state_inconsistency print_hook remote_log_peer -event remote_log%(level: count, src: count, msg: string%); - -## Generated for communication log messages. While this event is -## intended primarily for use by Bro's communication framework, it can also -## trigger additional code if helpful. This event is equivalent to -## :zeek:see:`remote_log` except the message is with respect to a certain peer. -## -## p: A record describing the remote peer. -## -## level: The log level, which is either :zeek:id:`REMOTE_LOG_INFO` or -## :zeek:id:`REMOTE_LOG_ERROR`. -## -## src: The component of the communication system that logged the message. -## Currently, this will be one of :zeek:id:`REMOTE_SRC_CHILD` (Bro's -## child process), :zeek:id:`REMOTE_SRC_PARENT` (Bro's main process), or -## :zeek:id:`REMOTE_SRC_SCRIPT` (the script level). -## -## msg: The message logged. -## -## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error -## remote_connection_established remote_connection_handshake_done -## remote_event_registered remote_pong remote_state_access_performed -## remote_state_inconsistency print_hook remote_log -event remote_log_peer%(p: event_peer, level: count, src: count, msg: string%); - -## Generated when a remote peer has answered to our ping. This event is part of -## Bro's infrastructure for measuring communication latency. One can send a ping -## by calling :zeek:id:`send_ping` and when a corresponding reply is received, -## this event will be raised. -## -## p: The peer sending us the pong. -## -## seq: The sequence number passed to the original :zeek:id:`send_ping` call. -## The number is sent back by the peer in its response. -## -## d1: The time interval between sending the ping and receiving the pong. This -## is the latency of the complete path. -## -## d2: The time interval between sending out the ping to the network and its -## reception at the peer. This is the network latency. -## -## d3: The time interval between when the peer's child process received the -## ping and when its parent process sent the pong. This is the -## processing latency at the peer. -## -## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error -## remote_connection_established remote_connection_handshake_done -## remote_event_registered remote_log remote_state_access_performed -## remote_state_inconsistency print_hook -event remote_pong%(p: event_peer, seq: count, - d1: interval, d2: interval, d3: interval%); - -## Generated each time a remote state access has been replayed locally. This -## event is primarily intended for debugging. -## -## id: The name of the Bro script variable that's being operated on. -## -## v: The new value of the variable. -## -## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error -## remote_connection_established remote_connection_handshake_done -## remote_event_registered remote_log remote_pong remote_state_inconsistency -## print_hook -event remote_state_access_performed%(id: string, v: any%); - ## Generated each time Bro's internal profiling log is updated. The file is ## defined by :zeek:id:`profiling_file`, and its update frequency by ## :zeek:id:`profiling_interval` and :zeek:id:`expensive_profiling_multiple`. diff --git a/src/file_analysis/analyzer/extract/Extract.cc b/src/file_analysis/analyzer/extract/Extract.cc index e7aca5bcf3..8761c8493c 100644 --- a/src/file_analysis/analyzer/extract/Extract.cc +++ b/src/file_analysis/analyzer/extract/Extract.cc @@ -1,6 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. #include +#include #include "Extract.h" #include "util.h" diff --git a/src/input/Manager.h b/src/input/Manager.h index abbf8793b5..6b48f69ee4 100644 --- a/src/input/Manager.h +++ b/src/input/Manager.h @@ -7,7 +7,6 @@ #include "BroString.h" #include "EventHandler.h" -#include "RemoteSerializer.h" #include "Val.h" #include "Component.h" diff --git a/src/iosource/Packet.cc b/src/iosource/Packet.cc index 3bb6e34e50..54d1cc6f27 100644 --- a/src/iosource/Packet.cc +++ b/src/iosource/Packet.cc @@ -2,6 +2,8 @@ #include "Packet.h" #include "Sessions.h" #include "iosource/Manager.h" +#include "SerialInfo.h" +#include "Serializer.h" extern "C" { #ifdef HAVE_NET_ETHERNET_H diff --git a/src/iosource/PktSrc.cc b/src/iosource/PktSrc.cc index 343801ab7d..5f7d180cde 100644 --- a/src/iosource/PktSrc.cc +++ b/src/iosource/PktSrc.cc @@ -160,21 +160,6 @@ double PktSrc::CheckPseudoTime() if ( ! ExtractNextPacketInternal() ) return 0; - if ( remote_trace_sync_interval ) - { - if ( next_sync_point == 0 || current_packet.time >= next_sync_point ) - { - int n = remote_serializer->SendSyncPoint(); - next_sync_point = first_timestamp + - n * remote_trace_sync_interval; - remote_serializer->Log(RemoteSerializer::LogInfo, - fmt("stopping at packet %.6f, next sync-point at %.6f", - current_packet.time, next_sync_point)); - - return 0; - } - } - double pseudo_time = current_packet.time - first_timestamp; double ct = (current_time(true) - first_wallclock) * pseudo_realtime; @@ -308,15 +293,6 @@ bool PktSrc::ExtractNextPacketInternal() if ( pseudo_realtime && ! IsOpen() ) { - if ( using_communication ) - { - // Source has gone dry, we're done. - if ( remote_trace_sync_interval ) - remote_serializer->SendFinalSyncPoint(); - else - remote_serializer->Terminate(); - } - if ( broker_mgr->Active() ) iosource_mgr->Terminate(); } diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index 39496671a2..0fe75b91db 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -2,11 +2,12 @@ #include -#include "../Event.h" -#include "../EventHandler.h" -#include "../NetVar.h" -#include "../Net.h" -#include "../Type.h" +#include "Event.h" +#include "EventHandler.h" +#include "NetVar.h" +#include "Net.h" +#include "Type.h" +#include "File.h" #include "broker/Manager.h" #include "threading/Manager.h" @@ -16,8 +17,8 @@ #include "WriterFrontend.h" #include "WriterBackend.h" #include "logging.bif.h" -#include "../plugin/Plugin.h" -#include "../plugin/Manager.h" +#include "plugin/Plugin.h" +#include "plugin/Manager.h" using namespace logging; @@ -1300,32 +1301,6 @@ bool Manager::WriteFromRemote(EnumVal* id, EnumVal* writer, string path, int num return true; } -void Manager::SendAllWritersTo(RemoteSerializer::PeerID peer) - { - auto et = internal_type("Log::Writer")->AsEnumType(); - - for ( vector::iterator s = streams.begin(); s != streams.end(); ++s ) - { - Stream* stream = (*s); - - if ( ! (stream && stream->enable_remote) ) - continue; - - for ( Stream::WriterMap::iterator i = stream->writers.begin(); - i != stream->writers.end(); i++ ) - { - WriterFrontend* writer = i->second->writer; - auto writer_val = et->GetVal(i->first.first); - remote_serializer->SendLogCreateWriter(peer, (*s)->id, - writer_val, - *i->second->info, - writer->NumFields(), - writer->Fields()); - Unref(writer_val); - } - } - } - void Manager::SendAllWritersTo(const broker::endpoint_info& ei) { auto et = internal_type("Log::Writer")->AsEnumType(); diff --git a/src/logging/Manager.h b/src/logging/Manager.h index d04def7938..96ff2ea0c9 100644 --- a/src/logging/Manager.h +++ b/src/logging/Manager.h @@ -10,14 +10,12 @@ #include "../Val.h" #include "../Tag.h" #include "../EventHandler.h" -#include "../RemoteSerializer.h" #include "../plugin/ComponentManager.h" #include "Component.h" #include "WriterBackend.h" class SerializationFormat; -class RemoteSerializer; class RotationTimer; namespace logging { @@ -234,7 +232,6 @@ protected: friend class WriterFrontend; friend class RotationFinishedMessage; friend class RotationFailedMessage; - friend class ::RemoteSerializer; friend class ::RotationTimer; // Instantiates a new WriterBackend of the given type (note that @@ -248,9 +245,6 @@ protected: int num_fields, const threading::Field* const* fields, bool local, bool remote, bool from_remote, const string& instantiating_filter=""); - // Announces all instantiated writers to peer. - void SendAllWritersTo(RemoteSerializer::PeerID peer); - // Signals that a file has been rotated. bool FinishedRotation(WriterFrontend* writer, const char* new_name, const char* old_name, double open, double close, bool success, bool terminating); diff --git a/src/logging/WriterBackend.cc b/src/logging/WriterBackend.cc index 4416e41d17..7bede8f6e6 100644 --- a/src/logging/WriterBackend.cc +++ b/src/logging/WriterBackend.cc @@ -4,6 +4,7 @@ #include "util.h" #include "threading/SerialTypes.h" +#include "SerializationFormat.h" #include "Manager.h" #include "WriterBackend.h" diff --git a/src/logging/WriterBackend.h b/src/logging/WriterBackend.h index 74541d8586..187a1957d7 100644 --- a/src/logging/WriterBackend.h +++ b/src/logging/WriterBackend.h @@ -9,8 +9,6 @@ #include "Component.h" -class RemoteSerializer; - namespace broker { class data; } namespace logging { diff --git a/src/logging/WriterFrontend.cc b/src/logging/WriterFrontend.cc index 56bbf68161..fdc4a7a97b 100644 --- a/src/logging/WriterFrontend.cc +++ b/src/logging/WriterFrontend.cc @@ -169,12 +169,6 @@ void WriterFrontend::Init(int arg_num_fields, const Field* const * arg_fields) if ( remote ) { - remote_serializer->SendLogCreateWriter(stream, - writer, - *info, - arg_num_fields, - arg_fields); - broker_mgr->PublishLogCreate(stream, writer, *info, @@ -201,12 +195,6 @@ void WriterFrontend::Write(int arg_num_fields, Value** vals) if ( remote ) { - remote_serializer->SendLogWrite(stream, - writer, - info->path, - num_fields, - vals); - broker_mgr->PublishLogWrite(stream, writer, info->path, diff --git a/src/main.cc b/src/main.cc index ce9e49ea7a..450e242b3c 100644 --- a/src/main.cc +++ b/src/main.cc @@ -39,7 +39,6 @@ extern "C" { #include "RuleMatcher.h" #include "Anon.h" #include "Serializer.h" -#include "RemoteSerializer.h" #include "EventRegistry.h" #include "Stats.h" #include "Brofiler.h" @@ -102,7 +101,6 @@ EventHandlerPtr net_done = 0; RuleMatcher* rule_matcher = 0; FileSerializer* event_serializer = 0; FileSerializer* state_serializer = 0; -RemoteSerializer* remote_serializer = 0; EventPlayer* event_player = 0; EventRegistry* event_registry = 0; ProfileLogger* profiling_logger = 0; @@ -272,10 +270,6 @@ void done_with_network() { set_processing_status("TERMINATING", "done_with_network"); - // Release the port, which is important for checkpointing Bro. - if ( remote_serializer ) - remote_serializer->StopListening(); - // Cancel any pending alarms (watchdog, in particular). (void) alarm(0); @@ -299,9 +293,6 @@ void done_with_network() mgr.Drain(); mgr.Drain(); - if ( remote_serializer ) - remote_serializer->Finish(); - net_finish(1); #ifdef USE_PERFTOOLS_DEBUG @@ -349,9 +340,6 @@ void terminate_bro() delete profiling_logger; } - if ( remote_serializer ) - remote_serializer->LogStats(); - mgr.Drain(); log_mgr->Terminate(); @@ -782,7 +770,6 @@ int main(int argc, char** argv) dns_mgr->SetDir(".state"); iosource_mgr = new iosource::Manager(); - remote_serializer = new RemoteSerializer(); event_registry = new EventRegistry(); analyzer_mgr = new analyzer::Manager(); log_mgr = new logging::Manager(); diff --git a/src/threading/SerialTypes.cc b/src/threading/SerialTypes.cc index 8468d19ea8..dcc35f793c 100644 --- a/src/threading/SerialTypes.cc +++ b/src/threading/SerialTypes.cc @@ -2,8 +2,8 @@ #include "SerialTypes.h" -#include "../RemoteSerializer.h" - +#include "SerializationFormat.h" +#include "Reporter.h" using namespace threading; diff --git a/src/threading/SerialTypes.h b/src/threading/SerialTypes.h index 5a8361feba..65bb79b659 100644 --- a/src/threading/SerialTypes.h +++ b/src/threading/SerialTypes.h @@ -13,7 +13,6 @@ using namespace std; class SerializationFormat; -class RemoteSerializer; namespace threading { @@ -78,8 +77,6 @@ struct Field { string TypeName() const; private: - friend class ::RemoteSerializer; - // Force usage of constructor above. Field() {} }; diff --git a/testing/btest/Baseline/coverage.bare-mode-errors/errors b/testing/btest/Baseline/coverage.bare-mode-errors/errors index 72de702972..359ae2c616 100644 --- a/testing/btest/Baseline/coverage.bare-mode-errors/errors +++ b/testing/btest/Baseline/coverage.bare-mode-errors/errors @@ -1,2 +1,6 @@ +warning in /Users/johanna/bro/master/scripts/policy/misc/trim-trace-file.zeek, line 25: deprecated (rotate_file_by_name) +warning in /Users/johanna/bro/master/scripts/policy/misc/trim-trace-file.zeek, line 25: deprecated (rotate_file_by_name) warning in /Users/johanna/bro/master/scripts/policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from /Users/johanna/bro/master/testing/btest/../../scripts//zeexygen/__load__.zeek:9 "Use '@load base/protocols/smb' instead" +warning in /Users/johanna/bro/master/scripts/policy/misc/trim-trace-file.zeek, line 25: deprecated (rotate_file_by_name) +warning in /Users/johanna/bro/master/testing/btest/../../scripts//policy/misc/trim-trace-file.zeek, line 25: deprecated (rotate_file_by_name) warning in /Users/johanna/bro/master/testing/btest/../../scripts//policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from command line arguments "Use '@load base/protocols/smb' instead" From ed644e39a0bc4fc042eb81e3ad8bacb0cb2bb5e5 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Fri, 3 May 2019 15:26:03 -0700 Subject: [PATCH 066/247] Remove support for using &&/|| with patterns. This was never documented and previously deprecated. --- src/Expr.cc | 7 ------- 1 file changed, 7 deletions(-) diff --git a/src/Expr.cc b/src/Expr.cc index eccdf1a6b8..e6cb9937c4 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -1883,13 +1883,6 @@ BoolExpr::BoolExpr(BroExprTag arg_tag, Expr* arg_op1, Expr* arg_op2) else SetType(base_type(TYPE_BOOL)); } - - else if ( bt1 == TYPE_PATTERN && bt2 == bt1 ) - { - reporter->Warning("&& and || operators deprecated for pattern operands"); - SetType(base_type(TYPE_PATTERN)); - } - else ExprError("requires boolean operands"); } From 69eee058c18376c75bfb6d75732961d800d8b6e1 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Sat, 4 May 2019 11:13:48 -0700 Subject: [PATCH 067/247] Improve processing of broker data store responses Now retrieves and processes all N available responses at once instead of one-by-one-until-empty. The later may be problematic from two points: (1) hitting the shared queue/mailbox matching logic once per response instead of once per Process() and (2) looping until empty is not clearly bounded -- imagining a condition where there's a thread trying to push a large influx of responses into the mailbox while at the same time we're trying to take from it until it's empty. --- src/broker/Manager.cc | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc index 959ef6cb9d..1da35a87b4 100644 --- a/src/broker/Manager.cc +++ b/src/broker/Manager.cc @@ -936,11 +936,15 @@ void Manager::Process() for ( auto& s : data_stores ) { - while ( ! s.second->proxy.mailbox().empty() ) + auto num_available = s.second->proxy.mailbox().size(); + + if ( num_available > 0 ) { had_input = true; - auto response = s.second->proxy.receive(); - ProcessStoreResponse(s.second, move(response)); + auto responses = s.second->proxy.receive(num_available); + + for ( auto& r : responses ) + ProcessStoreResponse(s.second, move(r)); } } From 72ec093d564dae90f8ae7d75376179b3f2f046a5 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Mon, 6 May 2019 10:57:24 -0700 Subject: [PATCH 068/247] Deprecations: Update NEWS, and tie up a few loose ends. Broccoli was still present in the source in a few places, debug outputs that do no longer exist were too. Part of GH-243 --- NEWS | 57 ++++++++++++++++++++++++++++++++++++++++------ doc | 2 +- man/bro.8 | 3 --- src/Attr.cc | 3 +-- src/DebugLogger.cc | 4 ++-- src/DebugLogger.h | 2 -- src/SerialInfo.h | 14 ------------ 7 files changed, 54 insertions(+), 31 deletions(-) diff --git a/NEWS b/NEWS index d0d92f77b0..ac8a02c8d4 100644 --- a/NEWS +++ b/NEWS @@ -244,17 +244,55 @@ Removed Functionality - ``dhcp_offer`` - ``dhcp_release`` - ``dhcp_request`` - - ``remote_state_access_performed`` - - ``remote_state_inconsistency`` - - ``remote_log_peer`` - - ``remote_log`` - - ``finished_send_state`` - - ``remote_pong`` + - ``remote_state_access_performed`` + - ``remote_state_inconsistency`` + - ``remote_connection_established`` + - ``remote_connection_closed`` + - ``remote_connection_handshake_done`` + - ``remote_event_registered`` + - ``remote_connection_error`` + - ``remote_capture_filter`` + - ``remote_log_peer`` + - ``remote_log`` - ``finished_send_state`` + - ``remote_pong`` + +- The following types/records were deprecated in version 2.6 or below and are + removed from this release: + + - ``peer_id`` + - ``event_peer`` + +- The following configuration options were deprecated in version 2.6 or below and are + removed from this release: + + - ``max_remote_events_processed`` + - ``forward_remote_events`` + - ``forward_remote_state_changes`` + - ``enable_syslog`` + - ``remote_trace_sync_interval`` + - ``remote_trace_sync_peers`` + - ``remote_check_sync_consistency`` + +- The following constants were used as part of deprecated functionality in version 2.6 + or below and are removed from this release: + + - ``PEER_ID_NONE`` + - ``REMOTE_LOG_INFO`` + - ``REMOTE_SRC_CHILD`` + - ``REMOTE_SRC_PARENT`` + - ``REMOTE_SRC_SCRIPT`` - The deprecated script ``policy/protocols/smb/__load__.bro`` was removed. Instead of ``@load policy/protocols/smb`` use ``@load base/protocols/smb``. +- Broccoli, which had been deprecated in version 2.6 and was no longer built by default + was removed from the source tree. + +- Support for the &persistent and the &synchronized attributes, which were deprecated + in Bro 2.6, was removed. The ``-g`` command-line option (dump-config) which relied on + this functionality was also removed. + Deprecated Functionality ------------------------ @@ -269,6 +307,11 @@ Deprecated Functionality such that existing code will not break, but will emit a deprecation warning. +- The ``rotate_file``, ``rotate_file_by_name`` and ``calc_next_rotate`` functions + were marked as deprecated. These functions were used with the old pre-2.0 logging + framework and are no longer used. They also were marked as deprecated in their + documentation, however the functions themselves did not carry the deprecation marker. + Bro 2.6 ======= @@ -640,7 +683,7 @@ New Functionality Each has the same form, e.g.:: event tcp_multiple_retransmissions(c: connection, is_orig: bool, - threshold: count); + threshold: count); - Added support for set union, intersection, difference, and comparison operations. The corresponding operators for the first three are diff --git a/doc b/doc index 8aa690e20d..6c099d4bff 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit 8aa690e20d19f79805d7f680e454e4ea10231add +Subproject commit 6c099d4bff68f9f9d97952dfaca048425f12027a diff --git a/man/bro.8 b/man/bro.8 index 37c20bf0c5..9dffbe2a27 100644 --- a/man/bro.8 +++ b/man/bro.8 @@ -36,9 +36,6 @@ augment loaded policies by given code \fB\-f\fR,\ \-\-filter tcpdump filter .TP -\fB\-g\fR,\ \-\-dump\-config -dump current config into .state dir -.TP \fB\-h\fR,\ \-\-help|\-? command line help .TP diff --git a/src/Attr.cc b/src/Attr.cc index 1f555dab23..a3d8d15e20 100644 --- a/src/Attr.cc +++ b/src/Attr.cc @@ -556,8 +556,7 @@ bool Attributes::DoSerialize(SerialInfo* info) const { Attr* a = (*attrs)[i]; - // Broccoli doesn't support expressions. - Expr* e = (! info->broccoli_peer) ? a->AttrExpr() : 0; + Expr* e = a->AttrExpr(); SERIALIZE_OPTIONAL(e); if ( ! SERIALIZE(char(a->Tag())) ) diff --git a/src/DebugLogger.cc b/src/DebugLogger.cc index 8df6a5ef55..7adc7aa65a 100644 --- a/src/DebugLogger.cc +++ b/src/DebugLogger.cc @@ -11,9 +11,9 @@ DebugLogger debug_logger; // Same order here as in DebugStream. DebugLogger::Stream DebugLogger::streams[NUM_DBGS] = { - { "serial", 0, false }, { "rules", 0, false }, { "comm", 0, false }, + { "serial", 0, false }, { "rules", 0, false }, { "state", 0, false }, { "chunkedio", 0, false }, - { "compressor", 0, false }, {"string", 0, false }, + {"string", 0, false }, { "notifiers", 0, false }, { "main-loop", 0, false }, { "dpd", 0, false }, { "tm", 0, false }, { "logging", 0, false }, {"input", 0, false }, diff --git a/src/DebugLogger.h b/src/DebugLogger.h index dab9fd9758..db646bd0cf 100644 --- a/src/DebugLogger.h +++ b/src/DebugLogger.h @@ -16,10 +16,8 @@ enum DebugStream { DBG_SERIAL, // Serialization DBG_RULES, // Signature matching - DBG_COMM, // Remote communication DBG_STATE, // StateAccess logging DBG_CHUNKEDIO, // ChunkedIO logging - DBG_COMPRESSOR, // Connection compressor DBG_STRING, // String code DBG_NOTIFIERS, // Notifiers (see StateAccess.h) DBG_MAINLOOP, // Main IOSource loop diff --git a/src/SerialInfo.h b/src/SerialInfo.h index 616fa011b6..294c5747ba 100644 --- a/src/SerialInfo.h +++ b/src/SerialInfo.h @@ -17,7 +17,6 @@ public: pid_32bit = false; include_locations = true; new_cache_strategy = false; - broccoli_peer = false; } SerialInfo(const SerialInfo& info) @@ -32,7 +31,6 @@ public: pid_32bit = info.pid_32bit; include_locations = info.include_locations; new_cache_strategy = info.new_cache_strategy; - broccoli_peer = info.broccoli_peer; } // Parameters that control serialization. @@ -51,11 +49,6 @@ public: // If true, we support keeping objs in cache permanently. bool new_cache_strategy; - // If true, we're connecting to a Broccoli. If so, serialization - // specifics may be adapted for functionality Broccoli does not - // support. - bool broccoli_peer; - ChunkedIO::Chunk* chunk; // chunk written right before the serialization // Attributes set during serialization. @@ -80,7 +73,6 @@ public: print = 0; pid_32bit = false; new_cache_strategy = false; - broccoli_peer = false; } UnserialInfo(const UnserialInfo& info) @@ -97,7 +89,6 @@ public: print = info.print; pid_32bit = info.pid_32bit; new_cache_strategy = info.new_cache_strategy; - broccoli_peer = info.broccoli_peer; } // Parameters that control unserialization. @@ -118,11 +109,6 @@ public: // If true, we support keeping objs in cache permanently. bool new_cache_strategy; - // If true, we're connecting to a Broccoli. If so, serialization - // specifics may be adapted for functionality Broccoli does not - // support. - bool broccoli_peer; - // If a global ID already exits, of these policies is used. enum { Keep, // keep the old ID and ignore the new From 9b49c7cbc63e5205885654fa9c784fe298d735b6 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Mon, 6 May 2019 18:56:47 +0000 Subject: [PATCH 069/247] Fix missing include file on Linux --- src/analyzer/protocol/krb/KRB.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/analyzer/protocol/krb/KRB.h b/src/analyzer/protocol/krb/KRB.h index 7eee46d838..6a6af93c45 100644 --- a/src/analyzer/protocol/krb/KRB.h +++ b/src/analyzer/protocol/krb/KRB.h @@ -9,6 +9,8 @@ #include #endif +#include + namespace analyzer { namespace krb { class KRB_Analyzer : public analyzer::Analyzer { From 5484c40b1f210b312bad7f1ec43416484b3a8d3d Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 6 May 2019 14:15:37 -0700 Subject: [PATCH 070/247] GH-353: Add `//i` case-insensitive signature syntax --- NEWS | 3 ++ src/rule-scan.l | 21 ++++++-- .../signatures.udp-packetwise-insensitive/out | 6 +++ .../udp-packetwise-insensitive.zeek | 53 +++++++++++++++++++ 4 files changed, 80 insertions(+), 3 deletions(-) create mode 100644 testing/btest/Baseline/signatures.udp-packetwise-insensitive/out create mode 100644 testing/btest/signatures/udp-packetwise-insensitive.zeek diff --git a/NEWS b/NEWS index 082ad782b1..d4127d8cfd 100644 --- a/NEWS +++ b/NEWS @@ -76,6 +76,9 @@ New Functionality the DNS resolver to use by setting it to an IPv4 or IPv6 address. If not set, then the first IPv4 address from /etc/resolv.conf gets used. +- The ``//i`` convenience syntax for case-insensitive patterns is now + also allowed when specifying patterns used in signature files. + Changed Functionality --------------------- diff --git a/src/rule-scan.l b/src/rule-scan.l index f280d6132b..c7cdb75bd4 100644 --- a/src/rule-scan.l +++ b/src/rule-scan.l @@ -24,7 +24,7 @@ STRING \"([^\n\"]|\\\")*\" IDCOMPONENT [0-9a-zA-Z_][0-9a-zA-Z_-]* ID {IDCOMPONENT}(::{IDCOMPONENT})* IP6 ("["({HEX}:){7}{HEX}"]")|("["0x{HEX}({HEX}|:)*"::"({HEX}|:)*"]")|("["({HEX}|:)*"::"({HEX}|:)*"]")|("["({HEX}|:)*"::"({HEX}|:)*({D}"."){3}{D}"]") -RE \/(\\\/)?([^/]|[^\\]\\\/)*\/ +RE \/(\\\/)?([^/]|[^\\]\\\/)*\/i? META \.[^ \t]+{WS}[^\n]+ PIDCOMPONENT [A-Za-z_][A-Za-z_0-9]* PID {PIDCOMPONENT}(::{PIDCOMPONENT})* @@ -189,8 +189,23 @@ finger { rules_lval.val = Rule::FINGER; return TOK_PATTERN_TYPE; } } {RE} { - *(yytext + strlen(yytext) - 1) = '\0'; - rules_lval.str = yytext + 1; + auto len = strlen(yytext); + + if ( yytext[len - 1] == 'i' ) + { + *(yytext + len - 2) = '\0'; + const char fmt[] = "(?i:%s)"; + int n = len + strlen(fmt); + char* s = new char[n + 5 /* slop */]; + safe_snprintf(s, n + 5, fmt, yytext + 1); + rules_lval.str = s; + } + else + { + *(yytext + len - 1) = '\0'; + rules_lval.str = yytext + 1; + } + return TOK_PATTERN; } diff --git a/testing/btest/Baseline/signatures.udp-packetwise-insensitive/out b/testing/btest/Baseline/signatures.udp-packetwise-insensitive/out new file mode 100644 index 0000000000..5b5066d638 --- /dev/null +++ b/testing/btest/Baseline/signatures.udp-packetwise-insensitive/out @@ -0,0 +1,6 @@ +signature match, Found .*XXXX, XXXX +signature match, Found .*YYYY, YYYY +signature match, Found XXXX, XXXX +signature match, Found YYYY, YYYY +signature match, Found ^XXXX, XXXX +signature match, Found ^YYYY, YYYY diff --git a/testing/btest/signatures/udp-packetwise-insensitive.zeek b/testing/btest/signatures/udp-packetwise-insensitive.zeek new file mode 100644 index 0000000000..b1be478834 --- /dev/null +++ b/testing/btest/signatures/udp-packetwise-insensitive.zeek @@ -0,0 +1,53 @@ +# @TEST-EXEC: bro -r $TRACES/udp-signature-test.pcap %INPUT | sort >out +# @TEST-EXEC: btest-diff out + +@load-sigs test.sig + +@TEST-START-FILE test.sig +signature xxxx { + ip-proto = udp + payload /xXxX/i + event "Found XXXX" +} + +signature axxxx { + ip-proto = udp + payload /^xxxx/i + event "Found ^XXXX" +} + +signature sxxxx { + ip-proto = udp + payload /.*xxXx/i + event "Found .*XXXX" +} + +signature yyyy { + ip-proto = udp + payload /YYYY/i + event "Found YYYY" +} + +signature ayyyy { + ip-proto = udp + payload /^YYYY/i + event "Found ^YYYY" +} + +signature syyyy { + ip-proto = udp + payload /.*YYYY/i + event "Found .*YYYY" +} + +signature nope { + ip-proto = udp + payload /.*nope/i + event "Found .*nope" +} +@TEST-END-FILE + +event signature_match(state: signature_state, msg: string, data: string) + { + print "signature match", msg, data; + } From 89b8d6e7ba15cf0d9f9ce52f8fadaa9cd6acc04c Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Sun, 5 May 2019 03:49:25 +0000 Subject: [PATCH 071/247] Update for renaming BroControl to ZeekControl. --- CMakeLists.txt | 6 +++--- aux/broctl | 2 +- aux/zeek-aux | 2 +- configure | 18 +++++++++--------- doc | 2 +- .../frameworks/cluster/setup-connections.zeek | 2 +- scripts/base/frameworks/control/main.zeek | 2 +- testing/scripts/travis-job | 6 +++--- 8 files changed, 20 insertions(+), 20 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index ac8f1b3a3b..29b9115026 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -331,14 +331,14 @@ add_subdirectory(man) include(CheckOptionalBuildSources) -CheckOptionalBuildSources(aux/broctl Broctl INSTALL_BROCTL) +CheckOptionalBuildSources(aux/broctl ZeekControl INSTALL_ZEEKCTL) CheckOptionalBuildSources(aux/bro-aux Bro-Aux INSTALL_AUX_TOOLS) CheckOptionalBuildSources(aux/broccoli Broccoli INSTALL_BROCCOLI) ######################################################################## ## Packaging Setup -if (INSTALL_BROCTL) +if (INSTALL_ZEEKCTL) # CPack RPM Generator may not automatically detect this set(CPACK_RPM_PACKAGE_REQUIRES "python >= 2.6.0") endif () @@ -374,7 +374,7 @@ message( "\nCPP: ${CMAKE_CXX_COMPILER}" "\n" "\nBroccoli: ${INSTALL_BROCCOLI}" - "\nBroctl: ${INSTALL_BROCTL}" + "\nZeekControl: ${INSTALL_ZEEKCTL}" "\nAux. Tools: ${INSTALL_AUX_TOOLS}" "\n" "\nlibmaxminddb: ${USE_GEOIP}" diff --git a/aux/broctl b/aux/broctl index 4dac52cb18..06ef996216 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 4dac52cb18657f579ffb917146fe3881cdfcc96d +Subproject commit 06ef99621675dc33ed29687a975d684e0ceab0cd diff --git a/aux/zeek-aux b/aux/zeek-aux index ba482418c4..6cca8a0b85 160000 --- a/aux/zeek-aux +++ b/aux/zeek-aux @@ -1 +1 @@ -Subproject commit ba482418c4e16551fd7b9128a4082348ef2842f0 +Subproject commit 6cca8a0b853c57bd30ca4c5b9998166fdd561067 diff --git a/configure b/configure index 98bfc5308d..fbdf3f0709 100755 --- a/configure +++ b/configure @@ -34,12 +34,12 @@ Usage: $0 [OPTION]... [VAR=VALUE]... --prefix=PREFIX installation directory [/usr/local/bro] --scriptdir=PATH root installation directory for Bro scripts [PREFIX/share/bro] - --localstatedir=PATH when using BroControl, path to store log files + --localstatedir=PATH when using ZeekControl, path to store log files and run-time data (within log/ and spool/ subdirs) [PREFIX] - --spooldir=PATH when using BroControl, path to store run-time data + --spooldir=PATH when using ZeekControl, path to store run-time data [PREFIX/spool] - --logdir=PATH when using BroControl, path to store log file + --logdir=PATH when using ZeekControl, path to store log file [PREFIX/logs] --conf-files-dir=PATH config files installation directory [PREFIX/etc] @@ -54,7 +54,7 @@ Usage: $0 [OPTION]... [VAR=VALUE]... --enable-broccoli build or install the Broccoli library (deprecated) --enable-static-broker build broker statically (ignored if --with-broker is specified) --enable-static-binpac build binpac statically (ignored if --with-binpac is specified) - --disable-broctl don't install Broctl + --disable-zeekctl don't install ZeekControl --disable-auxtools don't build or install auxiliary tools --disable-perftools don't try to build with Google Perftools --disable-python don't try to build python bindings for broker @@ -132,7 +132,7 @@ prefix=/usr/local/bro CMakeCacheEntries="" append_cache_entry CMAKE_INSTALL_PREFIX PATH $prefix append_cache_entry BRO_ROOT_DIR PATH $prefix -append_cache_entry PY_MOD_INSTALL_DIR PATH $prefix/lib/broctl +append_cache_entry PY_MOD_INSTALL_DIR PATH $prefix/lib/zeekctl append_cache_entry BRO_SCRIPT_INSTALL_PATH STRING $prefix/share/bro append_cache_entry BRO_ETC_INSTALL_DIR PATH $prefix/etc append_cache_entry ENABLE_DEBUG BOOL false @@ -142,7 +142,7 @@ append_cache_entry ENABLE_JEMALLOC BOOL false append_cache_entry BUILD_SHARED_LIBS BOOL true append_cache_entry INSTALL_BROCCOLI BOOL false append_cache_entry INSTALL_AUX_TOOLS BOOL true -append_cache_entry INSTALL_BROCTL BOOL true +append_cache_entry INSTALL_ZEEKCTL BOOL true append_cache_entry CPACK_SOURCE_IGNORE_FILES STRING append_cache_entry ENABLE_MOBILE_IPV6 BOOL false append_cache_entry DISABLE_PERFTOOLS BOOL false @@ -182,7 +182,7 @@ while [ $# -ne 0 ]; do prefix=$optarg append_cache_entry CMAKE_INSTALL_PREFIX PATH $optarg append_cache_entry BRO_ROOT_DIR PATH $optarg - append_cache_entry PY_MOD_INSTALL_DIR PATH $optarg/lib/broctl + append_cache_entry PY_MOD_INSTALL_DIR PATH $optarg/lib/zeekctl ;; --scriptdir=*) append_cache_entry BRO_SCRIPT_INSTALL_PATH STRING $optarg @@ -231,8 +231,8 @@ while [ $# -ne 0 ]; do --enable-static-binpac) append_cache_entry BUILD_STATIC_BINPAC BOOL true ;; - --disable-broctl) - append_cache_entry INSTALL_BROCTL BOOL false + --disable-zeekctl) + append_cache_entry INSTALL_ZEEKCTL BOOL false ;; --disable-auxtools) append_cache_entry INSTALL_AUX_TOOLS BOOL false diff --git a/doc b/doc index d9cf0d7a24..09a23d3eb5 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit d9cf0d7a242b6924797aea0a70bd87879b8f1e17 +Subproject commit 09a23d3eb58c133e66ab51d8daecf047db708736 diff --git a/scripts/base/frameworks/cluster/setup-connections.zeek b/scripts/base/frameworks/cluster/setup-connections.zeek index 4903f62c0a..9e9374c8b9 100644 --- a/scripts/base/frameworks/cluster/setup-connections.zeek +++ b/scripts/base/frameworks/cluster/setup-connections.zeek @@ -44,7 +44,7 @@ function connect_peers_with_type(node_type: NodeType) event zeek_init() &priority=-10 { - if ( getenv("BROCTL_CHECK_CONFIG") != "" ) + if ( getenv("ZEEKCTL_CHECK_CONFIG") != "" ) return; local self = nodes[node]; diff --git a/scripts/base/frameworks/control/main.zeek b/scripts/base/frameworks/control/main.zeek index ad1bf3bcce..7ab92a728b 100644 --- a/scripts/base/frameworks/control/main.zeek +++ b/scripts/base/frameworks/control/main.zeek @@ -6,7 +6,7 @@ module Control; export { ## The topic prefix used for exchanging control messages via Broker. - const topic_prefix = "bro/control"; + const topic_prefix = "zeek/control"; ## Whether the controllee should call :zeek:see:`Broker::listen`. ## In a cluster, this isn't needed since the setup process calls it. diff --git a/testing/scripts/travis-job b/testing/scripts/travis-job index 767984b44e..ac00f1bc6e 100644 --- a/testing/scripts/travis-job +++ b/testing/scripts/travis-job @@ -53,7 +53,7 @@ build_coverity() { # outside of Travis). make distclean > /dev/null - ./configure --prefix=`pwd`/build/root --enable-debug --disable-perftools --disable-broker-tests --disable-python --disable-broctl + ./configure --prefix=`pwd`/build/root --enable-debug --disable-perftools --disable-broker-tests --disable-python --disable-zeekctl export PATH=`pwd`/coverity-tools/bin:$PATH cd build @@ -124,9 +124,9 @@ build() { # outside of Travis). make distclean > /dev/null - # Skip building broker tests, python bindings, and broctl, as these are + # Skip building broker tests, python bindings, and zeekctl, as these are # not needed by the bro tests. - ./configure --build-type=Release --disable-broker-tests --disable-python --disable-broctl && make -j 2 + ./configure --build-type=Release --disable-broker-tests --disable-python --disable-zeekctl && make -j 2 } From dbb49b17f45e24f27af74cb5b8060462ad2078ad Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 7 May 2019 20:15:31 -0700 Subject: [PATCH 072/247] Reduce data copying in Broker message processing --- src/broker/Manager.cc | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc index 959ef6cb9d..7b21fd9078 100644 --- a/src/broker/Manager.cc +++ b/src/broker/Manager.cc @@ -91,17 +91,17 @@ struct scoped_reporter_location { }; #ifdef DEBUG -static std::string RenderMessage(std::string topic, broker::data x) +static std::string RenderMessage(std::string topic, const broker::data& x) { return fmt("%s -> %s", broker::to_string(x).c_str(), topic.c_str()); } -static std::string RenderEvent(std::string topic, std::string name, broker::data args) +static std::string RenderEvent(std::string topic, std::string name, const broker::data& args) { return fmt("%s(%s) -> %s", name.c_str(), broker::to_string(args).c_str(), topic.c_str()); } -static std::string RenderMessage(broker::store::response x) +static std::string RenderMessage(const broker::store::response& x) { return fmt("%s [id %" PRIu64 "]", (x.answer ? broker::to_string(*x.answer).c_str() : ""), x.id); } @@ -361,7 +361,7 @@ bool Manager::PublishEvent(string topic, std::string name, broker::vector args) DBG_LOG(DBG_BROKER, "Publishing event: %s", RenderEvent(topic, name, args).c_str()); broker::bro::Event ev(std::move(name), std::move(args)); - bstate->endpoint.publish(move(topic), std::move(ev)); + bstate->endpoint.publish(move(topic), ev.move_data()); ++statistics.num_events_outgoing; return true; } @@ -423,8 +423,8 @@ bool Manager::PublishIdentifier(std::string topic, std::string id) broker::bro::IdentifierUpdate msg(move(id), move(*data)); DBG_LOG(DBG_BROKER, "Publishing id-update: %s", - RenderMessage(topic, msg).c_str()); - bstate->endpoint.publish(move(topic), move(msg)); + RenderMessage(topic, msg.as_data()).c_str()); + bstate->endpoint.publish(move(topic), msg.move_data()); ++statistics.num_ids_outgoing; return true; } @@ -474,14 +474,14 @@ bool Manager::PublishLogCreate(EnumVal* stream, EnumVal* writer, auto bwriter_id = broker::enum_value(move(writer_id)); broker::bro::LogCreate msg(move(bstream_id), move(bwriter_id), move(writer_info), move(fields_data)); - DBG_LOG(DBG_BROKER, "Publishing log creation: %s", RenderMessage(topic, msg).c_str()); + DBG_LOG(DBG_BROKER, "Publishing log creation: %s", RenderMessage(topic, msg.as_data()).c_str()); if ( peer.node != NoPeer.node ) // Direct message. - bstate->endpoint.publish(peer, move(topic), move(msg)); + bstate->endpoint.publish(peer, move(topic), msg.move_data()); else // Broadcast. - bstate->endpoint.publish(move(topic), move(msg)); + bstate->endpoint.publish(move(topic), msg.move_data()); return true; } @@ -563,7 +563,7 @@ bool Manager::PublishLogWrite(EnumVal* stream, EnumVal* writer, string path, int broker::bro::LogWrite msg(move(bstream_id), move(bwriter_id), move(path), move(serial_data)); - DBG_LOG(DBG_BROKER, "Buffering log record: %s", RenderMessage(topic, msg).c_str()); + DBG_LOG(DBG_BROKER, "Buffering log record: %s", RenderMessage(topic, msg.as_data()).c_str()); if ( log_buffers.size() <= (unsigned int)stream_id_num ) log_buffers.resize(stream_id_num + 1); @@ -571,7 +571,7 @@ bool Manager::PublishLogWrite(EnumVal* stream, EnumVal* writer, string path, int auto& lb = log_buffers[stream_id_num]; ++lb.message_count; auto& pending_batch = lb.msgs[topic]; - pending_batch.emplace_back(std::move(msg)); + pending_batch.emplace_back(msg.move_data()); if ( lb.message_count >= LOG_BATCH_SIZE || (network_time - lb.last_flush >= LOG_BUFFER_INTERVAL) ) @@ -597,7 +597,7 @@ size_t Manager::LogBuffer::Flush(broker::endpoint& endpoint) batch.reserve(LOG_BATCH_SIZE + 1); pending_batch.swap(batch); broker::bro::Batch msg(std::move(batch)); - endpoint.publish(topic, move(msg)); + endpoint.publish(topic, msg.move_data()); } auto rval = message_count; @@ -953,7 +953,7 @@ void Manager::ProcessEvent(const broker::topic& topic, broker::bro::Event ev) if ( ! ev.valid() ) { reporter->Warning("received invalid broker Event: %s", - broker::to_string(ev).data()); + broker::to_string(ev.as_data()).data()); return; } @@ -1026,7 +1026,7 @@ void Manager::ProcessEvent(const broker::topic& topic, broker::bro::Event ev) bool bro_broker::Manager::ProcessLogCreate(broker::bro::LogCreate lc) { - DBG_LOG(DBG_BROKER, "Received log-create: %s", RenderMessage(lc).c_str()); + DBG_LOG(DBG_BROKER, "Received log-create: %s", RenderMessage(lc.as_data()).c_str()); if ( ! lc.valid() ) { reporter->Warning("received invalid broker LogCreate: %s", @@ -1096,7 +1096,7 @@ bool bro_broker::Manager::ProcessLogCreate(broker::bro::LogCreate lc) bool bro_broker::Manager::ProcessLogWrite(broker::bro::LogWrite lw) { - DBG_LOG(DBG_BROKER, "Received log-write: %s", RenderMessage(lw).c_str()); + DBG_LOG(DBG_BROKER, "Received log-write: %s", RenderMessage(lw.as_data()).c_str()); if ( ! lw.valid() ) { @@ -1183,7 +1183,7 @@ bool bro_broker::Manager::ProcessLogWrite(broker::bro::LogWrite lw) bool Manager::ProcessIdentifierUpdate(broker::bro::IdentifierUpdate iu) { - DBG_LOG(DBG_BROKER, "Received id-update: %s", RenderMessage(iu).c_str()); + DBG_LOG(DBG_BROKER, "Received id-update: %s", RenderMessage(iu.as_data()).c_str()); if ( ! iu.valid() ) { From cb6b9a1f1a914fb462a0bf6acea26b08fef1429d Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 8 May 2019 12:42:18 -0700 Subject: [PATCH 073/247] Allow tuning Broker log batching via scripts Via redefining "Broker::log_batch_size" or "Broker::log_batch_interval" --- CHANGES | 6 ++++++ VERSION | 2 +- doc | 2 +- scripts/base/frameworks/broker/main.zeek | 8 ++++++++ src/broker/Manager.cc | 24 ++++++++++-------------- src/broker/Manager.h | 4 +++- 6 files changed, 29 insertions(+), 17 deletions(-) diff --git a/CHANGES b/CHANGES index adb24b8ed4..c4d2d26a68 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,10 @@ +2.6-277 | 2019-05-08 12:42:18 -0700 + + * Allow tuning Broker log batching via scripts (Jon Siwek, Corelight) + + Via redefining "Broker::log_batch_size" or "Broker::log_batch_interval" + 2.6-276 | 2019-05-08 09:03:27 -0700 * Force the Broker IOSource to idle periodically, preventing packet diff --git a/VERSION b/VERSION index 5a9089c29d..64298b5057 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-276 +2.6-277 diff --git a/doc b/doc index 736323fe8a..6eb2d810ad 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit 736323fe8a78fd8478325c134afe38c075e297a7 +Subproject commit 6eb2d810ad7b2f66f6739bc23dc82ba5d6b27ec1 diff --git a/scripts/base/frameworks/broker/main.zeek b/scripts/base/frameworks/broker/main.zeek index f64ff0ce14..a61f81f239 100644 --- a/scripts/base/frameworks/broker/main.zeek +++ b/scripts/base/frameworks/broker/main.zeek @@ -61,6 +61,14 @@ export { ## control mechanisms). const congestion_queue_size = 200 &redef; + ## The max number of log entries per log stream to batch together when + ## sending log messages to a remote logger. + const log_batch_size = 400 &redef; + + ## Max time to buffer log messages before sending the current set out as a + ## batch. + const log_batch_interval = 1sec &redef; + ## Max number of threads to use for Broker/CAF functionality. The ## BRO_BROKER_MAX_THREADS environment variable overrides this setting. const max_threads = 1 &redef; diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc index ebde5229d3..fbc15b3c18 100644 --- a/src/broker/Manager.cc +++ b/src/broker/Manager.cc @@ -23,14 +23,6 @@ using namespace std; namespace bro_broker { -// Max number of log messages buffered per stream before we send them out as -// a batch. -static const int LOG_BATCH_SIZE = 400; - -// Max secs to buffer log messages before sending the current set out as a -// batch. -static const double LOG_BUFFER_INTERVAL = 1.0; - static inline Val* get_option(const char* option) { auto id = global_scope()->Lookup(option); @@ -141,6 +133,8 @@ Manager::Manager(bool arg_reading_pcaps) after_zeek_init = false; peer_count = 0; times_processed_without_idle = 0; + log_batch_size = 0; + log_batch_interval = 0; log_topic_func = nullptr; vector_of_data_type = nullptr; log_id_type = nullptr; @@ -157,6 +151,8 @@ void Manager::InitPostScript() { DBG_LOG(DBG_BROKER, "Initializing"); + log_batch_size = get_option("Broker::log_batch_size")->AsCount(); + log_batch_interval = get_option("Broker::log_batch_interval")->AsInterval(); default_log_topic_prefix = get_option("Broker::default_log_topic_prefix")->AsString()->CheckString(); log_topic_func = get_option("Broker::log_topic")->AsFunc(); @@ -574,14 +570,14 @@ bool Manager::PublishLogWrite(EnumVal* stream, EnumVal* writer, string path, int auto& pending_batch = lb.msgs[topic]; pending_batch.emplace_back(std::move(msg)); - if ( lb.message_count >= LOG_BATCH_SIZE || - (network_time - lb.last_flush >= LOG_BUFFER_INTERVAL) ) - statistics.num_logs_outgoing += lb.Flush(bstate->endpoint); + if ( lb.message_count >= log_batch_size || + (network_time - lb.last_flush >= log_batch_interval ) ) + statistics.num_logs_outgoing += lb.Flush(bstate->endpoint, log_batch_size); return true; } -size_t Manager::LogBuffer::Flush(broker::endpoint& endpoint) +size_t Manager::LogBuffer::Flush(broker::endpoint& endpoint, size_t log_batch_size) { if ( endpoint.is_shutdown() ) return 0; @@ -595,7 +591,7 @@ size_t Manager::LogBuffer::Flush(broker::endpoint& endpoint) auto& topic = kv.first; auto& pending_batch = kv.second; broker::vector batch; - batch.reserve(LOG_BATCH_SIZE + 1); + batch.reserve(log_batch_size + 1); pending_batch.swap(batch); broker::bro::Batch msg(std::move(batch)); endpoint.publish(topic, move(msg)); @@ -613,7 +609,7 @@ size_t Manager::FlushLogBuffers() auto rval = 0u; for ( auto& lb : log_buffers ) - rval += lb.Flush(bstate->endpoint); + rval += lb.Flush(bstate->endpoint, log_batch_interval); return rval; } diff --git a/src/broker/Manager.h b/src/broker/Manager.h index 901cd4d06c..004ad01dc9 100644 --- a/src/broker/Manager.h +++ b/src/broker/Manager.h @@ -353,7 +353,7 @@ private: double last_flush; size_t message_count; - size_t Flush(broker::endpoint& endpoint); + size_t Flush(broker::endpoint& endpoint, size_t batch_size); }; // Data stores @@ -385,6 +385,8 @@ private: int peer_count; int times_processed_without_idle; + size_t log_batch_size; + double log_batch_interval; Func* log_topic_func; VectorType* vector_of_data_type; EnumType* log_id_type; From 474efe9e69f94de3fc57f76dd8d95edfe3e86abd Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Thu, 9 May 2019 11:52:51 -0700 Subject: [PATCH 074/247] Remove value serialization. Note - this compiles, but you cannot run Bro anymore - it crashes immediately with a 0-pointer access. The reason behind it is that the required clone functionality does not work anymore. --- src/Attr.cc | 68 - src/Attr.h | 5 - src/CMakeLists.txt | 3 - src/ChunkedIO.cc | 1357 ------------------ src/ChunkedIO.h | 362 ----- src/Conn.cc | 193 --- src/Conn.h | 8 - src/DebugLogger.cc | 3 +- src/DebugLogger.h | 3 +- src/Event.cc | 3 +- src/Event.h | 1 - src/EventHandler.cc | 20 - src/EventHandler.h | 8 - src/Expr.cc | 841 ----------- src/Expr.h | 99 -- src/File.cc | 142 -- src/File.h | 5 - src/Func.cc | 134 -- src/Func.h | 10 - src/ID.cc | 205 --- src/ID.h | 6 - src/Net.cc | 1 - src/Obj.cc | 65 - src/Obj.h | 21 +- src/OpaqueVal.cc | 359 ----- src/OpaqueVal.h | 14 - src/RE.cc | 53 +- src/RE.h | 9 +- src/Reassem.cc | 35 - src/Reassem.h | 5 - src/SerialInfo.h | 10 - src/SerialObj.cc | 277 ---- src/SerialObj.h | 382 ----- src/SerializationFormat.cc | 2 +- src/Serializer.cc | 1059 -------------- src/Serializer.h | 363 ----- src/StateAccess.cc | 142 -- src/StateAccess.h | 12 +- src/Stmt.cc | 525 ------- src/Stmt.h | 47 - src/Timer.cc | 36 - src/Timer.h | 9 +- src/Type.cc | 518 +------ src/Type.h | 31 - src/Val.cc | 791 +--------- src/Val.h | 52 +- src/Var.cc | 1 - src/analyzer/protocol/tcp/TCP_Reassembler.cc | 14 - src/analyzer/protocol/tcp/TCP_Reassembler.h | 2 - src/bro.bif | 29 +- src/broker/Data.cc | 74 +- src/broker/Data.h | 2 - src/broker/Manager.cc | 1 + src/broker/Store.cc | 42 - src/broker/Store.h | 2 - src/file_analysis/FileReassembler.cc | 15 - src/file_analysis/FileReassembler.h | 2 - src/file_analysis/analyzer/x509/OCSP.cc | 30 - src/file_analysis/analyzer/x509/OCSP.h | 1 - src/file_analysis/analyzer/x509/X509.cc | 38 - src/file_analysis/analyzer/x509/X509.h | 2 - src/iosource/Packet.cc | 65 - src/iosource/Packet.h | 16 - src/logging/WriterBackend.cc | 53 - src/logging/WriterBackend.h | 2 - src/main.cc | 38 +- src/probabilistic/BitVector.cc | 54 - src/probabilistic/BitVector.h | 29 +- src/probabilistic/BloomFilter.cc | 57 +- src/probabilistic/BloomFilter.h | 29 +- src/probabilistic/CardinalityCounter.cc | 46 - src/probabilistic/CardinalityCounter.h | 19 - src/probabilistic/CounterVector.cc | 41 +- src/probabilistic/CounterVector.h | 32 +- src/probabilistic/Hasher.cc | 91 -- src/probabilistic/Hasher.h | 14 +- src/probabilistic/Topk.cc | 106 -- src/probabilistic/Topk.h | 2 - 78 files changed, 58 insertions(+), 9185 deletions(-) delete mode 100644 src/ChunkedIO.cc delete mode 100644 src/ChunkedIO.h delete mode 100644 src/SerialObj.cc delete mode 100644 src/SerialObj.h delete mode 100644 src/Serializer.cc delete mode 100644 src/Serializer.h diff --git a/src/Attr.cc b/src/Attr.cc index a3d8d15e20..6d8217b060 100644 --- a/src/Attr.cc +++ b/src/Attr.cc @@ -4,7 +4,6 @@ #include "Attr.h" #include "Expr.h" -#include "Serializer.h" #include "threading/SerialTypes.h" const char* attr_name(attr_tag t) @@ -531,70 +530,3 @@ bool Attributes::operator==(const Attributes& other) const return true; } -bool Attributes::Serialize(SerialInfo* info) const - { - return SerialObj::Serialize(info); - } - -Attributes* Attributes::Unserialize(UnserialInfo* info) - { - return (Attributes*) SerialObj::Unserialize(info, SER_ATTRIBUTES); - } - -IMPLEMENT_SERIAL(Attributes, SER_ATTRIBUTES); - -bool Attributes::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_ATTRIBUTES, BroObj); - - info->s->WriteOpenTag("Attributes"); - assert(type); - if ( ! (type->Serialize(info) && SERIALIZE(attrs->length())) ) - return false; - - loop_over_list((*attrs), i) - { - Attr* a = (*attrs)[i]; - - Expr* e = a->AttrExpr(); - SERIALIZE_OPTIONAL(e); - - if ( ! SERIALIZE(char(a->Tag())) ) - return false; - } - - info->s->WriteCloseTag("Attributes"); - return true; - } - -bool Attributes::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BroObj); - - type = BroType::Unserialize(info); - if ( ! type ) - return false; - - int len; - if ( ! UNSERIALIZE(&len) ) - return false; - - attrs = new attr_list(len); - while ( len-- ) - { - Expr* e; - UNSERIALIZE_OPTIONAL(e, Expr::Unserialize(info)) - - char tag; - if ( ! UNSERIALIZE(&tag) ) - { - delete e; - return false; - } - - attrs->append(new Attr((attr_tag)tag, e)); - } - - return true; - } - diff --git a/src/Attr.h b/src/Attr.h index 4a1110bc04..0400d44910 100644 --- a/src/Attr.h +++ b/src/Attr.h @@ -96,17 +96,12 @@ public: attr_list* Attrs() { return attrs; } - bool Serialize(SerialInfo* info) const; - static Attributes* Unserialize(UnserialInfo* info); - bool operator==(const Attributes& other) const; protected: Attributes() : type(), attrs(), in_record() { } void CheckAttr(Attr* attr); - DECLARE_SERIAL(Attributes); - BroType* type; attr_list* attrs; bool in_record; diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index f09d0d224e..8839aec9a0 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -247,7 +247,6 @@ set(bro_SRCS Brofiler.cc BroString.cc CCL.cc - ChunkedIO.cc CompHash.cc Conn.cc ConvertUTF.c @@ -302,8 +301,6 @@ set(bro_SRCS SmithWaterman.cc Scope.cc SerializationFormat.cc - SerialObj.cc - Serializer.cc Sessions.cc StateAccess.cc Stats.cc diff --git a/src/ChunkedIO.cc b/src/ChunkedIO.cc deleted file mode 100644 index c57ab34dc8..0000000000 --- a/src/ChunkedIO.cc +++ /dev/null @@ -1,1357 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include - -#include -#include - -#include - -#include "bro-config.h" -#include "ChunkedIO.h" -#include "NetVar.h" - -ChunkedIO::ChunkedIO() : stats(), tag(), pure() - { - } - -void ChunkedIO::Stats(char* buffer, int length) - { - safe_snprintf(buffer, length, - "bytes=%luK/%luK chunks=%lu/%lu io=%lu/%lu bytes/io=%.2fK/%.2fK", - stats.bytes_read / 1024, stats.bytes_written / 1024, - stats.chunks_read, stats.chunks_written, - stats.reads, stats.writes, - stats.bytes_read / (1024.0 * stats.reads), - stats.bytes_written / (1024.0 * stats.writes)); - } - -#ifdef DEBUG_COMMUNICATION - -void ChunkedIO::AddToBuffer(uint32 len, char* data, bool is_read) - { - Chunk* copy = new Chunk; - copy->len = len; - copy->data = new char[len]; - memcpy(copy->data, data, len); - - std::list* l = is_read ? &data_read : &data_written; - l->push_back(copy); - - if ( l->size() > DEBUG_COMMUNICATION ) - { - Chunk* old = l->front(); - l->pop_front(); - delete [] old->data; - delete old; - } - } - -void ChunkedIO::AddToBuffer(Chunk* chunk, bool is_read) - { - AddToBuffer(chunk->len, chunk->data, is_read); - } - -void ChunkedIO::DumpDebugData(const char* basefnname, bool want_reads) - { - std::list* l = want_reads ? &data_read : &data_written; - - int count = 0; - - for ( std::list::iterator i = l->begin(); i != l->end(); ++i ) - { - static char buffer[128]; - snprintf(buffer, sizeof(buffer), "%s.%s.%d", basefnname, - want_reads ? "read" : "write", ++count); - buffer[sizeof(buffer) - 1] = '\0'; - - int fd = open(buffer, O_WRONLY | O_CREAT | O_TRUNC, 0600); - if ( fd < 0 ) - continue; - - ChunkedIOFd io(fd, "dump-file"); - io.Write(*i); - io.Flush(); - safe_close(fd); - } - - l->clear(); - } - -#endif - -ChunkedIOFd::ChunkedIOFd(int arg_fd, const char* arg_tag, pid_t arg_pid) - { - int flags; - - tag = arg_tag; - fd = arg_fd; - eof = 0; - last_flush = current_time(); - failed_reads = 0; - - if ( (flags = fcntl(fd, F_GETFL, 0)) < 0) - { - Log(fmt("can't obtain socket flags: %s", strerror(errno))); - exit(1); - } - - if ( fcntl(fd, F_SETFL, flags|O_NONBLOCK) < 0 ) - { - Log(fmt("can't set fd to non-blocking: %s (%d)", - strerror(errno), getpid())); - exit(1); - } - - read_buffer = new char[BUFFER_SIZE]; - read_len = 0; - read_pos = 0; - partial = 0; - write_buffer = new char[BUFFER_SIZE]; - write_len = 0; - write_pos = 0; - - pending_head = 0; - pending_tail = 0; - - pid = arg_pid; - } - -ChunkedIOFd::~ChunkedIOFd() - { - Clear(); - - delete [] read_buffer; - delete [] write_buffer; - safe_close(fd); - delete partial; - } - -bool ChunkedIOFd::Write(Chunk* chunk) - { -#ifdef DEBUG - DBG_LOG(DBG_CHUNKEDIO, "write of size %d [%s]", - chunk->len, fmt_bytes(chunk->data, min((uint32)20, chunk->len))); -#endif - -#ifdef DEBUG_COMMUNICATION - AddToBuffer(chunk, false); -#endif - - if ( chunk->len <= BUFFER_SIZE - sizeof(uint32) ) - return WriteChunk(chunk, false); - - // We have to split it up. - char* p = chunk->data; - uint32 left = chunk->len; - - while ( left ) - { - uint32 sz = min(BUFFER_SIZE - sizeof(uint32), left); - Chunk* part = new Chunk(new char[sz], sz); - - memcpy(part->data, p, part->len); - left -= part->len; - p += part->len; - - if ( ! WriteChunk(part, left != 0) ) - return false; - } - - delete chunk; - return true; - } - -bool ChunkedIOFd::WriteChunk(Chunk* chunk, bool partial) - { - assert(chunk->len <= BUFFER_SIZE - sizeof(uint32) ); - - if ( chunk->len == 0 ) - InternalError("attempt to write 0 bytes chunk"); - - if ( partial ) - chunk->len |= FLAG_PARTIAL; - - ++stats.chunks_written; - - // If it fits into the buffer, we're done (but keep care not - // to reorder chunks). - if ( ! pending_head && PutIntoWriteBuffer(chunk) ) - return true; - - // Otherwise queue it. - ++stats.pending; - ChunkQueue* q = new ChunkQueue; - q->chunk = chunk; - q->next = 0; - - if ( pending_tail ) - { - pending_tail->next = q; - pending_tail = q; - } - else - pending_head = pending_tail = q; - - write_flare.Fire(); - return Flush(); - } - - -bool ChunkedIOFd::PutIntoWriteBuffer(Chunk* chunk) - { - uint32 len = chunk->len & ~FLAG_PARTIAL; - - if ( write_len + len + (IsPure() ? 0 : sizeof(len)) > BUFFER_SIZE ) - return false; - - if ( ! IsPure() ) - { - uint32 nlen = htonl(chunk->len); - memcpy(write_buffer + write_len, &nlen, sizeof(nlen)); - write_len += sizeof(nlen); - } - - memcpy(write_buffer + write_len, chunk->data, len); - write_len += len; - - delete chunk; - write_flare.Fire(); - - if ( network_time - last_flush > 0.005 ) - FlushWriteBuffer(); - - return true; - } - -bool ChunkedIOFd::FlushWriteBuffer() - { - last_flush = network_time; - - while ( write_pos != write_len ) - { - uint32 len = write_len - write_pos; - - int written = write(fd, write_buffer + write_pos, len); - - if ( written < 0 ) - { - if ( errno == EPIPE ) - eof = true; - - if ( errno != EINTR ) - // These errnos are equal on POSIX. - return errno == EWOULDBLOCK || errno == EAGAIN; - - else - written = 0; - } - - stats.bytes_written += written; - if ( written > 0 ) - ++stats.writes; - - if ( unsigned(written) == len ) - { - write_pos = write_len = 0; - - if ( ! pending_head ) - write_flare.Extinguish(); - - return true; - } - - if ( written == 0 ) - InternalError("written==0"); - - // Short write. - write_pos += written; - } - - return true; - } - -bool ChunkedIOFd::OptionalFlush() - { - // This threshhold is quite arbitrary. -// if ( current_time() - last_flush > 0.01 ) - return Flush(); - } - -bool ChunkedIOFd::Flush() - { - // Try to write data out. - while ( pending_head ) - { - if ( ! FlushWriteBuffer() ) - return false; - - // If we couldn't write the whole buffer, we stop here - // and try again next time. - if ( write_len > 0 ) - return true; - - // Put as many pending chunks into the buffer as possible. - while ( pending_head ) - { - if ( ! PutIntoWriteBuffer(pending_head->chunk) ) - break; - - ChunkQueue* q = pending_head; - pending_head = pending_head->next; - if ( ! pending_head ) - pending_tail = 0; - - --stats.pending; - delete q; - } - } - - bool rval = FlushWriteBuffer(); - - if ( ! pending_head && write_len == 0 ) - write_flare.Extinguish(); - - return rval; - } - -uint32 ChunkedIOFd::ChunkAvailable() - { - int bytes_left = read_len - read_pos; - - if ( bytes_left < int(sizeof(uint32)) ) - return 0; - - bytes_left -= sizeof(uint32); - - // We have to copy the value here as it may not be - // aligned correctly in the data. - uint32 len; - memcpy(&len, read_buffer + read_pos, sizeof(len)); - len = ntohl(len); - - if ( uint32(bytes_left) < (len & ~FLAG_PARTIAL) ) - return 0; - - assert(len & ~FLAG_PARTIAL); - - return len; - } - -ChunkedIO::Chunk* ChunkedIOFd::ExtractChunk() - { - uint32 len = ChunkAvailable(); - uint32 real_len = len & ~FLAG_PARTIAL; - if ( ! real_len ) - return 0; - - read_pos += sizeof(uint32); - - Chunk* chunk = new Chunk(new char[real_len], len); - memcpy(chunk->data, read_buffer + read_pos, real_len); - read_pos += real_len; - - ++stats.chunks_read; - - return chunk; - } - -ChunkedIO::Chunk* ChunkedIOFd::ConcatChunks(Chunk* c1, Chunk* c2) - { - uint32 sz = c1->len + c2->len; - Chunk* c = new Chunk(new char[sz], sz); - - memcpy(c->data, c1->data, c1->len); - memcpy(c->data + c1->len, c2->data, c2->len); - - delete c1; - delete c2; - - return c; - } - -void ChunkedIO::Log(const char* str) - { - //RemoteSerializer::Log(RemoteSerializer::LogError, str); - } - -bool ChunkedIOFd::Read(Chunk** chunk, bool may_block) - { - *chunk = 0; - - // We will be called regularly. So take the opportunity - // to flush the write buffer once in a while. - OptionalFlush(); - - if ( ! ReadChunk(chunk, may_block) ) - { -#ifdef DEBUG_COMMUNICATION - AddToBuffer("", true); -#endif - if ( ! ChunkAvailable() ) - read_flare.Extinguish(); - - return false; - } - - if ( ! *chunk ) - { -#ifdef DEBUG_COMMUNICATION - AddToBuffer("", true); -#endif - read_flare.Extinguish(); - return true; - } - - if ( ChunkAvailable() ) - read_flare.Fire(); - else - read_flare.Extinguish(); - -#ifdef DEBUG - if ( *chunk ) - DBG_LOG(DBG_CHUNKEDIO, "read of size %d %s[%s]", - (*chunk)->len & ~FLAG_PARTIAL, - (*chunk)->len & FLAG_PARTIAL ? "(P) " : "", - fmt_bytes((*chunk)->data, - min((uint32)20, (*chunk)->len))); -#endif - - if ( ! ((*chunk)->len & FLAG_PARTIAL) ) - { - if ( ! partial ) - { -#ifdef DEBUG_COMMUNICATION - AddToBuffer(*chunk, true); -#endif - return true; - } - else - { - // This is the last chunk of an oversized one. - *chunk = ConcatChunks(partial, *chunk); - partial = 0; - -#ifdef DEBUG - if ( *chunk ) - DBG_LOG(DBG_CHUNKEDIO, - "built virtual chunk of size %d [%s]", - (*chunk)->len, - fmt_bytes((*chunk)->data, 20)); -#endif - -#ifdef DEBUG_COMMUNICATION - AddToBuffer(*chunk, true); -#endif - return true; - } - } - - // This chunk is the non-last part of an oversized. - (*chunk)->len &= ~FLAG_PARTIAL; - - if ( ! partial ) - // First part of oversized chunk. - partial = *chunk; - else - partial = ConcatChunks(partial, *chunk); - -#ifdef DEBUG_COMMUNICATION - AddToBuffer("", true); -#endif - - *chunk = 0; - return true; // Read following part next time. - } - -bool ChunkedIOFd::ReadChunk(Chunk** chunk, bool may_block) - { - // We will be called regularly. So take the opportunity - // to flush the write buffer once in a while. - OptionalFlush(); - - *chunk = ExtractChunk(); - if ( *chunk ) - return true; - - int bytes_left = read_len - read_pos; - - // If we have a partial chunk left, move this to the head of - // the buffer. - if ( bytes_left ) - memmove(read_buffer, read_buffer + read_pos, bytes_left); - - read_pos = 0; - read_len = bytes_left; - - if ( ! ChunkAvailable() ) - read_flare.Extinguish(); - - // If allowed, wait a bit for something to read. - if ( may_block ) - { - fd_set fd_read, fd_write, fd_except; - - FD_ZERO(&fd_read); - FD_ZERO(&fd_write); - FD_ZERO(&fd_except); - FD_SET(fd, &fd_read); - - struct timeval small_timeout; - small_timeout.tv_sec = 0; - small_timeout.tv_usec = 50; - - select(fd + 1, &fd_read, &fd_write, &fd_except, &small_timeout); - } - - // Make sure the process is still runnning - // (only checking for EPIPE after a read doesn't - // seem to be sufficient). - if ( pid && kill(pid, 0) < 0 && errno != EPERM ) - { - eof = true; - errno = EPIPE; - return false; - } - - // Try to fill the buffer. - while ( true ) - { - int len = BUFFER_SIZE - read_len; - int read = ::read(fd, read_buffer + read_len, len); - - if ( read < 0 ) - { - if ( errno != EINTR ) - { - // These errnos are equal on POSIX. - if ( errno == EWOULDBLOCK || errno == EAGAIN ) - { - // Let's see if we have a chunk now -- - // even if we time out, we may have read - // just enough in previous iterations! - *chunk = ExtractChunk(); - ++failed_reads; - return true; - } - - if ( errno == EPIPE ) - eof = true; - - return false; - } - - else - read = 0; - } - - failed_reads = 0; - - if ( read == 0 && len != 0 ) - { - *chunk = ExtractChunk(); - if ( *chunk ) - return true; - - eof = true; - return false; - } - - read_len += read; - - ++stats.reads; - stats.bytes_read += read; - - if ( read == len ) - break; - } - - // Let's see if we have a chunk now. - *chunk = ExtractChunk(); - - return true; - } - -bool ChunkedIOFd::CanRead() - { - // We will be called regularly. So take the opportunity - // to flush the write buffer once in a while. - OptionalFlush(); - - if ( ChunkAvailable() ) - return true; - - fd_set fd_read; - FD_ZERO(&fd_read); - FD_SET(fd, &fd_read); - - struct timeval no_timeout; - no_timeout.tv_sec = 0; - no_timeout.tv_usec = 0; - - return select(fd + 1, &fd_read, 0, 0, &no_timeout) > 0; - } - -bool ChunkedIOFd::CanWrite() - { - return pending_head != 0; - } - -bool ChunkedIOFd::IsIdle() - { - if ( pending_head || ChunkAvailable() ) - return false; - - if ( failed_reads > 0 ) - return true; - - return false; - } - -bool ChunkedIOFd::IsFillingUp() - { - return stats.pending > chunked_io_buffer_soft_cap; - } - -iosource::FD_Set ChunkedIOFd::ExtraReadFDs() const - { - iosource::FD_Set rval; - rval.Insert(write_flare.FD()); - rval.Insert(read_flare.FD()); - return rval; - } - -void ChunkedIOFd::Clear() - { - while ( pending_head ) - { - ChunkQueue* next = pending_head->next; - delete pending_head->chunk; - delete pending_head; - pending_head = next; - } - - pending_head = pending_tail = 0; - - if ( write_len == 0 ) - write_flare.Extinguish(); - } - -const char* ChunkedIOFd::Error() - { - static char buffer[1024]; - safe_snprintf(buffer, sizeof(buffer), "%s [%d]", strerror(errno), errno); - - return buffer; - } - -void ChunkedIOFd::Stats(char* buffer, int length) - { - int i = safe_snprintf(buffer, length, "pending=%d ", stats.pending); - ChunkedIO::Stats(buffer + i, length - i); - } - -SSL_CTX* ChunkedIOSSL::ctx; - -ChunkedIOSSL::ChunkedIOSSL(int arg_socket, bool arg_server) - { - socket = arg_socket; - last_ret = 0; - eof = false; - setup = false; - server = arg_server; - ssl = 0; - - write_state = LEN; - write_head = 0; - write_tail = 0; - - read_state = LEN; - read_chunk = 0; - read_ptr = 0; - } - -ChunkedIOSSL::~ChunkedIOSSL() - { - if ( setup ) - { - SSL_shutdown(ssl); - - // We don't care if the other side closes properly. - setup = false; - } - - if ( ssl ) - { - SSL_free(ssl); - ssl = 0; - } - - safe_close(socket); - } - - -static int pem_passwd_cb(char* buf, int size, int rwflag, void* passphrase) - { - safe_strncpy(buf, (char*) passphrase, size); - buf[size - 1] = '\0'; - return strlen(buf); - } - -bool ChunkedIOSSL::Init() - { - // If the handshake doesn't succeed immediately we will - // be called multiple times. - if ( ! ctx ) - { - SSL_load_error_strings(); - - ctx = SSL_CTX_new(SSLv23_method()); - if ( ! ctx ) - { - Log("can't create SSL context"); - return false; - } - - // We access global variables here. But as they are - // declared const and we don't modify them this should - // be fine. - const char* key = ssl_private_key->AsString()->CheckString(); - - if ( ! (key && *key && - SSL_CTX_use_certificate_chain_file(ctx, key)) ) - { - Log(fmt("can't read certificate from file %s", key)); - return false; - } - - const char* passphrase = - ssl_passphrase->AsString()->CheckString(); - - if ( passphrase && ! streq(passphrase, "") ) - { - SSL_CTX_set_default_passwd_cb(ctx, pem_passwd_cb); - SSL_CTX_set_default_passwd_cb_userdata(ctx, - (void*) passphrase); - } - - if ( ! (key && *key && - SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM)) ) - { - Log(fmt("can't read private key from file %s", key)); - return false; - } - - const char* ca = ssl_ca_certificate->AsString()->CheckString(); - if ( ! (ca && *ca && SSL_CTX_load_verify_locations(ctx, ca, 0)) ) - { - Log(fmt("can't read CA certificate from file %s", ca)); - return false; - } - - // Only use real ciphers. - if ( ! SSL_CTX_set_cipher_list(ctx, "HIGH") ) - { - Log("can't set cipher list"); - return false; - } - - // Require client certificate. - SSL_CTX_set_verify(ctx, - SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); - } - - int flags; - - if ( (flags = fcntl(socket, F_GETFL, 0)) < 0) - { - Log(fmt("can't obtain socket flags: %s", strerror(errno))); - return false; - } - - if ( fcntl(socket, F_SETFL, flags|O_NONBLOCK) < 0 ) - { - Log(fmt("can't set socket to non-blocking: %s", - strerror(errno))); - return false; - } - - if ( ! ssl ) - { - ssl = SSL_new(ctx); - if ( ! ssl ) - { - Log("can't create SSL object"); - return false; - } - - BIO* bio = BIO_new_socket(socket, BIO_NOCLOSE); - BIO_set_nbio(bio, 1); - SSL_set_bio(ssl, bio, bio); - } - - int success; - if ( server ) - success = last_ret = SSL_accept(ssl); - else - success = last_ret = SSL_connect(ssl); - - if ( success > 0 ) - { // handshake done - setup = true; - return true; - } - - int error = SSL_get_error(ssl, success); - - if ( success <= 0 && - (error == SSL_ERROR_WANT_WRITE || error == SSL_ERROR_WANT_READ) ) - // Handshake not finished yet, but that's ok for now. - return true; - - // Some error. - eof = true; - return false; - } - -bool ChunkedIOSSL::Write(Chunk* chunk) - { -#ifdef DEBUG - DBG_LOG(DBG_CHUNKEDIO, "ssl write of size %d [%s]", - chunk->len, fmt_bytes(chunk->data, 20)); -#endif - - // Queue it. - ++stats.pending; - Queue* q = new Queue; - q->chunk = chunk; - q->next = 0; - - // Temporarily convert len into network byte order. - chunk->len = htonl(chunk->len); - - if ( write_tail ) - { - write_tail->next = q; - write_tail = q; - } - else - write_head = write_tail = q; - - write_flare.Fire(); - Flush(); - return true; - } - -bool ChunkedIOSSL::WriteData(char* p, uint32 len, bool* error) - { - *error = false; - - double t = current_time(); - - int written = last_ret = SSL_write(ssl, p, len); - - switch ( SSL_get_error(ssl, written) ) { - case SSL_ERROR_NONE: - // SSL guarantees us that all bytes have been written. - // That's nice. :-) - return true; - - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_WRITE: - // Would block. - DBG_LOG(DBG_CHUNKEDIO, - "SSL_write: SSL_ERROR_WANT_READ [%d,%d]", - written, SSL_get_error(ssl, written)); - *error = false; - return false; - - case SSL_ERROR_ZERO_RETURN: - // Regular remote connection shutdown. - DBG_LOG(DBG_CHUNKEDIO, - "SSL_write: SSL_ZERO_RETURN [%d,%d]", - written, SSL_get_error(ssl, written)); - *error = eof = true; - return false; - - case SSL_ERROR_SYSCALL: - DBG_LOG(DBG_CHUNKEDIO, - "SSL_write: SSL_SYS_CALL [%d,%d]", - written, SSL_get_error(ssl, written)); - - if ( written == 0 ) - { - // Socket connection closed. - *error = eof = true; - return false; - } - - // Fall through. - - default: - DBG_LOG(DBG_CHUNKEDIO, - "SSL_write: fatal error [%d,%d]", - written, SSL_get_error(ssl, written)); - // Fatal SSL error. - *error = true; - return false; - } - - InternalError("can't be reached"); - return false; - } - -bool ChunkedIOSSL::Flush() - { - if ( ! setup ) - { - // We may need to finish the handshake. - if ( ! Init() ) - return false; - if ( ! setup ) - return true; - } - - while ( write_head ) - { - bool error; - - Chunk* c = write_head->chunk; - - if ( write_state == LEN ) - { - if ( ! WriteData((char*)&c->len, sizeof(c->len), &error) ) - return ! error; - write_state = DATA; - - // Convert back from network byte order. - c->len = ntohl(c->len); - } - - if ( ! WriteData(c->data, c->len, &error) ) - return ! error; - - // Chunk written, throw away. - Queue* q = write_head; - write_head = write_head->next; - if ( ! write_head ) - write_tail = 0; - --stats.pending; - delete q; - - delete c; - - write_state = LEN; - } - - write_flare.Extinguish(); - return true; - } - -bool ChunkedIOSSL::ReadData(char* p, uint32 len, bool* error) - { - if ( ! read_ptr ) - read_ptr = p; - - while ( true ) - { - double t = current_time(); - - int read = last_ret = - SSL_read(ssl, read_ptr, len - (read_ptr - p)); - - switch ( SSL_get_error(ssl, read) ) { - case SSL_ERROR_NONE: - // We're fine. - read_ptr += read; - - if ( unsigned(read_ptr - p) == len ) - { - // We have read as much as requested.. - read_ptr = 0; - *error = false; - return true; - } - - break; - - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_WRITE: - // Would block. - DBG_LOG(DBG_CHUNKEDIO, - "SSL_read: SSL_ERROR_WANT_READ [%d,%d]", - read, SSL_get_error(ssl, read)); - *error = false; - return false; - - case SSL_ERROR_ZERO_RETURN: - // Regular remote connection shutdown. - DBG_LOG(DBG_CHUNKEDIO, - "SSL_read: SSL_ZERO_RETURN [%d,%d]", - read, SSL_get_error(ssl, read)); - *error = eof = true; - return false; - - case SSL_ERROR_SYSCALL: - DBG_LOG(DBG_CHUNKEDIO, "SSL_read: SSL_SYS_CALL [%d,%d]", - read, SSL_get_error(ssl, read)); - - if ( read == 0 ) - { - // Socket connection closed. - *error = eof = true; - return false; - } - - // Fall through. - - default: - DBG_LOG(DBG_CHUNKEDIO, - "SSL_read: fatal error [%d,%d]", - read, SSL_get_error(ssl, read)); - - // Fatal SSL error. - *error = true; - return false; - } - } - - // Can't be reached. - InternalError("can't be reached"); - return false; - } - -bool ChunkedIOSSL::Read(Chunk** chunk, bool mayblock) - { - *chunk = 0; - - if ( ! setup ) - { - // We may need to finish the handshake. - if ( ! Init() ) - return false; - if ( ! setup ) - return true; - } - - bool error; - - Flush(); - - if ( read_state == LEN ) - { - if ( ! read_chunk ) - { - read_chunk = new Chunk; - read_chunk->data = 0; - } - - if ( ! ReadData((char*)&read_chunk->len, - sizeof(read_chunk->len), - &error) ) - return ! error; - - read_state = DATA; - read_chunk->len = ntohl(read_chunk->len); - } - - if ( ! read_chunk->data ) - { - read_chunk->data = new char[read_chunk->len]; - read_chunk->free_func = Chunk::free_func_delete; - } - - if ( ! ReadData(read_chunk->data, read_chunk->len, &error) ) - return ! error; - - // Chunk fully read. Pass it on. - *chunk = read_chunk; - read_chunk = 0; - read_state = LEN; - -#ifdef DEBUG - DBG_LOG(DBG_CHUNKEDIO, "ssl read of size %d [%s]", - (*chunk)->len, fmt_bytes((*chunk)->data, 20)); -#endif - - return true; - } - -bool ChunkedIOSSL::CanRead() - { - // We will be called regularly. So take the opportunity - // to flush the write buffer. - Flush(); - - if ( SSL_pending(ssl) ) - return true; - - fd_set fd_read; - FD_ZERO(&fd_read); - FD_SET(socket, &fd_read); - - struct timeval notimeout; - notimeout.tv_sec = 0; - notimeout.tv_usec = 0; - - return select(socket + 1, &fd_read, NULL, NULL, ¬imeout) > 0; - } - -bool ChunkedIOSSL::CanWrite() - { - return write_head != 0; - } - -bool ChunkedIOSSL::IsIdle() - { - return ! (CanRead() || CanWrite()); - } - -bool ChunkedIOSSL::IsFillingUp() - { - // We don't really need this at the moment (since SSL is only used for - // peer-to-peer communication). Thus, we always return false for now. - return false; - } - -iosource::FD_Set ChunkedIOSSL::ExtraReadFDs() const - { - iosource::FD_Set rval; - rval.Insert(write_flare.FD()); - return rval; - } - -void ChunkedIOSSL::Clear() - { - while ( write_head ) - { - Queue* next = write_head->next; - delete write_head->chunk; - delete write_head; - write_head = next; - } - write_head = write_tail = 0; - write_flare.Extinguish(); - } - -const char* ChunkedIOSSL::Error() - { - const int BUFLEN = 512; - static char buffer[BUFLEN]; - - int sslcode = SSL_get_error(ssl, last_ret); - int errcode = ERR_get_error(); - - int count = safe_snprintf(buffer, BUFLEN, "[%d,%d,%d] SSL error: ", - errcode, sslcode, last_ret); - - if ( errcode ) - ERR_error_string_n(errcode, buffer + count, BUFLEN - count); - - else if ( sslcode == SSL_ERROR_SYSCALL ) - { - if ( last_ret ) - // Look at errno. - safe_snprintf(buffer + count, BUFLEN - count, - "syscall: %s", strerror(errno)); - else - // Errno is not valid in this case. - safe_strncpy(buffer + count, - "syscall: unexpected end-of-file", - BUFLEN - count); - } - else - safe_strncpy(buffer + count, "unknown error", BUFLEN - count); - - return buffer; - } - -void ChunkedIOSSL::Stats(char* buffer, int length) - { - int i = safe_snprintf(buffer, length, "pending=%ld ", stats.pending); - ChunkedIO::Stats(buffer + i, length - i); - } - -bool CompressedChunkedIO::Init() - { - zin.zalloc = 0; - zin.zfree = 0; - zin.opaque = 0; - - zout.zalloc = 0; - zout.zfree = 0; - zout.opaque = 0; - - compress = uncompress = false; - error = 0; - uncompressed_bytes_read = 0; - uncompressed_bytes_written = 0; - - return true; - } - -bool CompressedChunkedIO::Read(Chunk** chunk, bool may_block) - { - if ( ! io->Read(chunk, may_block) ) - return false; - - if ( ! uncompress ) - return true; - - if ( ! *chunk ) - return true; - - uint32 uncompressed_len = - *(uint32*)((*chunk)->data + (*chunk)->len - sizeof(uint32)); - - if ( uncompressed_len == 0 ) - { - // Not compressed. - DBG_LOG(DBG_CHUNKEDIO, "zlib read pass-through: size=%d", - (*chunk)->len); - return true; - } - - char* uncompressed = new char[uncompressed_len]; - - DBG_LOG(DBG_CHUNKEDIO, "zlib read: size=%d uncompressed=%d", - (*chunk)->len, uncompressed_len); - - zin.next_in = (Bytef*) (*chunk)->data; - zin.avail_in = (*chunk)->len - sizeof(uint32); - zin.next_out = (Bytef*) uncompressed; - zin.avail_out = uncompressed_len; - - if ( inflate(&zin, Z_SYNC_FLUSH) != Z_OK ) - { - error = zin.msg; - return false; - } - - if ( zin.avail_in > 0 ) - { - error = "compressed data longer than expected"; - return false; - } - - (*chunk)->free_func((*chunk)->data); - - uncompressed_bytes_read += uncompressed_len; - - (*chunk)->len = uncompressed_len; - (*chunk)->data = uncompressed; - (*chunk)->free_func = Chunk::free_func_delete; - - return true; - } - -bool CompressedChunkedIO::Write(Chunk* chunk) - { - if ( (! compress) || IsPure() ) - // No compression. - return io->Write(chunk); - - // We compress block-wise (rather than stream-wise) because: - // - // (1) it's significantly easier to implement due to our block-oriented - // communication model (with a stream compression, we'd need to chop - // the stream into blocks during decompression which would require - // additional buffering and copying). - // - // (2) it ensures that we do not introduce any additional latencies (a - // stream compression may decide to wait for the next chunk of data - // before writing anything out). - // - // The block-wise compression comes at the cost of a smaller compression - // factor. - // - // A compressed chunk's data looks like this: - // char[] compressed data - // uint32 uncompressed_length - // - // By including uncompressed_length, we again trade easier - // decompression for a smaller reduction factor. If uncompressed_length - // is zero, the data is *not* compressed. - - uncompressed_bytes_written += chunk->len; - uint32 original_size = chunk->len; - - char* compressed = new char[chunk->len + sizeof(uint32)]; - - if ( chunk->len < MIN_COMPRESS_SIZE ) - { - // Too small; not worth any compression. - memcpy(compressed, chunk->data, chunk->len); - *(uint32*) (compressed + chunk->len) = 0; // uncompressed_length - - chunk->free_func(chunk->data); - chunk->data = compressed; - chunk->free_func = Chunk::free_func_delete; - chunk->len += 4; - - DBG_LOG(DBG_CHUNKEDIO, "zlib write pass-through: size=%d", chunk->len); - } - else - { - zout.next_in = (Bytef*) chunk->data; - zout.avail_in = chunk->len; - zout.next_out = (Bytef*) compressed; - zout.avail_out = chunk->len; - - if ( deflate(&zout, Z_SYNC_FLUSH) != Z_OK ) - { - error = zout.msg; - return false; - } - - while ( zout.avail_out == 0 ) - { - // D'oh! Not enough space, i.e., it hasn't got smaller. - char* old = compressed; - int old_size = (char*) zout.next_out - compressed; - int new_size = old_size * 2 + sizeof(uint32); - - compressed = new char[new_size]; - memcpy(compressed, old, old_size); - delete [] old; - - zout.next_out = (Bytef*) (compressed + old_size); - zout.avail_out = old_size; // Sic! We doubled. - - if ( deflate(&zout, Z_SYNC_FLUSH) != Z_OK ) - { - error = zout.msg; - return false; - } - } - - *(uint32*) zout.next_out = original_size; // uncompressed_length - - chunk->free_func(chunk->data); - chunk->data = compressed; - chunk->free_func = Chunk::free_func_delete; - chunk->len = - ((char*) zout.next_out - compressed) + sizeof(uint32); - - DBG_LOG(DBG_CHUNKEDIO, "zlib write: size=%d compressed=%d", - original_size, chunk->len); - } - - return io->Write(chunk); - } - -void CompressedChunkedIO::Stats(char* buffer, int length) - { - const Statistics* stats = io->Stats(); - - int i = snprintf(buffer, length, "compression=%.2f/%.2f ", - uncompressed_bytes_read ? double(stats->bytes_read) / uncompressed_bytes_read : -1, - uncompressed_bytes_written ? double(stats->bytes_written) / uncompressed_bytes_written : -1 ); - - io->Stats(buffer + i, length - i); - buffer[length-1] = '\0'; - } diff --git a/src/ChunkedIO.h b/src/ChunkedIO.h deleted file mode 100644 index e9b41476df..0000000000 --- a/src/ChunkedIO.h +++ /dev/null @@ -1,362 +0,0 @@ -// Implements non-blocking chunk-wise I/O. - -#ifndef CHUNKEDIO_H -#define CHUNKEDIO_H - -#include "bro-config.h" -#include "List.h" -#include "util.h" -#include "Flare.h" -#include "iosource/FD_Set.h" -#include - -#ifdef NEED_KRB5_H -# include -#endif - -class CompressedChunkedIO; - -// #define DEBUG_COMMUNICATION 10 - -// Abstract base class. -class ChunkedIO { -public: - ChunkedIO(); - virtual ~ChunkedIO() { } - - struct Chunk { - typedef void (*FreeFunc)(char*); - static void free_func_free(char* data) { free(data); } - static void free_func_delete(char* data) { delete [] data; } - - Chunk() - : data(), len(), free_func(free_func_delete) - { } - - // Takes ownership of data. - Chunk(char* arg_data, uint32 arg_len, - FreeFunc arg_ff = free_func_delete) - : data(arg_data), len(arg_len), free_func(arg_ff) - { } - - ~Chunk() - { free_func(data); } - - char* data; - uint32 len; - FreeFunc free_func; - }; - - // Initialization before any I/O operation is performed. Returns false - // on any form of error. - virtual bool Init() { return true; } - - // Tries to read the next chunk of data. If it can be read completely, - // a pointer to it is returned in 'chunk' (ownership of chunk is - // passed). If not, 'chunk' is set to nil. Returns false if any - // I/O error occurred (use Eof() to see if it's an end-of-file). - // If 'may_block' is true, we explicitly allow blocking. - virtual bool Read(Chunk** chunk, bool may_block = false) = 0; - - // Puts the chunk into the write queue and writes as much data - // as possible (takes ownership of chunk). - // Returns false on any I/O error. - virtual bool Write(Chunk* chunk) = 0; - - // Tries to write as much as currently possible. - // Returns false on any I/O error. - virtual bool Flush() = 0; - - // If an I/O error has been encountered, returns a string describing it. - virtual const char* Error() = 0; - - // Return true if there is currently at least one chunk available - // for reading. - virtual bool CanRead() = 0; - - // Return true if there is currently at least one chunk waiting to be - // written. - virtual bool CanWrite() = 0; - - // Returns true if source believes that there won't be much data soon. - virtual bool IsIdle() = 0; - - // Returns true if internal write buffers are about to fill up. - virtual bool IsFillingUp() = 0; - - // Throws away buffered data. - virtual void Clear() = 0; - - // Returns true,if end-of-file has been reached. - virtual bool Eof() = 0; - - // Returns underlying fd if available, -1 otherwise. - virtual int Fd() { return -1; } - - // Returns supplementary file descriptors that become read-ready in order - // to signal that there is some work that can be performed. - virtual iosource::FD_Set ExtraReadFDs() const - { return iosource::FD_Set(); } - - // Makes sure that no additional protocol data is written into - // the output stream. If this is activated, the output cannot - // be read again by any of these classes! - void MakePure() { pure = true; } - bool IsPure() { return pure; } - - // Writes a log message to the error_fd. - void Log(const char* str); - - struct Statistics { - Statistics() - { - bytes_read = 0; - bytes_written = 0; - chunks_read = 0; - chunks_written = 0; - reads = 0; - writes = 0; - pending = 0; - } - - unsigned long bytes_read; - unsigned long bytes_written; - unsigned long chunks_read; - unsigned long chunks_written; - unsigned long reads; // # calls which transferred > 0 bytes - unsigned long writes; - unsigned long pending; - }; - - // Returns raw statistics. - const Statistics* Stats() const { return &stats; } - - // Puts a formatted string containing statistics into buffer. - virtual void Stats(char* buffer, int length); - -#ifdef DEBUG_COMMUNICATION - void DumpDebugData(const char* basefnname, bool want_reads); -#endif - -protected: - void InternalError(const char* msg) - // We can't use the reporter here as we might be running in a - // sub-process. - { fprintf(stderr, "%s", msg); abort(); } - - Statistics stats; - const char* tag; - -#ifdef DEBUG_COMMUNICATION - void AddToBuffer(char* data, bool is_read) - { AddToBuffer(strlen(data), data, is_read); } - void AddToBuffer(uint32 len, char* data, bool is_read); - void AddToBuffer(Chunk* chunk, bool is_read); - std::list data_read; - std::list data_written; -#endif - -private: - bool pure; -}; - -// Chunked I/O using a file descriptor. -class ChunkedIOFd : public ChunkedIO { -public: - // fd is an open bidirectional file descriptor, tag is used in error - // messages, and pid gives a pid to monitor (if the process dies, we - // return EOF). - ChunkedIOFd(int fd, const char* tag, pid_t pid = 0); - ~ChunkedIOFd() override; - - bool Read(Chunk** chunk, bool may_block = false) override; - bool Write(Chunk* chunk) override; - bool Flush() override; - const char* Error() override; - bool CanRead() override; - bool CanWrite() override; - bool IsIdle() override; - bool IsFillingUp() override; - void Clear() override; - bool Eof() override { return eof; } - int Fd() override { return fd; } - iosource::FD_Set ExtraReadFDs() const override; - void Stats(char* buffer, int length) override; - -private: - - bool PutIntoWriteBuffer(Chunk* chunk); - bool FlushWriteBuffer(); - Chunk* ExtractChunk(); - - // Returns size of next chunk in buffer or 0 if none. - uint32 ChunkAvailable(); - - // Flushes if it thinks it is time to. - bool OptionalFlush(); - - // Concatenates the the data of the two chunks forming a new one. - // The old chunkds are deleted. - Chunk* ConcatChunks(Chunk* c1, Chunk* c2); - - // Reads/writes on chunk of upto BUFFER_SIZE bytes. - bool WriteChunk(Chunk* chunk, bool partial); - bool ReadChunk(Chunk** chunk, bool may_block); - - int fd; - bool eof; - double last_flush; - int failed_reads; - - // Optimally, this should match the file descriptor's - // buffer size (for sockets, it may be helpful to - // increase the send/receive buffers). - static const unsigned int BUFFER_SIZE = 1024 * 1024 * 1; - - // We 'or' this to the length of a data chunk to mark - // that it's part of a larger one. This has to be larger - // than BUFFER_SIZE. - static const uint32 FLAG_PARTIAL = 0x80000000; - - char* read_buffer; - uint32 read_len; - uint32 read_pos; - Chunk* partial; // when we read an oversized chunk, we store it here - - char* write_buffer; - uint32 write_len; - uint32 write_pos; - - struct ChunkQueue { - Chunk* chunk; - ChunkQueue* next; - }; - - // Chunks that don't fit into our write buffer. - ChunkQueue* pending_head; - ChunkQueue* pending_tail; - - pid_t pid; - bro::Flare write_flare; - bro::Flare read_flare; -}; - -// From OpenSSL. We forward-declare these here to avoid introducing a -// dependency on OpenSSL headers just for this header file. -typedef struct ssl_ctx_st SSL_CTX; -typedef struct ssl_st SSL; - -// Chunked I/O using an SSL connection. -class ChunkedIOSSL : public ChunkedIO { -public: - // Argument is an open socket and a flag indicating whether we are the - // server side of the connection. - ChunkedIOSSL(int socket, bool server); - ~ChunkedIOSSL() override; - - bool Init() override; - bool Read(Chunk** chunk, bool mayblock = false) override; - bool Write(Chunk* chunk) override; - bool Flush() override; - const char* Error() override; - bool CanRead() override; - bool CanWrite() override; - bool IsIdle() override; - bool IsFillingUp() override; - void Clear() override; - bool Eof() override { return eof; } - int Fd() override { return socket; } - iosource::FD_Set ExtraReadFDs() const override; - void Stats(char* buffer, int length) override; - -private: - - // Only returns true if all data has been read. If not, call - // it again with the same parameters as long as error is not - // set to true. - bool ReadData(char* p, uint32 len, bool* error); - // Same for writing. - bool WriteData(char* p, uint32 len, bool* error); - - int socket; - int last_ret; // last error code - bool eof; - - bool server; // are we the server? - bool setup; // has the connection been setup successfully? - - SSL* ssl; - - // Write queue. - struct Queue { - Chunk* chunk; - Queue* next; - }; - - // The chunk part we are reading/writing - enum State { LEN, DATA }; - - State write_state; - Queue* write_head; - Queue* write_tail; - - State read_state; - Chunk* read_chunk; - char* read_ptr; - - // One SSL for all connections. - static SSL_CTX* ctx; - - bro::Flare write_flare; -}; - -#include - -// Wrapper class around a another ChunkedIO which the (un-)compresses data. -class CompressedChunkedIO : public ChunkedIO { -public: - explicit CompressedChunkedIO(ChunkedIO* arg_io) // takes ownership - : io(arg_io), zin(), zout(), error(), compress(), uncompress(), - uncompressed_bytes_read(), uncompressed_bytes_written() {} - ~CompressedChunkedIO() override { delete io; } - - bool Init() override; // does *not* call arg_io->Init() - bool Read(Chunk** chunk, bool may_block = false) override; - bool Write(Chunk* chunk) override; - bool Flush() override { return io->Flush(); } - const char* Error() override { return error ? error : io->Error(); } - bool CanRead() override { return io->CanRead(); } - bool CanWrite() override { return io->CanWrite(); } - bool IsIdle() override { return io->IsIdle(); } - bool IsFillingUp() override { return io->IsFillingUp(); } - void Clear() override { return io->Clear(); } - bool Eof() override { return io->Eof(); } - - int Fd() override { return io->Fd(); } - iosource::FD_Set ExtraReadFDs() const override - { return io->ExtraReadFDs(); } - void Stats(char* buffer, int length) override; - - void EnableCompression(int level) - { deflateInit(&zout, level); compress = true; } - void EnableDecompression() - { inflateInit(&zin); uncompress = true; } - -protected: - // Only compress block with size >= this. - static const unsigned int MIN_COMPRESS_SIZE = 30; - - ChunkedIO* io; - z_stream zin; - z_stream zout; - const char* error; - - bool compress; - bool uncompress; - - // Keep some statistics. - unsigned long uncompressed_bytes_read; - unsigned long uncompressed_bytes_written; -}; - -#endif diff --git a/src/Conn.cc b/src/Conn.cc index d607550e8a..ae79ac4deb 100644 --- a/src/Conn.cc +++ b/src/Conn.cc @@ -50,70 +50,10 @@ void ConnectionTimer::Dispatch(double t, int is_expire) reporter->InternalError("reference count inconsistency in ConnectionTimer::Dispatch"); } -IMPLEMENT_SERIAL(ConnectionTimer, SER_CONNECTION_TIMER); - -bool ConnectionTimer::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_CONNECTION_TIMER, Timer); - - // We enumerate all the possible timer functions here ... This - // has to match the list is DoUnserialize()! - char type = 0; - - if ( timer == timer_func(&Connection::DeleteTimer) ) - type = 1; - else if ( timer == timer_func(&Connection::InactivityTimer) ) - type = 2; - else if ( timer == timer_func(&Connection::StatusUpdateTimer) ) - type = 3; - else if ( timer == timer_func(&Connection::RemoveConnectionTimer) ) - type = 4; - else - reporter->InternalError("unknown function in ConnectionTimer::DoSerialize()"); - - return conn->Serialize(info) && SERIALIZE(type) && SERIALIZE(do_expire); - } - -bool ConnectionTimer::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Timer); - - conn = Connection::Unserialize(info); - if ( ! conn ) - return false; - - char type; - - if ( ! UNSERIALIZE(&type) || ! UNSERIALIZE(&do_expire) ) - return false; - - switch ( type ) { - case 1: - timer = timer_func(&Connection::DeleteTimer); - break; - case 2: - timer = timer_func(&Connection::InactivityTimer); - break; - case 3: - timer = timer_func(&Connection::StatusUpdateTimer); - break; - case 4: - timer = timer_func(&Connection::RemoveConnectionTimer); - break; - default: - info->s->Error("unknown connection timer function"); - return false; - } - - return true; - } - uint64 Connection::total_connections = 0; uint64 Connection::current_connections = 0; uint64 Connection::external_connections = 0; -IMPLEMENT_SERIAL(Connection, SER_CONNECTION); - Connection::Connection(NetSessions* s, HashKey* k, double t, const ConnID* id, uint32 flow, const Packet* pkt, const EncapsulationStack* arg_encap) @@ -900,139 +840,6 @@ void Connection::IDString(ODesc* d) const d->Add(ntohs(resp_port)); } -bool Connection::Serialize(SerialInfo* info) const - { - return SerialObj::Serialize(info); - } - -Connection* Connection::Unserialize(UnserialInfo* info) - { - return (Connection*) SerialObj::Unserialize(info, SER_CONNECTION); - } - -bool Connection::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_CONNECTION, BroObj); - - // First we write the members which are needed to - // create the HashKey. - if ( ! SERIALIZE(orig_addr) || ! SERIALIZE(resp_addr) ) - return false; - - if ( ! SERIALIZE(orig_port) || ! SERIALIZE(resp_port) ) - return false; - - if ( ! SERIALIZE(timers.length()) ) - return false; - - loop_over_list(timers, i) - if ( ! timers[i]->Serialize(info) ) - return false; - - SERIALIZE_OPTIONAL(conn_val); - - // FIXME: RuleEndpointState not yet serializable. - // FIXME: Analyzers not yet serializable. - - return - SERIALIZE(int(proto)) && - SERIALIZE(history) && - SERIALIZE(hist_seen) && - SERIALIZE(start_time) && - SERIALIZE(last_time) && - SERIALIZE(inactivity_timeout) && - SERIALIZE(suppress_event) && - SERIALIZE(login_conn != 0) && - SERIALIZE_BIT(installed_status_timer) && - SERIALIZE_BIT(timers_canceled) && - SERIALIZE_BIT(is_active) && - SERIALIZE_BIT(skip) && - SERIALIZE_BIT(weird) && - SERIALIZE_BIT(finished) && - SERIALIZE_BIT(record_packets) && - SERIALIZE_BIT(record_contents); - } - -bool Connection::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BroObj); - - // Build the hash key first. Some of the recursive *::Unserialize() - // functions may need it. - ConnID id; - - if ( ! UNSERIALIZE(&orig_addr) || ! UNSERIALIZE(&resp_addr) ) - goto error; - - if ( ! UNSERIALIZE(&orig_port) || ! UNSERIALIZE(&resp_port) ) - goto error; - - id.src_addr = orig_addr; - id.dst_addr = resp_addr; - // This doesn't work for ICMP. But I guess this is not really important. - id.src_port = orig_port; - id.dst_port = resp_port; - id.is_one_way = 0; // ### incorrect for ICMP - key = BuildConnIDHashKey(id); - - int len; - if ( ! UNSERIALIZE(&len) ) - goto error; - - while ( len-- ) - { - Timer* t = Timer::Unserialize(info); - if ( ! t ) - goto error; - timers.append(t); - } - - UNSERIALIZE_OPTIONAL(conn_val, - (RecordVal*) Val::Unserialize(info, connection_type)); - - int iproto; - - if ( ! (UNSERIALIZE(&iproto) && - UNSERIALIZE(&history) && - UNSERIALIZE(&hist_seen) && - UNSERIALIZE(&start_time) && - UNSERIALIZE(&last_time) && - UNSERIALIZE(&inactivity_timeout) && - UNSERIALIZE(&suppress_event)) ) - goto error; - - proto = static_cast(iproto); - - bool has_login_conn; - if ( ! UNSERIALIZE(&has_login_conn) ) - goto error; - - login_conn = has_login_conn ? (LoginConn*) this : 0; - - UNSERIALIZE_BIT(installed_status_timer); - UNSERIALIZE_BIT(timers_canceled); - UNSERIALIZE_BIT(is_active); - UNSERIALIZE_BIT(skip); - UNSERIALIZE_BIT(weird); - UNSERIALIZE_BIT(finished); - UNSERIALIZE_BIT(record_packets); - UNSERIALIZE_BIT(record_contents); - - // Hmm... Why does each connection store a sessions ptr? - sessions = ::sessions; - - root_analyzer = 0; - primary_PIA = 0; - conn_timer_mgr = 0; - - return true; - -error: - abort(); - CancelTimers(); - return false; - } - void Connection::SetRootAnalyzer(analyzer::TransportLayerAnalyzer* analyzer, analyzer::pia::PIA* pia) { root_analyzer = analyzer; diff --git a/src/Conn.h b/src/Conn.h index fb7f5be0b4..bd5ddaae92 100644 --- a/src/Conn.h +++ b/src/Conn.h @@ -11,7 +11,6 @@ #include "Dict.h" #include "Val.h" #include "Timer.h" -#include "Serializer.h" #include "RuleMatcher.h" #include "IPAddr.h" #include "TunnelEncapsulation.h" @@ -235,11 +234,6 @@ public: // Returns true if connection has been received externally. bool IsExternal() const { return conn_timer_mgr != 0; } - bool Serialize(SerialInfo* info) const; - static Connection* Unserialize(UnserialInfo* info); - - DECLARE_SERIAL(Connection); - // Statistics. // Just a lower bound. @@ -385,8 +379,6 @@ protected: void Init(Connection* conn, timer_func timer, int do_expire); - DECLARE_SERIAL(ConnectionTimer); - Connection* conn; timer_func timer; int do_expire; diff --git a/src/DebugLogger.cc b/src/DebugLogger.cc index 7adc7aa65a..8f0425270d 100644 --- a/src/DebugLogger.cc +++ b/src/DebugLogger.cc @@ -12,8 +12,7 @@ DebugLogger debug_logger; // Same order here as in DebugStream. DebugLogger::Stream DebugLogger::streams[NUM_DBGS] = { { "serial", 0, false }, { "rules", 0, false }, - { "state", 0, false }, { "chunkedio", 0, false }, - {"string", 0, false }, + { "state", 0, false }, {"string", 0, false }, { "notifiers", 0, false }, { "main-loop", 0, false }, { "dpd", 0, false }, { "tm", 0, false }, { "logging", 0, false }, {"input", 0, false }, diff --git a/src/DebugLogger.h b/src/DebugLogger.h index db646bd0cf..2e24c7064f 100644 --- a/src/DebugLogger.h +++ b/src/DebugLogger.h @@ -14,10 +14,9 @@ // an entry to DebugLogger::streams in DebugLogger.cc. enum DebugStream { - DBG_SERIAL, // Serialization + DBG_SERIAL, // Serialization DBG_RULES, // Signature matching DBG_STATE, // StateAccess logging - DBG_CHUNKEDIO, // ChunkedIO logging DBG_STRING, // String code DBG_NOTIFIERS, // Notifiers (see StateAccess.h) DBG_MAINLOOP, // Main IOSource loop diff --git a/src/Event.cc b/src/Event.cc index f033a01e40..ce854795bd 100644 --- a/src/Event.cc +++ b/src/Event.cc @@ -58,11 +58,12 @@ void Event::Dispatch(bool no_remote) if ( src == SOURCE_BROKER ) no_remote = true; + /* Fixme: johanna if ( event_serializer ) { SerialInfo info(event_serializer); event_serializer->Serialize(&info, handler->Name(), &args); - } + } */ if ( handler->ErrorHandler() ) reporter->BeginErrorHandler(); diff --git a/src/Event.h b/src/Event.h index cafe0057d6..475dc5f577 100644 --- a/src/Event.h +++ b/src/Event.h @@ -4,7 +4,6 @@ #define event_h #include "EventRegistry.h" -#include "Serializer.h" #include "analyzer/Tag.h" #include "analyzer/Analyzer.h" diff --git a/src/EventHandler.cc b/src/EventHandler.cc index 718e6d6ae8..0f06ad50ca 100644 --- a/src/EventHandler.cc +++ b/src/EventHandler.cc @@ -171,23 +171,3 @@ void EventHandler::NewEvent(val_list* vl) mgr.Dispatch(ev); } -bool EventHandler::Serialize(SerialInfo* info) const - { - return SERIALIZE(name); - } - -EventHandler* EventHandler::Unserialize(UnserialInfo* info) - { - char* name; - if ( ! UNSERIALIZE_STR(&name, 0) ) - return 0; - - EventHandler* h = event_registry->Lookup(name); - if ( ! h ) - { - h = new EventHandler(name); - event_registry->Register(h); - } - - return h; - } diff --git a/src/EventHandler.h b/src/EventHandler.h index 216badee4b..1f3e902b8f 100644 --- a/src/EventHandler.h +++ b/src/EventHandler.h @@ -11,9 +11,6 @@ class Func; class FuncType; -class Serializer; -class SerialInfo; -class UnserialInfo; class EventHandler { public: @@ -56,11 +53,6 @@ public: void SetGenerateAlways() { generate_always = true; } bool GenerateAlways() { return generate_always; } - // We don't serialize the handler(s) itself here, but - // just the reference to it. - bool Serialize(SerialInfo* info) const; - static EventHandler* Unserialize(UnserialInfo* info); - private: void NewEvent(val_list* vl); // Raise new_event() meta event. diff --git a/src/Expr.cc b/src/Expr.cc index e6cb9937c4..020412b492 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -201,56 +201,6 @@ void Expr::RuntimeErrorWithCallStack(const std::string& msg) const } } -bool Expr::Serialize(SerialInfo* info) const - { - return SerialObj::Serialize(info); - } - -Expr* Expr::Unserialize(UnserialInfo* info, BroExprTag want) - { - Expr* e = (Expr*) SerialObj::Unserialize(info, SER_EXPR); - - if ( ! e ) - return 0; - - if ( want != EXPR_ANY && e->tag != want ) - { - info->s->Error("wrong expression type"); - Unref(e); - return 0; - } - - return e; - } - -bool Expr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_EXPR, BroObj); - - if ( ! (SERIALIZE(char(tag)) && SERIALIZE(paren)) ) - return false; - - SERIALIZE_OPTIONAL(type); - return true; - } - -bool Expr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BroObj); - - char c; - if ( ! (UNSERIALIZE(&c) && UNSERIALIZE(&paren)) ) - return 0; - - tag = BroExprTag(c); - - BroType* t = 0; - UNSERIALIZE_OPTIONAL(t, BroType::Unserialize(info)); - SetType(t); - return true; - } - - NameExpr::NameExpr(ID* arg_id, bool const_init) : Expr(EXPR_NAME) { id = arg_id; @@ -350,55 +300,6 @@ void NameExpr::ExprDescribe(ODesc* d) const } } -IMPLEMENT_SERIAL(NameExpr, SER_NAME_EXPR); - -bool NameExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_NAME_EXPR, Expr); - - // Write out just the name of the function if requested. - if ( info->globals_as_names && id->IsGlobal() ) - return SERIALIZE('n') && SERIALIZE(id->Name()) && - SERIALIZE(in_const_init); - else - return SERIALIZE('f') && id->Serialize(info) && - SERIALIZE(in_const_init); - } - -bool NameExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Expr); - - char type; - if ( ! UNSERIALIZE(&type) ) - return false; - - if ( type == 'n' ) - { - const char* name; - if ( ! UNSERIALIZE_STR(&name, 0) ) - return false; - - id = global_scope()->Lookup(name); - if ( id ) - ::Ref(id); - else - reporter->Warning("configuration changed: unserialized unknown global name from persistent state"); - - delete [] name; - } - else - id = ID::Unserialize(info); - - if ( ! id ) - return false; - - if ( ! UNSERIALIZE(&in_const_init) ) - return false; - - return true; - } - ConstExpr::ConstExpr(Val* arg_val) : Expr(EXPR_CONST) { val = arg_val; @@ -437,22 +338,6 @@ TraversalCode ConstExpr::Traverse(TraversalCallback* cb) const HANDLE_TC_EXPR_POST(tc); } -IMPLEMENT_SERIAL(ConstExpr, SER_CONST_EXPR); - -bool ConstExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_CONST_EXPR, Expr); - return val->Serialize(info); - } - -bool ConstExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Expr); - val = Val::Unserialize(info); - return val != 0; - } - - UnaryExpr::UnaryExpr(BroExprTag arg_tag, Expr* arg_op) : Expr(arg_tag) { op = arg_op; @@ -551,21 +436,6 @@ void UnaryExpr::ExprDescribe(ODesc* d) const } } -IMPLEMENT_SERIAL(UnaryExpr, SER_UNARY_EXPR); - -bool UnaryExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_UNARY_EXPR, Expr); - return op->Serialize(info); - } - -bool UnaryExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Expr); - op = Expr::Unserialize(info); - return op != 0; - } - BinaryExpr::~BinaryExpr() { Unref(op1); @@ -1039,26 +909,6 @@ void BinaryExpr::PromoteType(TypeTag t, bool is_vector) SetType(is_vector ? new VectorType(base_type(t)) : base_type(t)); } -IMPLEMENT_SERIAL(BinaryExpr, SER_BINARY_EXPR); - -bool BinaryExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_BINARY_EXPR, Expr); - return op1->Serialize(info) && op2->Serialize(info); - } - -bool BinaryExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Expr); - - op1 = Expr::Unserialize(info); - if ( ! op1 ) - return false; - - op2 = Expr::Unserialize(info); - return op2 != 0; - } - CloneExpr::CloneExpr(Expr* arg_op) : UnaryExpr(EXPR_CLONE, arg_op) { if ( IsError() ) @@ -1089,20 +939,6 @@ Val* CloneExpr::Fold(Val* v) const return v->Clone(); } -IMPLEMENT_SERIAL(CloneExpr, SER_CLONE_EXPR); - -bool CloneExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_CLONE_EXPR, UnaryExpr); - return true; - } - -bool CloneExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(UnaryExpr); - return true; - } - IncrExpr::IncrExpr(BroExprTag arg_tag, Expr* arg_op) : UnaryExpr(arg_tag, arg_op->MakeLvalue()) { @@ -1194,20 +1030,6 @@ int IncrExpr::IsPure() const return 0; } -IMPLEMENT_SERIAL(IncrExpr, SER_INCR_EXPR); - -bool IncrExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_INCR_EXPR, UnaryExpr); - return true; - } - -bool IncrExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(UnaryExpr); - return true; - } - ComplementExpr::ComplementExpr(Expr* arg_op) : UnaryExpr(EXPR_COMPLEMENT, arg_op) { if ( IsError() ) @@ -1227,20 +1049,6 @@ Val* ComplementExpr::Fold(Val* v) const return val_mgr->GetCount(~ v->InternalUnsigned()); } -IMPLEMENT_SERIAL(ComplementExpr, SER_COMPLEMENT_EXPR); - -bool ComplementExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_COMPLEMENT_EXPR, UnaryExpr); - return true; - } - -bool ComplementExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(UnaryExpr); - return true; - } - NotExpr::NotExpr(Expr* arg_op) : UnaryExpr(EXPR_NOT, arg_op) { if ( IsError() ) @@ -1260,20 +1068,6 @@ Val* NotExpr::Fold(Val* v) const return val_mgr->GetBool(! v->InternalInt()); } -IMPLEMENT_SERIAL(NotExpr, SER_NOT_EXPR); - -bool NotExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_NOT_EXPR, UnaryExpr); - return true; - } - -bool NotExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(UnaryExpr); - return true; - } - PosExpr::PosExpr(Expr* arg_op) : UnaryExpr(EXPR_POSITIVE, arg_op) { if ( IsError() ) @@ -1310,20 +1104,6 @@ Val* PosExpr::Fold(Val* v) const return val_mgr->GetInt(v->CoerceToInt()); } -IMPLEMENT_SERIAL(PosExpr, SER_POS_EXPR); - -bool PosExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_POS_EXPR, UnaryExpr); - return true; - } - -bool PosExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(UnaryExpr); - return true; - } - NegExpr::NegExpr(Expr* arg_op) : UnaryExpr(EXPR_NEGATE, arg_op) { if ( IsError() ) @@ -1360,21 +1140,6 @@ Val* NegExpr::Fold(Val* v) const return val_mgr->GetInt(- v->CoerceToInt()); } - -IMPLEMENT_SERIAL(NegExpr, SER_NEG_EXPR); - -bool NegExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_NEG_EXPR, UnaryExpr); - return true; - } - -bool NegExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(UnaryExpr); - return true; - } - SizeExpr::SizeExpr(Expr* arg_op) : UnaryExpr(EXPR_SIZE, arg_op) { if ( IsError() ) @@ -1402,21 +1167,6 @@ Val* SizeExpr::Fold(Val* v) const return v->SizeVal(); } -IMPLEMENT_SERIAL(SizeExpr, SER_SIZE_EXPR); - -bool SizeExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_SIZE_EXPR, UnaryExpr); - return true; - } - -bool SizeExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(UnaryExpr); - return true; - } - - AddExpr::AddExpr(Expr* arg_op1, Expr* arg_op2) : BinaryExpr(EXPR_ADD, arg_op1, arg_op2) { @@ -1464,20 +1214,6 @@ void AddExpr::Canonicize() SwapOps(); } -IMPLEMENT_SERIAL(AddExpr, SER_ADD_EXPR); - -bool AddExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_ADD_EXPR, BinaryExpr); - return true; - } - -bool AddExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BinaryExpr); - return true; - } - AddToExpr::AddToExpr(Expr* arg_op1, Expr* arg_op2) : BinaryExpr(EXPR_ADD_TO, is_vector(arg_op1) ? arg_op1 : arg_op1->MakeLvalue(), arg_op2) @@ -1559,20 +1295,6 @@ Val* AddToExpr::Eval(Frame* f) const return 0; } -IMPLEMENT_SERIAL(AddToExpr, SER_ADD_TO_EXPR); - -bool AddToExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_ADD_TO_EXPR, BinaryExpr); - return true; - } - -bool AddToExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BinaryExpr); - return true; - } - SubExpr::SubExpr(Expr* arg_op1, Expr* arg_op2) : BinaryExpr(EXPR_SUB, arg_op1, arg_op2) { @@ -1624,20 +1346,6 @@ SubExpr::SubExpr(Expr* arg_op1, Expr* arg_op2) } } -IMPLEMENT_SERIAL(SubExpr, SER_SUB_EXPR); - -bool SubExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_SUB_EXPR, BinaryExpr); - return true; - } - -bool SubExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BinaryExpr); - return true; - } - RemoveFromExpr::RemoveFromExpr(Expr* arg_op1, Expr* arg_op2) : BinaryExpr(EXPR_REMOVE_FROM, arg_op1->MakeLvalue(), arg_op2) { @@ -1682,20 +1390,6 @@ Val* RemoveFromExpr::Eval(Frame* f) const return 0; } -IMPLEMENT_SERIAL(RemoveFromExpr, SER_REMOVE_FROM_EXPR); - -bool RemoveFromExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_REMOVE_FROM_EXPR, BinaryExpr); - return true; - } - -bool RemoveFromExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BinaryExpr); - return true; - } - TimesExpr::TimesExpr(Expr* arg_op1, Expr* arg_op2) : BinaryExpr(EXPR_TIMES, arg_op1, arg_op2) { @@ -1732,20 +1426,6 @@ void TimesExpr::Canonicize() SwapOps(); } -IMPLEMENT_SERIAL(TimesExpr, SER_TIMES_EXPR); - -bool TimesExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_TIMES_EXPR, BinaryExpr); - return true; - } - -bool TimesExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BinaryExpr); - return true; - } - DivideExpr::DivideExpr(Expr* arg_op1, Expr* arg_op2) : BinaryExpr(EXPR_DIVIDE, arg_op1, arg_op2) { @@ -1810,20 +1490,6 @@ Val* DivideExpr::AddrFold(Val* v1, Val* v2) const return new SubNetVal(a, mask); } -IMPLEMENT_SERIAL(DivideExpr, SER_DIVIDE_EXPR); - -bool DivideExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_DIVIDE_EXPR, BinaryExpr); - return true; - } - -bool DivideExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BinaryExpr); - return true; - } - ModExpr::ModExpr(Expr* arg_op1, Expr* arg_op2) : BinaryExpr(EXPR_MOD, arg_op1, arg_op2) { @@ -1844,20 +1510,6 @@ ModExpr::ModExpr(Expr* arg_op1, Expr* arg_op2) ExprError("requires integral operands"); } -IMPLEMENT_SERIAL(ModExpr, SER_MOD_EXPR); - -bool ModExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_MOD_EXPR, BinaryExpr); - return true; - } - -bool ModExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BinaryExpr); - return true; - } - BoolExpr::BoolExpr(BroExprTag arg_tag, Expr* arg_op1, Expr* arg_op2) : BinaryExpr(arg_tag, arg_op1, arg_op2) { @@ -2014,20 +1666,6 @@ Val* BoolExpr::Eval(Frame* f) const return result; } -IMPLEMENT_SERIAL(BoolExpr, SER_BOOL_EXPR); - -bool BoolExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_BOOL_EXPR, BinaryExpr); - return true; - } - -bool BoolExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BinaryExpr); - return true; - } - BitExpr::BitExpr(BroExprTag arg_tag, Expr* arg_op1, Expr* arg_op2) : BinaryExpr(arg_tag, arg_op1, arg_op2) { @@ -2078,20 +1716,6 @@ BitExpr::BitExpr(BroExprTag arg_tag, Expr* arg_op1, Expr* arg_op2) ExprError("requires \"count\" or compatible \"set\" operands"); } -IMPLEMENT_SERIAL(BitExpr, SER_BIT_EXPR); - -bool BitExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_BIT_EXPR, BinaryExpr); - return true; - } - -bool BitExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BinaryExpr); - return true; - } - EqExpr::EqExpr(BroExprTag arg_tag, Expr* arg_op1, Expr* arg_op2) : BinaryExpr(arg_tag, arg_op1, arg_op2) { @@ -2193,20 +1817,6 @@ Val* EqExpr::Fold(Val* v1, Val* v2) const return BinaryExpr::Fold(v1, v2); } -IMPLEMENT_SERIAL(EqExpr, SER_EQ_EXPR); - -bool EqExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_EQ_EXPR, BinaryExpr); - return true; - } - -bool EqExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BinaryExpr); - return true; - } - RelExpr::RelExpr(BroExprTag arg_tag, Expr* arg_op1, Expr* arg_op2) : BinaryExpr(arg_tag, arg_op1, arg_op2) { @@ -2264,20 +1874,6 @@ void RelExpr::Canonicize() } } -IMPLEMENT_SERIAL(RelExpr, SER_REL_EXPR); - -bool RelExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_REL_EXPR, BinaryExpr); - return true; - } - -bool RelExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BinaryExpr); - return true; - } - CondExpr::CondExpr(Expr* arg_op1, Expr* arg_op2, Expr* arg_op3) : Expr(EXPR_COND) { @@ -2429,32 +2025,6 @@ void CondExpr::ExprDescribe(ODesc* d) const op3->Describe(d); } -IMPLEMENT_SERIAL(CondExpr, SER_COND_EXPR); - -bool CondExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_COND_EXPR, Expr); - return op1->Serialize(info) && op2->Serialize(info) - && op3->Serialize(info); - } - -bool CondExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Expr); - - op1 = Expr::Unserialize(info); - if ( ! op1 ) - return false; - - op2 = Expr::Unserialize(info); - if ( ! op2 ) - return false; - - op3 = Expr::Unserialize(info); - - return op3 != 0; - } - RefExpr::RefExpr(Expr* arg_op) : UnaryExpr(EXPR_REF, arg_op) { if ( IsError() ) @@ -2476,20 +2046,6 @@ void RefExpr::Assign(Frame* f, Val* v, Opcode opcode) op->Assign(f, v, opcode); } -IMPLEMENT_SERIAL(RefExpr, SER_REF_EXPR); - -bool RefExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_REF_EXPR, UnaryExpr); - return true; - } - -bool RefExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(UnaryExpr); - return true; - } - AssignExpr::AssignExpr(Expr* arg_op1, Expr* arg_op2, int arg_is_init, Val* arg_val, attr_list* arg_attrs) : BinaryExpr(EXPR_ASSIGN, @@ -2878,22 +2434,6 @@ int AssignExpr::IsPure() const return 0; } -IMPLEMENT_SERIAL(AssignExpr, SER_ASSIGN_EXPR); - -bool AssignExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_ASSIGN_EXPR, BinaryExpr); - SERIALIZE_OPTIONAL(val); - return SERIALIZE(is_init); - } - -bool AssignExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BinaryExpr); - UNSERIALIZE_OPTIONAL(val, Val::Unserialize(info)); - return UNSERIALIZE(&is_init); - } - IndexExpr::IndexExpr(Expr* arg_op1, ListExpr* arg_op2, bool is_slice) : BinaryExpr(EXPR_INDEX, arg_op1, arg_op2) { @@ -3235,21 +2775,6 @@ TraversalCode IndexExpr::Traverse(TraversalCallback* cb) const HANDLE_TC_EXPR_POST(tc); } - -IMPLEMENT_SERIAL(IndexExpr, SER_INDEX_EXPR); - -bool IndexExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_INDEX_EXPR, BinaryExpr); - return true; - } - -bool IndexExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BinaryExpr); - return true; - } - FieldExpr::FieldExpr(Expr* arg_op, const char* arg_field_name) : UnaryExpr(EXPR_FIELD, arg_op) { @@ -3347,29 +2872,6 @@ void FieldExpr::ExprDescribe(ODesc* d) const d->Add(field); } -IMPLEMENT_SERIAL(FieldExpr, SER_FIELD_EXPR); - -bool FieldExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_FIELD_EXPR, UnaryExpr); - - if ( ! (SERIALIZE(field_name) && SERIALIZE(field) ) ) - return false; - - return td->Serialize(info); - } - -bool FieldExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(UnaryExpr); - - if ( ! (UNSERIALIZE_STR(&field_name, 0) && UNSERIALIZE(&field) ) ) - return false; - - td = TypeDecl::Unserialize(info); - return td != 0; - } - HasFieldExpr::HasFieldExpr(Expr* arg_op, const char* arg_field_name) : UnaryExpr(EXPR_HAS_FIELD, arg_op) { @@ -3432,24 +2934,6 @@ void HasFieldExpr::ExprDescribe(ODesc* d) const d->Add(field); } -IMPLEMENT_SERIAL(HasFieldExpr, SER_HAS_FIELD_EXPR); - -bool HasFieldExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_HAS_FIELD_EXPR, UnaryExpr); - - // Serialize former "bool is_attr" member first for backwards compatibility. - return SERIALIZE(false) && SERIALIZE(field_name) && SERIALIZE(field); - } - -bool HasFieldExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(UnaryExpr); - // Unserialize former "bool is_attr" member for backwards compatibility. - bool not_used; - return UNSERIALIZE(¬_used) && UNSERIALIZE_STR(&field_name, 0) && UNSERIALIZE(&field); - } - RecordConstructorExpr::RecordConstructorExpr(ListExpr* constructor_list) : UnaryExpr(EXPR_RECORD_CONSTRUCTOR, constructor_list) { @@ -3529,20 +3013,6 @@ void RecordConstructorExpr::ExprDescribe(ODesc* d) const d->Add("]"); } -IMPLEMENT_SERIAL(RecordConstructorExpr, SER_RECORD_CONSTRUCTOR_EXPR); - -bool RecordConstructorExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_RECORD_CONSTRUCTOR_EXPR, UnaryExpr); - return true; - } - -bool RecordConstructorExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(UnaryExpr); - return true; - } - TableConstructorExpr::TableConstructorExpr(ListExpr* constructor_list, attr_list* arg_attrs, BroType* arg_type) : UnaryExpr(EXPR_TABLE_CONSTRUCTOR, constructor_list) @@ -3653,22 +3123,6 @@ void TableConstructorExpr::ExprDescribe(ODesc* d) const d->Add(")"); } -IMPLEMENT_SERIAL(TableConstructorExpr, SER_TABLE_CONSTRUCTOR_EXPR); - -bool TableConstructorExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_TABLE_CONSTRUCTOR_EXPR, UnaryExpr); - SERIALIZE_OPTIONAL(attrs); - return true; - } - -bool TableConstructorExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(UnaryExpr); - UNSERIALIZE_OPTIONAL(attrs, Attributes::Unserialize(info)); - return true; - } - SetConstructorExpr::SetConstructorExpr(ListExpr* constructor_list, attr_list* arg_attrs, BroType* arg_type) : UnaryExpr(EXPR_SET_CONSTRUCTOR, constructor_list) @@ -3789,22 +3243,6 @@ void SetConstructorExpr::ExprDescribe(ODesc* d) const d->Add(")"); } -IMPLEMENT_SERIAL(SetConstructorExpr, SER_SET_CONSTRUCTOR_EXPR); - -bool SetConstructorExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_SET_CONSTRUCTOR_EXPR, UnaryExpr); - SERIALIZE_OPTIONAL(attrs); - return true; - } - -bool SetConstructorExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(UnaryExpr); - UNSERIALIZE_OPTIONAL(attrs, Attributes::Unserialize(info)); - return true; - } - VectorConstructorExpr::VectorConstructorExpr(ListExpr* constructor_list, BroType* arg_type) : UnaryExpr(EXPR_VECTOR_CONSTRUCTOR, constructor_list) @@ -3908,20 +3346,6 @@ void VectorConstructorExpr::ExprDescribe(ODesc* d) const d->Add(")"); } -IMPLEMENT_SERIAL(VectorConstructorExpr, SER_VECTOR_CONSTRUCTOR_EXPR); - -bool VectorConstructorExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_VECTOR_CONSTRUCTOR_EXPR, UnaryExpr); - return true; - } - -bool VectorConstructorExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(UnaryExpr); - return true; - } - FieldAssignExpr::FieldAssignExpr(const char* arg_field_name, Expr* value) : UnaryExpr(EXPR_FIELD_ASSIGN, value), field_name(arg_field_name) { @@ -3970,20 +3394,6 @@ void FieldAssignExpr::ExprDescribe(ODesc* d) const op->Describe(d); } -IMPLEMENT_SERIAL(FieldAssignExpr, SER_FIELD_ASSIGN_EXPR); - -bool FieldAssignExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_FIELD_ASSIGN_EXPR, UnaryExpr); - return true; - } - -bool FieldAssignExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(UnaryExpr); - return true; - } - ArithCoerceExpr::ArithCoerceExpr(Expr* arg_op, TypeTag t) : UnaryExpr(EXPR_ARITH_COERCE, arg_op) { @@ -4061,21 +3471,6 @@ Val* ArithCoerceExpr::Fold(Val* v) const return result; } -IMPLEMENT_SERIAL(ArithCoerceExpr, SER_ARITH_COERCE_EXPR); - -bool ArithCoerceExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_ARITH_COERCE_EXPR, UnaryExpr); - return true; - } - -bool ArithCoerceExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(UnaryExpr); - return true; - } - - RecordCoerceExpr::RecordCoerceExpr(Expr* op, RecordType* r) : UnaryExpr(EXPR_RECORD_COERCE, op) { @@ -4276,39 +3671,6 @@ Val* RecordCoerceExpr::Fold(Val* v) const return val; } -IMPLEMENT_SERIAL(RecordCoerceExpr, SER_RECORD_COERCE_EXPR); - -bool RecordCoerceExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_RECORD_COERCE_EXPR, UnaryExpr); - - if ( ! SERIALIZE(map_size) ) - return false; - - for ( int i = 0; i < map_size; ++i ) - if ( ! SERIALIZE(map[i]) ) - return false; - - return true; - } - -bool RecordCoerceExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(UnaryExpr); - - if ( ! UNSERIALIZE(&map_size) ) - return false; - - map = new int[map_size]; - - for ( int i = 0; i < map_size; ++i ) - if ( ! UNSERIALIZE(&map[i]) ) - return false; - - return true; - } - - TableCoerceExpr::TableCoerceExpr(Expr* op, TableType* r) : UnaryExpr(EXPR_TABLE_COERCE, op) { @@ -4339,20 +3701,6 @@ Val* TableCoerceExpr::Fold(Val* v) const return new TableVal(Type()->AsTableType(), tv->Attrs()); } -IMPLEMENT_SERIAL(TableCoerceExpr, SER_TABLE_COERCE_EXPR); - -bool TableCoerceExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_TABLE_COERCE_EXPR, UnaryExpr); - return true; - } - -bool TableCoerceExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(UnaryExpr); - return true; - } - VectorCoerceExpr::VectorCoerceExpr(Expr* op, VectorType* v) : UnaryExpr(EXPR_VECTOR_COERCE, op) { @@ -4383,20 +3731,6 @@ Val* VectorCoerceExpr::Fold(Val* v) const return new VectorVal(Type()->Ref()->AsVectorType()); } -IMPLEMENT_SERIAL(VectorCoerceExpr, SER_VECTOR_COERCE_EXPR); - -bool VectorCoerceExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_VECTOR_COERCE_EXPR, UnaryExpr); - return true; - } - -bool VectorCoerceExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(UnaryExpr); - return true; - } - FlattenExpr::FlattenExpr(Expr* arg_op) : UnaryExpr(EXPR_FLATTEN, arg_op) { @@ -4445,20 +3779,6 @@ Val* FlattenExpr::Fold(Val* v) const return l; } -IMPLEMENT_SERIAL(FlattenExpr, SER_FLATTEN_EXPR); - -bool FlattenExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_FLATTEN_EXPR, UnaryExpr); - return SERIALIZE(num_fields); - } - -bool FlattenExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(UnaryExpr); - return UNSERIALIZE(&num_fields); - } - ScheduleTimer::ScheduleTimer(EventHandlerPtr arg_event, val_list* arg_args, double t, TimerMgr* arg_tmgr) : Timer(t, TIMER_SCHEDULE), @@ -4570,26 +3890,6 @@ void ScheduleExpr::ExprDescribe(ODesc* d) const event->Describe(d); } -IMPLEMENT_SERIAL(ScheduleExpr, SER_SCHEDULE_EXPR); - -bool ScheduleExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_SCHEDULE_EXPR, Expr); - return when->Serialize(info) && event->Serialize(info); - } - -bool ScheduleExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Expr); - - when = Expr::Unserialize(info); - if ( ! when ) - return false; - - event = (EventExpr*) Expr::Unserialize(info, EXPR_EVENT); - return event != 0; - } - InExpr::InExpr(Expr* arg_op1, Expr* arg_op2) : BinaryExpr(EXPR_IN, arg_op1, arg_op2) { @@ -4706,20 +4006,6 @@ Val* InExpr::Fold(Val* v1, Val* v2) const return val_mgr->GetBool(0); } -IMPLEMENT_SERIAL(InExpr, SER_IN_EXPR); - -bool InExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_IN_EXPR, BinaryExpr); - return true; - } - -bool InExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BinaryExpr); - return true; - } - CallExpr::CallExpr(Expr* arg_func, ListExpr* arg_args, bool in_hook) : Expr(EXPR_CALL) { @@ -4917,26 +4203,6 @@ void CallExpr::ExprDescribe(ODesc* d) const args->Describe(d); } -IMPLEMENT_SERIAL(CallExpr, SER_CALL_EXPR); - -bool CallExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_CALL_EXPR, Expr); - return func->Serialize(info) && args->Serialize(info); - } - -bool CallExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Expr); - - func = Expr::Unserialize(info); - if ( ! func ) - return false; - - args = (ListExpr*) Expr::Unserialize(info, EXPR_LIST); - return args != 0; - } - EventExpr::EventExpr(const char* arg_name, ListExpr* arg_args) : Expr(EXPR_EVENT) { @@ -5022,35 +4288,6 @@ void EventExpr::ExprDescribe(ODesc* d) const args->Describe(d); } -IMPLEMENT_SERIAL(EventExpr, SER_EVENT_EXPR); - -bool EventExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_EVENT_EXPR, Expr); - - if ( ! handler->Serialize(info) ) - return false; - - return SERIALIZE(name) && args->Serialize(info); - } - -bool EventExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Expr); - - EventHandler* h = EventHandler::Unserialize(info); - if ( ! h ) - return false; - - handler = h; - - if ( ! UNSERIALIZE(&name) ) - return false; - - args = (ListExpr*) Expr::Unserialize(info, EXPR_LIST); - return args; - } - ListExpr::ListExpr() : Expr(EXPR_LIST) { SetType(new TypeList()); @@ -5421,42 +4658,6 @@ TraversalCode ListExpr::Traverse(TraversalCallback* cb) const HANDLE_TC_EXPR_POST(tc); } -IMPLEMENT_SERIAL(ListExpr, SER_LIST_EXPR); - -bool ListExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_LIST_EXPR, Expr); - - if ( ! SERIALIZE(exprs.length()) ) - return false; - - loop_over_list(exprs, i) - if ( ! exprs[i]->Serialize(info) ) - return false; - - return true; - } - -bool ListExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Expr); - - int len; - if ( ! UNSERIALIZE(&len) ) - return false; - - while ( len-- ) - { - Expr* e = Expr::Unserialize(info); - if ( ! e ) - return false; - - exprs.append(e); - } - - return true; - } - RecordAssignExpr::RecordAssignExpr(Expr* record, Expr* init_list, int is_init) { const expr_list& inits = init_list->AsListExpr()->Exprs(); @@ -5518,20 +4719,6 @@ RecordAssignExpr::RecordAssignExpr(Expr* record, Expr* init_list, int is_init) } } -IMPLEMENT_SERIAL(RecordAssignExpr, SER_RECORD_ASSIGN_EXPR); - -bool RecordAssignExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_RECORD_ASSIGN_EXPR, ListExpr); - return true; - } - -bool RecordAssignExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(ListExpr); - return true; - } - CastExpr::CastExpr(Expr* arg_op, BroType* t) : UnaryExpr(EXPR_CAST, arg_op) { auto stype = Op()->Type(); @@ -5584,20 +4771,6 @@ void CastExpr::ExprDescribe(ODesc* d) const Type()->Describe(d); } -IMPLEMENT_SERIAL(CastExpr, SER_CAST_EXPR); - -bool CastExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_CAST_EXPR, UnaryExpr); - return true; - } - -bool CastExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(UnaryExpr); - return true; - } - IsExpr::IsExpr(Expr* arg_op, BroType* arg_t) : UnaryExpr(EXPR_IS, arg_op) { t = arg_t; @@ -5629,20 +4802,6 @@ void IsExpr::ExprDescribe(ODesc* d) const t->Describe(d); } -IMPLEMENT_SERIAL(IsExpr, SER_IS_EXPR_ /* sic */); - -bool IsExpr::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_IS_EXPR_, UnaryExpr); - return true; - } - -bool IsExpr::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(UnaryExpr); - return true; - } - Expr* get_assign_expr(Expr* op1, Expr* op2, int is_init) { if ( op1->Type()->Tag() == TYPE_RECORD && diff --git a/src/Expr.h b/src/Expr.h index e268f07648..6c9ac5e18f 100644 --- a/src/Expr.h +++ b/src/Expr.h @@ -189,9 +189,6 @@ public: void Describe(ODesc* d) const override; - bool Serialize(SerialInfo* info) const; - static Expr* Unserialize(UnserialInfo* info, BroExprTag want = EXPR_ANY); - virtual TraversalCode Traverse(TraversalCallback* cb) const = 0; protected: @@ -214,8 +211,6 @@ protected: void RuntimeErrorWithCallStack(const std::string& msg) const; - DECLARE_ABSTRACT_SERIAL(Expr); - BroExprTag tag; BroType* type; @@ -242,8 +237,6 @@ protected: void ExprDescribe(ODesc* d) const override; - DECLARE_SERIAL(NameExpr); - ID* id; bool in_const_init; }; @@ -264,8 +257,6 @@ protected: ConstExpr() { val = 0; } void ExprDescribe(ODesc* d) const override; - DECLARE_SERIAL(ConstExpr); - Val* val; }; @@ -294,8 +285,6 @@ protected: // Returns the expression folded using the given constant. virtual Val* Fold(Val* v) const; - DECLARE_SERIAL(UnaryExpr); - Expr* op; }; @@ -357,8 +346,6 @@ protected: void ExprDescribe(ODesc* d) const override; - DECLARE_SERIAL(BinaryExpr); - Expr* op1; Expr* op2; }; @@ -373,8 +360,6 @@ protected: CloneExpr() { } Val* Fold(Val* v) const override; - - DECLARE_SERIAL(CloneExpr); }; class IncrExpr : public UnaryExpr { @@ -388,8 +373,6 @@ public: protected: friend class Expr; IncrExpr() { } - - DECLARE_SERIAL(IncrExpr); }; class ComplementExpr : public UnaryExpr { @@ -401,8 +384,6 @@ protected: ComplementExpr() { } Val* Fold(Val* v) const override; - - DECLARE_SERIAL(ComplementExpr); }; class NotExpr : public UnaryExpr { @@ -414,8 +395,6 @@ protected: NotExpr() { } Val* Fold(Val* v) const override; - - DECLARE_SERIAL(NotExpr); }; class PosExpr : public UnaryExpr { @@ -427,8 +406,6 @@ protected: PosExpr() { } Val* Fold(Val* v) const override; - - DECLARE_SERIAL(PosExpr); }; class NegExpr : public UnaryExpr { @@ -440,8 +417,6 @@ protected: NegExpr() { } Val* Fold(Val* v) const override; - - DECLARE_SERIAL(NegExpr); }; class SizeExpr : public UnaryExpr { @@ -454,7 +429,6 @@ protected: SizeExpr() { } Val* Fold(Val* v) const override; - DECLARE_SERIAL(SizeExpr); }; class AddExpr : public BinaryExpr { @@ -465,9 +439,6 @@ public: protected: friend class Expr; AddExpr() { } - - DECLARE_SERIAL(AddExpr); - }; class AddToExpr : public BinaryExpr { @@ -478,8 +449,6 @@ public: protected: friend class Expr; AddToExpr() { } - - DECLARE_SERIAL(AddToExpr); }; class RemoveFromExpr : public BinaryExpr { @@ -490,8 +459,6 @@ public: protected: friend class Expr; RemoveFromExpr() { } - - DECLARE_SERIAL(RemoveFromExpr); }; class SubExpr : public BinaryExpr { @@ -501,9 +468,6 @@ public: protected: friend class Expr; SubExpr() { } - - DECLARE_SERIAL(SubExpr); - }; class TimesExpr : public BinaryExpr { @@ -514,9 +478,6 @@ public: protected: friend class Expr; TimesExpr() { } - - DECLARE_SERIAL(TimesExpr); - }; class DivideExpr : public BinaryExpr { @@ -528,9 +489,6 @@ protected: DivideExpr() { } Val* AddrFold(Val* v1, Val* v2) const override; - - DECLARE_SERIAL(DivideExpr); - }; class ModExpr : public BinaryExpr { @@ -540,8 +498,6 @@ public: protected: friend class Expr; ModExpr() { } - - DECLARE_SERIAL(ModExpr); }; class BoolExpr : public BinaryExpr { @@ -554,8 +510,6 @@ public: protected: friend class Expr; BoolExpr() { } - - DECLARE_SERIAL(BoolExpr); }; class BitExpr : public BinaryExpr { @@ -565,8 +519,6 @@ public: protected: friend class Expr; BitExpr() { } - - DECLARE_SERIAL(BitExpr); }; class EqExpr : public BinaryExpr { @@ -579,8 +531,6 @@ protected: EqExpr() { } Val* Fold(Val* v1, Val* v2) const override; - - DECLARE_SERIAL(EqExpr); }; class RelExpr : public BinaryExpr { @@ -591,8 +541,6 @@ public: protected: friend class Expr; RelExpr() { } - - DECLARE_SERIAL(RelExpr); }; class CondExpr : public Expr { @@ -615,8 +563,6 @@ protected: void ExprDescribe(ODesc* d) const override; - DECLARE_SERIAL(CondExpr); - Expr* op1; Expr* op2; Expr* op3; @@ -632,8 +578,6 @@ public: protected: friend class Expr; RefExpr() { } - - DECLARE_SERIAL(RefExpr); }; class AssignExpr : public BinaryExpr { @@ -657,8 +601,6 @@ protected: bool TypeCheck(attr_list* attrs = 0); bool TypeCheckArithmetics(TypeTag bt1, TypeTag bt2); - DECLARE_SERIAL(AssignExpr); - int is_init; Val* val; // optional }; @@ -689,8 +631,6 @@ protected: Val* Fold(Val* v1, Val* v2) const override; void ExprDescribe(ODesc* d) const override; - - DECLARE_SERIAL(IndexExpr); }; class FieldExpr : public UnaryExpr { @@ -716,8 +656,6 @@ protected: void ExprDescribe(ODesc* d) const override; - DECLARE_SERIAL(FieldExpr); - const char* field_name; const TypeDecl* td; int field; // -1 = attributes @@ -740,8 +678,6 @@ protected: void ExprDescribe(ODesc* d) const override; - DECLARE_SERIAL(HasFieldExpr); - const char* field_name; int field; }; @@ -759,8 +695,6 @@ protected: Val* Fold(Val* v) const override; void ExprDescribe(ODesc* d) const override; - - DECLARE_SERIAL(RecordConstructorExpr); }; class TableConstructorExpr : public UnaryExpr { @@ -781,8 +715,6 @@ protected: void ExprDescribe(ODesc* d) const override; - DECLARE_SERIAL(TableConstructorExpr); - Attributes* attrs; }; @@ -804,8 +736,6 @@ protected: void ExprDescribe(ODesc* d) const override; - DECLARE_SERIAL(SetConstructorExpr); - Attributes* attrs; }; @@ -822,8 +752,6 @@ protected: Val* InitVal(const BroType* t, Val* aggr) const override; void ExprDescribe(ODesc* d) const override; - - DECLARE_SERIAL(VectorConstructorExpr); }; class FieldAssignExpr : public UnaryExpr { @@ -841,8 +769,6 @@ protected: void ExprDescribe(ODesc* d) const override; - DECLARE_SERIAL(FieldAssignExpr); - string field_name; }; @@ -856,8 +782,6 @@ protected: Val* FoldSingleVal(Val* v, InternalTypeTag t) const; Val* Fold(Val* v) const override; - - DECLARE_SERIAL(ArithCoerceExpr); }; class RecordCoerceExpr : public UnaryExpr { @@ -872,8 +796,6 @@ protected: Val* InitVal(const BroType* t, Val* aggr) const override; Val* Fold(Val* v) const override; - DECLARE_SERIAL(RecordCoerceExpr); - // For each super-record slot, gives subrecord slot with which to // fill it. int* map; @@ -890,8 +812,6 @@ protected: TableCoerceExpr() { } Val* Fold(Val* v) const override; - - DECLARE_SERIAL(TableCoerceExpr); }; class VectorCoerceExpr : public UnaryExpr { @@ -904,8 +824,6 @@ protected: VectorCoerceExpr() { } Val* Fold(Val* v) const override; - - DECLARE_SERIAL(VectorCoerceExpr); }; // An internal operator for flattening array indices that are records @@ -920,8 +838,6 @@ protected: Val* Fold(Val* v) const override; - DECLARE_SERIAL(FlattenExpr); - int num_fields; }; @@ -961,8 +877,6 @@ protected: void ExprDescribe(ODesc* d) const override; - DECLARE_SERIAL(ScheduleExpr); - Expr* when; EventExpr* event; }; @@ -977,8 +891,6 @@ protected: Val* Fold(Val* v1, Val* v2) const override; - DECLARE_SERIAL(InExpr); - }; class CallExpr : public Expr { @@ -1001,8 +913,6 @@ protected: void ExprDescribe(ODesc* d) const override; - DECLARE_SERIAL(CallExpr); - Expr* func; ListExpr* args; }; @@ -1026,8 +936,6 @@ protected: void ExprDescribe(ODesc* d) const override; - DECLARE_SERIAL(EventExpr); - string name; EventHandlerPtr handler; ListExpr* args; @@ -1064,8 +972,6 @@ protected: void ExprDescribe(ODesc* d) const override; - DECLARE_SERIAL(ListExpr); - expr_list exprs; }; @@ -1079,8 +985,6 @@ public: protected: friend class Expr; RecordAssignExpr() { } - - DECLARE_SERIAL(RecordAssignExpr); }; class CastExpr : public UnaryExpr { @@ -1093,8 +997,6 @@ protected: Val* Eval(Frame* f) const override; void ExprDescribe(ODesc* d) const override; - - DECLARE_SERIAL(CastExpr); }; class IsExpr : public UnaryExpr { @@ -1108,7 +1010,6 @@ protected: Val* Fold(Val* v) const override; void ExprDescribe(ODesc* d) const override; - DECLARE_SERIAL(IsExpr); private: BroType* t; diff --git a/src/File.cc b/src/File.cc index d7a213237f..e25f39c895 100644 --- a/src/File.cc +++ b/src/File.cc @@ -30,7 +30,6 @@ #include "Expr.h" #include "NetVar.h" #include "Net.h" -#include "Serializer.h" #include "Event.h" #include "Reporter.h" @@ -828,11 +827,6 @@ void BroFile::UpdateFileSize() current_size = double(s.st_size); } -bool BroFile::Serialize(SerialInfo* info) const - { - return SerialObj::Serialize(info); - } - BroFile* BroFile::GetFile(const char* name) { for ( BroFile* f = head; f; f = f->next ) @@ -844,139 +838,3 @@ BroFile* BroFile::GetFile(const char* name) return new BroFile(name, "w", 0); } -BroFile* BroFile::Unserialize(UnserialInfo* info) - { - BroFile* file = (BroFile*) SerialObj::Unserialize(info, SER_BRO_FILE); - - if ( ! file ) - return 0; - - if ( file->is_open ) - return file; - - // If there is already an object for this file, return it. - if ( file->name ) - { - for ( BroFile* f = head; f; f = f->next ) - { - if ( f->name && streq(file->name, f->name) ) - { - Unref(file); - Ref(f); - return f; - } - } - } - - // Otherwise, open, but don't clobber. - if ( ! file->Open(0, "a") ) - { - info->s->Error(fmt("cannot open %s: %s", - file->name, strerror(errno))); - return 0; - } - - // Here comes a hack. This method will return a pointer to a newly - // instantiated file object. As soon as this pointer is Unref'ed, the - // file will be closed. That means that when we unserialize the same - // file next time, we will re-open it and thereby delete the first one, - // i.e., we will be keeping to delete what we've written just before. - // - // To avoid this loop, we do an extra Ref here, i.e., this file will - // *never* be closed anymore (as long the file cache does not overflow). - Ref(file); - - // We deliberately override log rotation attributes with our defaults. - file->rotate_interval = log_rotate_interval; - file->rotate_size = log_max_size; - file->InstallRotateTimer(); - file->SetBuf(file->buffered); - - return file; - } - -IMPLEMENT_SERIAL(BroFile, SER_BRO_FILE); - -bool BroFile::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_BRO_FILE, BroObj); - - const char* s = name; - - if ( ! okay_to_manage ) - { - // We can handle stdin/stdout/stderr but no others. - if ( f == stdin ) - s = "/dev/stdin"; - else if ( f == stdout ) - s = "/dev/stdout"; - else if ( f == stderr ) - s = "/dev/stderr"; - else - { - // We don't manage the file, and therefore don't - // really know how to pass it on to the other side. - // However, in order to not abort communication - // when this happens, we still send the name if we - // have one; or if we don't, we create a special - // "dont-have-a-file" file to be created on the - // receiver side. - if ( ! s ) - s = "unmanaged-bro-output-file.log"; - } - } - - if ( ! (SERIALIZE(s) && SERIALIZE(buffered)) ) - return false; - - SERIALIZE_OPTIONAL_STR(access); - - if ( ! t->Serialize(info) ) - return false; - - SERIALIZE_OPTIONAL(attrs); - return true; - } - -bool BroFile::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BroObj); - - if ( ! (UNSERIALIZE_STR(&name, 0) && UNSERIALIZE(&buffered)) ) - return false; - - UNSERIALIZE_OPTIONAL_STR(access); - - t = BroType::Unserialize(info); - if ( ! t ) - return false; - - UNSERIALIZE_OPTIONAL(attrs, Attributes::Unserialize(info)); - - // Parse attributes. - SetAttrs(attrs); - // SetAttrs() has ref'ed attrs again. - Unref(attrs); - - // Bind stdin/stdout/stderr. - FILE* file = 0; - is_open = false; - f = 0; - - if ( streq(name, "/dev/stdin") ) - file = stdin; - else if ( streq(name, "/dev/stdout") ) - file = stdout; - else if ( streq(name, "/dev/stderr") ) - file = stderr; - - if ( file ) - { - delete [] name; - name = 0; - f = file; - is_open = true; - } - - return true; - } diff --git a/src/File.h b/src/File.h index 3660d3caa4..d763a35b11 100644 --- a/src/File.h +++ b/src/File.h @@ -79,9 +79,6 @@ public: void EnableRawOutput() { raw_output = true; } bool IsRawOutput() const { return raw_output; } - bool Serialize(SerialInfo* info) const; - static BroFile* Unserialize(UnserialInfo* info); - protected: friend class RotateTimer; @@ -124,8 +121,6 @@ protected: // Finalize encryption. void FinishEncrypt(); - DECLARE_SERIAL(BroFile); - FILE* f; BroType* t; char* name; diff --git a/src/Func.cc b/src/Func.cc index d34f97c197..ae10dc60e9 100644 --- a/src/Func.cc +++ b/src/Func.cc @@ -41,7 +41,6 @@ #include "analyzer/protocol/login/Login.h" #include "Sessions.h" #include "RE.h" -#include "Serializer.h" #include "Event.h" #include "Traverse.h" #include "Reporter.h" @@ -127,110 +126,6 @@ void Func::AddBody(Stmt* /* new_body */, id_list* /* new_inits */, Internal("Func::AddBody called"); } -bool Func::Serialize(SerialInfo* info) const - { - return SerialObj::Serialize(info); - } - -Func* Func::Unserialize(UnserialInfo* info) - { - Func* f = (Func*) SerialObj::Unserialize(info, SER_FUNC); - - // For builtins, we return a reference to the (hopefully) already - // existing function. - if ( f && f->kind == BUILTIN_FUNC ) - { - const char* name = ((BuiltinFunc*) f)->Name(); - ID* id = global_scope()->Lookup(name); - if ( ! id ) - { - info->s->Error(fmt("can't find built-in %s", name)); - return 0; - } - - if ( ! (id->HasVal() && id->ID_Val()->Type()->Tag() == TYPE_FUNC) ) - { - info->s->Error(fmt("ID %s is not a built-in", name)); - return 0; - } - - Unref(f); - f = id->ID_Val()->AsFunc(); - Ref(f); - } - - return f; - } - -bool Func::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_FUNC, BroObj); - - if ( ! SERIALIZE(int(bodies.size())) ) - return false; - - for ( unsigned int i = 0; i < bodies.size(); ++i ) - { - if ( ! bodies[i].stmts->Serialize(info) ) - return false; - if ( ! SERIALIZE(bodies[i].priority) ) - return false; - } - - if ( ! SERIALIZE(char(kind) ) ) - return false; - - if ( ! type->Serialize(info) ) - return false; - - if ( ! SERIALIZE(Name()) ) - return false; - - // We don't serialize scope as only global functions are considered here - // anyway. - return true; - } - -bool Func::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BroObj); - - int len; - if ( ! UNSERIALIZE(&len) ) - return false; - - while ( len-- ) - { - Body b; - b.stmts = Stmt::Unserialize(info); - if ( ! b.stmts ) - return false; - - if ( ! UNSERIALIZE(&b.priority) ) - return false; - - bodies.push_back(b); - } - - char c; - if ( ! UNSERIALIZE(&c) ) - return false; - - kind = (Kind) c; - - type = BroType::Unserialize(info); - if ( ! type ) - return false; - - const char* n; - if ( ! UNSERIALIZE_STR(&n, 0) ) - return false; - - name = n; - delete [] n; - - return true; - } void Func::DescribeDebug(ODesc* d, const val_list* args) const { @@ -584,21 +479,6 @@ Stmt* BroFunc::AddInits(Stmt* body, id_list* inits) return stmt_series; } -IMPLEMENT_SERIAL(BroFunc, SER_BRO_FUNC); - -bool BroFunc::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_BRO_FUNC, Func); - return SERIALIZE(frame_size); - } - -bool BroFunc::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Func); - - return UNSERIALIZE(&frame_size); - } - BuiltinFunc::BuiltinFunc(built_in_func arg_func, const char* arg_name, int arg_is_pure) : Func(BUILTIN_FUNC) @@ -681,20 +561,6 @@ void BuiltinFunc::Describe(ODesc* d) const d->AddCount(is_pure); } -IMPLEMENT_SERIAL(BuiltinFunc, SER_BUILTIN_FUNC); - -bool BuiltinFunc::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_BUILTIN_FUNC, Func); - return true; - } - -bool BuiltinFunc::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Func); - return true; - } - void builtin_error(const char* msg, BroObj* arg) { auto emit = [=](const CallExpr* ce) diff --git a/src/Func.h b/src/Func.h index 48e0c2e8b8..765d1ec499 100644 --- a/src/Func.h +++ b/src/Func.h @@ -59,10 +59,6 @@ public: void Describe(ODesc* d) const override = 0; virtual void DescribeDebug(ODesc* d, const val_list* args) const; - // This (un-)serializes only a single body (as given in SerialInfo). - bool Serialize(SerialInfo* info) const; - static Func* Unserialize(UnserialInfo* info); - virtual TraversalCode Traverse(TraversalCallback* cb) const; uint32 GetUniqueFuncID() const { return unique_id; } @@ -75,8 +71,6 @@ protected: // Helper function for handling result of plugin hook. std::pair HandlePluginResult(std::pair plugin_result, val_list* args, function_flavor flavor) const; - DECLARE_ABSTRACT_SERIAL(Func); - vector bodies; Scope* scope; Kind kind; @@ -106,8 +100,6 @@ protected: BroFunc() : Func(BRO_FUNC) {} Stmt* AddInits(Stmt* body, id_list* inits); - DECLARE_SERIAL(BroFunc); - int frame_size; }; @@ -127,8 +119,6 @@ public: protected: BuiltinFunc() { func = 0; is_pure = 0; } - DECLARE_SERIAL(BuiltinFunc); - built_in_func func; int is_pure; }; diff --git a/src/ID.cc b/src/ID.cc index b9b0a5a624..b3d68e9bda 100644 --- a/src/ID.cc +++ b/src/ID.cc @@ -9,7 +9,6 @@ #include "Func.h" #include "Scope.h" #include "File.h" -#include "Serializer.h" #include "Scope.h" #include "Traverse.h" #include "zeekygen/Manager.h" @@ -293,11 +292,6 @@ void ID::EvalFunc(Expr* ef, Expr* ev) Unref(ce); } -bool ID::Serialize(SerialInfo* info) const - { - return (ID*) SerialObj::Serialize(info); - } - #if 0 void ID::CopyFrom(const ID* id) { @@ -330,205 +324,6 @@ void ID::CopyFrom(const ID* id) #endif #endif -ID* ID::Unserialize(UnserialInfo* info) - { - ID* id = (ID*) SerialObj::Unserialize(info, SER_ID); - if ( ! id ) - return 0; - - if ( ! id->IsGlobal() ) - return id; - - // Globals. - ID* current = global_scope()->Lookup(id->name); - - if ( ! current ) - { - if ( ! info->install_globals ) - { - info->s->Error("undefined"); - Unref(id); - return 0; - } - - Ref(id); - global_scope()->Insert(id->Name(), id); -#ifdef USE_PERFTOOLS_DEBUG - heap_checker->IgnoreObject(id); -#endif - } - - else - { - switch ( info->id_policy ) { - - case UnserialInfo::Keep: - Unref(id); - Ref(current); - id = current; - break; - - case UnserialInfo::Replace: - Unref(current); - Ref(id); - global_scope()->Insert(id->Name(), id); - break; - - case UnserialInfo::CopyNewToCurrent: - if ( ! same_type(current->type, id->type) ) - { - info->s->Error("type mismatch"); - Unref(id); - return 0; - } - - if ( ! current->weak_ref ) - Unref(current->val); - - current->val = id->val; - current->weak_ref = id->weak_ref; - if ( current->val && ! current->weak_ref ) - Ref(current->val); - -#ifdef DEBUG - current->UpdateValID(); -#endif - - Unref(id); - Ref(current); - id = current; - - break; - - case UnserialInfo::CopyCurrentToNew: - if ( ! same_type(current->type, id->type) ) - { - info->s->Error("type mismatch"); - return 0; - } - if ( ! id->weak_ref ) - Unref(id->val); - id->val = current->val; - id->weak_ref = current->weak_ref; - if ( id->val && ! id->weak_ref ) - Ref(id->val); - -#ifdef DEBUG - id->UpdateValID(); -#endif - - Unref(current); - Ref(id); - global_scope()->Insert(id->Name(), id); - break; - - case UnserialInfo::InstantiateNew: - // Do nothing. - break; - - default: - reporter->InternalError("unknown type for UnserialInfo::id_policy"); - } - } - - return id; - - } - -IMPLEMENT_SERIAL(ID, SER_ID); - -bool ID::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE_WITH_SUSPEND(SER_ID, BroObj); - - if ( info->cont.NewInstance() ) - { - DisableSuspend suspend(info); - - info->s->WriteOpenTag("ID"); - - if ( ! (SERIALIZE(name) && - SERIALIZE(char(scope)) && - SERIALIZE(is_export) && - SERIALIZE(is_const) && - SERIALIZE(is_enum_const) && - SERIALIZE(is_type) && - SERIALIZE(offset) && - SERIALIZE(infer_return_type) && - SERIALIZE(weak_ref) && - type->Serialize(info)) ) - return false; - - SERIALIZE_OPTIONAL(attrs); - } - - SERIALIZE_OPTIONAL(val); - - return true; - } - -bool ID::DoUnserialize(UnserialInfo* info) - { - bool installed_tmp = false; - - DO_UNSERIALIZE(BroObj); - - char id_scope; - - if ( ! (UNSERIALIZE_STR(&name, 0) && - UNSERIALIZE(&id_scope) && - UNSERIALIZE(&is_export) && - UNSERIALIZE(&is_const) && - UNSERIALIZE(&is_enum_const) && - UNSERIALIZE(&is_type) && - UNSERIALIZE(&offset) && - UNSERIALIZE(&infer_return_type) && - UNSERIALIZE(&weak_ref) - ) ) - return false; - - scope = IDScope(id_scope); - - info->s->SetErrorDescr(fmt("unserializing ID %s", name)); - - type = BroType::Unserialize(info); - if ( ! type ) - return false; - - UNSERIALIZE_OPTIONAL(attrs, Attributes::Unserialize(info)); - - // If it's a global function not currently known, - // we temporarily install it in global scope. - // This is necessary for recursive functions. - if ( IsGlobal() && Type()->Tag() == TYPE_FUNC ) - { - ID* current = global_scope()->Lookup(name); - if ( ! current ) - { - installed_tmp = true; - global_scope()->Insert(Name(), this); - } - } - - UNSERIALIZE_OPTIONAL(val, Val::Unserialize(info)); -#ifdef DEBUG - UpdateValID(); -#endif - - if ( weak_ref ) - { - // At this point at least the serialization cache will hold a - // reference so this will not delete the val. - assert(val->RefCnt() > 1); - Unref(val); - } - - if ( installed_tmp && ! global_scope()->Remove(name) ) - reporter->InternalWarning("missing tmp ID in %s unserialization", name); - - return true; - } - TraversalCode ID::Traverse(TraversalCallback* cb) const { TraversalCode tc = cb->PreID(this); diff --git a/src/ID.h b/src/ID.h index 18754584df..bb9e11ca06 100644 --- a/src/ID.h +++ b/src/ID.h @@ -10,7 +10,6 @@ #include class Val; -class SerialInfo; class Func; typedef enum { INIT_NONE, INIT_FULL, INIT_EXTRA, INIT_REMOVE, } init_class; @@ -98,9 +97,6 @@ public: void DescribeReST(ODesc* d, bool roles_only = false) const; void DescribeReSTShort(ODesc* d) const; - bool Serialize(SerialInfo* info) const; - static ID* Unserialize(UnserialInfo* info); - bool DoInferReturnType() const { return infer_return_type; } void SetInferReturnType(bool infer) @@ -124,8 +120,6 @@ protected: void UpdateValID(); #endif - DECLARE_SERIAL(ID); - const char* name; IDScope scope; bool is_export; diff --git a/src/Net.cc b/src/Net.cc index 79b66e1a80..5b737940b0 100644 --- a/src/Net.cc +++ b/src/Net.cc @@ -27,7 +27,6 @@ #include "Reporter.h" #include "Net.h" #include "Anon.h" -#include "Serializer.h" #include "PacketDumper.h" #include "iosource/Manager.h" #include "iosource/PktSrc.h" diff --git a/src/Obj.cc b/src/Obj.cc index 023fa0d237..7fa5adde2f 100644 --- a/src/Obj.cc +++ b/src/Obj.cc @@ -5,7 +5,6 @@ #include #include "Obj.h" -#include "Serializer.h" #include "Func.h" #include "File.h" #include "plugin/Manager.h" @@ -14,47 +13,6 @@ Location no_location("", 0, 0, 0, 0); Location start_location("", 0, 0, 0, 0); Location end_location("", 0, 0, 0, 0); -bool Location::Serialize(SerialInfo* info) const - { - return SerialObj::Serialize(info); - } - -Location* Location::Unserialize(UnserialInfo* info) - { - return (Location*) SerialObj::Unserialize(info, SER_LOCATION); - } - -IMPLEMENT_SERIAL(Location, SER_LOCATION); - -bool Location::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_LOCATION, SerialObj); - info->s->WriteOpenTag("Location"); - - if ( ! (SERIALIZE(filename) && - SERIALIZE(first_line) && - SERIALIZE(last_line) && - SERIALIZE(first_column) && - SERIALIZE(last_column)) ) - return false; - - info->s->WriteCloseTag("Location"); - return true; - } - -bool Location::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(SerialObj); - - delete_data = true; - - return UNSERIALIZE_STR(&filename, 0) - && UNSERIALIZE(&first_line) - && UNSERIALIZE(&last_line) - && UNSERIALIZE(&first_column) - && UNSERIALIZE(&last_column); - } - void Location::Describe(ODesc* d) const { if ( filename ) @@ -228,29 +186,6 @@ void BroObj::PinPoint(ODesc* d, const BroObj* obj2, int pinpoint_only) const d->Add(")"); } -bool BroObj::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_BRO_OBJ, SerialObj); - - info->s->WriteOpenTag("Object"); - - Location* loc = info->include_locations ? location : 0; - SERIALIZE_OPTIONAL(loc); - info->s->WriteCloseTag("Object"); - - return true; - } - -bool BroObj::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(SerialObj); - - delete location; - - UNSERIALIZE_OPTIONAL(location, Location::Unserialize(info)); - return true; - } - void print(const BroObj* obj) { static BroFile fstderr(stderr); diff --git a/src/Obj.h b/src/Obj.h index 047eec0856..315880a18e 100644 --- a/src/Obj.h +++ b/src/Obj.h @@ -7,12 +7,8 @@ #include "input.h" #include "Desc.h" -#include "SerialObj.h" -class Serializer; -class SerialInfo; - -class Location : SerialObj { +class Location { public: Location(const char* fname, int line_f, int line_l, int col_f, int col_l) { @@ -36,7 +32,7 @@ public: text = 0; } - ~Location() override + virtual ~Location() { if ( delete_data ) delete [] filename; @@ -44,9 +40,6 @@ public: void Describe(ODesc* d) const; - bool Serialize(SerialInfo* info) const; - static Location* Unserialize(UnserialInfo* info); - bool operator==(const Location& l) const; bool operator!=(const Location& l) const { return ! (*this == l); } @@ -59,8 +52,6 @@ public: // Timestamp and text for compatibility with Bison's default yyltype. int timestamp; char* text; -protected: - DECLARE_SERIAL(Location); }; #define YYLTYPE yyltype @@ -86,7 +77,7 @@ inline void set_location(const Location start, const Location end) end_location = end; } -class BroObj : public SerialObj { +class BroObj { public: BroObj() { @@ -112,7 +103,7 @@ public: SetLocationInfo(&start_location, &end_location); } - ~BroObj() override; + virtual ~BroObj(); // Report user warnings/errors. If obj2 is given, then it's // included in the message, though if pinpoint_only is non-zero, @@ -168,10 +159,6 @@ public: bool in_ser_cache; protected: - friend class SerializationCache; - - DECLARE_ABSTRACT_SERIAL(BroObj); - Location* location; // all that matters in real estate private: diff --git a/src/OpaqueVal.cc b/src/OpaqueVal.cc index ce25ea5475..b130c1703c 100644 --- a/src/OpaqueVal.cc +++ b/src/OpaqueVal.cc @@ -3,7 +3,6 @@ #include "OpaqueVal.h" #include "NetVar.h" #include "Reporter.h" -#include "Serializer.h" #include "probabilistic/BloomFilter.h" #include "probabilistic/CardinalityCounter.h" @@ -63,20 +62,6 @@ HashVal::HashVal(OpaqueType* t) : OpaqueVal(t) valid = false; } -IMPLEMENT_SERIAL(HashVal, SER_HASH_VAL); - -bool HashVal::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_HASH_VAL, OpaqueVal); - return SERIALIZE(valid); - } - -bool HashVal::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(OpaqueVal); - return UNSERIALIZE(&valid); - } - MD5Val::MD5Val() : HashVal(md5_type) { } @@ -147,67 +132,6 @@ StringVal* MD5Val::DoGet() return new StringVal(md5_digest_print(digest)); } -IMPLEMENT_SERIAL(MD5Val, SER_MD5_VAL); - -bool MD5Val::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_MD5_VAL, HashVal); - - if ( ! IsValid() ) - return true; - - MD5_CTX* md = (MD5_CTX*) EVP_MD_CTX_md_data(ctx); - - if ( ! (SERIALIZE(md->A) && - SERIALIZE(md->B) && - SERIALIZE(md->C) && - SERIALIZE(md->D) && - SERIALIZE(md->Nl) && - SERIALIZE(md->Nh)) ) - return false; - - for ( int i = 0; i < MD5_LBLOCK; ++i ) - { - if ( ! SERIALIZE(md->data[i]) ) - return false; - } - - if ( ! SERIALIZE(md->num) ) - return false; - - return true; - } - -bool MD5Val::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(HashVal); - - if ( ! IsValid() ) - return true; - - ctx = hash_init(Hash_MD5); - MD5_CTX* md = (MD5_CTX*) EVP_MD_CTX_md_data(ctx); - - if ( ! (UNSERIALIZE(&md->A) && - UNSERIALIZE(&md->B) && - UNSERIALIZE(&md->C) && - UNSERIALIZE(&md->D) && - UNSERIALIZE(&md->Nl) && - UNSERIALIZE(&md->Nh)) ) - return false; - - for ( int i = 0; i < MD5_LBLOCK; ++i ) - { - if ( ! UNSERIALIZE(&md->data[i]) ) - return false; - } - - if ( ! UNSERIALIZE(&md->num) ) - return false; - - return true; - } - SHA1Val::SHA1Val() : HashVal(sha1_type) { } @@ -267,69 +191,6 @@ StringVal* SHA1Val::DoGet() return new StringVal(sha1_digest_print(digest)); } -IMPLEMENT_SERIAL(SHA1Val, SER_SHA1_VAL); - -bool SHA1Val::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_SHA1_VAL, HashVal); - - if ( ! IsValid() ) - return true; - - SHA_CTX* md = (SHA_CTX*) EVP_MD_CTX_md_data(ctx); - - if ( ! (SERIALIZE(md->h0) && - SERIALIZE(md->h1) && - SERIALIZE(md->h2) && - SERIALIZE(md->h3) && - SERIALIZE(md->h4) && - SERIALIZE(md->Nl) && - SERIALIZE(md->Nh)) ) - return false; - - for ( int i = 0; i < SHA_LBLOCK; ++i ) - { - if ( ! SERIALIZE(md->data[i]) ) - return false; - } - - if ( ! SERIALIZE(md->num) ) - return false; - - return true; - } - -bool SHA1Val::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(HashVal); - - if ( ! IsValid() ) - return true; - - ctx = hash_init(Hash_SHA1); - SHA_CTX* md = (SHA_CTX*) EVP_MD_CTX_md_data(ctx); - - if ( ! (UNSERIALIZE(&md->h0) && - UNSERIALIZE(&md->h1) && - UNSERIALIZE(&md->h2) && - UNSERIALIZE(&md->h3) && - UNSERIALIZE(&md->h4) && - UNSERIALIZE(&md->Nl) && - UNSERIALIZE(&md->Nh)) ) - return false; - - for ( int i = 0; i < SHA_LBLOCK; ++i ) - { - if ( ! UNSERIALIZE(&md->data[i]) ) - return false; - } - - if ( ! UNSERIALIZE(&md->num) ) - return false; - - return true; - } - SHA256Val::SHA256Val() : HashVal(sha256_type) { } @@ -389,74 +250,6 @@ StringVal* SHA256Val::DoGet() return new StringVal(sha256_digest_print(digest)); } -IMPLEMENT_SERIAL(SHA256Val, SER_SHA256_VAL); - -bool SHA256Val::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_SHA256_VAL, HashVal); - - if ( ! IsValid() ) - return true; - - SHA256_CTX* md = (SHA256_CTX*) EVP_MD_CTX_md_data(ctx); - - for ( int i = 0; i < 8; ++i ) - { - if ( ! SERIALIZE(md->h[i]) ) - return false; - } - - if ( ! (SERIALIZE(md->Nl) && - SERIALIZE(md->Nh)) ) - return false; - - for ( int i = 0; i < SHA_LBLOCK; ++i ) - { - if ( ! SERIALIZE(md->data[i]) ) - return false; - } - - if ( ! (SERIALIZE(md->num) && - SERIALIZE(md->md_len)) ) - return false; - - return true; - } - -bool SHA256Val::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(HashVal); - - if ( ! IsValid() ) - return true; - - ctx = hash_init(Hash_SHA256); - SHA256_CTX* md = (SHA256_CTX*) EVP_MD_CTX_md_data(ctx); - - for ( int i = 0; i < 8; ++i ) - { - if ( ! UNSERIALIZE(&md->h[i]) ) - return false; - } - - if ( ! (UNSERIALIZE(&md->Nl) && - UNSERIALIZE(&md->Nh)) ) - return false; - - for ( int i = 0; i < SHA_LBLOCK; ++i ) - { - if ( ! UNSERIALIZE(&md->data[i]) ) - return false; - } - - - if ( ! (UNSERIALIZE(&md->num) && - UNSERIALIZE(&md->md_len)) ) - return false; - - return true; - } - EntropyVal::EntropyVal() : OpaqueVal(entropy_type) { } @@ -474,82 +267,6 @@ bool EntropyVal::Get(double *r_ent, double *r_chisq, double *r_mean, return true; } -IMPLEMENT_SERIAL(EntropyVal, SER_ENTROPY_VAL); - -bool EntropyVal::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_ENTROPY_VAL, OpaqueVal); - - for ( int i = 0; i < 256; ++i ) - { - if ( ! SERIALIZE(state.ccount[i]) ) - return false; - } - - if ( ! (SERIALIZE(state.totalc) && - SERIALIZE(state.mp) && - SERIALIZE(state.sccfirst)) ) - return false; - - for ( int i = 0; i < RT_MONTEN; ++i ) - { - if ( ! SERIALIZE(state.monte[i]) ) - return false; - } - - if ( ! (SERIALIZE(state.inmont) && - SERIALIZE(state.mcount) && - SERIALIZE(state.cexp) && - SERIALIZE(state.montex) && - SERIALIZE(state.montey) && - SERIALIZE(state.montepi) && - SERIALIZE(state.sccu0) && - SERIALIZE(state.scclast) && - SERIALIZE(state.scct1) && - SERIALIZE(state.scct2) && - SERIALIZE(state.scct3)) ) - return false; - - return true; - } - -bool EntropyVal::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(OpaqueVal); - - for ( int i = 0; i < 256; ++i ) - { - if ( ! UNSERIALIZE(&state.ccount[i]) ) - return false; - } - - if ( ! (UNSERIALIZE(&state.totalc) && - UNSERIALIZE(&state.mp) && - UNSERIALIZE(&state.sccfirst)) ) - return false; - - for ( int i = 0; i < RT_MONTEN; ++i ) - { - if ( ! UNSERIALIZE(&state.monte[i]) ) - return false; - } - - if ( ! (UNSERIALIZE(&state.inmont) && - UNSERIALIZE(&state.mcount) && - UNSERIALIZE(&state.cexp) && - UNSERIALIZE(&state.montex) && - UNSERIALIZE(&state.montey) && - UNSERIALIZE(&state.montepi) && - UNSERIALIZE(&state.sccu0) && - UNSERIALIZE(&state.scclast) && - UNSERIALIZE(&state.scct1) && - UNSERIALIZE(&state.scct2) && - UNSERIALIZE(&state.scct3)) ) - return false; - - return true; - } - BloomFilterVal::BloomFilterVal() : OpaqueVal(bloomfilter_type) { @@ -668,44 +385,6 @@ BloomFilterVal::~BloomFilterVal() delete bloom_filter; } -IMPLEMENT_SERIAL(BloomFilterVal, SER_BLOOMFILTER_VAL); - -bool BloomFilterVal::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_BLOOMFILTER_VAL, OpaqueVal); - - bool is_typed = (type != 0); - - if ( ! SERIALIZE(is_typed) ) - return false; - - if ( is_typed && ! type->Serialize(info) ) - return false; - - return bloom_filter->Serialize(info); - } - -bool BloomFilterVal::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(OpaqueVal); - - bool is_typed; - if ( ! UNSERIALIZE(&is_typed) ) - return false; - - if ( is_typed ) - { - BroType* t = BroType::Unserialize(info); - if ( ! Typify(t) ) - return false; - - Unref(t); - } - - bloom_filter = probabilistic::BloomFilter::Unserialize(info); - return bloom_filter != 0; - } - CardinalityVal::CardinalityVal() : OpaqueVal(cardinality_type) { c = 0; @@ -728,44 +407,6 @@ CardinalityVal::~CardinalityVal() delete hash; } -IMPLEMENT_SERIAL(CardinalityVal, SER_CARDINALITY_VAL); - -bool CardinalityVal::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_CARDINALITY_VAL, OpaqueVal); - - bool valid = true; - bool is_typed = (type != 0); - - valid &= SERIALIZE(is_typed); - - if ( is_typed ) - valid &= type->Serialize(info); - - return c->Serialize(info); - } - -bool CardinalityVal::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(OpaqueVal); - - bool is_typed; - if ( ! UNSERIALIZE(&is_typed) ) - return false; - - if ( is_typed ) - { - BroType* t = BroType::Unserialize(info); - if ( ! Typify(t) ) - return false; - - Unref(t); - } - - c = probabilistic::CardinalityCounter::Unserialize(info); - return c != 0; - } - bool CardinalityVal::Typify(BroType* arg_type) { if ( type ) diff --git a/src/OpaqueVal.h b/src/OpaqueVal.h index 89c7b2a8d2..4afdb48f7e 100644 --- a/src/OpaqueVal.h +++ b/src/OpaqueVal.h @@ -29,8 +29,6 @@ protected: virtual bool DoFeed(const void* data, size_t size); virtual StringVal* DoGet(); - DECLARE_SERIAL(HashVal); - private: // This flag exists because Get() can only be called once. bool valid; @@ -54,8 +52,6 @@ protected: bool DoFeed(const void* data, size_t size) override; StringVal* DoGet() override; - DECLARE_SERIAL(MD5Val); - private: EVP_MD_CTX* ctx; }; @@ -74,8 +70,6 @@ protected: bool DoFeed(const void* data, size_t size) override; StringVal* DoGet() override; - DECLARE_SERIAL(SHA1Val); - private: EVP_MD_CTX* ctx; }; @@ -94,8 +88,6 @@ protected: bool DoFeed(const void* data, size_t size) override; StringVal* DoGet() override; - DECLARE_SERIAL(SHA256Val); - private: EVP_MD_CTX* ctx; }; @@ -111,8 +103,6 @@ public: protected: friend class Val; - DECLARE_SERIAL(EntropyVal); - private: RandTest state; }; @@ -139,8 +129,6 @@ protected: BloomFilterVal(); explicit BloomFilterVal(OpaqueType* t); - DECLARE_SERIAL(BloomFilterVal); - private: // Disable. BloomFilterVal(const BloomFilterVal&); @@ -171,8 +159,6 @@ private: BroType* type; CompositeHash* hash; probabilistic::CardinalityCounter* c; - - DECLARE_SERIAL(CardinalityVal); }; #endif diff --git a/src/RE.cc b/src/RE.cc index 517fab4c91..310a8b810f 100644 --- a/src/RE.cc +++ b/src/RE.cc @@ -9,7 +9,7 @@ #include "DFA.h" #include "CCL.h" #include "EquivClass.h" -#include "Serializer.h" +#include "Reporter.h" CCL* curr_ccl = 0; @@ -469,57 +469,6 @@ int RE_Matcher::Compile(int lazy) return re_anywhere->Compile(lazy) && re_exact->Compile(lazy); } -bool RE_Matcher::Serialize(SerialInfo* info) const - { - return SerialObj::Serialize(info); - } - -RE_Matcher* RE_Matcher::Unserialize(UnserialInfo* info) - { - return (RE_Matcher*) SerialObj::Unserialize(info, SER_RE_MATCHER); - } - -IMPLEMENT_SERIAL(RE_Matcher, SER_RE_MATCHER); - -bool RE_Matcher::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_RE_MATCHER, SerialObj); - return SERIALIZE(re_anywhere->PatternText()) - && SERIALIZE(re_exact->PatternText()); - } - -bool RE_Matcher::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(SerialObj); - - re_anywhere = new Specific_RE_Matcher(MATCH_ANYWHERE); - re_exact = new Specific_RE_Matcher(MATCH_EXACTLY); - - const char* pat; - if ( ! UNSERIALIZE_STR(&pat, 0) ) - return false; - - re_anywhere->SetPat(pat); - if ( ! re_anywhere->Compile() ) - { - info->s->Error(fmt("Can't compile regexp '%s'", pat)); - return false; - } - - if ( ! UNSERIALIZE_STR(&pat, 0) ) - return false; - - re_exact->SetPat(pat); - if ( ! re_exact->Compile() ) - { - info->s->Error(fmt("Can't compile regexp '%s'", pat)); - return false; - } - - return true; - } - - static RE_Matcher* matcher_merge(const RE_Matcher* re1, const RE_Matcher* re2, const char* merge_op) { diff --git a/src/RE.h b/src/RE.h index 286eb1b44d..9386aa6f5f 100644 --- a/src/RE.h +++ b/src/RE.h @@ -171,12 +171,12 @@ protected: int current_pos; }; -class RE_Matcher : SerialObj { +class RE_Matcher { public: RE_Matcher(); explicit RE_Matcher(const char* pat); RE_Matcher(const char* exact_pat, const char* anywhere_pat); - virtual ~RE_Matcher() override; + virtual ~RE_Matcher(); void AddPat(const char* pat); @@ -212,9 +212,6 @@ public: const char* PatternText() const { return re_exact->PatternText(); } const char* AnywherePatternText() const { return re_anywhere->PatternText(); } - bool Serialize(SerialInfo* info) const; - static RE_Matcher* Unserialize(UnserialInfo* info); - unsigned int MemoryAllocation() const { return padded_sizeof(*this) @@ -223,8 +220,6 @@ public: } protected: - DECLARE_SERIAL(RE_Matcher); - Specific_RE_Matcher* re_anywhere; Specific_RE_Matcher* re_exact; }; diff --git a/src/Reassem.cc b/src/Reassem.cc index 0cdeadf80d..a545a5d027 100644 --- a/src/Reassem.cc +++ b/src/Reassem.cc @@ -6,7 +6,6 @@ #include "bro-config.h" #include "Reassem.h" -#include "Serializer.h" static const bool DEBUG_reassem = false; @@ -357,37 +356,3 @@ uint64 Reassembler::MemoryAllocation(ReassemblerType rtype) return Reassembler::sizes[rtype]; } -bool Reassembler::Serialize(SerialInfo* info) const - { - return SerialObj::Serialize(info); - } - -Reassembler* Reassembler::Unserialize(UnserialInfo* info) - { - return (Reassembler*) SerialObj::Unserialize(info, SER_REASSEMBLER); - } - -bool Reassembler::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_REASSEMBLER, BroObj); - - // I'm not sure if it makes sense to actually save the buffered data. - // For now, we just remember the seq numbers so that we don't get - // complaints about missing content. - return SERIALIZE(trim_seq) && SERIALIZE(int(0)); - } - -bool Reassembler::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BroObj); - - blocks = last_block = 0; - - int dummy; // For backwards compatibility. - if ( ! UNSERIALIZE(&trim_seq) || ! UNSERIALIZE(&dummy) ) - return false; - - last_reassem_seq = trim_seq; - - return true; - } diff --git a/src/Reassem.h b/src/Reassem.h index 501cd23a18..ee5e4d42b6 100644 --- a/src/Reassem.h +++ b/src/Reassem.h @@ -62,9 +62,6 @@ public: void Describe(ODesc* d) const override; - bool Serialize(SerialInfo* info) const; - static Reassembler* Unserialize(UnserialInfo* info); - // Sum over all data buffered in some reassembler. static uint64 TotalMemoryAllocation() { return total_size; } @@ -76,8 +73,6 @@ public: protected: Reassembler() { } - DECLARE_ABSTRACT_SERIAL(Reassembler); - friend class DataBlock; virtual void Undelivered(uint64 up_to_seq); diff --git a/src/SerialInfo.h b/src/SerialInfo.h index 294c5747ba..04cd79daf7 100644 --- a/src/SerialInfo.h +++ b/src/SerialInfo.h @@ -3,13 +3,10 @@ #ifndef serialinfo_h #define serialinfo_h -#include "ChunkedIO.h" - class SerialInfo { public: SerialInfo(Serializer* arg_s) { - chunk = 0; s = arg_s; may_suspend = clear_containers = false; cache = globals_as_names = true; @@ -21,7 +18,6 @@ public: SerialInfo(const SerialInfo& info) { - chunk = info.chunk; s = info.s; may_suspend = info.may_suspend; cache = info.cache; @@ -49,8 +45,6 @@ public: // If true, we support keeping objs in cache permanently. bool new_cache_strategy; - ChunkedIO::Chunk* chunk; // chunk written right before the serialization - // Attributes set during serialization. SerialType type; // type of currently serialized object @@ -65,7 +59,6 @@ public: s = arg_s; cache = true; type = SER_NONE; - chunk = 0; install_globals = install_conns = true; install_uniques = false; ignore_callbacks = false; @@ -80,7 +73,6 @@ public: s = info.s; cache = info.cache; type = info.type; - chunk = info.chunk; install_globals = info.install_globals; install_uniques = info.install_uniques; install_conns = info.install_conns; @@ -96,8 +88,6 @@ public: bool cache; // if true, object caching is ok FILE* print; // print read objects to given file (human-readable) - ChunkedIO::Chunk* chunk; // chunk to parse (rather than reading one) - bool install_globals; // if true, install unknown globals // in global scope bool install_conns; // if true, add connections to session table diff --git a/src/SerialObj.cc b/src/SerialObj.cc deleted file mode 100644 index ab7f63e823..0000000000 --- a/src/SerialObj.cc +++ /dev/null @@ -1,277 +0,0 @@ -#include "SerialObj.h" -#include "Serializer.h" - -TransientID::ID TransientID::counter = 0; - -SerialObj::FactoryMap* SerialObj::factories = 0; -SerialObj::ClassNameMap* SerialObj::names = 0; -uint64 SerialObj::time_counter = NEVER + ALWAYS + 1; - -SerialObj* SerialObj::Instantiate(SerialType type) - { - FactoryMap::iterator f = factories->find(type & SER_TYPE_MASK_EXACT); - if ( f != factories->end() ) - { - SerialObj* o = (SerialObj*) (*f->second)(); -#ifdef DEBUG - o->serial_type = o->GetSerialType(); -#endif - return o; - } - - reporter->Error("Unknown object type 0x%08x", type); - return 0; - } - -const char* SerialObj::ClassName(SerialType type) - { - ClassNameMap::iterator f = names->find(type); - if ( f != names->end() ) - return f->second; - - reporter->Error("Unknown object type 0x%08x", type); - return ""; - } - -void SerialObj::Register(SerialType type, FactoryFunc f, const char* name) - { - if ( ! factories ) - { - factories = new FactoryMap; - names = new ClassNameMap; - } - - type = type & SER_TYPE_MASK_EXACT; - - FactoryMap::iterator i = factories->find(type); - if ( i != factories->end() ) - reporter->InternalError("SerialType 0x%08x registered twice", type); - - (*factories)[type] = f; - (*names)[type] = name; - } - -inline bool SerializePID(SerialInfo* info, bool full, SerializationCache::PermanentID pid) - { - if ( ! SERIALIZE(full) ) - return false; - - if ( ! info->pid_32bit ) - return SERIALIZE(pid); - - // Broccoli compatibility mode with 32bit pids. - uint32 tmp = uint32(pid); - return SERIALIZE(tmp); - } - -bool SerialObj::Serialize(SerialInfo* info) const - { - assert(info); - - if ( info->cont.NewInstance() ) - { - SerializationCache::PermanentID pid = SerializationCache::NONE; - - const TransientID* tid = GetTID(); - - if ( ! tid ) - reporter->InternalError("no tid - missing DECLARE_SERIAL?"); - - if ( info->cache ) - pid = info->s->Cache()->Lookup(*tid); - - if ( pid != SerializationCache::NONE && info->cache ) - { - DBG_LOG(DBG_SERIAL, "%s [%p, ref pid %lld, tid %lld]", __PRETTY_FUNCTION__, this, (long long) pid, tid->Value() ); - - DBG_LOG(DBG_SERIAL, "-- Caching"); - DBG_PUSH(DBG_SERIAL); - - if ( ! SerializePID(info, false, pid) ) - { - DBG_POP(DBG_SERIAL); - return false; - } - - DBG_POP(DBG_SERIAL); - return true; - } - - if ( info->cache ) - pid = info->s->Cache()->Register(this, - SerializationCache::NONE, - info->new_cache_strategy); - - DBG_LOG(DBG_SERIAL, "%s [%p, new pid %lld, tid %lld]", __PRETTY_FUNCTION__, this, (long long) pid, tid->Value() ); - DBG_LOG(DBG_SERIAL, "-- Caching"); - DBG_PUSH(DBG_SERIAL); - - if ( ! SerializePID(info, true, pid) ) - { - DBG_POP(DBG_SERIAL); - return false; - } - - info->type = SER_NONE; - DBG_POP(DBG_SERIAL); - } - - DBG_PUSH(DBG_SERIAL); - info->cont.SaveContext(); - bool ret = DoSerialize(info); - info->cont.RestoreContext(); - DBG_POP(DBG_SERIAL); - - if ( info->cont.ChildSuspended() ) - return ret; - -#ifdef DEBUG - if ( debug_logger.IsEnabled(DBG_SERIAL) && IsBroObj(serial_type) ) - { - ODesc desc(DESC_READABLE); - ((BroObj*)this)->Describe(&desc); - DBG_LOG(DBG_SERIAL, "-- Desc: %s", desc.Description()); - } -#endif - - return ret; - } - -SerialObj* SerialObj::Unserialize(UnserialInfo* info, SerialType type) - { - SerializationCache::PermanentID pid = SerializationCache::NONE; - - DBG_LOG(DBG_SERIAL, "%s", __PRETTY_FUNCTION__); - - bool full_obj; - - DBG_LOG(DBG_SERIAL, "-- Caching"); - DBG_PUSH(DBG_SERIAL); - - bool result; - - if ( ! info->pid_32bit ) - result = UNSERIALIZE(&full_obj) && UNSERIALIZE(&pid); - else - { - // Broccoli compatibility mode with 32bit pids. - uint32 tmp = 0; - result = UNSERIALIZE(&full_obj) && UNSERIALIZE(&tmp); - pid = tmp; - } - - if ( ! result ) - { - DBG_POP(DBG_SERIAL); - return 0; - } - - DBG_POP(DBG_SERIAL); - - DBG_LOG(DBG_SERIAL, "-- [%s pid %lld]", full_obj ? "obj" : "ref", (long long) pid); - - if ( ! full_obj ) - { - // FIXME: Yet another const_cast to check eventually... - SerialObj* obj = - const_cast(info->s->Cache()->Lookup(pid)); - if ( obj ) - { - if ( obj->IsBroObj() ) - Ref((BroObj*) obj); - return obj; - } - - // In the following we'd like the format specifier to match - // the type of pid; but pid is uint64, for which there's - // no portable format specifier. So we upcast it to long long, - // which is at least that size, and use a matching format. - info->s->Error(fmt("unknown object %lld referenced", - (long long) pid)); - return 0; - } - - uint16 stype; - if ( ! UNSERIALIZE(&stype) ) - return 0; - - SerialObj* obj = Instantiate(SerialType(stype)); - - if ( ! obj ) - { - info->s->Error("unknown object type"); - return 0; - } - -#ifdef DEBUG - obj->serial_type = stype; -#endif - - const TransientID* tid = obj->GetTID(); - if ( ! tid ) - reporter->InternalError("no tid - missing DECLARE_SERIAL?"); - - if ( info->cache ) - info->s->Cache()->Register(obj, pid, info->new_cache_strategy); - - info->type = stype; - - DBG_PUSH(DBG_SERIAL); - if ( ! obj->DoUnserialize(info) ) - { - DBG_POP(DBG_SERIAL); - return 0; - } - - DBG_POP(DBG_SERIAL); - - if ( ! SerialObj::CheckTypes(stype, type) ) - { - info->s->Error("type mismatch"); - return 0; - } - -#ifdef DEBUG - if ( debug_logger.IsEnabled(DBG_SERIAL) && IsBroObj(stype) ) - { - ODesc desc(DESC_READABLE); - ((BroObj*)obj)->Describe(&desc); - DBG_LOG(DBG_SERIAL, "-- Desc: %s", desc.Description()); - } -#endif - - assert(obj); - return obj; - } - -bool SerialObj::DoSerialize(SerialInfo* info) const - { - assert(info->type != SER_NONE); - -#ifdef DEBUG - const_cast(this)->serial_type = info->type; -#endif - - DBG_LOG(DBG_SERIAL, __PRETTY_FUNCTION__); - DBG_PUSH(DBG_SERIAL); - - uint16 stype = uint16(info->type); - - if ( ! info->new_cache_strategy ) - { - // This is a bit unfortunate: to make sure we're sending - // out the same types as in the past, we need to strip out - // the new cache stable bit. - stype &= ~SER_IS_CACHE_STABLE; - } - - bool ret = SERIALIZE(stype); - DBG_POP(DBG_SERIAL); - return ret; - } - -bool SerialObj::DoUnserialize(UnserialInfo* info) - { - DBG_LOG(DBG_SERIAL, __PRETTY_FUNCTION__); - return true; - } diff --git a/src/SerialObj.h b/src/SerialObj.h deleted file mode 100644 index b502414f71..0000000000 --- a/src/SerialObj.h +++ /dev/null @@ -1,382 +0,0 @@ -// Infrastructure for serializable objects. -// -// How to make objects of class Foo serializable: -// -// 1. Derive Foo (directly or indirectly) from SerialObj. -// 2. Add a SER_FOO constant to SerialTypes in SerialTypes.h. -// 3. Add DECLARE_SERIAL(Foo) into class definition. -// 4. Add a (preferably protected) default ctor if it doesn't already exist. -// 5. For non-abstract classes, add IMPLEMENT_SERIAL(Foo, SER_FOO) to *.cc -// 6. Add two methods like this to *.cc (keep names of arguments!) -// -// bool Foo::DoSerialize(SerialInfo* info) const -// { -// DO_SERIALIZE(SER_FOO, ParentClassOfFoo); -// <... serialize class members via methods in Serializer ...> -// return true if everything ok; -// } -// -// bool Foo::DoUnserialize(UnserialInfo* info) -// { -// DO_UNSERIALIZE(ParentClassOfFoo); -// <... unserialize class members via methods in Serializer ...> -// return true if everything ok; -// } -// -// (7. If no parent class of Foo already contains Serialize()/Unserialize() -// methods, these need to be added somewhere too. But most of the various -// parts of the class hierarchy already have them.) - - -#ifndef SERIALOBJ_H -#define SERIALOBJ_H - -#include -#include - -#include "DebugLogger.h" -#include "Continuation.h" -#include "SerialTypes.h" -#include "bro-config.h" - -#if SIZEOF_LONG_LONG < 8 -# error "Serialization requires that sizeof(long long) is at least 8. (Remove this message only if you know what you're doing.)" -#endif - -class Serializer; -class SerialInfo; -class UnserialInfo; -class SerializationCache; - -// Per-process unique ID. -class TransientID { -public: - TransientID() { id = ++counter; } - - typedef unsigned long long ID; - ID Value() const { return id; } - -private: - ID id; - static ID counter; -}; - -// Abstract base class for serializable objects. -class SerialObj { -public: - virtual ~SerialObj() { } - - virtual const TransientID* GetTID() const { return 0; } - - virtual SerialType GetSerialType() const { return 0; } - - bool IsBroObj() const { return IsBroObj(GetSerialType()); } - bool IsCacheStable() const { return IsCacheStable(GetSerialType()); } - - static const uint64 NEVER = 0; - static const uint64 ALWAYS = 1; - - // Returns time of last modification. This "time" is a monotonically - // increasing counter which is incremented each time a modification is - // performed (more precisely: each time an object is modified which - // returns something different than NEVER). Such times can thus be - // compared to see whether some modification took place before another. - // - // There are two special values: - // NEVER: This object will never change. - // ALWAYS: Always consider this object as changed, i.e., don't - // cache it. - virtual uint64 LastModified() const { return NEVER; } - - // Instantiate an object of the given type. Return nil - // if unknown. - static SerialObj* Instantiate(SerialType type); - - static const char* ClassName(SerialType type); - - // Associate a "factory" function with the given type. - // A factory is a class or function that creates instances - // of a certain type. - - typedef SerialObj* (*FactoryFunc)(); - static void Register(SerialType type, FactoryFunc f, - const char* class_name); - - static bool IsBroObj(SerialType type) - { return type & SER_IS_BRO_OBJ; } - - static bool IsCacheStable(SerialType type) - { return type & SER_IS_CACHE_STABLE; } - - static bool CheckTypes(SerialType type1, SerialType type2) - { return (type1 & SER_TYPE_MASK_PARENT) == - (type2 & SER_TYPE_MASK_PARENT); } - -protected: - friend class SerializationCache; - - SerialObj() - { -#ifdef DEBUG - serial_type = 0; -#endif - } - - // Serializes this object. If info->cache is false, we can use - // DECLARE_NON_CACHEABLE_SERIAL (instead of DECLARE_SERIAL) which - // avoids storing a per-object id. - bool Serialize(SerialInfo* info) const; - - // Unserializes next object. - static SerialObj* Unserialize(UnserialInfo* info, - SerialType type); - - virtual bool DoSerialize(SerialInfo* info) const; - virtual bool DoUnserialize(UnserialInfo* info); - - typedef std::map FactoryMap; - static FactoryMap* factories; - - typedef std::map ClassNameMap; - static ClassNameMap* names; - - static uint64 time_counter; - static uint64 IncreaseTimeCounter() { return ++time_counter; } - static uint64 GetTimeCounter() { return time_counter; } - -#ifdef DEBUG - SerialType serial_type; -#endif -}; - -// A class that registers a factory function upon instantiation. -class SerialTypeRegistrator { -public: - SerialTypeRegistrator(SerialType type, SerialObj::FactoryFunc func, - const char* class_name) - { - SerialObj::Register(type, func, class_name); - } -}; - - -// Macro helpers. - -#define DECLARE_ABSTRACT_SERIAL(classname) \ - bool DoSerialize(SerialInfo*) const override; \ - bool DoUnserialize(UnserialInfo*) override; \ - -#define DECLARE_SERIAL(classname) \ - static classname* Instantiate(); \ - static SerialTypeRegistrator register_type; \ - bool DoSerialize(SerialInfo*) const override; \ - bool DoUnserialize(UnserialInfo*) override; \ - const TransientID* GetTID() const override { return &tid; } \ - SerialType GetSerialType() const override; \ - TransientID tid; - -// Only needed (and usable) for non-abstract classes. -#define IMPLEMENT_SERIAL(classname, classtype) \ - SerialTypeRegistrator classname::register_type(classtype, \ - FactoryFunc(&classname::Instantiate), #classname); \ - SerialType classname::GetSerialType() const { return classtype; }; \ - classname* classname::Instantiate() { return new classname(); } \ - -// Pushes debug level on instantiation and pops when it goes out of scope. -class AutoPush { -public: - AutoPush() { DBG_PUSH(DBG_SERIAL); } - ~AutoPush() { DBG_POP(DBG_SERIAL); } -}; - -// Note that by default we disable suspending. Use DO_SERIALIZE_WITH_SUSPEND -// to enable, but be careful to make sure that whomever calls us is aware of -// the fact (or has already disabled suspension itself). -#define DO_SERIALIZE(classtype, super) \ - DBG_LOG(DBG_SERIAL, __PRETTY_FUNCTION__); \ - if ( info->type == SER_NONE ) \ - info->type = classtype; \ - DisableSuspend suspend(info); \ - AutoPush auto_push; \ - if ( ! super::DoSerialize(info) ) \ - return false; - -// Unfortunately, this is getting quite long. :-( -#define DO_SERIALIZE_WITH_SUSPEND(classtype, super) \ - DBG_LOG(DBG_SERIAL, __PRETTY_FUNCTION__); \ - if ( info->type == SER_NONE ) \ - info->type = classtype; \ - AutoPush auto_push; \ - \ - bool call_super = info->cont.NewInstance(); \ - \ - if ( info->cont.ChildSuspended() ) \ - { \ - void* user_ptr = info->cont.RestoreState(); \ - if ( user_ptr == &call_super ) \ - call_super = true; \ - } \ - \ - if ( call_super ) \ - { \ - info->cont.SaveState(&call_super); \ - info->cont.SaveContext(); \ - bool result = super::DoSerialize(info); \ - info->cont.RestoreContext(); \ - if ( ! result ) \ - return false; \ - if ( info->cont.ChildSuspended() ) \ - return true; \ - info->cont.SaveState(0); \ - } \ - -#define DO_UNSERIALIZE(super) \ - DBG_LOG(DBG_SERIAL, __PRETTY_FUNCTION__); \ - AutoPush auto_push; \ - if ( ! super::DoUnserialize(info) ) \ - return false; - -#define SERIALIZE(x) \ - info->s->Write(x, #x) - -#define SERIALIZE_STR(x, y) \ - info->s->Write(x, y, #x) - -#define SERIALIZE_BIT(bit) \ - info->s->Write(bool(bit), #bit) - -#define UNSERIALIZE(x) \ - info->s->Read(x, #x) - -#define UNSERIALIZE_STR(x, y) \ - info->s->Read(x, y, #x) - -#define UNSERIALIZE_BIT(bit) \ - { \ - bool tmp; \ - if ( ! info->s->Read(&tmp, #bit) ) \ - return false; \ - bit = (unsigned int) tmp; \ - } - -// Some helpers for pointers which may be nil. -#define SERIALIZE_OPTIONAL(ptr) \ - { \ - if ( ptr ) \ - { \ - if ( ! info->cont.ChildSuspended() ) \ - if ( ! info->s->Write(true, "has_" #ptr) ) \ - return false; \ - \ - info->cont.SaveContext(); \ - bool result = ptr->Serialize(info); \ - info->cont.RestoreContext(); \ - if ( ! result ) \ - return false; \ - \ - if ( info->cont.ChildSuspended() ) \ - return true; \ - } \ - \ - else if ( ! info->s->Write(false, "has_" #ptr) ) \ - return false; \ - } - -#define SERIALIZE_OPTIONAL_STR(str) \ - { \ - if ( str ) \ - { \ - if ( ! (info->s->Write(true, "has_" #str) && info->s->Write(str, "str")) ) \ - return false; \ - } \ - \ - else if ( ! info->s->Write(false, "has_" #str) ) \ - return false; \ - } - -#define UNSERIALIZE_OPTIONAL(dst, unserialize) \ - { \ - bool has_it; \ - if ( ! info->s->Read(&has_it, "has_" #dst) ) \ - return false; \ - \ - if ( has_it ) \ - { \ - dst = unserialize; \ - if ( ! dst ) \ - return false; \ - } \ - \ - else \ - dst = 0; \ - } - -#define UNSERIALIZE_OPTIONAL_STR(dst) \ - { \ - bool has_it; \ - if ( ! info->s->Read(&has_it, "has_" #dst) ) \ - return false; \ - \ - if ( has_it ) \ - { \ - if ( ! info->s->Read(&dst, 0, "has_" #dst) ) \ - return false; \ - if ( ! dst ) \ - return false; \ - } \ - \ - else \ - dst = 0; \ - } - -#define UNSERIALIZE_OPTIONAL_STR_DEL(dst, del) \ - { \ - bool has_it; \ - if ( ! info->s->Read(&has_it, "has_" #dst) ) \ - { \ - delete del; \ - return 0; \ - } \ - \ - if ( has_it ) \ - { \ - if ( ! info->s->Read(&dst, 0, "has_" #dst) ) \ - { \ - delete del; \ - return 0; \ - } \ - if ( ! dst ) \ - { \ - delete del; \ - return 0; \ - } \ - } \ - \ - else \ - dst = 0; \ - } - -#define UNSERIALIZE_OPTIONAL_STATIC(dst, unserialize, del) \ - { \ - bool has_it; \ - if ( ! info->s->Read(&has_it, "has_" #dst) ) \ - { \ - delete del; \ - return 0; \ - } \ - \ - if ( has_it ) \ - { \ - dst = unserialize; \ - if ( ! dst ) \ - { \ - delete del; \ - return 0; \ - } \ - } \ - \ - else \ - dst = 0; \ - } - -#endif diff --git a/src/SerializationFormat.cc b/src/SerializationFormat.cc index d5f366f7fd..6505598fc8 100644 --- a/src/SerializationFormat.cc +++ b/src/SerializationFormat.cc @@ -2,7 +2,7 @@ #include "net_util.h" #include "SerializationFormat.h" -#include "Serializer.h" +#include "DebugLogger.h" #include "Reporter.h" const float SerializationFormat::GROWTH_FACTOR = 2.5; diff --git a/src/Serializer.cc b/src/Serializer.cc deleted file mode 100644 index 28dc6bbd01..0000000000 --- a/src/Serializer.cc +++ /dev/null @@ -1,1059 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include -#include - -#include "Serializer.h" -#include "Scope.h" -#include "Stmt.h" -#include "Reporter.h" -#include "Func.h" -#include "Event.h" -#include "EventRegistry.h" -#include "SerializationFormat.h" -#include "NetVar.h" -#include "Conn.h" -#include "Timer.h" -#include "iosource/Manager.h" - -Serializer::Serializer(SerializationFormat* arg_format) - { - if ( arg_format ) - format = arg_format; - else - format = new BinarySerializationFormat(); - - io = 0; - error_descr = 0; - current_cache = 0; - } - -Serializer::~Serializer() - { - delete format; - delete [] error_descr; - } - -bool Serializer::Read(string* s, const char* tag) - { - char* cstr; - int len; - if ( format->Read(&cstr, &len, tag) ) - { - s->assign(cstr, len); - delete [] cstr; - return true; - } - else - return false; - } - -bool Serializer::StartSerialization(SerialInfo* info, const char* descr, - char tag) - { - format->StartWrite(); - assert(current_cache); - SetErrorDescr(fmt("serializing %s", descr)); - if ( ! Write(tag, "tag") ) - { - Error(io->Error()); - return false; - } - - current_cache->Begin(info->new_cache_strategy); - return true; - } - -bool Serializer::EndSerialization(SerialInfo* info) - { - if ( info->chunk ) - { - if ( ! io->Write(info->chunk) ) - { - Error(io->Error()); - return false; - } - } - - ChunkedIO::Chunk* chunk = new ChunkedIO::Chunk; - chunk->len = format->EndWrite(&chunk->data); - chunk->free_func = ChunkedIO::Chunk::free_func_free; - - if ( ! io->Write(chunk) ) - { - Error(io->Error()); - return false; - } - - current_cache->End(info->new_cache_strategy); - return true; - } - -bool Serializer::Serialize(SerialInfo* info, const ID& id) - { - if ( info->cont.NewInstance() ) - { - if ( ! (id.IsGlobal() || id.IsEnumConst()) ) - { - Error("non-global identifiers cannot be serialized"); - return false; - } - - if ( ! StartSerialization(info, "ID", 'i') ) - return false; - } - - info->cont.SaveContext(); - bool result = id.Serialize(info); - info->cont.RestoreContext(); - - if ( ! result ) - { - Error("failed"); - return false; - } - - if ( info->cont.ChildSuspended() ) - return true; - - WriteSeparator(); - return EndSerialization(info); - } - -bool Serializer::Serialize(SerialInfo* info, const char* func, val_list* args) - { - DisableSuspend suspend(info); - - if ( ! StartSerialization(info, "call", 'e') ) - return false; - - WriteOpenTag("call"); - int a = args->length(); - Write(func, "name"); - Write(network_time, "time"); - Write(a, "len"); - - loop_over_list(*args, i) - { - if ( ! (*args)[i]->Serialize(info) ) - { - Error("failed"); - return false; - } - } - - WriteCloseTag("call"); - WriteSeparator(); - - return EndSerialization(info); - } - -bool Serializer::Serialize(SerialInfo* info, const StateAccess& s) - { - DisableSuspend suspend(info); - - if ( ! StartSerialization(info, "state access", 's') ) - return false; - - if ( ! s.Serialize(info) ) - { - Error("failed"); - return false; - } - - return EndSerialization(info); - } - -bool Serializer::Serialize(SerialInfo* info, const Timer& t) - { - DisableSuspend suspend(info); - - if ( ! StartSerialization(info, "timer", 't') ) - return false; - - if ( ! t.Serialize(info) ) - { - Error("failed"); - return false; - } - - return EndSerialization(info); - } - -bool Serializer::Serialize(SerialInfo* info, const Connection& c) - { - DisableSuspend suspend(info); - - if ( ! StartSerialization(info, "connection", 'c') ) - return false; - - if ( ! c.Serialize(info) ) - { - Error("failed"); - return false; - } - - return EndSerialization(info); - } - -bool Serializer::Serialize(SerialInfo* info, const Packet& p) - { - DisableSuspend suspend(info); - - if ( ! StartSerialization(info, "packet", 'p') ) - return false; - - if ( ! p.Serialize(info) ) - { - Error("failed"); - return false; - } - - return EndSerialization(info); - } - -int Serializer::Unserialize(UnserialInfo* info, bool block) - { - assert(current_cache); - - SetErrorDescr("unserializing"); - - current_cache->Begin(info->new_cache_strategy); - - ChunkedIO::Chunk* chunk = info->chunk; - - while ( ! chunk ) - { - if ( ! io->Read(&chunk) ) - { - if ( io->Eof() ) - return 0; - Error(io->Error()); - return -1; - } - - if ( ! chunk && ! block ) - return 0; - } - - format->StartRead(chunk->data, chunk->len); - - char type; - if ( ! format->Read(&type, "tag") ) - return -1; - -// DEBUG(fmt("parent: serialization of size %d", ); - - bool result; - switch ( type ) { - case 'i': - result = UnserializeID(info); - break; - - case 'e': - result = UnserializeCall(info); - break; - - case 's': - result = UnserializeStateAccess(info); - break; - - case 'c': - result = UnserializeConnection(info); - break; - - case 't': - result = UnserializeTimer(info); - break; - - case 'p': - result = UnserializePacket(info); - break; - - default: - Error(fmt("unknown serialization type %x", (int) type)); - result = false; - } - - format->EndRead(); - - if ( ! info->chunk ) - { // only delete if we allocated it ourselves - delete chunk; - } - - current_cache->End(info->new_cache_strategy); - - return result ? 1 : -1; - } - -bool Serializer::UnserializeID(UnserialInfo* info) - { - SetErrorDescr("unserializing ID"); - - ID* id = ID::Unserialize(info); - - if ( ! id ) - return false; - - if ( info->print ) - { - ODesc d; - d.SetQuotes(true); - d.SetIncludeStats(true); - d.SetShort(); - id->DescribeExtended(&d); - fprintf(info->print, "ID %s\n", d.Description()); - } - - if ( ! info->ignore_callbacks ) - GotID(id, id->ID_Val()); - else - Unref(id); - - return true; - } - -bool Serializer::UnserializeCall(UnserialInfo* info) - { - char* name; - int len; - double time; - - if ( ! (UNSERIALIZE_STR(&name, 0) && UNSERIALIZE(&time) && UNSERIALIZE(&len)) ) - return false; - - SetErrorDescr(fmt("unserializing event/function %s", name)); - - bool ignore = false; - FuncType* functype = 0; - type_list* types = 0; - - ID* id = global_scope()->Lookup(name); - - if ( id ) - { - if ( id->Type()->Tag() == TYPE_FUNC ) - { - functype = id->Type()->AsFuncType(); - types = functype->ArgTypes()->Types(); - if ( types->length() != len ) - { - Error("wrong number of arguments, ignoring"); - ignore = true; - } - } - else - { - Error("not a function/event, ignoring"); - ignore = true; - } - } - else - { - Error("unknown event/function, ignoring"); - ignore = true; - } - - ODesc d; - d.SetQuotes(true); - d.SetIncludeStats(true); - d.SetShort(); - - val_list* args = new val_list(len); - for ( int i = 0; i < len; ++i ) - { - Val* v = Val::Unserialize(info); - - if ( ! v ) - { - delete [] name; - delete_vals(args); - return false; - } - - if ( ! ignore ) - { - if ( v->Type()->Tag() != (*types)[i]->Tag() && - (*types)[i]->Tag() != TYPE_ANY ) - { - Error("mismatch in argument types; ignoring"); - ignore = true; - } - - if ( info->print && ! ignore ) - v->Describe(&d); - } - - args->append(v); - } - - if ( ! ignore ) - { - if ( info->print ) - fprintf(info->print, "%s [%.06f] %s(%s)\n", - functype->FlavorString().c_str(), - time, name, types ? d.Description() : ""); - - switch ( functype->Flavor() ) { - - case FUNC_FLAVOR_EVENT: - { - EventHandler* handler = event_registry->Lookup(name); - assert(handler); - - if ( ! info->ignore_callbacks ) - GotEvent(name, time, handler, args); - - break; - } - - case FUNC_FLAVOR_FUNCTION: - case FUNC_FLAVOR_HOOK: - if ( ! info->ignore_callbacks ) - GotFunctionCall(name, time, id->ID_Val()->AsFunc(), args); - break; - - default: - reporter->InternalError("unserialized call for invalid function flavor"); - break; - } - - if ( info->ignore_callbacks ) - delete_vals(args); - } - else - delete_vals(args); - - delete [] name; - - return true; - } - -bool Serializer::UnserializeStateAccess(UnserialInfo* info) - { - SetErrorDescr("unserializing state access"); - - StateAccess* s = StateAccess::Unserialize(info); - - if ( ! s ) - return false; - - if ( info->print ) - { - ODesc d; - d.SetQuotes(true); - d.SetIncludeStats(true); - d.SetShort(); - s->Describe(&d); - fprintf(info->print, "State access: %s\n", d.Description()); - } - - if ( ! info->ignore_callbacks ) - GotStateAccess(s); - else - delete s; - - return true; - } - -bool Serializer::UnserializeTimer(UnserialInfo* info) - { - SetErrorDescr("unserializing timer"); - - Timer* t = Timer::Unserialize(info); - - if ( ! t ) - return false; - - if ( info->print ) - { - ODesc d; - d.SetQuotes(true); - d.SetIncludeStats(true); - d.SetShort(); - t->Describe(&d); - fprintf(info->print, "Timer: %s\n", d.Description()); - } - - if ( ! info->ignore_callbacks ) - GotTimer(t); - - return true; - } - -bool Serializer::UnserializeConnection(UnserialInfo* info) - { - SetErrorDescr("unserializing connection"); - - Connection* c = Connection::Unserialize(info); - - if ( ! c ) - return false; - - if ( info->print ) - { - ODesc d; - d.SetQuotes(true); - d.SetIncludeStats(true); - d.SetShort(); - c->Describe(&d); - fprintf(info->print, "Connection: %s", d.Description()); - } - - if ( info->install_conns ) - { - Ref(c); - sessions->Insert(c); - } - else - // We finish the connection here because it's not part - // of the standard processing and most likely to be - // discarded pretty soon. - // Without the Done(), some cleanup may not take place. - c->Done(); - - if ( ! info->ignore_callbacks ) - GotConnection(c); - else - Unref(c); - - return true; - } - -bool Serializer::UnserializePacket(UnserialInfo* info) - { - SetErrorDescr("unserializing packet"); - - Packet* p = Packet::Unserialize(info); - - if ( ! p ) - return false; - - if ( info->print ) - { - ODesc d; - d.SetQuotes(true); - d.SetIncludeStats(true); - d.SetShort(); - p->Describe(&d); - fprintf(info->print, "Packet: %s", d.Description()); - } - - if ( ! info->ignore_callbacks ) - GotPacket(p); - else - delete p; - - return true; - } - -void Serializer::Error(const char* str) - { - char buffer[1024]; - safe_snprintf(buffer, sizeof(buffer), "%s%s%s", - error_descr ? error_descr : "", error_descr ? ": " : "", str); - ReportError(buffer); - } - -void Serializer::Warning(const char* str) - { - // We ignore these as there's no good place to report them. - } - -SerializationCache::SerializationCache(unsigned int arg_max_cache_size) - { - max_cache_size = arg_max_cache_size; - next_id = 1; - cache_stable.head = cache_stable.tail = 0; - cache_unstable.head = cache_unstable.tail = 0; - cache_stable.size = cache_unstable.size = 0; - } - -SerializationCache::~SerializationCache() - { - Clear(); - } - -SerializationCache::PermanentID -SerializationCache::Register(const SerialObj* obj, PermanentID pid, - bool new_cache_strategy) - { - if ( pid == NONE ) - pid = next_id++; - - PIDMap::iterator i = pid_map.find(pid); - assert(i == pid_map.end()); - - CacheList* cache = - (new_cache_strategy && obj->IsCacheStable()) ? - &cache_stable : &cache_unstable; - - CacheEntry* entry = new CacheEntry; - entry->obj.serial = obj; - entry->is_bro_obj = obj->IsBroObj(); - entry->pid = pid; - entry->tid = obj->GetTID()->Value(); - entry->time = SerialObj::GetTimeCounter(); - entry->prev = cache->tail; - entry->next = 0; - entry->cache = cache; - entry->stype = obj->GetSerialType(); - - if ( cache->tail ) - cache->tail->next = entry; - if ( ! cache->head ) - cache->head = entry; - - cache->tail = entry; - ++(cache->size); - - // This is a bit weird. If the TID is already contained in the map (i.e. - // we're re-registering), TIDMap::insert() will *not* override the old - // entry but set the bool to false and return it. - pair old = tid_map.insert(TIDMap::value_type(entry->tid, entry)); - if ( ! old.second ) - { - // Already existed. - old.first->second->tid = 0; // invalidate - old.first->second = entry; // replace - } - - pid_map.insert(PIDMap::value_type(pid, entry)); - - if ( entry->is_bro_obj ) - Ref(const_cast(entry->obj.bro)); - else - { - // Make sure it goes into unstable. - assert(! obj->IsCacheStable()); - - volatiles.push_back(entry); - } - - return entry->pid; - } - -void SerializationCache::UnlinkEntry(CacheEntry* e) - { - assert(e); - - // Remove from double-linked list. - if ( e == e->cache->head ) - { - e->cache->head = e->next; - if ( e->cache->head ) - e->cache->head->prev = 0; - } - else - e->prev->next = e->next; - - if ( e == e->cache->tail ) - { - e->cache->tail = e->prev; - if ( e->cache->tail ) - e->cache->tail->next = 0; - } - else - e->next->prev = e->prev; - - e->prev = e->next = 0; - } - -void SerializationCache::RemoveEntry(CacheEntry* e) - { - assert(e); - UnlinkEntry(e); - - if ( e->tid ) - tid_map.erase(e->tid); - - pid_map.erase(e->pid); - - if ( e->is_bro_obj ) - Unref(const_cast(e->obj.bro)); - - e->obj.serial = 0; // for debugging - --(e->cache->size); - delete e; - } - -void SerializationCache::MoveEntryToTail(CacheEntry* e) - { - assert(e); - UnlinkEntry(e); - e->prev = e->cache->tail; - e->next = 0; - - if ( e->cache->tail ) - e->cache->tail->next = e; - if ( ! e->cache->head ) - e->cache->head = e; - - e->cache->tail = e; - } - -void SerializationCache::Clear() - { - tid_map.clear(); - pid_map.clear(); - volatiles.clear(); - - while ( cache_stable.head ) - RemoveEntry(cache_stable.head); - - while ( cache_unstable.head ) - RemoveEntry(cache_unstable.head); - - assert(cache_stable.size == 0); - assert(cache_unstable.size == 0); - } - -void SerializationCache::End(bool new_cache_strategy) - { - // Remove objects not-derived from BroObj (they aren't ref'counted - // so it's not safe to keep them). - for ( VolatileList::iterator i = volatiles.begin(); - i != volatiles.end(); i++ ) - { - assert(*i); - RemoveEntry(*i); - } - - volatiles.clear(); - - if ( new_cache_strategy ) - { - while ( max_cache_size && cache_stable.head && - cache_stable.size > max_cache_size ) - RemoveEntry(cache_stable.head); - - while ( max_cache_size && cache_unstable.head && - cache_unstable.size > max_cache_size ) - RemoveEntry(cache_unstable.head); - } - - else - { - while ( max_cache_size && pid_map.size() > max_cache_size ) - RemoveEntry(cache_unstable.head); - } - } - -FileSerializer::FileSerializer(SerializationFormat* format) -: Serializer(format), cache(100) - { - file = 0; - fd = -1; - io = 0; - SetCache(&cache); - } - -FileSerializer::~FileSerializer() - { - if ( io ) - io->Flush(); - - delete [] file; - - if ( io ) - delete io; // destructor will call close() on fd - else if ( fd >= 0 ) - safe_close(fd); - } - -bool FileSerializer::Open(const char* file, bool pure) - { - if ( ! OpenFile(file, false) ) - return false; - - if ( pure ) - io->MakePure(); - - if ( ! PrepareForWriting() ) - return false; - - return true; - } - -bool FileSerializer::Close() - { - CloseFile(); - return true; - } - -bool FileSerializer::OpenFile(const char* arg_file, bool readonly, bool should_exist) - { - CloseFile(); - - cache.Clear(); - - file = copy_string(arg_file); - fd = open(file, readonly ? O_RDONLY : O_WRONLY | O_CREAT | O_TRUNC, 0600); - - if ( fd < 0 ) - { - if ( readonly && errno == ENOENT ) - { - // Only an error if we expect to exist. - if ( should_exist ) - { - Error(fmt("%s does not exist", file)); - return false; - } - - CloseFile(); - return true; - } - - Error(fmt("can't open file %s for %s: %s", - file, (readonly ? "reading" : "writing"), - strerror(errno))); - return false; - } - - io = new ChunkedIOFd(fd, "file"); - - return io != 0; - } - -void FileSerializer::CloseFile() - { - if ( io ) - io->Flush(); - - if ( fd >= 0 && ! io ) // destructor of io calls close() on fd - safe_close(fd); - fd = -1; - - delete [] file; - file = 0; - - delete io; - io = 0; - - cache.Clear(); - } - -bool FileSerializer::PrepareForWriting() - { - if ( ! io->IsPure() ) - { - // Write file header. - uint32 magic = htonl(MAGIC); - uint16 version = htons(DATA_FORMAT_VERSION); - uint32 time = htonl(uint32(::time(0))); - - if ( write(fd, &magic, sizeof(magic)) != sizeof(magic ) || - write(fd, &version, sizeof(version)) != sizeof(version) || - write(fd, &time, sizeof(time)) != sizeof(time)) - { - Error(fmt("can't write file header to %s: %s", - file, strerror(errno))); - return false; - } - } - - return true; - } - -bool FileSerializer::ReadHeader(UnserialInfo* info) - { - uint32 magic; - uint16 version; - uint32 time; - - if ( read(fd, &magic, sizeof(magic)) != sizeof(magic ) || - read(fd, &version, sizeof(version)) != sizeof(version) || - read(fd, &time, sizeof(time)) != sizeof(time) ) - { - Error(fmt("can't read file header from %s: %s", - file, strerror(errno))); - return false; - } - - version = ntohs(version); - time = ntohl(time); - - if ( info && info->print ) - { - time_t teatime = (time_t) time; - fprintf(stderr, "Date: %s", ctime(&teatime)); - } - - if ( magic != htonl(MAGIC) ) - { - Error(fmt("%s is not a bro state file", file)); - CloseFile(); - return false; - } - - if ( version != DATA_FORMAT_VERSION ) - { - Error(fmt("wrong data format, expected version %d but got version %d", DATA_FORMAT_VERSION, version)); - CloseFile(); - return false; - } - - return true; - } - -bool FileSerializer::Read(UnserialInfo* info, const char* file, bool header) - { - if ( ! OpenFile(file, true, info->print) ) - return false; - - // fprintf( stderr, "Reading %s\n", file ); - - if ( fd < 0 ) - // Not existent, but that's ok. - return true; - - if ( header && ! ReadHeader(info) ) - return false; - - int i; - while ( (i = Unserialize(info, true)) > 0 ) - ; - - CloseFile(); - - return i == 0; - } - -void FileSerializer::ReportError(const char* str) - { - reporter->Error("%s", str); - } - -void FileSerializer::GotID(ID* id, Val* val) - { - // Do nothing. - Unref(id); - } - -void FileSerializer::GotStateAccess(StateAccess* s) - { - delete s; - } - -void FileSerializer::GotEvent(const char* name, double time, - EventHandlerPtr event, val_list* args) - { - // Do nothing. - delete_vals(args); - } - -void FileSerializer::GotFunctionCall(const char* name, double time, - Func* func, val_list* args) - { - // Do nothing. - delete_vals(args); - } - -void FileSerializer::GotTimer(Timer* t) - { - // Do nothing. - delete t; - } - -void FileSerializer::GotConnection(Connection* c) - { - // Do nothing. - Unref(c); - } - -void FileSerializer::GotPacket(Packet* p) - { - // Do nothing. - delete p; - } - -EventPlayer::EventPlayer(const char* file) - : stream_time(), replay_time(), ne_time(), ne_handler(), ne_args() - { - if ( ! OpenFile(file, true) || fd < 0 ) - Error(fmt("event replayer: cannot open %s", file)); - - if ( ReadHeader() ) - iosource_mgr->Register(this); - } - -EventPlayer::~EventPlayer() - { - CloseFile(); - } - -void EventPlayer::GotEvent(const char* name, double time, - EventHandlerPtr event, val_list* args) - { - ne_time = time; - ne_handler = event; - ne_args = std::move(*args); - delete args; - } - -void EventPlayer::GotFunctionCall(const char* name, double time, - Func* func, val_list* args) - { - // We don't replay function calls. - } - -void EventPlayer::GetFds(iosource::FD_Set* read, iosource::FD_Set* write, - iosource::FD_Set* except) - { - read->Insert(fd); - } - -double EventPlayer::NextTimestamp(double* local_network_time) - { - if ( ne_time ) - return ne_time; - - if ( ! io ) - return -1; - - // Read next event if we don't have one waiting. - if ( ! ne_time ) - { - UnserialInfo info(this); - Unserialize(&info); - SetClosed(io->Eof()); - } - - if ( ! ne_time ) - return -1; - - if ( ! network_time ) - { - // Network time not initialized yet. - stream_time = replay_time = ne_time; - return ne_time; - } - - if ( ! stream_time ) - { - // Init base times. - stream_time = ne_time; - replay_time = network_time; - } - - // Scale time. - ne_time = ne_time - stream_time + network_time; - return ne_time; - } - -void EventPlayer::Process() - { - if ( ! (io && ne_time) ) - return; - - Event* event = new Event(ne_handler, std::move(ne_args)); - mgr.Dispatch(event); - - ne_time = 0; - } diff --git a/src/Serializer.h b/src/Serializer.h deleted file mode 100644 index 2c30ef5443..0000000000 --- a/src/Serializer.h +++ /dev/null @@ -1,363 +0,0 @@ -#ifndef SERIALIZER_H -#define SERIALIZER_H - -#include -#include -#include - -#include "ID.h" -#include "List.h" -#include "Expr.h" -#include "ChunkedIO.h" -#include "SerializationFormat.h" -#include "StateAccess.h" -#include "PriorityQueue.h" -#include "SerialInfo.h" -#include "IP.h" -#include "Timer.h" -#include "iosource/IOSource.h" -#include "Reporter.h" - -class SerializationCache; -class SerialInfo; - -class Connection; -class Timer; -class Packet; - -class Serializer { -public: - // Currently ID serialization is the only method which may suspend. - bool Serialize(SerialInfo* info, const ID& id); - bool Serialize(SerialInfo* info, const char* func, val_list* args); - bool Serialize(SerialInfo* info, const StateAccess& s); - bool Serialize(SerialInfo* info, const Connection& c); - bool Serialize(SerialInfo* info, const Timer& t); - bool Serialize(SerialInfo* info, const Packet& p); - - // Access to the current cache. - SerializationCache* Cache() { return current_cache; } - void SetCache(SerializationCache* cache) - { current_cache = cache; } - - // Input/output methods. - -#define DECLARE_READ(type) \ - bool Read(type* v, const char* tag) { return format->Read(v, tag); } - -#define DECLARE_WRITE(type) \ - bool Write(type v, const char* tag) \ - { return format->Write(v, tag); } - -#define DECLARE_IO(type) \ - DECLARE_READ(type) \ - DECLARE_WRITE(type) - - DECLARE_IO(int) - DECLARE_IO(uint16) - DECLARE_IO(uint32) - DECLARE_IO(int64) - DECLARE_IO(uint64) - DECLARE_IO(char) - DECLARE_IO(bool) - DECLARE_IO(double) - - bool Read(char** str, int* len, const char* tag) - { return format->Read(str, len, tag); } - bool Read(const char** str, int* len, const char* tag) - // This cast is ok. - { return format->Read(const_cast(str), len, tag); } - - bool Read(string* s, const char* tag); - bool Read(IPAddr* a, const char* tag) { return format->Read(a, tag); } - bool Read(IPPrefix* p, const char* tag) { return format->Read(p, tag); } - - bool Write(const char* s, const char* tag) - { return format->Write(s, tag); } - bool Write(const char* buf, int len, const char* tag) - { return format->Write(buf, len, tag); } - bool Write(const string& s, const char* tag) - { return format->Write(s.data(), s.size(), tag); } - bool Write(const IPAddr& a, const char* tag) { return format->Write(a, tag); } - bool Write(const IPPrefix& p, const char* tag) { return format->Write(p, tag); } - - bool WriteOpenTag(const char* tag) - { return format->WriteOpenTag(tag); } - bool WriteCloseTag(const char* tag) - { return format->WriteCloseTag(tag); } - - bool WriteSeparator() { return format->WriteSeparator(); } - - void Error(const char* msg); - void Warning(const char* msg); - - void SetErrorDescr(const char* descr) - { delete [] error_descr; error_descr = copy_string(descr); } - -protected: - // Format defaults to binary serialization. - explicit Serializer(SerializationFormat* format = 0); - virtual ~Serializer(); - - // Reads next object. - // If 'block' is true, wait until an object can be read. - // Returns 0 if no more object available, -1 on error. - int Unserialize(UnserialInfo* info, bool block = false); - - // Callback for error messages. - virtual void ReportError(const char* msg) = 0; - - // Callbacks for unserialized objects. - - // id points to ID in global scope, val is unserialized value. - virtual void GotID(ID* id, Val* val) = 0; - virtual void GotEvent(const char* name, double time, - EventHandlerPtr event, val_list* args) = 0; - virtual void GotFunctionCall(const char* name, double time, - Func* func, val_list* args) = 0; - virtual void GotStateAccess(StateAccess* s) = 0; - virtual void GotTimer(Timer* t) = 0; - virtual void GotConnection(Connection* c) = 0; - virtual void GotPacket(Packet* packet) = 0; - - // Magic to recognize state files. - static const uint32 MAGIC = 0x42525354; - - // This will be increased whenever there is an incompatible change - // in the data format. - static const uint32 DATA_FORMAT_VERSION = 26; - - ChunkedIO* io; - -private: - bool StartSerialization(SerialInfo* info, const char* descr, char tag); - bool EndSerialization(SerialInfo* info); - - bool UnserializeID(UnserialInfo* info); - bool UnserializeCall(UnserialInfo* info); - bool UnserializeStateAccess(UnserialInfo* info); - bool UnserializeTimer(UnserialInfo* info); - bool UnserializeConnection(UnserialInfo* info); - bool UnserializePacket(UnserialInfo* info); - - SerializationFormat* format; - SerializationCache* current_cache; - const char* error_descr; // used in error messages -}; - - - -// We maintain an LRU-cache for some of the objects which have already been -// serialized. For the cache, we need two types of IDs: TransientIDs (defined -// in SerialObj.cc) uniquely reference an object during the lifetime of a -// process. PermanentIDs uniquely reference an object within a serialization. - -class SerializationCache { -public: - typedef uint64 PermanentID; - static const PermanentID NONE = 0; - - // If max_cache_size is greater than zero, we'll remove old entries - // automatically if limit is reached (LRU expiration). - explicit SerializationCache(unsigned int max_cache_size = 0); - ~SerializationCache(); - - PermanentID Register(const SerialObj* obj, PermanentID pid, - bool new_cache_strategy); - - const SerialObj* Lookup(PermanentID pid) - { - PIDMap::const_iterator i = pid_map.find(pid); - if ( i == pid_map.end() ) - return 0; - - assert(i->second); - MoveEntryToTail(i->second); - return i->second->obj.serial; - } - - PermanentID Lookup(const TransientID& tid) - { - TIDMap::const_iterator i = tid_map.find(tid.Value()); - if ( i == tid_map.end() ) - return 0; - - uint64 modified = i->second->obj.serial->LastModified(); - if ( modified == SerialObj::ALWAYS || modified > i->second->time ) - return 0; - - assert(i->second); - MoveEntryToTail(i->second); - return i->second->pid; - } - - unsigned int GetMaxCacheSize() const { return max_cache_size; } - void SetMaxCacheSize(unsigned int size) { max_cache_size = size; } - - // These methods have to be called at the start/end of the - // serialization of an entity. The cache guarentees that objects - // registered after Begin() remain valid until End() is called. - // After End(), objects which are not derived from BroObj are - // discarded; others *may* remain valid. - void Begin(bool can_keep_in_cache) { End(can_keep_in_cache); } - void End(bool can_keep_in_cache); - - void Clear(); - -private: - - struct CacheList; - - struct CacheEntry { - union { - const SerialObj* serial; - const BroObj* bro; - } obj; - - bool is_bro_obj; - PermanentID pid; - TransientID::ID tid; - uint64 time; - struct CacheList* cache; - CacheEntry* prev; - CacheEntry* next; - - SerialType stype; // primarily for debugging - }; - - // We maintain two LRU-sorted lists, one for often-changing objects and - // one for only rarely changing objects; - struct CacheList { - CacheEntry* head; - CacheEntry* tail; - unsigned int size; - }; - - void RemoveEntry(CacheEntry* e); - void UnlinkEntry(CacheEntry* e); - void MoveEntryToTail(CacheEntry* e); - - unsigned int max_cache_size; - - typedef map PIDMap; - typedef map TIDMap; - - TIDMap tid_map; - PIDMap pid_map; - - CacheList cache_stable; - CacheList cache_unstable; - - // Objects in the cache which aren't derived from BroObj. These are - // always stored in the unstable cache. - typedef list VolatileList; - VolatileList volatiles; - - PermanentID next_id; -}; - -// A serializer for cloning objects. Objects can be serialized into -// the serializer and unserialized into new objects. An absolutely -// minimal implementation of Serializer! -class CloneSerializer : public Serializer { -public: - explicit CloneSerializer(SerializationFormat* format = 0) : Serializer(format) { } - ~CloneSerializer() override - { } - -protected: - void ReportError(const char* msg) override { reporter->Error("%s", msg); } - void GotID(ID* id, Val* val) override { } - void GotEvent(const char* name, double time, EventHandlerPtr event, val_list* args) override { } - void GotFunctionCall(const char* name, double time, - Func* func, val_list* args) override { } - void GotStateAccess(StateAccess* s) override { delete s; } - void GotTimer(Timer* t) override { } - void GotConnection(Connection* c) override { } - void GotPacket(Packet* packet) override { } -}; - -// Write values/events to file or fd. -class FileSerializer : public Serializer { -public: - explicit FileSerializer(SerializationFormat* format = 0); - ~FileSerializer() override; - - // Opens the file for serialization. - bool Open(const char* file, bool pure = false); - bool Close(); - - // Reads the file. - bool Read(UnserialInfo* info, const char* file, bool header = true); - -protected: - void ReportError(const char* msg) override; - void GotID(ID* id, Val* val) override; - void GotEvent(const char* name, double time, - EventHandlerPtr event, val_list* args) override; - void GotFunctionCall(const char* name, double time, - Func* func, val_list* args) override; - void GotStateAccess(StateAccess* s) override; - void GotTimer(Timer* t) override; - void GotConnection(Connection* c) override; - void GotPacket(Packet* packet) override; - - bool OpenFile(const char* file, bool readonly, bool should_exist = false); - void CloseFile(); - bool ReadFile(const char* file); - bool PrepareForWriting(); - bool ReadHeader(UnserialInfo* info = 0); - - SerializationCache cache; - const char* file; - int fd; -}; - -// Abstract interface class for external sources providing a stream of events. -class EventSource { -public: - virtual ~EventSource() { } - - // Returns time of the oldest event (0 if none available). - virtual double NextTimestamp(double* local_network_time) = 0; - - // Dispatches the oldest event and removes it. - virtual void DispatchNextEvent() = 0; - - // Returns true if there are more events to expect from this source. - virtual bool IsActive() = 0; -}; - -// Plays a file of events back. -class EventPlayer : public FileSerializer, public iosource::IOSource { -public: - explicit EventPlayer(const char* file); - ~EventPlayer() override; - - void GetFds(iosource::FD_Set* read, iosource::FD_Set* write, - iosource::FD_Set* except) override; - double NextTimestamp(double* local_network_time) override; - void Process() override; - const char* Tag() override { return "EventPlayer"; } - -protected: - void GotID(ID* id, Val* val) override {} - void GotEvent(const char* name, double time, - EventHandlerPtr event, val_list* args) override; - void GotFunctionCall(const char* name, double time, - Func* func, val_list* args) override; - - double stream_time; // time of first captured event - double replay_time; // network time of replay start - - // Next event waiting to be dispatched. - double ne_time; - EventHandlerPtr ne_handler; - val_list ne_args; - -}; - -extern FileSerializer* event_serializer; -extern FileSerializer* state_serializer; - -#endif diff --git a/src/StateAccess.cc b/src/StateAccess.cc index 134cca5db5..03157b1cbe 100644 --- a/src/StateAccess.cc +++ b/src/StateAccess.cc @@ -1,6 +1,5 @@ #include "Val.h" #include "StateAccess.h" -#include "Serializer.h" #include "Event.h" #include "NetVar.h" #include "DebugLogger.h" @@ -72,7 +71,6 @@ StateAccess::StateAccess(Opcode arg_opcode, } StateAccess::StateAccess(const StateAccess& sa) -: SerialObj() { opcode = sa.opcode; target_type = sa.target_type; @@ -408,146 +406,6 @@ ID* StateAccess::Target() const return target_type == TYPE_ID ? target.id : target.val->UniqueID(); } -bool StateAccess::Serialize(SerialInfo* info) const - { - return SerialObj::Serialize(info); - } - -StateAccess* StateAccess::Unserialize(UnserialInfo* info) - { - StateAccess* sa = - (StateAccess*) SerialObj::Unserialize(info, SER_STATE_ACCESS); - return sa; - } - -IMPLEMENT_SERIAL(StateAccess, SER_STATE_ACCESS); - -bool StateAccess::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_STATE_ACCESS, SerialObj); - - if ( ! SERIALIZE(char(opcode)) ) - return false; - - const ID* id = - target_type == TYPE_ID ? target.id : target.val->UniqueID(); - - if ( ! SERIALIZE(id->Name()) ) - return false; - - if ( op1_type == TYPE_KEY ) - { - Val* index = - id->ID_Val()->AsTableVal()->RecoverIndex(this->op1.key); - - if ( ! index ) - return false; - if ( ! index->Serialize(info) ) - return false; - - Unref(index); - } - - else if ( ! op1.val->Serialize(info) ) - return false; - - // Don't send the "old" operand if we don't want consistency checks. - // Unfortunately, it depends on the opcode which operand that actually - // is. - - const Val* null = 0; - - switch ( opcode ) { - case OP_PRINT: - case OP_EXPIRE: - case OP_READ_IDX: - // No old. - SERIALIZE_OPTIONAL(null); - SERIALIZE_OPTIONAL(null); - break; - - case OP_INCR: - case OP_INCR_IDX: - // Always need old. - SERIALIZE_OPTIONAL(op2); - SERIALIZE_OPTIONAL(op3); - break; - - case OP_ASSIGN: - case OP_ADD: - case OP_DEL: - // Op2 is old. - SERIALIZE_OPTIONAL(null); - SERIALIZE_OPTIONAL(null); - break; - - case OP_ASSIGN_IDX: - // Op3 is old. - SERIALIZE_OPTIONAL(op2); - SERIALIZE_OPTIONAL(null); - break; - - default: - reporter->InternalError("StateAccess::DoSerialize: unknown opcode"); - } - - return true; - } - -bool StateAccess::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(SerialObj); - - char c; - if ( ! UNSERIALIZE(&c) ) - return false; - - opcode = Opcode(c); - - const char* name; - if ( ! UNSERIALIZE_STR(&name, 0) ) - return false; - - target_type = TYPE_ID; - target.id = global_scope()->Lookup(name); - - if ( target.id ) - // Otherwise, we'll delete it below. - delete [] name; - - op1_type = TYPE_VAL; - op1.val = Val::Unserialize(info); - if ( ! op1.val ) - return false; - - UNSERIALIZE_OPTIONAL(op2, Val::Unserialize(info)); - UNSERIALIZE_OPTIONAL(op3, Val::Unserialize(info)); - - if ( target.id ) - Ref(target.id); - else - { - // This may happen as long as we haven't agreed on the - // unique name for an ID during initial synchronization, or if - // the local peer has already deleted the ID. - DBG_LOG(DBG_STATE, "state access referenced unknown id %s", name); - - if ( info->install_uniques ) - { - target.id = new ID(name, SCOPE_GLOBAL, true); - Ref(target.id); - global_scope()->Insert(name, target.id); -#ifdef USE_PERFTOOLS_DEBUG - heap_checker->IgnoreObject(target.id); -#endif - } - - delete [] name; - } - - return true; - } - void StateAccess::Describe(ODesc* d) const { const ID* id; diff --git a/src/StateAccess.h b/src/StateAccess.h index 8530ec1d91..d9077fe0e2 100644 --- a/src/StateAccess.h +++ b/src/StateAccess.h @@ -7,14 +7,11 @@ #include #include -#include "SerialObj.h" - class Val; class ID; class MutableVal; class HashKey; class ODesc; -class Serializer; class TableVal; enum Opcode { // Op1 Op2 Op3 (Vals) @@ -30,7 +27,7 @@ enum Opcode { // Op1 Op2 Op3 (Vals) OP_READ_IDX, // idx }; -class StateAccess : public SerialObj { +class StateAccess { public: StateAccess(Opcode opcode, const ID* target, const Val* op1, const Val* op2 = 0, const Val* op3 = 0); @@ -48,7 +45,7 @@ public: StateAccess(const StateAccess& sa); - ~StateAccess() override; + virtual ~StateAccess(); // Replays this access in the our environment. void Replay(); @@ -58,9 +55,6 @@ public: void Describe(ODesc* d) const; - bool Serialize(SerialInfo* info) const; - static StateAccess* Unserialize(UnserialInfo* info); - // Main entry point when StateAcesses are performed. // For every state-changing operation, this has to be called. static void Log(StateAccess* access); @@ -76,8 +70,6 @@ private: bool MergeTables(TableVal* dst, Val* src); - DECLARE_SERIAL(StateAccess); - Opcode opcode; union { ID* id; diff --git a/src/Stmt.cc b/src/Stmt.cc index 5bf7c47d75..3edb48c8f5 100644 --- a/src/Stmt.cc +++ b/src/Stmt.cc @@ -117,47 +117,6 @@ void Stmt::AccessStats(ODesc* d) const } } -bool Stmt::Serialize(SerialInfo* info) const - { - return SerialObj::Serialize(info); - } - -Stmt* Stmt::Unserialize(UnserialInfo* info, BroStmtTag want) - { - Stmt* stmt = (Stmt*) SerialObj::Unserialize(info, SER_STMT); - - if ( want != STMT_ANY && stmt->tag != want ) - { - info->s->Error("wrong stmt type"); - Unref(stmt); - return 0; - } - - return stmt; - } - -bool Stmt::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_STMT, BroObj); - - return SERIALIZE(char(tag)) && SERIALIZE(last_access) - && SERIALIZE(access_count); - } - -bool Stmt::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BroObj); - - char c; - if ( ! UNSERIALIZE(&c) ) - return 0; - - tag = BroStmtTag(c); - - return UNSERIALIZE(&last_access) && UNSERIALIZE(&access_count); - } - - ExprListStmt::ExprListStmt(BroStmtTag t, ListExpr* arg_l) : Stmt(t) { @@ -207,19 +166,6 @@ void ExprListStmt::PrintVals(ODesc* d, val_list* vals, int offset) const describe_vals(vals, d, offset); } -bool ExprListStmt::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_EXPR_LIST_STMT, Stmt); - return l->Serialize(info); - } - -bool ExprListStmt::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Stmt); - l = (ListExpr*) Expr::Unserialize(info, EXPR_LIST); - return l != 0; - } - TraversalCode ExprListStmt::Traverse(TraversalCallback* cb) const { TraversalCode tc = cb->PreStmt(this); @@ -305,20 +251,6 @@ Val* PrintStmt::DoExec(val_list* vals, stmt_flow_type& /* flow */) const return 0; } -IMPLEMENT_SERIAL(PrintStmt, SER_PRINT_STMT); - -bool PrintStmt::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_PRINT_STMT, ExprListStmt); - return true; - } - -bool PrintStmt::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(ExprListStmt); - return true; - } - ExprStmt::ExprStmt(Expr* arg_e) : Stmt(STMT_EXPR) { e = arg_e; @@ -404,22 +336,6 @@ TraversalCode ExprStmt::Traverse(TraversalCallback* cb) const HANDLE_TC_STMT_POST(tc); } -IMPLEMENT_SERIAL(ExprStmt, SER_EXPR_STMT); - -bool ExprStmt::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_EXPR_STMT, Stmt); - SERIALIZE_OPTIONAL(e); - return true; - } - -bool ExprStmt::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Stmt); - UNSERIALIZE_OPTIONAL(e, Expr::Unserialize(info)); - return true; - } - IfStmt::IfStmt(Expr* test, Stmt* arg_s1, Stmt* arg_s2) : ExprStmt(STMT_IF, test) { s1 = arg_s1; @@ -507,25 +423,6 @@ TraversalCode IfStmt::Traverse(TraversalCallback* cb) const HANDLE_TC_STMT_POST(tc); } -IMPLEMENT_SERIAL(IfStmt, SER_IF_STMT); - -bool IfStmt::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_IF_STMT, ExprStmt); - return s1->Serialize(info) && s2->Serialize(info); - } - -bool IfStmt::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(ExprStmt); - s1 = Stmt::Unserialize(info); - if ( ! s1 ) - return false; - - s2 = Stmt::Unserialize(info); - return s2 != 0; - } - static BroStmtTag get_last_stmt_tag(const Stmt* stmt) { if ( ! stmt ) @@ -655,67 +552,6 @@ TraversalCode Case::Traverse(TraversalCallback* cb) const return TC_CONTINUE; } -bool Case::Serialize(SerialInfo* info) const - { - return SerialObj::Serialize(info); - } - -Case* Case::Unserialize(UnserialInfo* info) - { - return (Case*) SerialObj::Unserialize(info, SER_CASE); - } - -IMPLEMENT_SERIAL(Case, SER_CASE); - -bool Case::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_CASE, BroObj); - - if ( ! expr_cases->Serialize(info) ) - return false; - - id_list empty; - id_list* types = (type_cases ? type_cases : &empty); - - if ( ! SERIALIZE(types->length()) ) - return false; - - loop_over_list((*types), i) - { - if ( ! (*types)[i]->Serialize(info) ) - return false; - } - - return this->s->Serialize(info); - } - -bool Case::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BroObj); - - expr_cases = (ListExpr*) Expr::Unserialize(info, EXPR_LIST); - if ( ! expr_cases ) - return false; - - int len; - if ( ! UNSERIALIZE(&len) ) - return false; - - type_cases = new id_list(len); - - while ( len-- ) - { - ID* id = ID::Unserialize(info); - if ( ! id ) - return false; - - type_cases->append(id); - } - - this->s = Stmt::Unserialize(info); - return this->s != 0; - } - static void int_del_func(void* v) { delete (int*) v; @@ -1028,66 +864,6 @@ TraversalCode SwitchStmt::Traverse(TraversalCallback* cb) const HANDLE_TC_STMT_POST(tc); } -IMPLEMENT_SERIAL(SwitchStmt, SER_SWITCH_STMT); - -bool SwitchStmt::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_SWITCH_STMT, ExprStmt); - - if ( ! SERIALIZE(cases->length()) ) - return false; - - loop_over_list((*cases), i) - if ( ! (*cases)[i]->Serialize(info) ) - return false; - - if ( ! SERIALIZE(default_case_idx) ) - return false; - - return true; - } - -bool SwitchStmt::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(ExprStmt); - - Init(); - - int len; - if ( ! UNSERIALIZE(&len) ) - return false; - - while ( len-- ) - { - Case* c = Case::Unserialize(info); - if ( ! c ) - return false; - - cases->append(c); - } - - if ( ! UNSERIALIZE(&default_case_idx) ) - return false; - - loop_over_list(*cases, i) - { - const ListExpr* le = (*cases)[i]->ExprCases(); - - if ( ! le ) - continue; - - const expr_list& exprs = le->Exprs(); - - loop_over_list(exprs, j) - { - if ( ! AddCaseLabelValueMapping(exprs[j]->ExprVal(), i) ) - return false; - } - } - - return true; - } - AddStmt::AddStmt(Expr* arg_e) : ExprStmt(STMT_ADD, arg_e) { if ( ! e->CanAdd() ) @@ -1121,20 +897,6 @@ TraversalCode AddStmt::Traverse(TraversalCallback* cb) const HANDLE_TC_STMT_POST(tc); } -IMPLEMENT_SERIAL(AddStmt, SER_ADD_STMT); - -bool AddStmt::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_ADD_STMT, ExprStmt); - return true; - } - -bool AddStmt::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(ExprStmt); - return true; - } - DelStmt::DelStmt(Expr* arg_e) : ExprStmt(STMT_DELETE, arg_e) { if ( e->IsError() ) @@ -1170,20 +932,6 @@ TraversalCode DelStmt::Traverse(TraversalCallback* cb) const HANDLE_TC_STMT_POST(tc); } -IMPLEMENT_SERIAL(DelStmt, SER_DEL_STMT); - -bool DelStmt::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_DEL_STMT, ExprStmt); - return true; - } - -bool DelStmt::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(ExprStmt); - return true; - } - EventStmt::EventStmt(EventExpr* arg_e) : ExprStmt(STMT_EVENT, arg_e) { event_expr = arg_e; @@ -1218,22 +966,6 @@ TraversalCode EventStmt::Traverse(TraversalCallback* cb) const HANDLE_TC_STMT_POST(tc); } -IMPLEMENT_SERIAL(EventStmt, SER_EVENT_STMT); - -bool EventStmt::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_EVENT_STMT, ExprStmt); - return event_expr->Serialize(info); - } - -bool EventStmt::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(ExprStmt); - - event_expr = (EventExpr*) Expr::Unserialize(info, EXPR_EVENT); - return event_expr != 0; - } - WhileStmt::WhileStmt(Expr* arg_loop_condition, Stmt* arg_body) : loop_condition(arg_loop_condition), body(arg_body) { @@ -1319,30 +1051,6 @@ Val* WhileStmt::Exec(Frame* f, stmt_flow_type& flow) const return rval; } -IMPLEMENT_SERIAL(WhileStmt, SER_WHILE_STMT); - -bool WhileStmt::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_WHILE_STMT, Stmt); - - if ( ! loop_condition->Serialize(info) ) - return false; - - return body->Serialize(info); - } - -bool WhileStmt::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Stmt); - loop_condition = Expr::Unserialize(info); - - if ( ! loop_condition ) - return false; - - body = Stmt::Unserialize(info); - return body != 0; - } - ForStmt::ForStmt(id_list* arg_loop_vars, Expr* loop_expr) : ExprStmt(STMT_FOR, loop_expr) { @@ -1607,47 +1315,6 @@ TraversalCode ForStmt::Traverse(TraversalCallback* cb) const HANDLE_TC_STMT_POST(tc); } -IMPLEMENT_SERIAL(ForStmt, SER_FOR_STMT); - -bool ForStmt::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_FOR_STMT, ExprStmt); - - if ( ! SERIALIZE(loop_vars->length()) ) - return false; - - loop_over_list((*loop_vars), i) - { - if ( ! (*loop_vars)[i]->Serialize(info) ) - return false; - } - - return body->Serialize(info); - } - -bool ForStmt::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(ExprStmt); - - int len; - if ( ! UNSERIALIZE(&len) ) - return false; - - loop_vars = new id_list(len); - - while ( len-- ) - { - ID* id = ID::Unserialize(info); - if ( ! id ) - return false; - - loop_vars->append(id); - } - - body = Stmt::Unserialize(info); - return body != 0; - } - Val* NextStmt::Exec(Frame* /* f */, stmt_flow_type& flow) const { RegisterAccess(); @@ -1675,20 +1342,6 @@ TraversalCode NextStmt::Traverse(TraversalCallback* cb) const HANDLE_TC_STMT_POST(tc); } -IMPLEMENT_SERIAL(NextStmt, SER_NEXT_STMT); - -bool NextStmt::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_NEXT_STMT, Stmt); - return true; - } - -bool NextStmt::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Stmt); - return true; - } - Val* BreakStmt::Exec(Frame* /* f */, stmt_flow_type& flow) const { RegisterAccess(); @@ -1716,20 +1369,6 @@ TraversalCode BreakStmt::Traverse(TraversalCallback* cb) const HANDLE_TC_STMT_POST(tc); } -IMPLEMENT_SERIAL(BreakStmt, SER_BREAK_STMT); - -bool BreakStmt::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_BREAK_STMT, Stmt); - return true; - } - -bool BreakStmt::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Stmt); - return true; - } - Val* FallthroughStmt::Exec(Frame* /* f */, stmt_flow_type& flow) const { RegisterAccess(); @@ -1757,20 +1396,6 @@ TraversalCode FallthroughStmt::Traverse(TraversalCallback* cb) const HANDLE_TC_STMT_POST(tc); } -IMPLEMENT_SERIAL(FallthroughStmt, SER_FALLTHROUGH_STMT); - -bool FallthroughStmt::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_FALLTHROUGH_STMT, Stmt); - return true; - } - -bool FallthroughStmt::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Stmt); - return true; - } - ReturnStmt::ReturnStmt(Expr* arg_e) : ExprStmt(STMT_RETURN, arg_e) { Scope* s = current_scope(); @@ -1838,20 +1463,6 @@ void ReturnStmt::Describe(ODesc* d) const DescribeDone(d); } -IMPLEMENT_SERIAL(ReturnStmt, SER_RETURN_STMT); - -bool ReturnStmt::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_RETURN_STMT, ExprStmt); - return true; - } - -bool ReturnStmt::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(ExprStmt); - return true; - } - StmtList::StmtList() : Stmt(STMT_LIST) { } @@ -1941,43 +1552,6 @@ TraversalCode StmtList::Traverse(TraversalCallback* cb) const HANDLE_TC_STMT_POST(tc); } -IMPLEMENT_SERIAL(StmtList, SER_STMT_LIST); - -bool StmtList::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_STMT_LIST, Stmt); - - if ( ! SERIALIZE(stmts.length()) ) - return false; - - loop_over_list(stmts, i) - if ( ! stmts[i]->Serialize(info) ) - return false; - - return true; - } - -bool StmtList::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Stmt); - - int len; - if ( ! UNSERIALIZE(&len) ) - return false; - - while ( len-- ) - { - Stmt* stmt = Stmt::Unserialize(info); - if ( ! stmt ) - return false; - - stmts.append(stmt); - } - - return true; - } - - Val* EventBodyList::Exec(Frame* f, stmt_flow_type& flow) const { RegisterAccess(); @@ -2036,20 +1610,6 @@ void EventBodyList::Describe(ODesc* d) const StmtList::Describe(d); } -IMPLEMENT_SERIAL(EventBodyList, SER_EVENT_BODY_LIST); - -bool EventBodyList::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_EVENT_BODY_LIST, StmtList); - return SERIALIZE(topmost); - } - -bool EventBodyList::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(StmtList); - return UNSERIALIZE(&topmost); - } - InitStmt::~InitStmt() { loop_over_list(*inits, i) @@ -2123,45 +1683,6 @@ TraversalCode InitStmt::Traverse(TraversalCallback* cb) const HANDLE_TC_STMT_POST(tc); } -IMPLEMENT_SERIAL(InitStmt, SER_INIT_STMT); - -bool InitStmt::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_INIT_STMT, Stmt); - - if ( ! SERIALIZE(inits->length()) ) - return false; - - loop_over_list((*inits), i) - { - if ( ! (*inits)[i]->Serialize(info) ) - return false; - } - - return true; - } - -bool InitStmt::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Stmt); - - int len; - if ( ! UNSERIALIZE(&len) ) - return false; - - inits = new id_list(len); - - while ( len-- ) - { - ID* id = ID::Unserialize(info); - if ( ! id ) - return false; - inits->append(id); - } - return true; - } - - Val* NullStmt::Exec(Frame* /* f */, stmt_flow_type& flow) const { RegisterAccess(); @@ -2191,20 +1712,6 @@ TraversalCode NullStmt::Traverse(TraversalCallback* cb) const HANDLE_TC_STMT_POST(tc); } -IMPLEMENT_SERIAL(NullStmt, SER_NULL_STMT); - -bool NullStmt::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_NULL_STMT, Stmt); - return true; - } - -bool NullStmt::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Stmt); - return true; - } - WhenStmt::WhenStmt(Expr* arg_cond, Stmt* arg_s1, Stmt* arg_s2, Expr* arg_timeout, bool arg_is_return) : Stmt(STMT_WHEN) @@ -2320,35 +1827,3 @@ TraversalCode WhenStmt::Traverse(TraversalCallback* cb) const HANDLE_TC_STMT_POST(tc); } -IMPLEMENT_SERIAL(WhenStmt, SER_WHEN_STMT); - -bool WhenStmt::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_WHEN_STMT, Stmt); - - if ( cond->Serialize(info) && s1->Serialize(info) ) - return false; - - SERIALIZE_OPTIONAL(s2); - SERIALIZE_OPTIONAL(timeout); - - return true; - } - -bool WhenStmt::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Stmt); - - cond = Expr::Unserialize(info); - if ( ! cond ) - return false; - - s1 = Stmt::Unserialize(info); - if ( ! s1 ) - return false; - - UNSERIALIZE_OPTIONAL(s2, Stmt::Unserialize(info)); - UNSERIALIZE_OPTIONAL(timeout, Expr::Unserialize(info)); - - return true; - } diff --git a/src/Stmt.h b/src/Stmt.h index c3ee6611fe..7136ffe306 100644 --- a/src/Stmt.h +++ b/src/Stmt.h @@ -71,9 +71,6 @@ public: virtual unsigned int BPCount() const { return breakpoint_count; } - bool Serialize(SerialInfo* info) const; - static Stmt* Unserialize(UnserialInfo* info, BroStmtTag want = STMT_ANY); - virtual TraversalCode Traverse(TraversalCallback* cb) const = 0; protected: @@ -83,8 +80,6 @@ protected: void AddTag(ODesc* d) const; void DescribeDone(ODesc* d) const; - DECLARE_ABSTRACT_SERIAL(Stmt); - BroStmtTag tag; int breakpoint_count; // how many breakpoints on this statement @@ -111,8 +106,6 @@ protected: void Describe(ODesc* d) const override; void PrintVals(ODesc* d, val_list* vals, int offset) const; - DECLARE_ABSTRACT_SERIAL(ExprListStmt); - ListExpr* l; }; @@ -125,8 +118,6 @@ protected: PrintStmt() {} Val* DoExec(val_list* vals, stmt_flow_type& flow) const override; - - DECLARE_SERIAL(PrintStmt); }; class ExprStmt : public Stmt { @@ -151,8 +142,6 @@ protected: int IsPure() const override; - DECLARE_SERIAL(ExprStmt); - Expr* e; }; @@ -175,8 +164,6 @@ protected: Val* DoExec(Frame* f, Val* v, stmt_flow_type& flow) const override; int IsPure() const override; - DECLARE_SERIAL(IfStmt); - Stmt* s1; Stmt* s2; }; @@ -197,17 +184,12 @@ public: void Describe(ODesc* d) const override; - bool Serialize(SerialInfo* info) const; - static Case* Unserialize(UnserialInfo* info); - TraversalCode Traverse(TraversalCallback* cb) const; protected: friend class Stmt; Case() { expr_cases = 0; type_cases = 0; s = 0; } - DECLARE_SERIAL(Case); - ListExpr* expr_cases; id_list* type_cases; Stmt* s; @@ -234,8 +216,6 @@ protected: Val* DoExec(Frame* f, Val* v, stmt_flow_type& flow) const override; int IsPure() const override; - DECLARE_SERIAL(SwitchStmt); - // Initialize composite hash and case label map. void Init(); @@ -274,8 +254,6 @@ public: protected: friend class Stmt; AddStmt() {} - - DECLARE_SERIAL(AddStmt); }; class DelStmt : public ExprStmt { @@ -290,8 +268,6 @@ public: protected: friend class Stmt; DelStmt() {} - - DECLARE_SERIAL(DelStmt); }; class EventStmt : public ExprStmt { @@ -306,8 +282,6 @@ protected: friend class Stmt; EventStmt() { event_expr = 0; } - DECLARE_SERIAL(EventStmt); - EventExpr* event_expr; }; @@ -331,8 +305,6 @@ protected: Val* Exec(Frame* f, stmt_flow_type& flow) const override; - DECLARE_SERIAL(WhileStmt); - Expr* loop_condition; Stmt* body; }; @@ -362,8 +334,6 @@ protected: Val* DoExec(Frame* f, Val* v, stmt_flow_type& flow) const override; - DECLARE_SERIAL(ForStmt); - id_list* loop_vars; Stmt* body; // Stores the value variable being used for a key value for loop. @@ -383,7 +353,6 @@ public: TraversalCode Traverse(TraversalCallback* cb) const override; protected: - DECLARE_SERIAL(NextStmt); }; class BreakStmt : public Stmt { @@ -398,7 +367,6 @@ public: TraversalCode Traverse(TraversalCallback* cb) const override; protected: - DECLARE_SERIAL(BreakStmt); }; class FallthroughStmt : public Stmt { @@ -413,7 +381,6 @@ public: TraversalCode Traverse(TraversalCallback* cb) const override; protected: - DECLARE_SERIAL(FallthroughStmt); }; class ReturnStmt : public ExprStmt { @@ -427,8 +394,6 @@ public: protected: friend class Stmt; ReturnStmt() {} - - DECLARE_SERIAL(ReturnStmt); }; class StmtList : public Stmt { @@ -448,8 +413,6 @@ public: protected: int IsPure() const override; - DECLARE_SERIAL(StmtList); - stmt_list stmts; }; @@ -467,9 +430,6 @@ public: // bool IsTopmost() { return topmost; } protected: - - DECLARE_SERIAL(EventBodyList); - bool topmost; }; @@ -496,8 +456,6 @@ protected: friend class Stmt; InitStmt() { inits = 0; } - DECLARE_SERIAL(InitStmt); - id_list* inits; }; @@ -511,9 +469,6 @@ public: void Describe(ODesc* d) const override; TraversalCode Traverse(TraversalCallback* cb) const override; - -protected: - DECLARE_SERIAL(NullStmt); }; class WhenStmt : public Stmt { @@ -537,8 +492,6 @@ public: protected: WhenStmt() { cond = 0; s1 = s2 = 0; timeout = 0; is_return = 0; } - DECLARE_SERIAL(WhenStmt); - Expr* cond; Stmt* s1; Stmt* s2; diff --git a/src/Timer.cc b/src/Timer.cc index 519ceaae1e..75858af336 100644 --- a/src/Timer.cc +++ b/src/Timer.cc @@ -5,7 +5,6 @@ #include "util.h" #include "Timer.h" #include "Desc.h" -#include "Serializer.h" #include "broker/Manager.h" // Names of timers in same order than in TimerType. @@ -53,41 +52,6 @@ void Timer::Describe(ODesc* d) const d->Add(Time()); } -bool Timer::Serialize(SerialInfo* info) const - { - return SerialObj::Serialize(info); - } - -Timer* Timer::Unserialize(UnserialInfo* info) - { - Timer* timer = (Timer*) SerialObj::Unserialize(info, SER_TIMER); - if ( ! timer ) - return 0; - - timer_mgr->Add(timer); - - return timer; - } - -bool Timer::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_TIMER, SerialObj); - char tmp = type; - return SERIALIZE(tmp) && SERIALIZE(time); - } - -bool Timer::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(SerialObj); - - char tmp; - if ( ! UNSERIALIZE(&tmp) ) - return false; - type = tmp; - - return UNSERIALIZE(&time); - } - unsigned int TimerMgr::current_timers[NUM_TIMER_TYPES]; TimerMgr::~TimerMgr() diff --git a/src/Timer.h b/src/Timer.h index 2ce9f56e0b..02ebb2773c 100644 --- a/src/Timer.h +++ b/src/Timer.h @@ -6,7 +6,6 @@ #include #include -#include "SerialObj.h" #include "PriorityQueue.h" extern "C" { @@ -49,10 +48,9 @@ const int NUM_TIMER_TYPES = int(TIMER_TIMERMGR_EXPIRE) + 1; extern const char* timer_type_to_string(TimerType type); -class Serializer; class ODesc; -class Timer : public SerialObj, public PQ_Element { +class Timer : public PQ_Element { public: Timer(double t, TimerType arg_type) : PQ_Element(t) { type = (char) arg_type; } @@ -67,14 +65,9 @@ public: void Describe(ODesc* d) const; - bool Serialize(SerialInfo* info) const; - static Timer* Unserialize(UnserialInfo* info); - protected: Timer() {} - DECLARE_ABSTRACT_SERIAL(Timer); - unsigned int type:8; }; diff --git a/src/Type.cc b/src/Type.cc index 19bed81412..f252aea70f 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -6,7 +6,6 @@ #include "Attr.h" #include "Expr.h" #include "Scope.h" -#include "Serializer.h" #include "Reporter.h" #include "zeekygen/Manager.h" #include "zeekygen/utils.h" @@ -124,25 +123,8 @@ BroType::BroType(TypeTag t, bool arg_base_type) BroType* BroType::Clone() const { - SerializationFormat* form = new BinarySerializationFormat(); - form->StartWrite(); - CloneSerializer ss(form); - SerialInfo sinfo(&ss); - sinfo.cache = false; - - this->Serialize(&sinfo); - char* data; - uint32 len = form->EndWrite(&data); - form->StartRead(data, len); - - UnserialInfo uinfo(&ss); - uinfo.cache = false; - - BroType* rval = this->Unserialize(&uinfo, false); - assert(rval != this); - - free(data); - return rval; + // Fixme: Johanna + return nullptr; } int BroType::MatchesIndex(ListExpr*& index) const @@ -203,124 +185,6 @@ unsigned int BroType::MemoryAllocation() const return padded_sizeof(*this); } -bool BroType::Serialize(SerialInfo* info) const - { - // We always send full types (see below). - if ( ! SERIALIZE(true) ) - return false; - - bool ret = SerialObj::Serialize(info); - return ret; - } - -BroType* BroType::Unserialize(UnserialInfo* info, bool use_existing) - { - // To avoid external Broccoli clients needing to always send full type - // objects, we allow them to give us only the name of a type. To - // differentiate between the two cases, we exchange a flag first. - bool full_type = true;; - if ( ! UNSERIALIZE(&full_type) ) - return 0; - - if ( ! full_type ) - { - const char* name; - if ( ! UNSERIALIZE_STR(&name, 0) ) - return 0; - - ID* id = global_scope()->Lookup(name); - if ( ! id ) - { - info->s->Error(fmt("unknown type %s", name)); - return 0; - } - - BroType* t = id->AsType(); - if ( ! t ) - { - info->s->Error(fmt("%s is not a type", name)); - return 0; - } - - return t->Ref(); - } - - BroType* t = (BroType*) SerialObj::Unserialize(info, SER_BRO_TYPE); - - if ( ! t || ! use_existing ) - return t; - - if ( ! t->name.empty() ) - { - // Avoid creating a new type if it's known by name. - // Also avoids loss of base type name alias (from condition below). - ID* id = global_scope()->Lookup(t->name.c_str()); - BroType* t2 = id ? id->AsType() : 0; - - if ( t2 ) - { - Unref(t); - return t2->Ref(); - } - } - - if ( t->base_type ) - { - BroType* t2 = ::base_type(TypeTag(t->tag)); - Unref(t); - assert(t2); - return t2; - } - - assert(t); - return t; - } - -IMPLEMENT_SERIAL(BroType, SER_BRO_TYPE) - -bool BroType::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_BRO_TYPE, BroObj); - - info->s->WriteOpenTag("Type"); - - if ( ! (SERIALIZE(char(tag)) && SERIALIZE(char(internal_tag))) ) - return false; - - if ( ! (SERIALIZE(is_network_order) && SERIALIZE(base_type)) ) - return false; - - SERIALIZE_STR(name.c_str(), name.size()); - - info->s->WriteCloseTag("Type"); - - return true; - } - -bool BroType::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BroObj); - - char c1, c2; - if ( ! (UNSERIALIZE(&c1) && UNSERIALIZE(&c2) ) ) - return 0; - - tag = (TypeTag) c1; - internal_tag = (InternalTypeTag) c2; - - if ( ! (UNSERIALIZE(&is_network_order) && UNSERIALIZE(&base_type)) ) - return 0; - - const char* n; - if ( ! UNSERIALIZE_STR(&n, 0) ) - return false; - - name = n; - delete [] n; - - return true; - } - TypeList::~TypeList() { loop_over_list(types, i) @@ -383,47 +247,6 @@ void TypeList::Describe(ODesc* d) const } } -IMPLEMENT_SERIAL(TypeList, SER_TYPE_LIST); - -bool TypeList::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_TYPE_LIST, BroType); - - SERIALIZE_OPTIONAL(pure_type); - - if ( ! SERIALIZE(types.length()) ) - return false; - - loop_over_list(types, j) - { - if ( ! types[j]->Serialize(info) ) - return false; - } - - return true; - } - -bool TypeList::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BroType); - - UNSERIALIZE_OPTIONAL(pure_type, BroType::Unserialize(info)); - - int len; - if ( ! UNSERIALIZE(&len) ) - return false; - - while ( len-- ) - { - BroType* t = BroType::Unserialize(info); - if ( ! t ) - return false; - - types.append(t); - } - return true; - } - IndexType::~IndexType() { Unref(indices); @@ -530,25 +353,6 @@ bool IndexType::IsSubNetIndex() const return false; } -IMPLEMENT_SERIAL(IndexType, SER_INDEX_TYPE); - -bool IndexType::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_INDEX_TYPE, BroType); - - SERIALIZE_OPTIONAL(yield_type); - return indices->Serialize(info); - } - -bool IndexType::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BroType); - - UNSERIALIZE_OPTIONAL(yield_type, BroType::Unserialize(info)); - indices = (TypeList*) BroType::Unserialize(info); - return indices != 0; - } - TableType::TableType(TypeList* ind, BroType* yield) : IndexType(TYPE_TABLE, ind, yield) { @@ -650,43 +454,11 @@ SetType::SetType(TypeList* ind, ListExpr* arg_elements) : TableType(ind, 0) } } -IMPLEMENT_SERIAL(TableType, SER_TABLE_TYPE); - -bool TableType::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_TABLE_TYPE, IndexType); - return true; - } - -bool TableType::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(IndexType); - return true; - } - SetType::~SetType() { Unref(elements); } -IMPLEMENT_SERIAL(SetType, SER_SET_TYPE); - -bool SetType::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_SET_TYPE, TableType); - - SERIALIZE_OPTIONAL(elements); - return true; - } - -bool SetType::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(TableType); - - UNSERIALIZE_OPTIONAL(elements, (ListExpr*) Expr::Unserialize(info, EXPR_LIST)); - return true; - } - FuncType::FuncType(RecordType* arg_args, BroType* arg_yield, function_flavor arg_flavor) : BroType(TYPE_FUNC) { @@ -822,80 +594,6 @@ void FuncType::DescribeReST(ODesc* d, bool roles_only) const } } -IMPLEMENT_SERIAL(FuncType, SER_FUNC_TYPE); - -bool FuncType::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_FUNC_TYPE, BroType); - - assert(args); - assert(arg_types); - - SERIALIZE_OPTIONAL(yield); - - int ser_flavor = 0; - - switch ( flavor ) { - - case FUNC_FLAVOR_FUNCTION: - ser_flavor = 0; - break; - - case FUNC_FLAVOR_EVENT: - ser_flavor = 1; - break; - - case FUNC_FLAVOR_HOOK: - ser_flavor = 2; - break; - - default: - reporter->InternalError("Invalid function flavor serialization"); - break; - } - - return args->Serialize(info) && - arg_types->Serialize(info) && - SERIALIZE(ser_flavor); - } - -bool FuncType::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BroType); - - UNSERIALIZE_OPTIONAL(yield, BroType::Unserialize(info)); - - args = (RecordType*) BroType::Unserialize(info); - if ( ! args ) - return false; - - arg_types = (TypeList*) BroType::Unserialize(info); - if ( ! arg_types ) - return false; - - int ser_flavor = 0; - - if ( ! UNSERIALIZE(&ser_flavor) ) - return false; - - switch ( ser_flavor ) { - case 0: - flavor = FUNC_FLAVOR_FUNCTION; - break; - case 1: - flavor = FUNC_FLAVOR_EVENT; - break; - case 2: - flavor = FUNC_FLAVOR_HOOK; - break; - default: - reporter->InternalError("Invalid function flavor unserialization"); - break; - } - - return true; - } - TypeDecl::TypeDecl(BroType* t, const char* i, attr_list* arg_attrs, bool in_record) { type = t; @@ -921,35 +619,6 @@ TypeDecl::~TypeDecl() delete [] id; } -bool TypeDecl::Serialize(SerialInfo* info) const - { - assert(type); - assert(id); - - SERIALIZE_OPTIONAL(attrs); - - if ( ! (type->Serialize(info) && SERIALIZE(id)) ) - return false; - - return true; - } - -TypeDecl* TypeDecl::Unserialize(UnserialInfo* info) - { - TypeDecl* t = new TypeDecl(0, 0, 0); - - UNSERIALIZE_OPTIONAL_STATIC(t->attrs, Attributes::Unserialize(info), t); - t->type = BroType::Unserialize(info); - - if ( ! (t->type && UNSERIALIZE_STR(&t->id, 0)) ) - { - delete t; - return 0; - } - - return t; - } - void TypeDecl::DescribeReST(ODesc* d, bool roles_only) const { d->Add(id); @@ -1253,67 +922,6 @@ void RecordType::DescribeFieldsReST(ODesc* d, bool func_args) const d->PopIndentNoNL(); } -IMPLEMENT_SERIAL(RecordType, SER_RECORD_TYPE) - -bool RecordType::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_RECORD_TYPE, BroType); - - if ( ! SERIALIZE(num_fields) ) - return false; - - if ( types ) - { - if ( ! (SERIALIZE(true) && SERIALIZE(types->length())) ) - return false; - - loop_over_list(*types, i) - { - if ( ! (*types)[i]->Serialize(info) ) - return false; - } - } - - else if ( ! SERIALIZE(false) ) - return false; - - return true; - } - -bool RecordType::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BroType); - - if ( ! UNSERIALIZE(&num_fields) ) - return false; - - bool has_it; - if ( ! UNSERIALIZE(&has_it) ) - return false; - - if ( has_it ) - { - int len; - if ( ! UNSERIALIZE(&len) ) - return false; - - types = new type_decl_list(len); - - while ( len-- ) - { - TypeDecl* t = TypeDecl::Unserialize(info); - if ( ! t ) - return false; - - types->append(t); - } - } - else - types = 0; - - return true; - } - SubNetType::SubNetType() : BroType(TYPE_SUBNET) { } @@ -1326,20 +934,6 @@ void SubNetType::Describe(ODesc* d) const d->Add(int(Tag())); } -IMPLEMENT_SERIAL(SubNetType, SER_SUBNET_TYPE); - -bool SubNetType::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_SUBNET_TYPE, BroType); - return true; - } - -bool SubNetType::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BroType); - return true; - } - FileType::FileType(BroType* yield_type) : BroType(TYPE_FILE) { @@ -1370,24 +964,6 @@ void FileType::Describe(ODesc* d) const } } -IMPLEMENT_SERIAL(FileType, SER_FILE_TYPE); - -bool FileType::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_FILE_TYPE, BroType); - - assert(yield); - return yield->Serialize(info); - } - -bool FileType::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BroType); - - yield = BroType::Unserialize(info); - return yield != 0; - } - OpaqueType::OpaqueType(const string& arg_name) : BroType(TYPE_OPAQUE) { name = arg_name; @@ -1408,28 +984,6 @@ void OpaqueType::DescribeReST(ODesc* d, bool roles_only) const d->Add(fmt(":zeek:type:`%s` of %s", type_name(Tag()), name.c_str())); } -IMPLEMENT_SERIAL(OpaqueType, SER_OPAQUE_TYPE); - -bool OpaqueType::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_OPAQUE_TYPE, BroType); - return SERIALIZE_STR(name.c_str(), name.size()); - } - -bool OpaqueType::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BroType); - - const char* n; - if ( ! UNSERIALIZE_STR(&n, 0) ) - return false; - - name = n; - delete [] n; - - return true; - } - EnumType::EnumType(const string& name) : BroType(TYPE_ENUM) { @@ -1672,59 +1226,6 @@ void EnumType::DescribeReST(ODesc* d, bool roles_only) const } } -IMPLEMENT_SERIAL(EnumType, SER_ENUM_TYPE); - -bool EnumType::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_ENUM_TYPE, BroType); - - if ( ! (SERIALIZE(counter) && SERIALIZE((unsigned int) names.size()) && - // Dummy boolean for backwards compatibility. - SERIALIZE(false)) ) - return false; - - for ( NameMap::const_iterator iter = names.begin(); - iter != names.end(); ++iter ) - { - if ( ! SERIALIZE(iter->first) || ! SERIALIZE(iter->second) ) - return false; - } - - return true; - } - -bool EnumType::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BroType); - - unsigned int len; - bool dummy; - if ( ! UNSERIALIZE(&counter) || - ! UNSERIALIZE(&len) || - // Dummy boolean for backwards compatibility. - ! UNSERIALIZE(&dummy) ) - return false; - - while ( len-- ) - { - const char* name; - bro_int_t val; - if ( ! (UNSERIALIZE_STR(&name, 0) && UNSERIALIZE(&val)) ) - return false; - - names[name] = val; - delete [] name; // names[name] converts to std::string - // note: the 'vals' map gets populated lazily, which works fine and - // also happens to avoid a leak due to circular reference between the - // types and vals (there's a special case for unserializing a known - // type that will unserialze and then immediately want to unref the - // type if we already have it, except that won't delete it as intended - // if we've already created circular references to it here). - } - - return true; - } - VectorType::VectorType(BroType* element_type) : BroType(TYPE_VECTOR), yield_type(element_type) { @@ -1791,21 +1292,6 @@ bool VectorType::IsUnspecifiedVector() const return yield_type->Tag() == TYPE_VOID; } -IMPLEMENT_SERIAL(VectorType, SER_VECTOR_TYPE); - -bool VectorType::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_VECTOR_TYPE, BroType); - return yield_type->Serialize(info); - } - -bool VectorType::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BroType); - yield_type = BroType::Unserialize(info); - return yield_type != 0; - } - void VectorType::Describe(ODesc* d) const { if ( d->IsReadable() ) diff --git a/src/Type.h b/src/Type.h index c537bb6203..4825feeb2f 100644 --- a/src/Type.h +++ b/src/Type.h @@ -72,7 +72,6 @@ class SubNetType; class FuncType; class ListExpr; class EnumType; -class Serializer; class VectorType; class TypeType; class OpaqueType; @@ -256,9 +255,6 @@ public: virtual unsigned MemoryAllocation() const; - bool Serialize(SerialInfo* info) const; - static BroType* Unserialize(UnserialInfo* info, bool use_existing = true); - void SetName(const string& arg_name) { name = arg_name; } string GetName() const { return name; } @@ -275,8 +271,6 @@ protected: void SetError(); - DECLARE_SERIAL(BroType) - private: TypeTag tag; InternalTypeTag internal_tag; @@ -325,8 +319,6 @@ public: } protected: - DECLARE_SERIAL(TypeList) - BroType* pure_type; type_list types; }; @@ -356,8 +348,6 @@ protected: } ~IndexType() override; - DECLARE_SERIAL(IndexType) - TypeList* indices; BroType* yield_type; }; @@ -374,8 +364,6 @@ protected: TableType() {} TypeList* ExpandRecordIndex(RecordType* rt) const; - - DECLARE_SERIAL(TableType) }; class SetType : public TableType { @@ -389,8 +377,6 @@ protected: SetType() {} ListExpr* elements; - - DECLARE_SERIAL(SetType) }; class FuncType : public BroType { @@ -420,8 +406,6 @@ public: protected: FuncType() { args = 0; arg_types = 0; yield = 0; flavor = FUNC_FLAVOR_FUNCTION; } - DECLARE_SERIAL(FuncType) - RecordType* args; TypeList* arg_types; BroType* yield; @@ -450,9 +434,6 @@ public: const Attr* FindAttr(attr_tag a) const { return attrs ? attrs->FindAttr(a) : 0; } - bool Serialize(SerialInfo* info) const; - static TypeDecl* Unserialize(UnserialInfo* info); - virtual void DescribeReST(ODesc* d, bool roles_only = false) const; BroType* type; @@ -501,8 +482,6 @@ public: protected: RecordType() { types = 0; } - DECLARE_SERIAL(RecordType) - int num_fields; type_decl_list* types; }; @@ -511,8 +490,6 @@ class SubNetType : public BroType { public: SubNetType(); void Describe(ODesc* d) const override; -protected: - DECLARE_SERIAL(SubNetType) }; class FileType : public BroType { @@ -527,8 +504,6 @@ public: protected: FileType() { yield = 0; } - DECLARE_SERIAL(FileType) - BroType* yield; }; @@ -545,8 +520,6 @@ public: protected: OpaqueType() { } - DECLARE_SERIAL(OpaqueType) - string name; }; @@ -582,8 +555,6 @@ public: protected: EnumType() { counter = 0; } - DECLARE_SERIAL(EnumType) - void AddNameInternal(const string& module_name, const char* name, bro_int_t val, bool is_export); @@ -625,8 +596,6 @@ public: protected: VectorType() { yield_type = 0; } - DECLARE_SERIAL(VectorType) - BroType* yield_type; }; diff --git a/src/Val.cc b/src/Val.cc index 07ae251fc2..e1396035a5 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -20,7 +20,6 @@ #include "Scope.h" #include "NetVar.h" #include "Expr.h" -#include "Serializer.h" #include "PrefixTable.h" #include "Conn.h" #include "Reporter.h" @@ -73,243 +72,8 @@ Val::~Val() Val* Val::Clone() const { - SerializationFormat* form = new BinarySerializationFormat(); - form->StartWrite(); - - CloneSerializer ss(form); - SerialInfo sinfo(&ss); - sinfo.cache = false; - sinfo.include_locations = false; - - if ( ! this->Serialize(&sinfo) ) - return 0; - - char* data; - uint32 len = form->EndWrite(&data); - form->StartRead(data, len); - - UnserialInfo uinfo(&ss); - uinfo.cache = false; - Val* clone = Unserialize(&uinfo, type); - - free(data); - return clone; - } - -bool Val::Serialize(SerialInfo* info) const - { - return SerialObj::Serialize(info); - } - -Val* Val::Unserialize(UnserialInfo* info, TypeTag type, const BroType* exact_type) - { - Val* v = (Val*) SerialObj::Unserialize(info, SER_VAL); - if ( ! v ) - return 0; - - if ( type != TYPE_ANY && (v->Type()->Tag() != type - || (exact_type && ! same_type(exact_type, v->Type()))) ) - { - info->s->Error("type mismatch for value"); - Unref(v); - return 0; - } - - // For MutableVals, we may get a value which, by considering the - // globally unique ID, we already know. To keep references correct, - // we have to bind to the local version. (FIXME: This is not the - // nicest solution. Ideally, DoUnserialize() should be able to pass - // us an alternative ptr to the correct object.) - if ( v->IsMutableVal() ) - { - MutableVal* mv = v->AsMutableVal(); - if ( mv->HasUniqueID() ) - { - ID* current = - global_scope()->Lookup(mv->UniqueID()->Name()); - - if ( current && current != mv->UniqueID() ) - { - DBG_LOG(DBG_STATE, "binding to already existing ID %s\n", current->Name()); - assert(current->ID_Val()); - - // Need to unset the ID here. Otherwise, - // when the SerializationCache destroys - // the value, the global name will disappear. - mv->SetID(0); - Unref(v); - return current->ID_Val()->Ref(); - } - } - } - - // An enum may be bound to a different internal number remotely than we - // do for the same identifier. Check if this is the case, and, if yes, - // rebind to our value. - if ( v->Type()->Tag() == TYPE_ENUM ) - { - int rv = v->AsEnum(); - EnumType* rt = v->Type()->AsEnumType(); - - const char* name = rt->Lookup(rv); - if ( name ) - { - // See if we know the enum locally. - ID* local = global_scope()->Lookup(name); - if ( local && local->IsEnumConst() ) - { - EnumType* lt = local->Type()->AsEnumType(); - int lv = lt->Lookup(local->ModuleName(), - local->Name()); - - // Compare. - if ( rv != lv ) - { - // Different, so let's bind the val - // to the local type. - v->val.int_val = lv; - Unref(rt); - v->type = lt; - ::Ref(lt); - } - } - } - - } - - return v; - } - -IMPLEMENT_SERIAL(Val, SER_VAL); - -bool Val::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_VAL, BroObj); - - if ( ! type->Serialize(info) ) - return false; - - switch ( type->InternalType() ) { - case TYPE_INTERNAL_VOID: - info->s->Error("type is void"); - return false; - - case TYPE_INTERNAL_INT: - return SERIALIZE(val.int_val); - - case TYPE_INTERNAL_UNSIGNED: - return SERIALIZE(val.uint_val); - - case TYPE_INTERNAL_DOUBLE: - return SERIALIZE(val.double_val); - - case TYPE_INTERNAL_STRING: - return SERIALIZE_STR((const char*) val.string_val->Bytes(), - val.string_val->Len()); - - case TYPE_INTERNAL_ADDR: - return SERIALIZE(*val.addr_val); - - case TYPE_INTERNAL_SUBNET: - return SERIALIZE(*val.subnet_val); - - case TYPE_INTERNAL_OTHER: - // Derived classes are responsible for this. - // Exception: Functions and files. There aren't any derived - // classes. - if ( type->Tag() == TYPE_FUNC ) - if ( ! AsFunc()->Serialize(info) ) - return false; - - if ( type->Tag() == TYPE_FILE ) - if ( ! AsFile()->Serialize(info) ) - return false; - return true; - - case TYPE_INTERNAL_ERROR: - info->s->Error("type is error"); - return false; - - default: - info->s->Error("type is out of range"); - return false; - } - - return false; - } - -bool Val::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BroObj); - - if ( type ) - Unref(type); - - if ( ! (type = BroType::Unserialize(info)) ) - return false; - - switch ( type->InternalType() ) { - case TYPE_INTERNAL_VOID: - info->s->Error("type is void"); - return false; - - case TYPE_INTERNAL_INT: - return UNSERIALIZE(&val.int_val); - - case TYPE_INTERNAL_UNSIGNED: - return UNSERIALIZE(&val.uint_val); - - case TYPE_INTERNAL_DOUBLE: - return UNSERIALIZE(&val.double_val); - - case TYPE_INTERNAL_STRING: - const char* str; - int len; - if ( ! UNSERIALIZE_STR(&str, &len) ) - return false; - - val.string_val = new BroString((u_char*) str, len, 1); - delete [] str; - return true; - - case TYPE_INTERNAL_ADDR: - { - val.addr_val = new IPAddr(); - return UNSERIALIZE(val.addr_val); - } - - case TYPE_INTERNAL_SUBNET: - { - val.subnet_val = new IPPrefix(); - return UNSERIALIZE(val.subnet_val); - } - - case TYPE_INTERNAL_OTHER: - // Derived classes are responsible for this. - // Exception: Functions and files. There aren't any derived - // classes. - if ( type->Tag() == TYPE_FUNC ) - { - val.func_val = Func::Unserialize(info); - return val.func_val != 0; - } - else if ( type->Tag() == TYPE_FILE ) - { - val.file_val = BroFile::Unserialize(info); - return val.file_val != 0; - } - return true; - - case TYPE_INTERNAL_ERROR: - info->s->Error("type is error"); - return false; - - default: - info->s->Error("type out of range"); - return false; - } - - return false; + // Fixme: Johanna + return nullptr; } int Val::IsZero() const @@ -652,61 +416,6 @@ void MutableVal::TransferUniqueID(MutableVal* mv) mv->id = 0; } -IMPLEMENT_SERIAL(MutableVal, SER_MUTABLE_VAL); - -bool MutableVal::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_MUTABLE_VAL, Val); - - if ( ! SERIALIZE(props) ) - return false; - - // Don't use ID::Serialize here, that would loop. All we - // need is the name, anyway. - const char* name = id ? id->Name() : ""; - if ( ! SERIALIZE(name) ) - return false; - - return true; - } - -bool MutableVal::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Val); - - if ( ! UNSERIALIZE(&props) ) - return false; - - id = 0; - - const char* name; - if ( ! UNSERIALIZE_STR(&name, 0) ) - return false; - - if ( *name ) - { - id = new ID(name, SCOPE_GLOBAL, true); - id->SetVal(this, OP_NONE, true); - - ID* current = global_scope()->Lookup(name); - if ( ! current ) - { - global_scope()->Insert(name, id); - DBG_LOG(DBG_STATE, "installed formerly unknown ID %s", id->Name()); - } - else - { - DBG_LOG(DBG_STATE, "got already known ID %s", current->Name()); - // This means that we already know the value and - // that in fact we should bind to the local value. - // Val::Unserialize() will take care of this. - } - } - - delete [] name; - return true; - } - IntervalVal::IntervalVal(double quantity, double units) : Val(quantity * units, TYPE_INTERVAL) { @@ -749,20 +458,6 @@ void IntervalVal::ValDescribe(ODesc* d) const DO_UNIT(Microseconds, "usec") } -IMPLEMENT_SERIAL(IntervalVal, SER_INTERVAL_VAL); - -bool IntervalVal::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_INTERVAL_VAL, Val); - return true; - } - -bool IntervalVal::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Val); - return true; - } - PortVal* PortManager::Get(uint32 port_num) const { return val_mgr->GetPort(port_num); @@ -861,20 +556,6 @@ void PortVal::ValDescribe(ODesc* d) const d->Add("/unknown"); } -IMPLEMENT_SERIAL(PortVal, SER_PORT_VAL); - -bool PortVal::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_PORT_VAL, Val); - return true; - } - -bool PortVal::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Val); - return true; - } - AddrVal::AddrVal(const char* text) : Val(TYPE_ADDR) { val.addr_val = new IPAddr(text); @@ -919,20 +600,6 @@ Val* AddrVal::SizeVal() const return val_mgr->GetCount(128); } -IMPLEMENT_SERIAL(AddrVal, SER_ADDR_VAL); - -bool AddrVal::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_ADDR_VAL, Val); - return true; - } - -bool AddrVal::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Val); - return true; - } - SubNetVal::SubNetVal(const char* text) : Val(TYPE_SUBNET) { string s(text); @@ -1043,20 +710,6 @@ bool SubNetVal::Contains(const IPAddr& addr) const return val.subnet_val->Contains(a); } -IMPLEMENT_SERIAL(SubNetVal, SER_SUBNET_VAL); - -bool SubNetVal::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_SUBNET_VAL, Val); - return true; - } - -bool SubNetVal::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Val); - return true; - } - StringVal::StringVal(BroString* s) : Val(TYPE_STRING) { val.string_val = s; @@ -1099,20 +752,6 @@ unsigned int StringVal::MemoryAllocation() const return padded_sizeof(*this) + val.string_val->MemoryAllocation(); } -IMPLEMENT_SERIAL(StringVal, SER_STRING_VAL); - -bool StringVal::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_STRING_VAL, Val); - return true; - } - -bool StringVal::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Val); - return true; - } - PatternVal::PatternVal(RE_Matcher* re) : Val(base_type(TYPE_PATTERN)) { val.re_val = re; @@ -1161,22 +800,6 @@ unsigned int PatternVal::MemoryAllocation() const return padded_sizeof(*this) + val.re_val->MemoryAllocation(); } -IMPLEMENT_SERIAL(PatternVal, SER_PATTERN_VAL); - -bool PatternVal::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_PATTERN_VAL, Val); - return AsPattern()->Serialize(info); - } - -bool PatternVal::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Val); - - val.re_val = RE_Matcher::Unserialize(info); - return val.re_val != 0; - } - ListVal::ListVal(TypeTag t) : Val(new TypeList(t == TYPE_ANY ? 0 : base_type_no_ref(t))) { @@ -1259,52 +882,6 @@ void ListVal::Describe(ODesc* d) const } } -IMPLEMENT_SERIAL(ListVal, SER_LIST_VAL); - -bool ListVal::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_LIST_VAL, Val); - - if ( ! (SERIALIZE(char(tag)) && SERIALIZE(vals.length())) ) - return false; - - loop_over_list(vals, i) - { - if ( ! vals[i]->Serialize(info) ) - return false; - } - - return true; - } - -bool ListVal::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Val); - - char t; - int len; - - if ( ! (UNSERIALIZE(&t) && UNSERIALIZE(&len)) ) - return false; - - tag = TypeTag(t); - - while ( len-- ) - { - Val* v = Val::Unserialize(info, TYPE_ANY); - if ( ! v ) - return false; - - vals.append(v); - } - - // Our dtor will do Unref(type) in addition to Val's dtor. - if ( type ) - type->Ref(); - - return true; - } - unsigned int ListVal::MemoryAllocation() const { unsigned int size = 0; @@ -1580,7 +1157,6 @@ int TableVal::Assign(Val* index, HashKey* k, Val* new_val, Opcode op) delete old_entry_val; } - Modified(); return 1; } @@ -2062,7 +1638,6 @@ Val* TableVal::Delete(const Val* index) delete k; delete v; - Modified(); return va; } @@ -2084,7 +1659,6 @@ Val* TableVal::Delete(const HashKey* k) if ( LoggingAccess() ) StateAccess::Log(new StateAccess(OP_DEL, this, k)); - Modified(); return va; } @@ -2354,7 +1928,6 @@ void TableVal::DoExpire(double t) tbl->RemoveEntry(k); Unref(v->Value()); delete v; - Modified(); } delete k; @@ -2477,236 +2050,6 @@ void TableVal::ReadOperation(Val* index, TableEntryVal* v) } } -IMPLEMENT_SERIAL(TableVal, SER_TABLE_VAL); - -// This is getting rather complex due to the ability to suspend even within -// deeply-nested values. -bool TableVal::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE_WITH_SUSPEND(SER_TABLE_VAL, MutableVal); - - // The current state of the serialization. - struct State { - IterCookie* c; - TableEntryVal* v; // current value - bool did_index; // already wrote the val's index - }* state = 0; - - PDict(TableEntryVal)* tbl = - const_cast(this)->AsNonConstTable(); - - if ( info->cont.NewInstance() ) - { - // For simplicity, we disable suspension for the objects - // serialized here. (In fact we know that *currently* - // they won't even try). - DisableSuspend suspend(info); - - state = new State; - state->c = tbl->InitForIteration(); - tbl->MakeRobustCookie(state->c); - state->v = 0; - state->did_index = false; - info->s->WriteOpenTag(table_type->IsSet() ? "set" : "table"); - - SERIALIZE_OPTIONAL(attrs); - SERIALIZE_OPTIONAL(expire_time); - SERIALIZE_OPTIONAL(expire_func); - - // Make sure nobody kills us in between. - const_cast(this)->Ref(); - } - - else if ( info->cont.ChildSuspended() ) - state = (State*) info->cont.RestoreState(); - - else if ( info->cont.Resuming() ) - { - info->cont.Resume(); - state = (State*) info->cont.RestoreState(); - } - else - reporter->InternalError("unknown continuation state"); - - HashKey* k = 0; - int count = 0; - - assert((!info->cont.ChildSuspended()) || state->v); - - while ( true ) - { - if ( ! state->v ) - { - state->v = tbl->NextEntry(k, state->c); - if ( ! state->c ) - { - // No next one. - if ( ! SERIALIZE(false) ) - { - delete k; - return false; - } - - break; - } - - // There's a value coming. - if ( ! SERIALIZE(true) ) - { - delete k; - return false; - } - - if ( state->v->Value() ) - state->v->Ref(); - - state->did_index = false; - } - - // Serialize index. - if ( k && ! state->did_index ) - { - // Indices are rather small, so we disable suspension - // here again. - DisableSuspend suspend(info); - info->s->WriteOpenTag("key"); - ListVal* index = table_hash->RecoverVals(k)->AsListVal(); - delete k; - - if ( ! index->Serialize(info) ) - return false; - - Unref(index); - info->s->WriteCloseTag("key"); - - state->did_index = true; - - // Start serializing data. - if ( ! type->IsSet() ) - info->s->WriteOpenTag("value"); - } - - if ( ! type->IsSet() ) - { - info->cont.SaveState(state); - info->cont.SaveContext(); - bool result = state->v->val->Serialize(info); - info->cont.RestoreContext(); - - if ( ! result ) - return false; - - if ( info->cont.ChildSuspended() ) - return true; - } - - double eat = state->v->ExpireAccessTime(); - - if ( ! (SERIALIZE(state->v->last_access_time) && - SERIALIZE(eat)) ) - return false; - - info->s->WriteCloseTag("value"); - - if ( state->v->Value() ) - state->v->Unref(); - state->v = 0; // Next value. - - // Suspend if we've done enough for now (which means we - // have serialized more than table_incremental_step entries - // in a row; if an entry has suspended itself in between, - // we start counting from 0). - if ( info->may_suspend && ++count > table_incremental_step) - { - info->cont.SaveState(state); - info->cont.Suspend(); - reporter->Info("TableVals serialization suspended right in the middle."); - return true; - } - } - - info->s->WriteCloseTag(table_type->IsSet() ? "set" : "table"); - delete state; - - Unref(const_cast(this)); - return true; - } - -bool TableVal::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(MutableVal); - - Init((TableType*) type); - - UNSERIALIZE_OPTIONAL(attrs, Attributes::Unserialize(info)); - UNSERIALIZE_OPTIONAL(expire_time, Expr::Unserialize(info)); - UNSERIALIZE_OPTIONAL(expire_func, Expr::Unserialize(info)); - - while ( true ) - { - // Anymore? - bool next; - if ( ! UNSERIALIZE(&next) ) - return false; - - if ( ! next ) - break; - - // Unserialize index. - ListVal* index = - (ListVal*) Val::Unserialize(info, table_type->Indices()); - if ( ! index ) - return false; - - // Unserialize data. - Val* entry; - if ( ! table_type->IsSet() ) - { - entry = Val::Unserialize(info, type->YieldType()); - if ( ! entry ) - return false; - } - else - entry = 0; - - TableEntryVal* entry_val = new TableEntryVal(entry); - - double eat; - - if ( ! UNSERIALIZE(&entry_val->last_access_time) || - ! UNSERIALIZE(&eat) ) - { - entry_val->Unref(); - delete entry_val; - return false; - } - - entry_val->SetExpireAccess(eat); - - HashKey* key = ComputeHash(index); - TableEntryVal* old_entry_val = - AsNonConstTable()->Insert(key, entry_val); - assert(! old_entry_val); - - delete key; - - if ( subnets ) - subnets->Insert(index, entry_val); - - Unref(index); - } - - // If necessary, activate the expire timer. - if ( attrs ) - { - CheckExpireAttr(ATTR_EXPIRE_READ); - CheckExpireAttr(ATTR_EXPIRE_WRITE); - CheckExpireAttr(ATTR_EXPIRE_CREATE); - } - - return true; - } - bool TableVal::AddProperties(Properties arg_props) { if ( ! MutableVal::AddProperties(arg_props) ) @@ -2868,7 +2211,6 @@ void RecordVal::Assign(int field, Val* new_val, Opcode op) } Unref(old_val); - Modified(); } Val* RecordVal::Lookup(int field) const @@ -3056,61 +2398,6 @@ void RecordVal::DescribeReST(ODesc* d) const d->Add("}"); } -IMPLEMENT_SERIAL(RecordVal, SER_RECORD_VAL); - -bool RecordVal::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_RECORD_VAL, MutableVal); - - // We could use the type name as a tag here. - info->s->WriteOpenTag("record"); - - // We don't need to serialize record_type as it's simply the - // casted table_type. - // FIXME: What about origin? - - if ( ! SERIALIZE(val.val_list_val->length()) ) - return false; - - loop_over_list(*val.val_list_val, i) - { - info->s->WriteOpenTag(record_type->FieldName(i)); - Val* v = (*val.val_list_val)[i]; - SERIALIZE_OPTIONAL(v); - info->s->WriteCloseTag(record_type->FieldName(i)); - } - - info->s->WriteCloseTag("record"); - - return true; - } - -bool RecordVal::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(MutableVal); - - record_type = (RecordType*) type; - origin = 0; - - int len; - if ( ! UNSERIALIZE(&len) ) - { - val.val_list_val = new val_list; - return false; - } - - val.val_list_val = new val_list(len); - - for ( int i = 0; i < len; ++i ) - { - Val* v; - UNSERIALIZE_OPTIONAL(v, Val::Unserialize(info)); - AsNonConstRecord()->append(v); // correct for v==0, too. - } - - return true; - } - bool RecordVal::AddProperties(Properties arg_props) { if ( ! MutableVal::AddProperties(arg_props) ) @@ -3172,20 +2459,6 @@ void EnumVal::ValDescribe(ODesc* d) const d->Add(ename); } -IMPLEMENT_SERIAL(EnumVal, SER_ENUM_VAL); - -bool EnumVal::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_ENUM_VAL, Val); - return true; - } - -bool EnumVal::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Val); - return true; - } - VectorVal::VectorVal(VectorType* t) : MutableVal(t) { vector_type = t->Ref()->AsVectorType(); @@ -3262,7 +2535,6 @@ bool VectorVal::Assign(unsigned int index, Val* element, Opcode op) // to do it similarly. (*val.vector_val)[index] = element; - Modified(); return true; } @@ -3357,51 +2629,6 @@ bool VectorVal::RemoveProperties(Properties arg_props) return true; } -IMPLEMENT_SERIAL(VectorVal, SER_VECTOR_VAL); - -bool VectorVal::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_VECTOR_VAL, MutableVal); - - info->s->WriteOpenTag("vector"); - - if ( ! SERIALIZE(unsigned(val.vector_val->size())) ) - return false; - - for ( unsigned int i = 0; i < val.vector_val->size(); ++i ) - { - info->s->WriteOpenTag("value"); - Val* v = (*val.vector_val)[i]; - SERIALIZE_OPTIONAL(v); - info->s->WriteCloseTag("value"); - } - - info->s->WriteCloseTag("vector"); - - return true; - } - -bool VectorVal::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(MutableVal); - - val.vector_val = new vector; - vector_type = type->Ref()->AsVectorType(); - - int len; - if ( ! UNSERIALIZE(&len) ) - return false; - - for ( int i = 0; i < len; ++i ) - { - Val* v; - UNSERIALIZE_OPTIONAL(v, Val::Unserialize(info, TYPE_ANY)); // accept any type - Assign(i, v); - } - - return true; - } - void VectorVal::ValDescribe(ODesc* d) const { d->Add("["); @@ -3429,20 +2656,6 @@ OpaqueVal::~OpaqueVal() { } -IMPLEMENT_SERIAL(OpaqueVal, SER_OPAQUE_VAL); - -bool OpaqueVal::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_OPAQUE_VAL, Val); - return true; - } - -bool OpaqueVal::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Val); - return true; - } - Val* check_and_promote(Val* v, const BroType* t, int is_init) { if ( ! v ) diff --git a/src/Val.h b/src/Val.h index 2d915bcc6f..dc773c9922 100644 --- a/src/Val.h +++ b/src/Val.h @@ -20,6 +20,7 @@ #include "Scope.h" #include "StateAccess.h" #include "IPAddr.h" +#include "DebugLogger.h" // We have four different port name spaces: TCP, UDP, ICMP, and UNKNOWN. // We distinguish between them based on the bits specified in the *_PORT_MASK @@ -36,7 +37,6 @@ class Func; class BroFile; class RE_Matcher; class PrefixTable; -class SerialInfo; class PortVal; class AddrVal; @@ -344,14 +344,6 @@ public: void Describe(ODesc* d) const override; virtual void DescribeReST(ODesc* d) const; - bool Serialize(SerialInfo* info) const; - static Val* Unserialize(UnserialInfo* info, TypeTag type = TYPE_ANY) - { return Unserialize(info, type, 0); } - static Val* Unserialize(UnserialInfo* info, const BroType* exact_type) - { return Unserialize(info, exact_type->Tag(), exact_type); } - - DECLARE_SERIAL(Val); - #ifdef DEBUG // For debugging, we keep a reference to the global ID to which a // value has been bound *last*. @@ -415,10 +407,6 @@ protected: ACCESSOR(TYPE_TABLE, PDict(TableEntryVal)*, table_val, AsNonConstTable) ACCESSOR(TYPE_RECORD, val_list*, val_list_val, AsNonConstRecord) - // Just an internal helper. - static Val* Unserialize(UnserialInfo* info, TypeTag type, - const BroType* exact_type); - BroValUnion val; BroType* type; @@ -544,18 +532,10 @@ public: #endif } - uint64 LastModified() const override { return last_modified; } - - // Mark value as changed. - void Modified() - { - last_modified = IncreaseTimeCounter(); - } - protected: explicit MutableVal(BroType* t) : Val(t) - { props = 0; id = 0; last_modified = SerialObj::ALWAYS; } - MutableVal() { props = 0; id = 0; last_modified = SerialObj::ALWAYS; } + { props = 0; id = 0; } + MutableVal() { props = 0; id = 0; } ~MutableVal() override; friend class ID; @@ -563,8 +543,6 @@ protected: void SetID(ID* arg_id) { Unref(id); id = arg_id; } - DECLARE_SERIAL(MutableVal); - private: ID* Bind() const; @@ -589,8 +567,6 @@ protected: IntervalVal() {} void ValDescribe(ODesc* d) const override; - - DECLARE_SERIAL(IntervalVal); }; @@ -636,8 +612,6 @@ protected: PortVal(uint32 p, bool unused); void ValDescribe(ODesc* d) const override; - - DECLARE_SERIAL(PortVal); }; class AddrVal : public Val { @@ -660,8 +634,6 @@ protected: AddrVal() {} explicit AddrVal(TypeTag t) : Val(t) { } explicit AddrVal(BroType* t) : Val(t) { } - - DECLARE_SERIAL(AddrVal); }; class SubNetVal : public Val { @@ -689,8 +661,6 @@ protected: SubNetVal() {} void ValDescribe(ODesc* d) const override; - - DECLARE_SERIAL(SubNetVal); }; class StringVal : public Val { @@ -721,8 +691,6 @@ protected: StringVal() {} void ValDescribe(ODesc* d) const override; - - DECLARE_SERIAL(StringVal); }; class PatternVal : public Val { @@ -741,8 +709,6 @@ protected: PatternVal() {} void ValDescribe(ODesc* d) const override; - - DECLARE_SERIAL(PatternVal); }; // ListVals are mainly used to index tables that have more than one @@ -786,8 +752,6 @@ protected: friend class Val; ListVal() {} - DECLARE_SERIAL(ListVal); - val_list vals; TypeTag tag; }; @@ -994,8 +958,6 @@ protected: // Propagates a read operation if necessary. void ReadOperation(Val* index, TableEntryVal *v); - DECLARE_SERIAL(TableVal); - TableType* table_type; CompositeHash* table_hash; Attributes* attrs; @@ -1066,8 +1028,6 @@ protected: bool AddProperties(Properties arg_state) override; bool RemoveProperties(Properties arg_state) override; - DECLARE_SERIAL(RecordVal); - RecordType* record_type; BroObj* origin; @@ -1097,8 +1057,6 @@ protected: EnumVal() {} void ValDescribe(ODesc* d) const override; - - DECLARE_SERIAL(EnumVal); }; @@ -1158,8 +1116,6 @@ protected: bool RemoveProperties(Properties arg_state) override; void ValDescribe(ODesc* d) const override; - DECLARE_SERIAL(VectorVal); - VectorType* vector_type; }; @@ -1174,8 +1130,6 @@ public: protected: friend class Val; OpaqueVal() { } - - DECLARE_SERIAL(OpaqueVal); }; // Checks the given value for consistency with the given type. If an diff --git a/src/Var.cc b/src/Var.cc index 3dd3d2702b..3c056ae194 100644 --- a/src/Var.cc +++ b/src/Var.cc @@ -6,7 +6,6 @@ #include "Func.h" #include "Stmt.h" #include "Scope.h" -#include "Serializer.h" #include "EventRegistry.h" #include "Traverse.h" diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.cc b/src/analyzer/protocol/tcp/TCP_Reassembler.cc index fcd8237c55..c5d1832923 100644 --- a/src/analyzer/protocol/tcp/TCP_Reassembler.cc +++ b/src/analyzer/protocol/tcp/TCP_Reassembler.cc @@ -444,20 +444,6 @@ void TCP_Reassembler::Overlap(const u_char* b1, const u_char* b2, uint64 n) } } -IMPLEMENT_SERIAL(TCP_Reassembler, SER_TCP_REASSEMBLER); - -bool TCP_Reassembler::DoSerialize(SerialInfo* info) const - { - reporter->InternalError("TCP_Reassembler::DoSerialize not implemented"); - return false; // Cannot be reached. - } - -bool TCP_Reassembler::DoUnserialize(UnserialInfo* info) - { - reporter->InternalError("TCP_Reassembler::DoUnserialize not implemented"); - return false; // Cannot be reached. - } - void TCP_Reassembler::Deliver(uint64 seq, int len, const u_char* data) { if ( type == Direct ) diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.h b/src/analyzer/protocol/tcp/TCP_Reassembler.h index bacfa663e0..f4512e4503 100644 --- a/src/analyzer/protocol/tcp/TCP_Reassembler.h +++ b/src/analyzer/protocol/tcp/TCP_Reassembler.h @@ -89,8 +89,6 @@ public: private: TCP_Reassembler() { } - DECLARE_SERIAL(TCP_Reassembler); - void Undelivered(uint64 up_to_seq) override; void Gap(uint64 seq, uint64 len); diff --git a/src/bro.bif b/src/bro.bif index c3a9f13d56..05c72d4039 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -4886,7 +4886,7 @@ function uninstall_dst_net_filter%(snet: subnet%) : bool %} ## Writes the binary event stream generated by the core to a given file. -## Use the ``-x `` command line switch to replay saved events. +## Use the ``-R `` command line switch to replay saved events. ## ## filename: The name of the file which stores the events. ## @@ -4895,32 +4895,9 @@ function uninstall_dst_net_filter%(snet: subnet%) : bool ## .. zeek:see:: capture_state_updates function capture_events%(filename: string%) : bool %{ - if ( ! event_serializer ) - event_serializer = new FileSerializer(); - else - event_serializer->Close(); + // Fixme: johanna - return val_mgr->GetBool(event_serializer->Open( - (const char*) filename->CheckString())); - %} - -## Writes state updates generated by :zeek:attr:`&synchronized` variables to a -## file. -## -## filename: The name of the file which stores the state updates. -## -## Returns: True if opening the target file succeeds. -## -## .. zeek:see:: capture_events -function capture_state_updates%(filename: string%) : bool - %{ - if ( ! state_serializer ) - state_serializer = new FileSerializer(); - else - state_serializer->Close(); - - return val_mgr->GetBool(state_serializer->Open( - (const char*) filename->CheckString())); + return val_mgr->GetBool(true); %} ## Checks whether the last raised event came from a remote peer. diff --git a/src/broker/Data.cc b/src/broker/Data.cc index 849bad5d9b..63efd58d44 100644 --- a/src/broker/Data.cc +++ b/src/broker/Data.cc @@ -128,12 +128,8 @@ struct val_converter { } case TYPE_OPAQUE: { - SerializationFormat* form = new BinarySerializationFormat(); - form->StartRead(a.data(), a.size()); - CloneSerializer ss(form); - UnserialInfo uinfo(&ss); - uinfo.cache = false; - return Val::Unserialize(&uinfo, type->Tag()); + // Fixme: Johanna + return nullptr; } default: return nullptr; @@ -511,12 +507,8 @@ struct type_checker { case TYPE_OPAQUE: { // TODO - SerializationFormat* form = new BinarySerializationFormat(); - form->StartRead(a.data(), a.size()); - CloneSerializer ss(form); - UnserialInfo uinfo(&ss); - uinfo.cache = false; - return Val::Unserialize(&uinfo, type->Tag()); + // Fixme: johanna + return false; } default: return false; @@ -978,24 +970,10 @@ broker::expected bro_broker::val_to_data(Val* v) broker::vector rval = {p->PatternText(), p->AnywherePatternText()}; return {std::move(rval)}; } - case TYPE_OPAQUE: - { - SerializationFormat* form = new BinarySerializationFormat(); - form->StartWrite(); - CloneSerializer ss(form); - SerialInfo sinfo(&ss); - sinfo.cache = false; - sinfo.include_locations = false; - - if ( ! v->Serialize(&sinfo) ) - return broker::ec::invalid_data; - - char* data; - uint32 len = form->EndWrite(&data); - string rval(data, len); - free(data); - return {std::move(rval)}; - } + // Fixme: johanna + // case TYPE_OPAQUE: + // { + // } default: reporter->Error("unsupported Broker::Data type: %s", type_name(v->Type()->Tag())); @@ -1131,42 +1109,6 @@ Val* bro_broker::DataVal::castTo(BroType* t) return data_to_val(data, t); } -IMPLEMENT_SERIAL(bro_broker::DataVal, SER_COMM_DATA_VAL); - -bool bro_broker::DataVal::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_COMM_DATA_VAL, OpaqueVal); - - std::string buffer; - caf::containerbuf sb{buffer}; - caf::stream_serializer&> serializer{sb}; - serializer << data; - - if ( ! SERIALIZE_STR(buffer.data(), buffer.size()) ) - return false; - - return true; - } - -bool bro_broker::DataVal::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(OpaqueVal); - - const char* serial; - int len; - - if ( ! UNSERIALIZE_STR(&serial, &len) ) - return false; - - caf::arraybuf sb{const_cast(serial), // will not write - static_cast(len)}; - caf::stream_deserializer&> deserializer{sb}; - deserializer >> data; - - delete [] serial; - return true; - } - broker::data bro_broker::threading_field_to_data(const threading::Field* f) { auto name = f->name; diff --git a/src/broker/Data.h b/src/broker/Data.h index e2a5968a82..bf7bdd8cad 100644 --- a/src/broker/Data.h +++ b/src/broker/Data.h @@ -120,8 +120,6 @@ public: return script_data_type; } - DECLARE_SERIAL(DataVal); - broker::data data; protected: diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc index 959ef6cb9d..93202f6b46 100644 --- a/src/broker/Manager.cc +++ b/src/broker/Manager.cc @@ -18,6 +18,7 @@ #include "logging/Manager.h" #include "DebugLogger.h" #include "iosource/Manager.h" +#include "SerializationFormat.h" using namespace std; diff --git a/src/broker/Store.cc b/src/broker/Store.cc index 200e1b6abf..f4db09f030 100644 --- a/src/broker/Store.cc +++ b/src/broker/Store.cc @@ -49,48 +49,6 @@ void StoreHandleVal::ValDescribe(ODesc* d) const d->Add("}"); } -IMPLEMENT_SERIAL(StoreHandleVal, SER_COMM_STORE_HANDLE_VAL); - -bool StoreHandleVal::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_COMM_STORE_HANDLE_VAL, OpaqueVal); - - auto name = store.name(); - if ( ! SERIALIZE_STR(name.data(), name.size()) ) - return false; - - return true; - } - -bool StoreHandleVal::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(OpaqueVal); - - const char* name_str; - int len; - - if ( ! UNSERIALIZE_STR(&name_str, &len) ) - return false; - - std::string name(name_str, len); - delete [] name_str; - - auto handle = broker_mgr->LookupStore(name); - if ( ! handle ) - { - // Passing serialized version of store handles to other Bro processes - // doesn't make sense, only allow local clones of the handle val. - reporter->Error("failed to look up unserialized store handle %s", - name.c_str()); - return false; - } - - store = handle->store; - proxy = broker::store::proxy{store}; - - return true; - } - broker::backend to_backend_type(BifEnum::Broker::BackendType type) { switch ( type ) { diff --git a/src/broker/Store.h b/src/broker/Store.h index 1df60584fd..190417d71d 100644 --- a/src/broker/Store.h +++ b/src/broker/Store.h @@ -116,8 +116,6 @@ public: void ValDescribe(ODesc* d) const override; - DECLARE_SERIAL(StoreHandleVal); - broker::store store; broker::store::proxy proxy; diff --git a/src/file_analysis/FileReassembler.cc b/src/file_analysis/FileReassembler.cc index ba15086320..41a37c52fd 100644 --- a/src/file_analysis/FileReassembler.cc +++ b/src/file_analysis/FileReassembler.cc @@ -110,19 +110,4 @@ void FileReassembler::Overlap(const u_char* b1, const u_char* b2, uint64 n) { // Not doing anything here yet. } - -IMPLEMENT_SERIAL(FileReassembler, SER_FILE_REASSEMBLER); - -bool FileReassembler::DoSerialize(SerialInfo* info) const - { - reporter->InternalError("FileReassembler::DoSerialize not implemented"); - return false; // Cannot be reached. - } - -bool FileReassembler::DoUnserialize(UnserialInfo* info) - { - reporter->InternalError("FileReassembler::DoUnserialize not implemented"); - return false; // Cannot be reached. - } - } // end file_analysis diff --git a/src/file_analysis/FileReassembler.h b/src/file_analysis/FileReassembler.h index c6143a5565..79aff34829 100644 --- a/src/file_analysis/FileReassembler.h +++ b/src/file_analysis/FileReassembler.h @@ -50,8 +50,6 @@ public: protected: FileReassembler(); - DECLARE_SERIAL(FileReassembler); - void Undelivered(uint64 up_to_seq) override; void BlockInserted(DataBlock* b) override; void Overlap(const u_char* b1, const u_char* b2, uint64 n) override; diff --git a/src/file_analysis/analyzer/x509/OCSP.cc b/src/file_analysis/analyzer/x509/OCSP.cc index d55931c946..9512d43260 100644 --- a/src/file_analysis/analyzer/x509/OCSP.cc +++ b/src/file_analysis/analyzer/x509/OCSP.cc @@ -28,8 +28,6 @@ X509* helper_sk_X509_value(const STACK_OF(X509)* certs, int i) using namespace file_analysis; -IMPLEMENT_SERIAL(OCSP_RESPVal, SER_OCSP_RESP_VAL); - #define OCSP_STRING_BUF_SIZE 2048 static Val* get_ocsp_type(RecordVal* args, const char* name) @@ -713,31 +711,3 @@ OCSP_RESPONSE* OCSP_RESPVal::GetResp() const return ocsp_resp; } -bool OCSP_RESPVal::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_OCSP_RESP_VAL, OpaqueVal); - unsigned char *buf = nullptr; - int length = i2d_OCSP_RESPONSE(ocsp_resp, &buf); - if ( length < 0 ) - return false; - bool res = SERIALIZE_STR(reinterpret_cast(buf), length); - OPENSSL_free(buf); - return res; - } - -bool OCSP_RESPVal::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(OpaqueVal) - - int length; - unsigned char *ocsp_resp_buf, *opensslbuf; - - if ( ! UNSERIALIZE_STR(reinterpret_cast(&ocsp_resp_buf), &length) ) - return false; - opensslbuf = ocsp_resp_buf; // OpenSSL likes to shift pointers around. really. - ocsp_resp = d2i_OCSP_RESPONSE(nullptr, const_cast(&opensslbuf), length); - delete [] ocsp_resp_buf; - if ( ! ocsp_resp ) - return false; - return true; - } diff --git a/src/file_analysis/analyzer/x509/OCSP.h b/src/file_analysis/analyzer/x509/OCSP.h index eb6499794c..9bb7b5712f 100644 --- a/src/file_analysis/analyzer/x509/OCSP.h +++ b/src/file_analysis/analyzer/x509/OCSP.h @@ -46,7 +46,6 @@ protected: OCSP_RESPVal(); private: OCSP_RESPONSE *ocsp_resp; - DECLARE_SERIAL(OCSP_RESPVal); }; } diff --git a/src/file_analysis/analyzer/x509/X509.cc b/src/file_analysis/analyzer/x509/X509.cc index 524aae1f27..8b5159ca3b 100644 --- a/src/file_analysis/analyzer/x509/X509.cc +++ b/src/file_analysis/analyzer/x509/X509.cc @@ -18,8 +18,6 @@ using namespace file_analysis; -IMPLEMENT_SERIAL(X509Val, SER_X509_VAL); - file_analysis::X509::X509(RecordVal* args, file_analysis::File* file) : file_analysis::X509Common::X509Common(file_mgr->GetComponentTag("X509"), args, file) { @@ -482,39 +480,3 @@ X509Val::~X509Val() return certificate; } -bool X509Val::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_X509_VAL, OpaqueVal); - - unsigned char *buf = NULL; - - int length = i2d_X509(certificate, &buf); - - if ( length < 0 ) - return false; - - bool res = SERIALIZE_STR(reinterpret_cast(buf), length); - - OPENSSL_free(buf); - return res; - } - -bool X509Val::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(OpaqueVal) - - int length; - unsigned char *certbuf, *opensslbuf; - - if ( ! UNSERIALIZE_STR(reinterpret_cast(&certbuf), &length) ) - return false; - - opensslbuf = certbuf; // OpenSSL likes to shift pointers around. really. - certificate = d2i_X509(NULL, const_cast(&opensslbuf), length); - delete[] certbuf; - - if ( !certificate ) - return false; - - return true; - } diff --git a/src/file_analysis/analyzer/x509/X509.h b/src/file_analysis/analyzer/x509/X509.h index a3dc62e533..72676a08be 100644 --- a/src/file_analysis/analyzer/x509/X509.h +++ b/src/file_analysis/analyzer/x509/X509.h @@ -144,8 +144,6 @@ protected: private: ::X509* certificate; // the wrapped certificate - - DECLARE_SERIAL(X509Val); }; } diff --git a/src/iosource/Packet.cc b/src/iosource/Packet.cc index 54d1cc6f27..e2bbe99c30 100644 --- a/src/iosource/Packet.cc +++ b/src/iosource/Packet.cc @@ -2,8 +2,6 @@ #include "Packet.h" #include "Sessions.h" #include "iosource/Manager.h" -#include "SerialInfo.h" -#include "Serializer.h" extern "C" { #ifdef HAVE_NET_ETHERNET_H @@ -673,66 +671,3 @@ void Packet::Describe(ODesc* d) const d->Add(ip.DstAddr()); } -bool Packet::Serialize(SerialInfo* info) const - { - return SERIALIZE(uint32(ts.tv_sec)) && - SERIALIZE(uint32(ts.tv_usec)) && - SERIALIZE(uint32(len)) && - SERIALIZE(link_type) && - info->s->Write(tag.c_str(), tag.length(), "tag") && - info->s->Write((const char*)data, cap_len, "data"); - } - -#ifdef DEBUG -static iosource::PktDumper* dump = 0; -#endif - -Packet* Packet::Unserialize(UnserialInfo* info) - { - pkt_timeval ts; - uint32 len, link_type; - - if ( ! (UNSERIALIZE((uint32 *)&ts.tv_sec) && - UNSERIALIZE((uint32 *)&ts.tv_usec) && - UNSERIALIZE(&len) && - UNSERIALIZE(&link_type)) ) - return 0; - - char* tag; - if ( ! info->s->Read((char**) &tag, 0, "tag") ) - return 0; - - const u_char* pkt; - int caplen; - if ( ! info->s->Read((char**) &pkt, &caplen, "data") ) - { - delete [] tag; - return 0; - } - - Packet *p = new Packet(link_type, &ts, caplen, len, pkt, true, - std::string(tag)); - delete [] tag; - - // For the global timer manager, we take the global network_time as the - // packet's timestamp for feeding it into our packet loop. - if ( p->tag == "" ) - p->time = timer_mgr->Time(); - else - p->time = p->ts.tv_sec + double(p->ts.tv_usec) / 1e6; - -#ifdef DEBUG - if ( debug_logger.IsEnabled(DBG_TM) ) - { - if ( ! dump ) - dump = iosource_mgr->OpenPktDumper("tm.pcap", true); - - if ( dump ) - { - dump->Dump(p); - } - } -#endif - - return p; - } diff --git a/src/iosource/Packet.h b/src/iosource/Packet.h index ec29f39ff5..3ca24cb737 100644 --- a/src/iosource/Packet.h +++ b/src/iosource/Packet.h @@ -24,12 +24,6 @@ enum Layer3Proto { /** * A link-layer packet. - * - * Note that for serialization we don't use much of the support provided by - * the serialization framework. Serialize/Unserialize do all the work by - * themselves. In particular, Packets aren't derived from SerialObj. They are - * completely seperate and self-contained entities, and we don't need any of - * the sophisticated features like object caching. */ class Packet { public: @@ -144,16 +138,6 @@ public: */ void Describe(ODesc* d) const; - /** - * Serializes the packet, with standard signature. - */ - bool Serialize(SerialInfo* info) const; - - /** - * Unserializes the packet, with standard signature. - */ - static Packet* Unserialize(UnserialInfo* info); - /** * Maximal length of a layer 2 address. */ diff --git a/src/logging/WriterBackend.cc b/src/logging/WriterBackend.cc index 7bede8f6e6..162b19d26a 100644 --- a/src/logging/WriterBackend.cc +++ b/src/logging/WriterBackend.cc @@ -4,7 +4,6 @@ #include "util.h" #include "threading/SerialTypes.h" -#include "SerializationFormat.h" #include "Manager.h" #include "WriterBackend.h" @@ -70,58 +69,6 @@ public: using namespace logging; -bool WriterBackend::WriterInfo::Read(SerializationFormat* fmt) - { - int size; - - string tmp_path; - - if ( ! (fmt->Read(&tmp_path, "path") && - fmt->Read(&rotation_base, "rotation_base") && - fmt->Read(&rotation_interval, "rotation_interval") && - fmt->Read(&network_time, "network_time") && - fmt->Read(&size, "config_size")) ) - return false; - - path = copy_string(tmp_path.c_str()); - - config.clear(); - - while ( size-- ) - { - string value; - string key; - - if ( ! (fmt->Read(&value, "config-value") && fmt->Read(&key, "config-key")) ) - return false; - - config.insert(std::make_pair(copy_string(value.c_str()), copy_string(key.c_str()))); - } - - return true; - } - - -bool WriterBackend::WriterInfo::Write(SerializationFormat* fmt) const - { - int size = config.size(); - - if ( ! (fmt->Write(path, "path") && - fmt->Write(rotation_base, "rotation_base") && - fmt->Write(rotation_interval, "rotation_interval") && - fmt->Write(network_time, "network_time") && - fmt->Write(size, "config_size")) ) - return false; - - for ( config_map::const_iterator i = config.begin(); i != config.end(); ++i ) - { - if ( ! (fmt->Write(i->first, "config-value") && fmt->Write(i->second, "config-key")) ) - return false; - } - - return true; - } - broker::data WriterBackend::WriterInfo::ToBroker() const { auto t = broker::table(); diff --git a/src/logging/WriterBackend.h b/src/logging/WriterBackend.h index 187a1957d7..35cf401199 100644 --- a/src/logging/WriterBackend.h +++ b/src/logging/WriterBackend.h @@ -112,8 +112,6 @@ public: // Note, these need to be adapted when changing the struct's // fields. They serialize/deserialize the struct. - bool Read(SerializationFormat* fmt); - bool Write(SerializationFormat* fmt) const; broker::data ToBroker() const; bool FromBroker(broker::data d); diff --git a/src/main.cc b/src/main.cc index c9e32ab4b4..056306b077 100644 --- a/src/main.cc +++ b/src/main.cc @@ -38,7 +38,6 @@ extern "C" { #include "DFA.h" #include "RuleMatcher.h" #include "Anon.h" -#include "Serializer.h" #include "EventRegistry.h" #include "Stats.h" #include "Brofiler.h" @@ -99,9 +98,9 @@ name_list prefixes; Stmt* stmts; EventHandlerPtr net_done = 0; RuleMatcher* rule_matcher = 0; -FileSerializer* event_serializer = 0; -FileSerializer* state_serializer = 0; -EventPlayer* event_player = 0; +// Fixme: Johanna +// FileSerializer* event_serializer = 0; +// EventPlayer* event_player = 0; EventRegistry* event_registry = 0; ProfileLogger* profiling_logger = 0; ProfileLogger* segment_logger = 0; @@ -171,7 +170,6 @@ void usage(int code = 1) fprintf(stderr, " -t|--tracefile | activate execution tracing\n"); fprintf(stderr, " -v|--version | print version and exit\n"); fprintf(stderr, " -w|--writefile | write to given tcpdump file\n"); - fprintf(stderr, " -x|--print-state | print contents of state file\n"); #ifdef DEBUG fprintf(stderr, " -B|--debug | Enable debugging output for selected streams ('-B help' for help)\n"); #endif @@ -353,8 +351,8 @@ void terminate_bro() delete zeekygen_mgr; delete timer_mgr; - delete event_serializer; - delete state_serializer; + // Fixme: johanna + // delete event_serializer; delete event_registry; delete analyzer_mgr; delete file_mgr; @@ -424,7 +422,6 @@ int main(int argc, char** argv) name_list interfaces; name_list read_files; name_list rule_files; - char* bst_file = 0; char* id_name = 0; char* events_file = 0; char* seed_load_file = getenv("BRO_SEED_FILE"); @@ -455,7 +452,6 @@ int main(int argc, char** argv) {"tracefile", required_argument, 0, 't'}, {"writefile", required_argument, 0, 'w'}, {"version", no_argument, 0, 'v'}, - {"print-state", required_argument, 0, 'x'}, {"no-checksums", no_argument, 0, 'C'}, {"force-dns", no_argument, 0, 'F'}, {"load-seeds", required_argument, 0, 'G'}, @@ -578,10 +574,6 @@ int main(int argc, char** argv) writefile = optarg; break; - case 'x': - bst_file = optarg; - break; - case 'B': debug_streams = optarg; break; @@ -744,7 +736,7 @@ int main(int argc, char** argv) if ( optind == argc && read_files.length() == 0 && interfaces.length() == 0 && - ! (id_name || bst_file) && ! command_line_policy && ! print_plugins ) + ! id_name && ! command_line_policy && ! print_plugins ) add_input_file("-"); // Process remaining arguments. X=Y arguments indicate script @@ -796,8 +788,9 @@ int main(int argc, char** argv) plugin_mgr->ActivateDynamicPlugins(! bare_mode); - if ( events_file ) - event_player = new EventPlayer(events_file); + // Fixme: Johanna + // if ( events_file ) + // event_player = new EventPlayer(events_file); init_event_handlers(); @@ -972,19 +965,6 @@ int main(int argc, char** argv) exit(0); } - // Just read state file from disk. - if ( bst_file ) - { - FileSerializer s; - UnserialInfo info(&s); - info.print = stdout; - info.install_uniques = true; - if ( ! s.Read(&info, bst_file) ) - reporter->Error("Failed to read events from %s\n", bst_file); - - exit(0); - } - // Print the ID. if ( id_name ) { diff --git a/src/probabilistic/BitVector.cc b/src/probabilistic/BitVector.cc index 7fa80c206b..6e09c370a4 100644 --- a/src/probabilistic/BitVector.cc +++ b/src/probabilistic/BitVector.cc @@ -5,7 +5,6 @@ #include #include "BitVector.h" -#include "Serializer.h" #include "digest.h" using namespace probabilistic; @@ -539,56 +538,3 @@ BitVector::size_type BitVector::find_from(size_type i) const return i * bits_per_block + lowest_bit(bits[i]); } -bool BitVector::Serialize(SerialInfo* info) const - { - return SerialObj::Serialize(info); - } - -BitVector* BitVector::Unserialize(UnserialInfo* info) - { - return reinterpret_cast(SerialObj::Unserialize(info, SER_BITVECTOR)); - } - -IMPLEMENT_SERIAL(BitVector, SER_BITVECTOR); - -bool BitVector::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_BITVECTOR, SerialObj); - - if ( ! SERIALIZE(static_cast(bits.size())) ) - return false; - - for ( size_t i = 0; i < bits.size(); ++i ) - if ( ! SERIALIZE(static_cast(bits[i])) ) - return false; - - return SERIALIZE(static_cast(num_bits)); - } - -bool BitVector::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(SerialObj); - - uint64 size; - if ( ! UNSERIALIZE(&size) ) - return false; - - bits.resize(static_cast(size)); - - for ( size_t i = 0; i < bits.size(); ++i ) - { - uint64 block; - if ( ! UNSERIALIZE(&block) ) - return false; - - bits[i] = static_cast(block); - } - - uint64 n; - if ( ! UNSERIALIZE(&n) ) - return false; - - num_bits = static_cast(n); - - return true; - } diff --git a/src/probabilistic/BitVector.h b/src/probabilistic/BitVector.h index a1ff0c9ad9..a87b27e55b 100644 --- a/src/probabilistic/BitVector.h +++ b/src/probabilistic/BitVector.h @@ -6,16 +6,14 @@ #include #include -#include "SerialObj.h" - namespace probabilistic { /** * A vector of bits. */ -class BitVector : public SerialObj { +class BitVector { public: - typedef uint64 block_type; + typedef uint64_t block_type; typedef size_t size_type; typedef bool const_reference; @@ -281,28 +279,7 @@ public: * * @return The hash. */ - uint64 Hash() const; - - /** - * Serializes the bit vector. - * - * @param info The serializaton informationt to use. - * - * @return True if successful. - */ - bool Serialize(SerialInfo* info) const; - - /** - * Unserialize the bit vector. - * - * @param info The serializaton informationt to use. - * - * @return The unserialized bit vector, or null if an error occured. - */ - static BitVector* Unserialize(UnserialInfo* info); - -protected: - DECLARE_SERIAL(BitVector); + uint64_t Hash() const; private: /** diff --git a/src/probabilistic/BloomFilter.cc b/src/probabilistic/BloomFilter.cc index ef671268b9..e12de2f049 100644 --- a/src/probabilistic/BloomFilter.cc +++ b/src/probabilistic/BloomFilter.cc @@ -7,9 +7,9 @@ #include "BloomFilter.h" #include "CounterVector.h" -#include "Serializer.h" #include "../util.h" +#include "../Reporter.h" using namespace probabilistic; @@ -28,31 +28,6 @@ BloomFilter::~BloomFilter() delete hasher; } -bool BloomFilter::Serialize(SerialInfo* info) const - { - return SerialObj::Serialize(info); - } - -BloomFilter* BloomFilter::Unserialize(UnserialInfo* info) - { - return reinterpret_cast(SerialObj::Unserialize(info, SER_BLOOMFILTER)); - } - -bool BloomFilter::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_BLOOMFILTER, SerialObj); - - return hasher->Serialize(info); - } - -bool BloomFilter::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(SerialObj); - - hasher = Hasher::Unserialize(info); - return hasher != 0; - } - size_t BasicBloomFilter::M(double fp, size_t capacity) { double ln2 = std::log(2); @@ -130,21 +105,6 @@ BasicBloomFilter::~BasicBloomFilter() delete bits; } -IMPLEMENT_SERIAL(BasicBloomFilter, SER_BASICBLOOMFILTER) - -bool BasicBloomFilter::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_BASICBLOOMFILTER, BloomFilter); - return bits->Serialize(info); - } - -bool BasicBloomFilter::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BloomFilter); - bits = BitVector::Unserialize(info); - return (bits != 0); - } - void BasicBloomFilter::Add(const HashKey* key) { Hasher::digest_vector h = hasher->Hash(key); @@ -232,21 +192,6 @@ string CountingBloomFilter::InternalState() const return fmt("%" PRIu64, cells->Hash()); } -IMPLEMENT_SERIAL(CountingBloomFilter, SER_COUNTINGBLOOMFILTER) - -bool CountingBloomFilter::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_COUNTINGBLOOMFILTER, BloomFilter); - return cells->Serialize(info); - } - -bool CountingBloomFilter::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(BloomFilter); - cells = CounterVector::Unserialize(info); - return (cells != 0); - } - // TODO: Use partitioning in add/count to allow for reusing CMS bounds. void CountingBloomFilter::Add(const HashKey* key) { diff --git a/src/probabilistic/BloomFilter.h b/src/probabilistic/BloomFilter.h index 288a24d416..03acfd17d6 100644 --- a/src/probabilistic/BloomFilter.h +++ b/src/probabilistic/BloomFilter.h @@ -14,12 +14,12 @@ class CounterVector; /** * The abstract base class for Bloom filters. */ -class BloomFilter : public SerialObj { +class BloomFilter { public: /** * Destructor. */ - ~BloomFilter() override; + virtual ~BloomFilter(); /** * Adds an element to the Bloom filter. @@ -71,28 +71,7 @@ public: */ virtual string InternalState() const = 0; - /** - * Serializes the Bloom filter. - * - * @param info The serializaton information to use. - * - * @return True if successful. - */ - bool Serialize(SerialInfo* info) const; - - /** - * Unserializes a Bloom filter. - * - * @param info The serializaton information to use. - * - * @return The unserialized Bloom filter, or null if an error - * occured. - */ - static BloomFilter* Unserialize(UnserialInfo* info); - protected: - DECLARE_ABSTRACT_SERIAL(BloomFilter); - /** * Default constructor. */ @@ -165,8 +144,6 @@ public: string InternalState() const override; protected: - DECLARE_SERIAL(BasicBloomFilter); - /** * Default constructor. */ @@ -210,8 +187,6 @@ public: string InternalState() const override; protected: - DECLARE_SERIAL(CountingBloomFilter); - /** * Default constructor. */ diff --git a/src/probabilistic/CardinalityCounter.cc b/src/probabilistic/CardinalityCounter.cc index 64715c39fd..17caec3e0e 100644 --- a/src/probabilistic/CardinalityCounter.cc +++ b/src/probabilistic/CardinalityCounter.cc @@ -6,7 +6,6 @@ #include "CardinalityCounter.h" #include "Reporter.h" -#include "Serializer.h" using namespace probabilistic; @@ -197,51 +196,6 @@ uint64_t CardinalityCounter::GetM() const return m; } -bool CardinalityCounter::Serialize(SerialInfo* info) const - { - bool valid = true; - - valid &= SERIALIZE(m); - valid &= SERIALIZE(V); - valid &= SERIALIZE(alpha_m); - - for ( unsigned int i = 0; i < m; i++ ) - valid &= SERIALIZE((char)buckets[i]); - - return valid; - } - -CardinalityCounter* CardinalityCounter::Unserialize(UnserialInfo* info) - { - uint64_t m; - uint64_t V; - double alpha_m; - - bool valid = true; - valid &= UNSERIALIZE(&m); - valid &= UNSERIALIZE(&V); - valid &= UNSERIALIZE(&alpha_m); - - CardinalityCounter* c = new CardinalityCounter(m, V, alpha_m); - - vector& buckets = c->buckets; - - for ( unsigned int i = 0; i < m; i++ ) - { - char c; - valid &= UNSERIALIZE(&c); - buckets[i] = (uint8_t)c; - } - - if ( ! valid ) - { - delete c; - c = 0; - } - - return c; - } - /** * The following function is copied from libc/string/flsll.c from the FreeBSD source * tree. Original copyright message follows diff --git a/src/probabilistic/CardinalityCounter.h b/src/probabilistic/CardinalityCounter.h index cde2ec402b..7d898b3c47 100644 --- a/src/probabilistic/CardinalityCounter.h +++ b/src/probabilistic/CardinalityCounter.h @@ -84,25 +84,6 @@ public: */ bool Merge(CardinalityCounter* c); - /** - * Serializes the cardinality counter. - * - * @param info The serializaton information to use. - * - * @return True if successful. - */ - bool Serialize(SerialInfo* info) const; - - /** - * Unserializes a cardinality counter. - * - * @param info The serializaton information to use. - * - * @return The unserialized cardinality counter, or null if an error - * occured. - */ - static CardinalityCounter* Unserialize(UnserialInfo* info); - protected: /** * Return the number of buckets. diff --git a/src/probabilistic/CounterVector.cc b/src/probabilistic/CounterVector.cc index 8608015422..1a3c98c73f 100644 --- a/src/probabilistic/CounterVector.cc +++ b/src/probabilistic/CounterVector.cc @@ -4,7 +4,6 @@ #include #include "BitVector.h" -#include "Serializer.h" using namespace probabilistic; @@ -153,46 +152,8 @@ CounterVector operator|(const CounterVector& x, const CounterVector& y) } -uint64 CounterVector::Hash() const +uint64_t CounterVector::Hash() const { return bits->Hash(); } -bool CounterVector::Serialize(SerialInfo* info) const - { - return SerialObj::Serialize(info); - } - -CounterVector* CounterVector::Unserialize(UnserialInfo* info) - { - return reinterpret_cast(SerialObj::Unserialize(info, SER_COUNTERVECTOR)); - } - -IMPLEMENT_SERIAL(CounterVector, SER_COUNTERVECTOR) - -bool CounterVector::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_COUNTERVECTOR, SerialObj); - - if ( ! bits->Serialize(info) ) - return false; - - return SERIALIZE(static_cast(width)); - } - -bool CounterVector::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(SerialObj); - - bits = BitVector::Unserialize(info); - if ( ! bits ) - return false; - - uint64 w; - if ( ! UNSERIALIZE(&w) ) - return false; - - width = static_cast(w); - - return true; - } diff --git a/src/probabilistic/CounterVector.h b/src/probabilistic/CounterVector.h index 422d172292..04394ebca2 100644 --- a/src/probabilistic/CounterVector.h +++ b/src/probabilistic/CounterVector.h @@ -3,7 +3,8 @@ #ifndef PROBABILISTIC_COUNTERVECTOR_H #define PROBABILISTIC_COUNTERVECTOR_H -#include "SerialObj.h" +#include +#include namespace probabilistic { @@ -12,10 +13,10 @@ class BitVector; /** * A vector of counters, each of which has a fixed number of bits. */ -class CounterVector : public SerialObj { +class CounterVector { public: typedef size_t size_type; - typedef uint64 count_type; + typedef uint64_t count_type; /** * Constructs a counter vector having cells of a given width. @@ -38,7 +39,7 @@ public: /** * Destructor. */ - ~CounterVector() override; + virtual ~CounterVector(); /** * Increments a given cell. @@ -131,26 +132,7 @@ public: * * @return The hash. */ - uint64 Hash() const; - - /** - * Serializes the bit vector. - * - * @param info The serializaton information to use. - * - * @return True if successful. - */ - bool Serialize(SerialInfo* info) const; - - /** - * Unserialize the counter vector. - * - * @param info The serializaton information to use. - * - * @return The unserialized counter vector, or null if an error - * occured. - */ - static CounterVector* Unserialize(UnserialInfo* info); + uint64_t Hash() const; protected: friend CounterVector operator|(const CounterVector& x, @@ -158,8 +140,6 @@ protected: CounterVector() { } - DECLARE_SERIAL(CounterVector); - private: CounterVector& operator=(const CounterVector&); // Disable. diff --git a/src/probabilistic/Hasher.cc b/src/probabilistic/Hasher.cc index d21efbed41..8508cd01ad 100644 --- a/src/probabilistic/Hasher.cc +++ b/src/probabilistic/Hasher.cc @@ -5,7 +5,6 @@ #include "Hasher.h" #include "NetVar.h" -#include "Serializer.h" #include "digest.h" #include "siphash24.h" @@ -41,52 +40,6 @@ Hasher::digest_vector Hasher::Hash(const HashKey* key) const return Hash(key->Key(), key->Size()); } -bool Hasher::Serialize(SerialInfo* info) const - { - return SerialObj::Serialize(info); - } - -Hasher* Hasher::Unserialize(UnserialInfo* info) - { - return reinterpret_cast(SerialObj::Unserialize(info, SER_HASHER)); - } - -bool Hasher::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_HASHER, SerialObj); - - if ( ! SERIALIZE(static_cast(k)) ) - return false; - - if ( ! SERIALIZE(static_cast(seed.h1)) ) - return false; - - return SERIALIZE(static_cast(seed.h2)); - } - -bool Hasher::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(SerialObj); - - uint16 serial_k; - if ( ! UNSERIALIZE(&serial_k) ) - return false; - - k = serial_k; - assert(k > 0); - - seed_t serial_seed; - if ( ! UNSERIALIZE(&serial_seed.h1) ) - return false; - - if ( ! UNSERIALIZE(&serial_seed.h2) ) - return false; - - seed = serial_seed; - - return true; - } - Hasher::Hasher(size_t arg_k, seed_t arg_seed) { k = arg_k; @@ -167,31 +120,6 @@ bool DefaultHasher::Equals(const Hasher* other) const return hash_functions == o->hash_functions; } -IMPLEMENT_SERIAL(DefaultHasher, SER_DEFAULTHASHER) - -bool DefaultHasher::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_DEFAULTHASHER, Hasher); - - // Nothing to do here, the base class has all we need serialized already. - return true; - } - -bool DefaultHasher::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Hasher); - - hash_functions.clear(); - for ( size_t i = 0; i < K(); ++i ) - { - Hasher::seed_t s = Seed(); - s.h1 += bro_prng(i); - hash_functions.push_back(UHF(s)); - } - - return true; - } - DoubleHasher::DoubleHasher(size_t k, seed_t seed) : Hasher(k, seed), h1(seed + bro_prng(1)), h2(seed + bro_prng(2)) { @@ -223,22 +151,3 @@ bool DoubleHasher::Equals(const Hasher* other) const return h1 == o->h1 && h2 == o->h2; } -IMPLEMENT_SERIAL(DoubleHasher, SER_DOUBLEHASHER) - -bool DoubleHasher::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_DOUBLEHASHER, Hasher); - - // Nothing to do here, the base class has all we need serialized already. - return true; - } - -bool DoubleHasher::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(Hasher); - - h1 = UHF(Seed() + bro_prng(1)); - h2 = UHF(Seed() + bro_prng(2)); - - return true; - } diff --git a/src/probabilistic/Hasher.h b/src/probabilistic/Hasher.h index 7fd2e4fb2f..baceb45fff 100644 --- a/src/probabilistic/Hasher.h +++ b/src/probabilistic/Hasher.h @@ -4,7 +4,6 @@ #define PROBABILISTIC_HASHER_H #include "Hash.h" -#include "SerialObj.h" namespace probabilistic { @@ -12,7 +11,7 @@ namespace probabilistic { * Abstract base class for hashers. A hasher creates a family of hash * functions to hash an element *k* times. */ -class Hasher : public SerialObj { +class Hasher { public: typedef hash_t digest; typedef std::vector digest_vector; @@ -43,7 +42,7 @@ public: /** * Destructor. */ - ~Hasher() override { } + virtual ~Hasher() { } /** * Computes hash values for an element. @@ -99,12 +98,7 @@ public: */ seed_t Seed() const { return seed; } - bool Serialize(SerialInfo* info) const; - static Hasher* Unserialize(UnserialInfo* info); - protected: - DECLARE_ABSTRACT_SERIAL(Hasher); - Hasher() { } /** @@ -208,8 +202,6 @@ public: DefaultHasher* Clone() const final; bool Equals(const Hasher* other) const final; - DECLARE_SERIAL(DefaultHasher); - private: DefaultHasher() { } @@ -236,8 +228,6 @@ public: DoubleHasher* Clone() const final; bool Equals(const Hasher* other) const final; - DECLARE_SERIAL(DoubleHasher); - private: DoubleHasher() { } diff --git a/src/probabilistic/Topk.cc b/src/probabilistic/Topk.cc index d3d3d6a132..ca3511069a 100644 --- a/src/probabilistic/Topk.cc +++ b/src/probabilistic/Topk.cc @@ -3,13 +3,10 @@ #include "probabilistic/Topk.h" #include "CompHash.h" #include "Reporter.h" -#include "Serializer.h" #include "NetVar.h" namespace probabilistic { -IMPLEMENT_SERIAL(TopkVal, SER_TOPK_VAL); - static void topk_element_hash_delete_func(void* val) { Element* e = (Element*) val; @@ -183,109 +180,6 @@ void TopkVal::Merge(const TopkVal* value, bool doPrune) } } -bool TopkVal::DoSerialize(SerialInfo* info) const - { - DO_SERIALIZE(SER_TOPK_VAL, OpaqueVal); - - bool v = true; - - v &= SERIALIZE(size); - v &= SERIALIZE(numElements); - v &= SERIALIZE(pruned); - - bool type_present = (type != 0); - v &= SERIALIZE(type_present); - - if ( type_present ) - v &= type->Serialize(info); - else - assert(numElements == 0); - - uint64_t i = 0; - std::list::const_iterator it = buckets.begin(); - while ( it != buckets.end() ) - { - Bucket* b = *it; - uint32_t elements_count = b->elements.size(); - v &= SERIALIZE(elements_count); - v &= SERIALIZE(b->count); - - std::list::const_iterator eit = b->elements.begin(); - while ( eit != b->elements.end() ) - { - Element* element = *eit; - v &= SERIALIZE(element->epsilon); - v &= element->value->Serialize(info); - - eit++; - i++; - } - - it++; - } - - assert(i == numElements); - - return v; - } - -bool TopkVal::DoUnserialize(UnserialInfo* info) - { - DO_UNSERIALIZE(OpaqueVal); - - bool v = true; - - v &= UNSERIALIZE(&size); - v &= UNSERIALIZE(&numElements); - v &= UNSERIALIZE(&pruned); - - bool type_present = false; - v &= UNSERIALIZE(&type_present); - if ( type_present ) - { - BroType* deserialized_type = BroType::Unserialize(info); - - Typify(deserialized_type); - Unref(deserialized_type); - assert(type); - } - else - assert(numElements == 0); - - uint64_t i = 0; - while ( i < numElements ) - { - Bucket* b = new Bucket(); - uint32_t elements_count; - v &= UNSERIALIZE(&elements_count); - v &= UNSERIALIZE(&b->count); - b->bucketPos = buckets.insert(buckets.end(), b); - - for ( uint64_t j = 0; j < elements_count; j++ ) - { - Element* e = new Element(); - v &= UNSERIALIZE(&e->epsilon); - e->value = Val::Unserialize(info, type); - e->parent = b; - - b->elements.insert(b->elements.end(), e); - - HashKey* key = GetHash(e->value); - assert (elementDict->Lookup(key) == 0); - - elementDict->Insert(key, e); - delete key; - - i++; - } - } - - assert(i == numElements); - - return v; - } - - VectorVal* TopkVal::GetTopK(int k) const // returns vector { if ( numElements == 0 ) diff --git a/src/probabilistic/Topk.h b/src/probabilistic/Topk.h index fac677a454..3d93bf90b0 100644 --- a/src/probabilistic/Topk.h +++ b/src/probabilistic/Topk.h @@ -161,8 +161,6 @@ private: uint64 size; // how many elements are we tracking? uint64 numElements; // how many elements do we have at the moment bool pruned; // was this data structure pruned? - - DECLARE_SERIAL(TopkVal); }; }; From 3ae4ffc66ec51d929d7641b857aeacaa6c205d7e Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 10 May 2019 09:16:29 -0700 Subject: [PATCH 075/247] Improve Broker I/O loop integration: less mutex locking Checking a subscriber for available messages required locking a mutex, but we should never actually need to do that in the main-loop to check for Broker readiness since we can rely on file descriptor polling. --- src/broker/Manager.cc | 24 ++++-------------------- 1 file changed, 4 insertions(+), 20 deletions(-) diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc index 1da35a87b4..1a6b79c445 100644 --- a/src/broker/Manager.cc +++ b/src/broker/Manager.cc @@ -808,15 +808,8 @@ bool Manager::Unsubscribe(const string& topic_prefix) void Manager::GetFds(iosource::FD_Set* read, iosource::FD_Set* write, iosource::FD_Set* except) { - if ( bstate->status_subscriber.available() || bstate->subscriber.available() ) - SetIdle(false); - read->Insert(bstate->subscriber.fd()); read->Insert(bstate->status_subscriber.fd()); - write->Insert(bstate->subscriber.fd()); - write->Insert(bstate->status_subscriber.fd()); - except->Insert(bstate->subscriber.fd()); - except->Insert(bstate->status_subscriber.fd()); for ( auto& x : data_stores ) read->Insert(x.second->proxy.mailbox().descriptor()); @@ -824,19 +817,10 @@ void Manager::GetFds(iosource::FD_Set* read, iosource::FD_Set* write, double Manager::NextTimestamp(double* local_network_time) { - if ( ! IsIdle() ) - return timer_mgr->Time(); - - if ( bstate->status_subscriber.available() || bstate->subscriber.available() ) - return timer_mgr->Time(); - - for ( auto& s : data_stores ) - { - if ( ! s.second->proxy.mailbox().empty() ) - return timer_mgr->Time(); - } - - return -1; + // We're only asked for a timestamp if either (1) a FD was ready + // or (2) we're not idle (and we go idle if when Process is no-op), + // so there's no case where returning -1 to signify a skip will help. + return timer_mgr->Time(); } void Manager::DispatchMessage(const broker::topic& topic, broker::data msg) From aced89ac9e93bee036794e0124310b108667c79d Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 10 May 2019 19:18:50 -0700 Subject: [PATCH 076/247] Updating submodule(s). [nomail] --- aux/broctl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/broctl b/aux/broctl index 39ae4a469d..7731032fe1 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 39ae4a469d6ae86c12b49020b361da4fcab24b5b +Subproject commit 7731032fe15aa6ff86f3364a6d31c61d15311286 From a87d1fd8758f3e3d9e6c78b2f165311dfac82ae0 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Sat, 11 May 2019 19:05:25 -0500 Subject: [PATCH 077/247] Fix zeek-wrapper The script was not passing command-line arguments to the new program. Also improved some error messages. --- zeek-wrapper.in | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/zeek-wrapper.in b/zeek-wrapper.in index 91c08b5a5a..1372c573e7 100755 --- a/zeek-wrapper.in +++ b/zeek-wrapper.in @@ -17,11 +17,16 @@ base=$(dirname $0) old=$(basename $0) new=$(echo "${old}" | sed 's/^bro/zeek/') -if [ ! -x "${base}/${new}" ]; then +if [ "${new}" = "${old}" ]; then + echo "zeek-wrapper: this script is just a wrapper for old commands" + exit 1 +fi + +if [ ! -f "${base}/${new}" ]; then echo "zeek-wrapper: ${new} not found" exit 1 fi test -t 0 && test -t 1 && test -t 2 && test -z "${ZEEK_IS_BRO}" && deprecated "${old}" "${new}" -test "${new}" != "${old}" && "${base}/${new}" +"${base}/${new}" "$@" From b953a5516fd55e9d24ce25ab6f71ea48dde52eeb Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Sun, 12 May 2019 16:02:37 +0000 Subject: [PATCH 078/247] Updating submodule. --- aux/zeek-aux | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/zeek-aux b/aux/zeek-aux index 6cca8a0b85..fc62112b8b 160000 --- a/aux/zeek-aux +++ b/aux/zeek-aux @@ -1 +1 @@ -Subproject commit 6cca8a0b853c57bd30ca4c5b9998166fdd561067 +Subproject commit fc62112b8b7e0d5905dc46d2cd6a23e9c09de036 From bbaee152800b1c343f30e94b9c2ddc52ef182b82 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Sun, 12 May 2019 19:17:25 -0500 Subject: [PATCH 079/247] Undo a change to btest.cfg from a recent commit Remove a line from btest.cfg that was added (probably unintentionally) in commit 789cb376. --- testing/btest/btest.cfg | 1 - 1 file changed, 1 deletion(-) diff --git a/testing/btest/btest.cfg b/testing/btest/btest.cfg index 8c457afee0..de6ff9c65a 100644 --- a/testing/btest/btest.cfg +++ b/testing/btest/btest.cfg @@ -29,4 +29,3 @@ BRO_DEFAULT_LISTEN_RETRY=1 BRO_DEFAULT_CONNECT_RETRY=1 BRO_DISABLE_BROXYGEN=1 ZEEK_ALLOW_INIT_ERRORS=1 -DYLD_LIBRARY_PATH=/opt/local/lib From 58d55d0f951894984c22dfdbc0a2fb7dd676fb94 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 13 May 2019 20:02:59 -0700 Subject: [PATCH 080/247] GH-365: improve un-indexable type error message --- CHANGES | 4 ++++ VERSION | 2 +- src/Expr.cc | 7 ++++++- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index c4d2d26a68..44d8cf4c93 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.6-279 | 2019-05-13 20:02:59 -0700 + + * GH-365: improve un-indexable type error message (Jon Siwek, Corelight) + 2.6-277 | 2019-05-08 12:42:18 -0700 * Allow tuning Broker log batching via scripts (Jon Siwek, Corelight) diff --git a/VERSION b/VERSION index 64298b5057..1268552eaf 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-277 +2.6-279 diff --git a/src/Expr.cc b/src/Expr.cc index e6cb9937c4..efbd96f04f 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -2917,7 +2917,12 @@ IndexExpr::IndexExpr(Expr* arg_op1, ListExpr* arg_op2, bool is_slice) int match_type = op1->Type()->MatchesIndex(arg_op2); if ( match_type == DOES_NOT_MATCH_INDEX ) - SetError("not an index type"); + { + std::string error_msg = + fmt("expression with type '%s' is not a type that can be indexed", + type_name(op1->Type()->Tag())); + SetError(error_msg.data()); + } else if ( ! op1->Type()->YieldType() ) { From f37a16b7151cde38b1c3b3321e6a3dd9b9338e62 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 14 May 2019 17:40:40 -0700 Subject: [PATCH 081/247] Rename broctl submodule to zeekctl --- .gitmodules | 6 +++--- CHANGES | 4 ++++ VERSION | 2 +- aux/broctl | 2 +- aux/zeekctl | 1 + 5 files changed, 10 insertions(+), 5 deletions(-) mode change 160000 => 120000 aux/broctl create mode 160000 aux/zeekctl diff --git a/.gitmodules b/.gitmodules index c7a9313543..d151b3d288 100644 --- a/.gitmodules +++ b/.gitmodules @@ -4,9 +4,9 @@ [submodule "aux/binpac"] path = aux/binpac url = https://github.com/zeek/binpac -[submodule "aux/broctl"] - path = aux/broctl - url = https://github.com/zeek/broctl +[submodule "aux/zeekctl"] + path = aux/zeekctl + url = https://github.com/zeek/zeekctl [submodule "aux/btest"] path = aux/btest url = https://github.com/zeek/btest diff --git a/CHANGES b/CHANGES index 1d28dd2ed3..5140b3b96b 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.6-287 | 2019-05-14 17:40:40 -0700 + + * Rename broctl submodule to zeekctl (Jon Siwek, Corelight) + 2.6-286 | 2019-05-14 13:19:12 -0700 * Undo an unintentional change to btest.cfg from a recent commit (Daniel Thayer) diff --git a/VERSION b/VERSION index 25be38244b..6d6eb4e3ce 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-286 +2.6-287 diff --git a/aux/broctl b/aux/broctl deleted file mode 160000 index 2ab58cc88f..0000000000 --- a/aux/broctl +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 2ab58cc88fd80f1d7a7fc5dd14bfd63b07f285f6 diff --git a/aux/broctl b/aux/broctl new file mode 120000 index 0000000000..d17a55b030 --- /dev/null +++ b/aux/broctl @@ -0,0 +1 @@ +zeekctl \ No newline at end of file diff --git a/aux/zeekctl b/aux/zeekctl new file mode 160000 index 0000000000..b89ebe1582 --- /dev/null +++ b/aux/zeekctl @@ -0,0 +1 @@ +Subproject commit b89ebe15821d0d1ef895149f4dd97336789c7910 From 385a3a5ae81bcc23c51d3061a12c6988598cb254 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 14 May 2019 17:46:25 -0700 Subject: [PATCH 082/247] Update CMake to use aux/zeekctl and aux/zeek-aux submodules Instead of the old "bro" versions of those which are no symlinks. --- CHANGES | 4 ++++ CMakeLists.txt | 4 ++-- VERSION | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 5140b3b96b..1b0d83adca 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.6-288 | 2019-05-14 17:47:55 -0700 + + * Update CMake to use aux/zeekctl and aux/zeek-aux submodules (Jon Siwek, Corelight) + 2.6-287 | 2019-05-14 17:40:40 -0700 * Rename broctl submodule to zeekctl (Jon Siwek, Corelight) diff --git a/CMakeLists.txt b/CMakeLists.txt index f49fdfcdb6..7fe5c3e2ee 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -331,8 +331,8 @@ add_subdirectory(man) include(CheckOptionalBuildSources) -CheckOptionalBuildSources(aux/broctl ZeekControl INSTALL_ZEEKCTL) -CheckOptionalBuildSources(aux/bro-aux Bro-Aux INSTALL_AUX_TOOLS) +CheckOptionalBuildSources(aux/zeekctl ZeekControl INSTALL_ZEEKCTL) +CheckOptionalBuildSources(aux/zeek-aux Zeek-Aux INSTALL_AUX_TOOLS) ######################################################################## ## Packaging Setup diff --git a/VERSION b/VERSION index 6d6eb4e3ce..b2c215b835 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-287 +2.6-288 From bee69222b1dcd77bf6fc41030c332426470f2ba6 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 14 May 2019 18:21:58 -0700 Subject: [PATCH 083/247] Update NEWS --- NEWS | 2 ++ aux/zeekctl | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 4762ffcc00..7af0a6384d 100644 --- a/NEWS +++ b/NEWS @@ -315,6 +315,8 @@ Removed Functionality in Bro 2.6, was removed. The ``-g`` command-line option (dump-config) which relied on this functionality was also removed. +- Removed the BroControl ``update`` command, which was deprecated in Bro 2.6. + Deprecated Functionality ------------------------ diff --git a/aux/zeekctl b/aux/zeekctl index b89ebe1582..4bc51657f9 160000 --- a/aux/zeekctl +++ b/aux/zeekctl @@ -1 +1 @@ -Subproject commit b89ebe15821d0d1ef895149f4dd97336789c7910 +Subproject commit 4bc51657f9b2fae3d3c71c0a927b7a7341a4f0cd From 13867f53c3a36ebdac3d5b9d052bfd721ffc78c5 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 14 May 2019 18:35:25 -0700 Subject: [PATCH 084/247] Update btest.cfg path to use zeek-aux --- CHANGES | 4 ++++ VERSION | 2 +- testing/btest/btest.cfg | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 1b0d83adca..0b02c6fe11 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.6-290 | 2019-05-14 18:35:25 -0700 + + * Update btest.cfg path to use zeek-aux (Jon Siwek, Corelight) + 2.6-288 | 2019-05-14 17:47:55 -0700 * Update CMake to use aux/zeekctl and aux/zeek-aux submodules (Jon Siwek, Corelight) diff --git a/VERSION b/VERSION index b2c215b835..46fa81ef09 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-288 +2.6-290 diff --git a/testing/btest/btest.cfg b/testing/btest/btest.cfg index de6ff9c65a..fc2f79ef14 100644 --- a/testing/btest/btest.cfg +++ b/testing/btest/btest.cfg @@ -12,7 +12,7 @@ BRO_PLUGIN_PATH= TZ=UTC LC_ALL=C BTEST_PATH=%(testbase)s/../../aux/btest -PATH=%(testbase)s/../../build/src:%(testbase)s/../scripts:%(testbase)s/../../aux/btest:%(testbase)s/../../build/aux/bro-aux/zeek-cut:%(testbase)s/../../aux/btest/sphinx:%(default_path)s:/sbin +PATH=%(testbase)s/../../build/src:%(testbase)s/../scripts:%(testbase)s/../../aux/btest:%(testbase)s/../../build/aux/zeek-aux/zeek-cut:%(testbase)s/../../aux/btest/sphinx:%(default_path)s:/sbin TRACES=%(testbase)s/Traces FILES=%(testbase)s/Files SCRIPTS=%(testbase)s/../scripts From 8abf0fad57a514c05880bbc97205a133c050cf01 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 14 May 2019 19:00:54 -0700 Subject: [PATCH 085/247] Updating submodule(s). [nomail] --- doc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc b/doc index bafc32a197..019f8dd011 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit bafc32a197e77edf1f4ccab654f03476226a8839 +Subproject commit 019f8dd0110f957d116ce810c5018e7b78dc85d2 From b3c4b986efbb871bc6015d91fbe5cf4436af1819 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 14 May 2019 19:01:05 -0700 Subject: [PATCH 086/247] Fix maybe-uninitialized compiler warning --- CHANGES | 4 ++++ VERSION | 2 +- src/CompHash.cc | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 0b02c6fe11..3b3d487ff5 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.6-292 | 2019-05-14 19:01:05 -0700 + + * Fix maybe-uninitialized compiler warning (Jon Siwek, Corelight) + 2.6-290 | 2019-05-14 18:35:25 -0700 * Update btest.cfg path to use zeek-aux (Jon Siwek, Corelight) diff --git a/VERSION b/VERSION index 46fa81ef09..5978f27f47 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-290 +2.6-292 diff --git a/src/CompHash.cc b/src/CompHash.cc index ac2df02722..4e5366edde 100644 --- a/src/CompHash.cc +++ b/src/CompHash.cc @@ -677,7 +677,7 @@ ListVal* CompositeHash::RecoverVals(const HashKey* k) const loop_over_list(*tl, i) { - Val* v; + Val* v = nullptr; kp = RecoverOneVal(k, kp, k_end, (*tl)[i], v, false); ASSERT(v); l->Append(v); From fcc840044d752eefad9367957a70232922c9bbbd Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 14 May 2019 19:31:51 -0700 Subject: [PATCH 087/247] Updating submodule(s). [nomail] --- aux/zeekctl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/zeekctl b/aux/zeekctl index 4bc51657f9..9ca96b333c 160000 --- a/aux/zeekctl +++ b/aux/zeekctl @@ -1 +1 @@ -Subproject commit 4bc51657f9b2fae3d3c71c0a927b7a7341a4f0cd +Subproject commit 9ca96b333c1a2df8992a5a6e208707acc28eb9c2 From 3bbd11b1cdfa73b2e93d371a9e7f1dcbf7625fd9 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Wed, 15 May 2019 00:17:32 -0500 Subject: [PATCH 088/247] Changes needed due to bro-to-zeek renaming in broker --- src/broker/Manager.cc | 36 ++++++++++++++++++------------------ src/broker/Manager.h | 10 +++++----- 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc index fbc15b3c18..070de84074 100644 --- a/src/broker/Manager.cc +++ b/src/broker/Manager.cc @@ -1,6 +1,6 @@ #include -#include +#include #include #include #include @@ -357,7 +357,7 @@ bool Manager::PublishEvent(string topic, std::string name, broker::vector args) DBG_LOG(DBG_BROKER, "Publishing event: %s", RenderEvent(topic, name, args).c_str()); - broker::bro::Event ev(std::move(name), std::move(args)); + broker::zeek::Event ev(std::move(name), std::move(args)); bstate->endpoint.publish(move(topic), std::move(ev)); ++statistics.num_events_outgoing; return true; @@ -418,7 +418,7 @@ bool Manager::PublishIdentifier(std::string topic, std::string id) return false; } - broker::bro::IdentifierUpdate msg(move(id), move(*data)); + broker::zeek::IdentifierUpdate msg(move(id), move(*data)); DBG_LOG(DBG_BROKER, "Publishing id-update: %s", RenderMessage(topic, msg).c_str()); bstate->endpoint.publish(move(topic), move(msg)); @@ -469,7 +469,7 @@ bool Manager::PublishLogCreate(EnumVal* stream, EnumVal* writer, std::string topic = default_log_topic_prefix + stream_id; auto bstream_id = broker::enum_value(move(stream_id)); auto bwriter_id = broker::enum_value(move(writer_id)); - broker::bro::LogCreate msg(move(bstream_id), move(bwriter_id), move(writer_info), move(fields_data)); + broker::zeek::LogCreate msg(move(bstream_id), move(bwriter_id), move(writer_info), move(fields_data)); DBG_LOG(DBG_BROKER, "Publishing log creation: %s", RenderMessage(topic, msg).c_str()); @@ -557,7 +557,7 @@ bool Manager::PublishLogWrite(EnumVal* stream, EnumVal* writer, string path, int auto bstream_id = broker::enum_value(move(stream_id)); auto bwriter_id = broker::enum_value(move(writer_id)); - broker::bro::LogWrite msg(move(bstream_id), move(bwriter_id), move(path), + broker::zeek::LogWrite msg(move(bstream_id), move(bwriter_id), move(path), move(serial_data)); DBG_LOG(DBG_BROKER, "Buffering log record: %s", RenderMessage(topic, msg).c_str()); @@ -593,7 +593,7 @@ size_t Manager::LogBuffer::Flush(broker::endpoint& endpoint, size_t log_batch_si broker::vector batch; batch.reserve(log_batch_size + 1); pending_batch.swap(batch); - broker::bro::Batch msg(std::move(batch)); + broker::zeek::Batch msg(std::move(batch)); endpoint.publish(topic, move(msg)); } @@ -838,31 +838,31 @@ double Manager::NextTimestamp(double* local_network_time) void Manager::DispatchMessage(const broker::topic& topic, broker::data msg) { - switch ( broker::bro::Message::type(msg) ) { - case broker::bro::Message::Type::Invalid: + switch ( broker::zeek::Message::type(msg) ) { + case broker::zeek::Message::Type::Invalid: reporter->Warning("received invalid broker message: %s", broker::to_string(msg).data()); break; - case broker::bro::Message::Type::Event: + case broker::zeek::Message::Type::Event: ProcessEvent(topic, std::move(msg)); break; - case broker::bro::Message::Type::LogCreate: + case broker::zeek::Message::Type::LogCreate: ProcessLogCreate(std::move(msg)); break; - case broker::bro::Message::Type::LogWrite: + case broker::zeek::Message::Type::LogWrite: ProcessLogWrite(std::move(msg)); break; - case broker::bro::Message::Type::IdentifierUpdate: + case broker::zeek::Message::Type::IdentifierUpdate: ProcessIdentifierUpdate(std::move(msg)); break; - case broker::bro::Message::Type::Batch: + case broker::zeek::Message::Type::Batch: { - broker::bro::Batch batch(std::move(msg)); + broker::zeek::Batch batch(std::move(msg)); if ( ! batch.valid() ) { @@ -970,7 +970,7 @@ void Manager::Process() } -void Manager::ProcessEvent(const broker::topic& topic, broker::bro::Event ev) +void Manager::ProcessEvent(const broker::topic& topic, broker::zeek::Event ev) { if ( ! ev.valid() ) { @@ -1046,7 +1046,7 @@ void Manager::ProcessEvent(const broker::topic& topic, broker::bro::Event ev) } } -bool bro_broker::Manager::ProcessLogCreate(broker::bro::LogCreate lc) +bool bro_broker::Manager::ProcessLogCreate(broker::zeek::LogCreate lc) { DBG_LOG(DBG_BROKER, "Received log-create: %s", RenderMessage(lc).c_str()); if ( ! lc.valid() ) @@ -1116,7 +1116,7 @@ bool bro_broker::Manager::ProcessLogCreate(broker::bro::LogCreate lc) return true; } -bool bro_broker::Manager::ProcessLogWrite(broker::bro::LogWrite lw) +bool bro_broker::Manager::ProcessLogWrite(broker::zeek::LogWrite lw) { DBG_LOG(DBG_BROKER, "Received log-write: %s", RenderMessage(lw).c_str()); @@ -1203,7 +1203,7 @@ bool bro_broker::Manager::ProcessLogWrite(broker::bro::LogWrite lw) return true; } -bool Manager::ProcessIdentifierUpdate(broker::bro::IdentifierUpdate iu) +bool Manager::ProcessIdentifierUpdate(broker::zeek::IdentifierUpdate iu) { DBG_LOG(DBG_BROKER, "Received id-update: %s", RenderMessage(iu).c_str()); diff --git a/src/broker/Manager.h b/src/broker/Manager.h index 004ad01dc9..bced3a4846 100644 --- a/src/broker/Manager.h +++ b/src/broker/Manager.h @@ -2,7 +2,7 @@ #define BRO_COMM_MANAGER_H #include -#include +#include #include #include #include @@ -324,10 +324,10 @@ public: private: void DispatchMessage(const broker::topic& topic, broker::data msg); - void ProcessEvent(const broker::topic& topic, broker::bro::Event ev); - bool ProcessLogCreate(broker::bro::LogCreate lc); - bool ProcessLogWrite(broker::bro::LogWrite lw); - bool ProcessIdentifierUpdate(broker::bro::IdentifierUpdate iu); + void ProcessEvent(const broker::topic& topic, broker::zeek::Event ev); + bool ProcessLogCreate(broker::zeek::LogCreate lc); + bool ProcessLogWrite(broker::zeek::LogWrite lw); + bool ProcessIdentifierUpdate(broker::zeek::IdentifierUpdate iu); void ProcessStatus(broker::status stat); void ProcessError(broker::error err); void ProcessStoreResponse(StoreHandleVal*, broker::store::response response); From a8c0cd7deed6a2b97b2742455fba685c1cc24640 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 15 May 2019 10:05:53 -0700 Subject: [PATCH 089/247] Fix potential race in openflow broker plugin Broker::subscribe() after Broker::peer() may result in losing messages, always best to do the reverse order. Also possibly improved chance of unstable unit test output order. --- CHANGES | 4 ++++ VERSION | 2 +- scripts/base/frameworks/openflow/plugins/broker.zeek | 2 +- .../scripts/base/frameworks/openflow/broker-basic.zeek | 7 ++++--- 4 files changed, 10 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 2474f3c5ac..c0e54f56f9 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.6-301 | 2019-05-15 10:05:53 -0700 + + * Fix potential race in openflow broker plugin (Jon Siwek, Corelight) + 2.6-300 | 2019-05-15 09:00:57 -0700 * Fixes to DNS lookup, including ref-counting bugs, preventing starvation diff --git a/VERSION b/VERSION index 91de3cddd1..9aeafbe2f3 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-300 +2.6-301 diff --git a/scripts/base/frameworks/openflow/plugins/broker.zeek b/scripts/base/frameworks/openflow/plugins/broker.zeek index f37f0b8afc..e6a594822e 100644 --- a/scripts/base/frameworks/openflow/plugins/broker.zeek +++ b/scripts/base/frameworks/openflow/plugins/broker.zeek @@ -61,8 +61,8 @@ function broker_flow_clear_fun(state: OpenFlow::ControllerState): bool function broker_init(state: OpenFlow::ControllerState) { - Broker::peer(cat(state$broker_host), state$broker_port); Broker::subscribe(state$broker_topic); # openflow success and failure events are directly sent back via the other plugin via broker. + Broker::peer(cat(state$broker_host), state$broker_port); } event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string) diff --git a/testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek b/testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek index a7a3113171..b84a337b9f 100644 --- a/testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek +++ b/testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek @@ -2,7 +2,7 @@ # @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out" # @TEST-EXEC: btest-bg-run send "zeek -b -r $TRACES/smtp.trace --pseudo-realtime ../send.zeek >send.out" -# @TEST-EXEC: btest-bg-wait 20 +# @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: btest-diff recv/recv.out # @TEST-EXEC: btest-diff send/send.out @@ -33,7 +33,6 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string) event OpenFlow::controller_activated(name: string, controller: OpenFlow::Controller) { - continue_processing(); OpenFlow::flow_clear(of_controller); OpenFlow::flow_mod(of_controller, [], [$cookie=OpenFlow::generate_cookie(1), $command=OpenFlow::OFPFC_ADD, $actions=[$out_ports=vector(3, 7)]]); } @@ -61,7 +60,9 @@ function got_message() { ++msg_count; - if ( msg_count == 6 ) + if ( msg_count == 2 ) + continue_processing(); + else if ( msg_count == 6 ) terminate(); } From 72b46268f7b1a32c85e892abe73c4a8eb4920bd4 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 15 May 2019 15:53:26 -0700 Subject: [PATCH 090/247] Updating submodule(s). [nomail] --- aux/broker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/broker b/aux/broker index 5e3684f1b6..53f7e0da11 160000 --- a/aux/broker +++ b/aux/broker @@ -1 +1 @@ -Subproject commit 5e3684f1b69a282b831c9d1b72ed924b510f22f0 +Subproject commit 53f7e0da11c4d6ce014f27ae4dcf807a651fb634 From 3f9e7138bd65400c7cd45096892eb0a46f7eb2e9 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Thu, 16 May 2019 00:01:21 -0500 Subject: [PATCH 091/247] More bro-to-zeek renaming in the unit tests --- src/bro.bif | 4 +- testing/README | 6 +-- .../core.option-runtime-errors/.stderr | 2 +- .../{broproc.intel.log => zeekproc.intel.log} | 0 .../{broproc.intel.log => zeekproc.intel.log} | 0 .../out1 | 2 +- .../{broproc.intel.log => zeekproc.intel.log} | 0 testing/btest/README | 10 ++--- testing/btest/bifs/dump_current_packet.zeek | 2 +- .../btest/broker/store/type-conversion.zeek | 4 +- testing/btest/core/disable-mobile-ipv6.test | 3 +- testing/btest/core/expr-exception.zeek | 2 +- testing/btest/core/ip-broken-header.zeek | 2 +- testing/btest/core/leaks/broker/data.zeek | 12 +++--- testing/btest/core/leaks/ip-in-ip.test | 6 +-- testing/btest/core/load-duplicates.zeek | 14 +++---- testing/btest/core/mobile-ipv6-home-addr.test | 3 +- testing/btest/core/mobile-ipv6-routing.test | 3 +- testing/btest/core/mobility-checksums.test | 3 +- testing/btest/core/mobility_msg.test | 3 +- testing/btest/core/nop.zeek | 2 +- testing/btest/core/option-runtime-errors.zeek | 5 ++- testing/btest/core/recursive-event.zeek | 2 +- .../core/reporter-shutdown-order-errors.zeek | 2 +- testing/btest/core/tcp/truncated-header.zeek | 4 +- testing/btest/core/truncation.test | 2 +- .../btest/core/tunnels/ip-in-ip-version.zeek | 2 - testing/btest/core/vector-assignment.zeek | 2 +- testing/btest/doc/record-add.zeek | 2 +- testing/btest/language/for.zeek | 2 +- testing/btest/language/no-module.zeek | 2 +- testing/btest/language/record-bad-ctor.zeek | 2 +- .../btest/plugins/bifs-and-scripts-install.sh | 2 +- testing/btest/plugins/bifs-and-scripts.sh | 2 +- testing/btest/plugins/file.zeek | 2 +- testing/btest/plugins/hooks.zeek | 2 +- testing/btest/plugins/init-plugin.zeek | 2 +- testing/btest/plugins/logging-hooks.zeek | 2 +- testing/btest/plugins/pktdumper.zeek | 2 +- testing/btest/plugins/pktsrc.zeek | 2 +- .../btest/plugins/plugin-nopatchversion.zeek | 2 +- .../plugins/plugin-withpatchversion.zeek | 2 +- testing/btest/plugins/protocol.zeek | 2 +- testing/btest/plugins/reader.zeek | 2 +- testing/btest/plugins/reporter-hook.zeek | 2 +- testing/btest/plugins/writer.zeek | 2 +- .../base/frameworks/intel/expire-item.zeek | 6 +-- .../base/frameworks/intel/filter-item.zeek | 4 +- .../frameworks/intel/input-and-match.zeek | 4 +- .../base/frameworks/intel/match-subnet.zeek | 6 +-- .../frameworks/intel/remove-non-existing.zeek | 6 +-- .../base/frameworks/logging/rotate.zeek | 4 +- testing/btest/scripts/base/misc/version.zeek | 2 +- .../scripts/base/protocols/krb/smb2_krb.test | 2 +- .../base/protocols/krb/smb2_krb_nokeytab.test | 2 +- .../protocols/modbus/exception_handling.test | 2 +- .../base/protocols/mysql/encrypted.test | 7 ++-- .../base/protocols/ssl/cve-2015-3194.test | 2 +- .../policy/frameworks/intel/removal.zeek | 4 +- testing/btest/scripts/site/local-compat.test | 6 +-- testing/coverage/README | 4 +- testing/coverage/code_coverage.sh | 12 +++--- testing/coverage/lcov_html.sh | 4 +- testing/external/README | 6 +-- testing/external/scripts/diff-all | 2 +- .../external/scripts/perftools-adapt-paths | 2 +- testing/external/scripts/skel/test.skeleton | 2 +- testing/external/scripts/testing-setup.zeek | 2 +- testing/scripts/coverage-calc | 8 ++-- testing/scripts/has-writer | 2 +- testing/scripts/travis-job | 38 +++++++++---------- 71 files changed, 141 insertions(+), 136 deletions(-) rename testing/btest/Baseline/scripts.base.frameworks.intel.filter-item/{broproc.intel.log => zeekproc.intel.log} (100%) rename testing/btest/Baseline/scripts.base.frameworks.intel.input-and-match/{broproc.intel.log => zeekproc.intel.log} (100%) rename testing/btest/Baseline/scripts.policy.frameworks.intel.removal/{broproc.intel.log => zeekproc.intel.log} (100%) diff --git a/src/bro.bif b/src/bro.bif index c3a9f13d56..b356c91fe8 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -3990,7 +3990,7 @@ function lookup_location%(a: addr%) : geo_location if ( ! missing_geoip_reported ) { - builtin_error("Bro was not configured for GeoIP support"); + builtin_error("Zeek was not configured for GeoIP support"); missing_geoip_reported = 1; } #endif @@ -4047,7 +4047,7 @@ function lookup_asn%(a: addr%) : count if ( ! missing_geoip_reported ) { - builtin_error("Bro was not configured for GeoIP ASN support"); + builtin_error("Zeek was not configured for GeoIP ASN support"); missing_geoip_reported = 1; } #endif diff --git a/testing/README b/testing/README index ba407fcc67..37f8aa9014 100644 --- a/testing/README +++ b/testing/README @@ -1,13 +1,13 @@ -This directory contains suites for testing for Bro's correct +This directory contains suites for testing for Zeek's correct operation: btest/ - An ever-growing set of small unit tests testing Bro's + An ever-growing set of small unit tests testing Zeek's functionality. external/ A framework for downloading additional test sets that run more - complex Bro configuration on larger traces files. Due to their + complex Zeek configuration on larger traces files. Due to their size, these are not included directly. See the README for more information. diff --git a/testing/btest/Baseline/core.option-runtime-errors/.stderr b/testing/btest/Baseline/core.option-runtime-errors/.stderr index 0d4da12312..a8362f52c0 100644 --- a/testing/btest/Baseline/core.option-runtime-errors/.stderr +++ b/testing/btest/Baseline/core.option-runtime-errors/.stderr @@ -1 +1 @@ -error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors/option-runtime-errors.zeek, line 8: Could not find ID named 'B' (Option::set(B, 6, )) +error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors/option-runtime-errors.zeek, line 9: Could not find ID named 'B' (Option::set(B, 6, )) diff --git a/testing/btest/Baseline/scripts.base.frameworks.intel.filter-item/broproc.intel.log b/testing/btest/Baseline/scripts.base.frameworks.intel.filter-item/zeekproc.intel.log similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.intel.filter-item/broproc.intel.log rename to testing/btest/Baseline/scripts.base.frameworks.intel.filter-item/zeekproc.intel.log diff --git a/testing/btest/Baseline/scripts.base.frameworks.intel.input-and-match/broproc.intel.log b/testing/btest/Baseline/scripts.base.frameworks.intel.input-and-match/zeekproc.intel.log similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.intel.input-and-match/broproc.intel.log rename to testing/btest/Baseline/scripts.base.frameworks.intel.input-and-match/zeekproc.intel.log diff --git a/testing/btest/Baseline/scripts.base.misc.find-filtered-trace/out1 b/testing/btest/Baseline/scripts.base.misc.find-filtered-trace/out1 index 2f84ca097a..3c3f495e11 100644 --- a/testing/btest/Baseline/scripts.base.misc.find-filtered-trace/out1 +++ b/testing/btest/Baseline/scripts.base.misc.find-filtered-trace/out1 @@ -1 +1 @@ -1389719059.311687 warning in /Users/jsiwek/Projects/bro/bro/scripts/base/misc/find-filtered-trace.zeek, line 48: The analyzed trace file was determined to contain only TCP control packets, which may indicate it's been pre-filtered. By default, Bro reports the missing segments for this type of trace, but the 'detect_filtered_trace' option may be toggled if that's not desired. +1389719059.311687 warning in /Users/jsiwek/Projects/bro/bro/scripts/base/misc/find-filtered-trace.zeek, line 48: The analyzed trace file was determined to contain only TCP control packets, which may indicate it's been pre-filtered. By default, Zeek reports the missing segments for this type of trace, but the 'detect_filtered_trace' option may be toggled if that's not desired. diff --git a/testing/btest/Baseline/scripts.policy.frameworks.intel.removal/broproc.intel.log b/testing/btest/Baseline/scripts.policy.frameworks.intel.removal/zeekproc.intel.log similarity index 100% rename from testing/btest/Baseline/scripts.policy.frameworks.intel.removal/broproc.intel.log rename to testing/btest/Baseline/scripts.policy.frameworks.intel.removal/zeekproc.intel.log diff --git a/testing/btest/README b/testing/btest/README index 200d1a3e0e..f20205c36b 100644 --- a/testing/btest/README +++ b/testing/btest/README @@ -1,4 +1,4 @@ -This a test suite of small "unit tests" that verify individual pieces of Bro +This a test suite of small "unit tests" that verify individual pieces of Zeek functionality. They all utilize BTest, a simple framework/driver for writing unit tests. More information about BTest can be found at https://github.com/zeek/btest @@ -20,14 +20,14 @@ Significant Subdirectories Packet captures utilized by the various BTest tests. * scripts/ - This hierarchy of tests emulates the hierarchy of the Bro scripts/ + This hierarchy of tests emulates the hierarchy of the Zeek scripts/ directory. * coverage/ This collection of tests relates to checking whether we're covering everything we want to in terms of tests, documentation, and which - scripts get loaded in different Bro configurations. These tests are - more prone to fail as new Bro scripts are developed and added to the + scripts get loaded in different Zeek configurations. These tests are + more prone to fail as new Zeek scripts are developed and added to the distribution -- checking the individual test's comments is the best place to check for more details on what exactly the test is checking and hints on how to fix it when it fails. @@ -48,7 +48,7 @@ run ``btest`` directly with desired options/arguments. Examples: You can specify a directory on the command line to run just the tests contained in that directory. This is useful if you wish to run all of a given type of test, without running all the tests - there are. For example, "btest scripts" will run all of the Bro + there are. For example, "btest scripts" will run all of the Zeek script unit tests. diff --git a/testing/btest/bifs/dump_current_packet.zeek b/testing/btest/bifs/dump_current_packet.zeek index d78252edf4..ce177a1daf 100644 --- a/testing/btest/bifs/dump_current_packet.zeek +++ b/testing/btest/bifs/dump_current_packet.zeek @@ -6,7 +6,7 @@ # @TEST-EXEC: btest-diff 2.hex # Note that the hex output will contain global pcap header information, -# including Bro's snaplen setting (so maybe check that out in the case +# including Zeek's snaplen setting (so maybe check that out in the case # you are reading this message due to this test failing in the future). global i: count = 0; diff --git a/testing/btest/broker/store/type-conversion.zeek b/testing/btest/broker/store/type-conversion.zeek index 919bfd91ca..733a10af73 100644 --- a/testing/btest/broker/store/type-conversion.zeek +++ b/testing/btest/broker/store/type-conversion.zeek @@ -13,7 +13,7 @@ type R2: record { event zeek_init() { - ### Print every broker data type + ### Print every Broker data type print Broker::data_type(Broker::data(T)); print Broker::data_type(Broker::data(+1)); print Broker::data_type(Broker::data(1)); @@ -33,7 +33,7 @@ event zeek_init() print "***************************"; - ### Convert a Bro value to a broker value, then print the result + ### Convert a Zeek value to a Broker value, then print the result print (Broker::data(T) as bool); print (Broker::data(F) as bool); diff --git a/testing/btest/core/disable-mobile-ipv6.test b/testing/btest/core/disable-mobile-ipv6.test index b9914f260f..eace575cca 100644 --- a/testing/btest/core/disable-mobile-ipv6.test +++ b/testing/btest/core/disable-mobile-ipv6.test @@ -1,4 +1,5 @@ -# @TEST-REQUIRES: grep -q "#undef ENABLE_MOBILE_IPV6" $BUILD/bro-config.h +# @TEST-REQUIRES: grep -q "#undef ENABLE_MOBILE_IPV6" $BUILD/zeek-config.h +# # @TEST-EXEC: zeek -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT # @TEST-EXEC: btest-diff weird.log diff --git a/testing/btest/core/expr-exception.zeek b/testing/btest/core/expr-exception.zeek index 58eee4a07d..79f460b1e4 100644 --- a/testing/btest/core/expr-exception.zeek +++ b/testing/btest/core/expr-exception.zeek @@ -1,5 +1,5 @@ # Expressions in an event handler that raise interpreter exceptions -# shouldn't abort Bro entirely, but just return from the function body. +# shouldn't abort Zeek entirely, but just return from the function body. # # @TEST-EXEC: zeek -r $TRACES/wikipedia.trace %INPUT >output # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps" btest-diff reporter.log diff --git a/testing/btest/core/ip-broken-header.zeek b/testing/btest/core/ip-broken-header.zeek index 1e2d8c95c6..08c72b06f1 100644 --- a/testing/btest/core/ip-broken-header.zeek +++ b/testing/btest/core/ip-broken-header.zeek @@ -1,5 +1,5 @@ # This test has a trace that was generated from fuzzing which used to cause -# OOB reads in Bro. It has a number of packets broken in weird ways. +# OOB reads in Zeek. It has a number of packets broken in weird ways. # # @TEST-EXEC: gunzip -c $TRACES/trunc/mpls-6in6-broken.pcap.gz | zeek -C -b -r - %INPUT # @TEST-EXEC: btest-diff weird.log diff --git a/testing/btest/core/leaks/broker/data.zeek b/testing/btest/core/leaks/broker/data.zeek index 9d4aa120a7..9f9daadee0 100644 --- a/testing/btest/core/leaks/broker/data.zeek +++ b/testing/btest/core/leaks/broker/data.zeek @@ -110,7 +110,7 @@ if ( did_it ) return; did_it = T; -### Print every broker data type +### Print every Broker data type print Broker::data_type(Broker::data(T)); print Broker::data_type(Broker::data(+1)); @@ -134,7 +134,7 @@ print Broker::data_type(Broker::data(r)); print "***************************"; -### Convert a Bro value to a broker value, then print the result +### Convert a Zeek value to a Broker value, then print the result print (Broker::data(T)) as bool; print (Broker::data(F)) as bool; @@ -175,7 +175,7 @@ print broker_to_bro_record(cr); print "***************************"; -### Test the broker set BIFs +### Test the Broker set BIFs cs = Broker::set_create(); print Broker::set_size(cs); @@ -197,7 +197,7 @@ print broker_to_bro_set(cs); print "***************************"; -### Test the broker table BIFs +### Test the Broker table BIFs ct = Broker::table_create(); print Broker::table_size(ct); @@ -221,7 +221,7 @@ print broker_to_bro_table(ct); print "***************************"; -### Test the broker vector BIFs +### Test the Broker vector BIFs cv = Broker::vector_create(); print Broker::vector_size(cv); @@ -244,7 +244,7 @@ print broker_to_bro_vector(cv); print "***************************"; -### Test the broker record BIFs +### Test the Broker record BIFs cr = Broker::record_create(3); print Broker::record_size(cr); diff --git a/testing/btest/core/leaks/ip-in-ip.test b/testing/btest/core/leaks/ip-in-ip.test index 8f69f4ddd2..41cc6a7724 100644 --- a/testing/btest/core/leaks/ip-in-ip.test +++ b/testing/btest/core/leaks/ip-in-ip.test @@ -4,9 +4,9 @@ # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro1 zeek -m -b -r $TRACES/tunnels/6in6.pcap %INPUT -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro2 zeek -m -b -r $TRACES/tunnels/6in6in6.pcap %INPUT -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro3 zeek -m -b -r $TRACES/tunnels/6in6-tunnel-change.pcap %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek1 zeek -m -b -r $TRACES/tunnels/6in6.pcap %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek2 zeek -m -b -r $TRACES/tunnels/6in6in6.pcap %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek3 zeek -m -b -r $TRACES/tunnels/6in6-tunnel-change.pcap %INPUT # @TEST-EXEC: btest-bg-wait 60 event new_connection(c: connection) diff --git a/testing/btest/core/load-duplicates.zeek b/testing/btest/core/load-duplicates.zeek index 3ab98015d5..846350988e 100644 --- a/testing/btest/core/load-duplicates.zeek +++ b/testing/btest/core/load-duplicates.zeek @@ -1,15 +1,15 @@ -# This tests bro's mechanism to prevent duplicate script loading. +# This tests Zeek's mechanism to prevent duplicate script loading. # # @TEST-EXEC: mkdir -p foo/bar -# @TEST-EXEC: echo "@load bar/test" >loader.bro -# @TEST-EXEC: cp %INPUT foo/bar/test.bro -# @TEST-EXEC: cp %INPUT foo/bar/test2.bro +# @TEST-EXEC: echo "@load bar/test" >loader.zeek +# @TEST-EXEC: cp %INPUT foo/bar/test.zeek +# @TEST-EXEC: cp %INPUT foo/bar/test2.zeek # # @TEST-EXEC: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader bar/test -# @TEST-EXEC: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader bar/test.bro +# @TEST-EXEC: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader bar/test.zeek # @TEST-EXEC: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader foo/bar/test -# @TEST-EXEC: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader foo/bar/test.bro -# @TEST-EXEC: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader `pwd`/foo/bar/test.bro +# @TEST-EXEC: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader foo/bar/test.zeek +# @TEST-EXEC: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader `pwd`/foo/bar/test.zeek # @TEST-EXEC-FAIL: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader bar/test2 global pi = 3.14; diff --git a/testing/btest/core/mobile-ipv6-home-addr.test b/testing/btest/core/mobile-ipv6-home-addr.test index a7e803c24a..9be171074a 100644 --- a/testing/btest/core/mobile-ipv6-home-addr.test +++ b/testing/btest/core/mobile-ipv6-home-addr.test @@ -1,4 +1,5 @@ -# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/bro-config.h +# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/zeek-config.h +# # @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/ipv6-mobile-hoa.trace %INPUT >output # @TEST-EXEC: btest-diff output diff --git a/testing/btest/core/mobile-ipv6-routing.test b/testing/btest/core/mobile-ipv6-routing.test index f394ff865c..cca944f9c4 100644 --- a/testing/btest/core/mobile-ipv6-routing.test +++ b/testing/btest/core/mobile-ipv6-routing.test @@ -1,4 +1,5 @@ -# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/bro-config.h +# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/zeek-config.h +# # @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/ipv6-mobile-routing.trace %INPUT >output # @TEST-EXEC: btest-diff output diff --git a/testing/btest/core/mobility-checksums.test b/testing/btest/core/mobility-checksums.test index ee849c08a6..d680fdf406 100644 --- a/testing/btest/core/mobility-checksums.test +++ b/testing/btest/core/mobility-checksums.test @@ -1,4 +1,5 @@ -# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/bro-config.h +# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/zeek-config.h +# # @TEST-EXEC: zeek -r $TRACES/chksums/mip6-bad-mh-chksum.pcap # @TEST-EXEC: mv weird.log bad.out # @TEST-EXEC: zeek -r $TRACES/chksums/ip6-hoa-tcp-bad-chksum.pcap diff --git a/testing/btest/core/mobility_msg.test b/testing/btest/core/mobility_msg.test index f0017e4cdd..89538fc667 100644 --- a/testing/btest/core/mobility_msg.test +++ b/testing/btest/core/mobility_msg.test @@ -1,4 +1,5 @@ -# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/bro-config.h +# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/zeek-config.h +# # @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT >output # @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_be.trace %INPUT >>output # @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_brr.trace %INPUT >>output diff --git a/testing/btest/core/nop.zeek b/testing/btest/core/nop.zeek index d1316cdccd..e0f6f70323 100644 --- a/testing/btest/core/nop.zeek +++ b/testing/btest/core/nop.zeek @@ -1,4 +1,4 @@ -# Bro shouldn't crash when doing nothing, nor outputting anything. +# Zeek shouldn't crash when doing nothing, nor outputting anything. # # @TEST-EXEC: cat /dev/null | zeek >output 2>&1 # @TEST-EXEC: btest-diff output diff --git a/testing/btest/core/option-runtime-errors.zeek b/testing/btest/core/option-runtime-errors.zeek index aa7ad77874..ef512c6a8e 100644 --- a/testing/btest/core/option-runtime-errors.zeek +++ b/testing/btest/core/option-runtime-errors.zeek @@ -1,8 +1,9 @@ # @TEST-EXEC: zeek %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr -# Errors that happen during runtime. At least at the moment we are not checking these early enough -# that Bro will bail out during startup. Perhaps we want to change this later. +# Errors that happen during runtime. At least at the moment we are not +# checking these early enough that Zeek will bail out during startup. Perhaps +# we want to change this later. option A = 5; Option::set("B", 6); diff --git a/testing/btest/core/recursive-event.zeek b/testing/btest/core/recursive-event.zeek index 75e3ce46d5..f82b4ed58b 100644 --- a/testing/btest/core/recursive-event.zeek +++ b/testing/btest/core/recursive-event.zeek @@ -2,7 +2,7 @@ # @TEST-EXEC: btest-diff output # In old version, the event would keep triggering endlessely, with the network -# time not moving forward and Bro not terminating. +# time not moving forward and Zeek not terminating. # # Note that the output will not be 20 because we still execute two rounds # of events every time we drain and also at startup several (currently 3) diff --git a/testing/btest/core/reporter-shutdown-order-errors.zeek b/testing/btest/core/reporter-shutdown-order-errors.zeek index 03943679ff..f1478124b8 100644 --- a/testing/btest/core/reporter-shutdown-order-errors.zeek +++ b/testing/btest/core/reporter-shutdown-order-errors.zeek @@ -1,7 +1,7 @@ # @TEST-EXEC: touch reporter.log && chmod -w reporter.log # @TEST-EXEC: zeek %INPUT >out 2>&1 -# Output doesn't really matter, but we just want to know that Bro shutdowns +# Output doesn't really matter, but we just want to know that Zeek shutdowns # without crashing in such scenarios (reporter log not writable # and also reporter errors being emitting during shutdown). diff --git a/testing/btest/core/tcp/truncated-header.zeek b/testing/btest/core/tcp/truncated-header.zeek index babfd7531c..145f415754 100644 --- a/testing/btest/core/tcp/truncated-header.zeek +++ b/testing/btest/core/tcp/truncated-header.zeek @@ -3,7 +3,7 @@ event tcp_packet(c: connection, is_orig: bool, flags: string, seq: count, ack: count, len: count, payload: string) { - # Just having this handler used to crash Bro on this trace. - print network_time(), c$id; + # Just having this handler used to crash Zeek on this trace. + print network_time(), c$id; } diff --git a/testing/btest/core/truncation.test b/testing/btest/core/truncation.test index 22db760810..b602f13585 100644 --- a/testing/btest/core/truncation.test +++ b/testing/btest/core/truncation.test @@ -8,7 +8,7 @@ # @TEST-EXEC: cat weird.log >> output # If an ICMP packet's payload is truncated due to too small snaplen, -# the checksum calculation is bypassed (and Bro doesn't crash, of course). +# the checksum calculation is bypassed (and Zeek doesn't crash, of course). # @TEST-EXEC: rm -f weird.log # @TEST-EXEC: zeek -r $TRACES/trunc/icmp-payload-trunc.pcap diff --git a/testing/btest/core/tunnels/ip-in-ip-version.zeek b/testing/btest/core/tunnels/ip-in-ip-version.zeek index f5ff69c21c..49e8a5a3d0 100644 --- a/testing/btest/core/tunnels/ip-in-ip-version.zeek +++ b/testing/btest/core/tunnels/ip-in-ip-version.zeek @@ -10,5 +10,3 @@ # @TEST-EXEC: btest-diff output -@load base/frameworks/notice/weird.bro - diff --git a/testing/btest/core/vector-assignment.zeek b/testing/btest/core/vector-assignment.zeek index 8593562892..a66830f713 100644 --- a/testing/btest/core/vector-assignment.zeek +++ b/testing/btest/core/vector-assignment.zeek @@ -2,7 +2,7 @@ # This regression test checks a special case in the vector code. In this case # UnaryExpr will be called with a Type() of any. Tests succeeds if it does not -# crash Bro. +# crash Zeek. type OptionCacheValue: record { val: any; diff --git a/testing/btest/doc/record-add.zeek b/testing/btest/doc/record-add.zeek index baebaaf3f2..1c764cae5f 100644 --- a/testing/btest/doc/record-add.zeek +++ b/testing/btest/doc/record-add.zeek @@ -1,6 +1,6 @@ # @TEST-EXEC: zeek -b %INPUT -# To support documentation of type aliases, Bro clones declared types +# To support documentation of type aliases, Zeek clones declared types # (see add_type() in Var.cc) in order to keep track of type names and aliases. # This test makes sure that the cloning is done in a way that's compatible # with adding fields to a record type -- we want to be sure that cloning diff --git a/testing/btest/language/for.zeek b/testing/btest/language/for.zeek index 246eb47051..6918e78818 100644 --- a/testing/btest/language/for.zeek +++ b/testing/btest/language/for.zeek @@ -53,5 +53,5 @@ event zeek_init() test_case("keys that are tuples", s1 == "1 2 hi"); - # Tests for key value for loop are in key-value-for.bro + # Note: Tests for key value "for" loop are in key-value-for.zeek } diff --git a/testing/btest/language/no-module.zeek b/testing/btest/language/no-module.zeek index 3369e9b14e..f78c9da6c0 100644 --- a/testing/btest/language/no-module.zeek +++ b/testing/btest/language/no-module.zeek @@ -1,7 +1,7 @@ # @TEST-EXEC: zeek -b %INPUT secondtestfile >out # @TEST-EXEC: btest-diff out -# This is the same test as "module.bro", but here we omit the module definition +# This is the same test as "module.zeek", but here we omit the module definition global num: count = 123; diff --git a/testing/btest/language/record-bad-ctor.zeek b/testing/btest/language/record-bad-ctor.zeek index 7c465e7dea..40bafa47de 100644 --- a/testing/btest/language/record-bad-ctor.zeek +++ b/testing/btest/language/record-bad-ctor.zeek @@ -1,7 +1,7 @@ # @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out -# At least shouldn't crash Bro, just report the invalid record ctor. +# At least shouldn't crash Zeek, just report the invalid record ctor. global asdfasdf; const blah = [$ports=asdfasdf]; diff --git a/testing/btest/plugins/bifs-and-scripts-install.sh b/testing/btest/plugins/bifs-and-scripts-install.sh index 9470231888..d7cf3fd7b0 100644 --- a/testing/btest/plugins/bifs-and-scripts-install.sh +++ b/testing/btest/plugins/bifs-and-scripts-install.sh @@ -1,4 +1,4 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: bash %INPUT # @TEST-EXEC: ./configure --bro-dist=${DIST} --install-root=`pwd`/test-install # @TEST-EXEC: make diff --git a/testing/btest/plugins/bifs-and-scripts.sh b/testing/btest/plugins/bifs-and-scripts.sh index 222c961b2d..3cbe9c52d1 100644 --- a/testing/btest/plugins/bifs-and-scripts.sh +++ b/testing/btest/plugins/bifs-and-scripts.sh @@ -1,4 +1,4 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: bash %INPUT # @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output diff --git a/testing/btest/plugins/file.zeek b/testing/btest/plugins/file.zeek index 9193fc7101..1f87103472 100644 --- a/testing/btest/plugins/file.zeek +++ b/testing/btest/plugins/file.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: cp -r %DIR/file-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output diff --git a/testing/btest/plugins/hooks.zeek b/testing/btest/plugins/hooks.zeek index be00e50f5c..11ca139002 100644 --- a/testing/btest/plugins/hooks.zeek +++ b/testing/btest/plugins/hooks.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Hooks +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Demo Hooks # @TEST-EXEC: cp -r %DIR/hooks-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: BRO_PLUGIN_ACTIVATE="Demo::Hooks" BRO_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/http/get.trace %INPUT 2>&1 | $SCRIPTS/diff-remove-abspath | sort | uniq >output diff --git a/testing/btest/plugins/init-plugin.zeek b/testing/btest/plugins/init-plugin.zeek index c3332f170b..9099e02585 100644 --- a/testing/btest/plugins/init-plugin.zeek +++ b/testing/btest/plugins/init-plugin.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output # @TEST-EXEC: echo === >>output diff --git a/testing/btest/plugins/logging-hooks.zeek b/testing/btest/plugins/logging-hooks.zeek index 46a724957e..a901f14f70 100644 --- a/testing/btest/plugins/logging-hooks.zeek +++ b/testing/btest/plugins/logging-hooks.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Log Hooks +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Log Hooks # @TEST-EXEC: cp -r %DIR/logging-hooks-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: BRO_PLUGIN_ACTIVATE="Log::Hooks" BRO_PLUGIN_PATH=`pwd` zeek -b %INPUT 2>&1 | $SCRIPTS/diff-remove-abspath | sort | uniq >output diff --git a/testing/btest/plugins/pktdumper.zeek b/testing/btest/plugins/pktdumper.zeek index 0ed93db5a9..8595c8a278 100644 --- a/testing/btest/plugins/pktdumper.zeek +++ b/testing/btest/plugins/pktdumper.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: cp -r %DIR/pktdumper-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output diff --git a/testing/btest/plugins/pktsrc.zeek b/testing/btest/plugins/pktsrc.zeek index 7aafe490ba..ac88b95162 100644 --- a/testing/btest/plugins/pktsrc.zeek +++ b/testing/btest/plugins/pktsrc.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: cp -r %DIR/pktsrc-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output diff --git a/testing/btest/plugins/plugin-nopatchversion.zeek b/testing/btest/plugins/plugin-nopatchversion.zeek index d2460e4abc..19b3fdac62 100644 --- a/testing/btest/plugins/plugin-nopatchversion.zeek +++ b/testing/btest/plugins/plugin-nopatchversion.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Testing NoPatchVersion +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Testing NoPatchVersion # @TEST-EXEC: cp -r %DIR/plugin-nopatchversion-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: BRO_PLUGIN_PATH=$(pwd) zeek -N Testing::NoPatchVersion >> output diff --git a/testing/btest/plugins/plugin-withpatchversion.zeek b/testing/btest/plugins/plugin-withpatchversion.zeek index 4ea5511929..29c5cb7907 100644 --- a/testing/btest/plugins/plugin-withpatchversion.zeek +++ b/testing/btest/plugins/plugin-withpatchversion.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Testing WithPatchVersion +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Testing WithPatchVersion # @TEST-EXEC: cp -r %DIR/plugin-withpatchversion-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: BRO_PLUGIN_PATH=$(pwd) zeek -N Testing::WithPatchVersion >> output diff --git a/testing/btest/plugins/protocol.zeek b/testing/btest/plugins/protocol.zeek index 14b2b09ee9..b0d6f89e88 100644 --- a/testing/btest/plugins/protocol.zeek +++ b/testing/btest/plugins/protocol.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: cp -r %DIR/protocol-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output diff --git a/testing/btest/plugins/reader.zeek b/testing/btest/plugins/reader.zeek index 2c62db375d..0b0b2c4916 100644 --- a/testing/btest/plugins/reader.zeek +++ b/testing/btest/plugins/reader.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: cp -r %DIR/reader-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output diff --git a/testing/btest/plugins/reporter-hook.zeek b/testing/btest/plugins/reporter-hook.zeek index 6c6c1fe323..1987b4e22b 100644 --- a/testing/btest/plugins/reporter-hook.zeek +++ b/testing/btest/plugins/reporter-hook.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Reporter Hook +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Reporter Hook # @TEST-EXEC: cp -r %DIR/reporter-hook-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: BRO_PLUGIN_ACTIVATE="Reporter::Hook" BRO_PLUGIN_PATH=`pwd` zeek -b %INPUT 2>&1 | $SCRIPTS/diff-remove-abspath | sort | uniq >output diff --git a/testing/btest/plugins/writer.zeek b/testing/btest/plugins/writer.zeek index a10f4fb218..62224ece33 100644 --- a/testing/btest/plugins/writer.zeek +++ b/testing/btest/plugins/writer.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: cp -r %DIR/writer-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output diff --git a/testing/btest/scripts/base/frameworks/intel/expire-item.zeek b/testing/btest/scripts/base/frameworks/intel/expire-item.zeek index a417f8a42c..8f493947fa 100644 --- a/testing/btest/scripts/base/frameworks/intel/expire-item.zeek +++ b/testing/btest/scripts/base/frameworks/intel/expire-item.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: btest-bg-run broproc zeek %INPUT +# @TEST-EXEC: btest-bg-run zeekproc zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 21 -# @TEST-EXEC: cat broproc/intel.log > output -# @TEST-EXEC: cat broproc/.stdout >> output +# @TEST-EXEC: cat zeekproc/intel.log > output +# @TEST-EXEC: cat zeekproc/.stdout >> output # @TEST-EXEC: btest-diff output # @TEST-START-FILE intel.dat diff --git a/testing/btest/scripts/base/frameworks/intel/filter-item.zeek b/testing/btest/scripts/base/frameworks/intel/filter-item.zeek index 4149c33277..3c5db1147e 100644 --- a/testing/btest/scripts/base/frameworks/intel/filter-item.zeek +++ b/testing/btest/scripts/base/frameworks/intel/filter-item.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: btest-bg-run broproc zeek %INPUT +# @TEST-EXEC: btest-bg-run zeekproc zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 5 -# @TEST-EXEC: btest-diff broproc/intel.log +# @TEST-EXEC: btest-diff zeekproc/intel.log @TEST-START-FILE intel.dat #fields indicator indicator_type meta.source meta.desc meta.url diff --git a/testing/btest/scripts/base/frameworks/intel/input-and-match.zeek b/testing/btest/scripts/base/frameworks/intel/input-and-match.zeek index a7a9bcc7af..f0f5e59511 100644 --- a/testing/btest/scripts/base/frameworks/intel/input-and-match.zeek +++ b/testing/btest/scripts/base/frameworks/intel/input-and-match.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: btest-bg-run broproc zeek %INPUT +# @TEST-EXEC: btest-bg-run zeekproc zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 5 -# @TEST-EXEC: btest-diff broproc/intel.log +# @TEST-EXEC: btest-diff zeekproc/intel.log @TEST-START-FILE intel.dat #fields indicator indicator_type meta.source meta.desc meta.url diff --git a/testing/btest/scripts/base/frameworks/intel/match-subnet.zeek b/testing/btest/scripts/base/frameworks/intel/match-subnet.zeek index 41a018efa4..ab6399f45b 100644 --- a/testing/btest/scripts/base/frameworks/intel/match-subnet.zeek +++ b/testing/btest/scripts/base/frameworks/intel/match-subnet.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: btest-bg-run broproc zeek %INPUT +# @TEST-EXEC: btest-bg-run zeekproc zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 5 -# @TEST-EXEC: cat broproc/intel.log > output -# @TEST-EXEC: cat broproc/.stdout >> output +# @TEST-EXEC: cat zeekproc/intel.log > output +# @TEST-EXEC: cat zeekproc/.stdout >> output # @TEST-EXEC: btest-diff output # @TEST-START-FILE intel.dat diff --git a/testing/btest/scripts/base/frameworks/intel/remove-non-existing.zeek b/testing/btest/scripts/base/frameworks/intel/remove-non-existing.zeek index 960c55f3c2..3dfcb9e334 100644 --- a/testing/btest/scripts/base/frameworks/intel/remove-non-existing.zeek +++ b/testing/btest/scripts/base/frameworks/intel/remove-non-existing.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: btest-bg-run broproc zeek %INPUT +# @TEST-EXEC: btest-bg-run zeekproc zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 5 -# @TEST-EXEC: cat broproc/reporter.log > output -# @TEST-EXEC: cat broproc/.stdout >> output +# @TEST-EXEC: cat zeekproc/reporter.log > output +# @TEST-EXEC: cat zeekproc/.stdout >> output # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps" btest-diff output # @TEST-START-FILE intel.dat diff --git a/testing/btest/scripts/base/frameworks/logging/rotate.zeek b/testing/btest/scripts/base/frameworks/logging/rotate.zeek index a7ae0df75a..235bc3829f 100644 --- a/testing/btest/scripts/base/frameworks/logging/rotate.zeek +++ b/testing/btest/scripts/base/frameworks/logging/rotate.zeek @@ -1,6 +1,6 @@ # -# @TEST-EXEC: zeek -b -r ${TRACES}/rotation.trace %INPUT >bro.out 2>&1 -# @TEST-EXEC: grep "test" bro.out | sort >out +# @TEST-EXEC: zeek -b -r ${TRACES}/rotation.trace %INPUT >zeek.out 2>&1 +# @TEST-EXEC: grep "test" zeek.out | sort >out # @TEST-EXEC: for i in `ls test.*.log | sort`; do printf '> %s\n' $i; cat $i; done >>out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/misc/version.zeek b/testing/btest/scripts/base/misc/version.zeek index da911425e6..9826c69d58 100644 --- a/testing/btest/scripts/base/misc/version.zeek +++ b/testing/btest/scripts/base/misc/version.zeek @@ -21,7 +21,7 @@ print Version::parse("12.5"); print Version::parse("1.12-beta-drunk"); print Version::parse("JustARandomString"); -# check that current running version of Bro parses without error +# check that current running version of Zeek parses without error Version::parse(bro_version()); @TEST-START-NEXT diff --git a/testing/btest/scripts/base/protocols/krb/smb2_krb.test b/testing/btest/scripts/base/protocols/krb/smb2_krb.test index 38b6f592f4..a5ffd20ebc 100644 --- a/testing/btest/scripts/base/protocols/krb/smb2_krb.test +++ b/testing/btest/scripts/base/protocols/krb/smb2_krb.test @@ -2,7 +2,7 @@ # Kerberos analyzer can open the AD ticket in the Negociate # Protocol Request and find the user. # -# @TEST-REQUIRES: grep -q "#define USE_KRB5" $BUILD/bro-config.h +# @TEST-REQUIRES: grep -q "#define USE_KRB5" $BUILD/zeek-config.h # # @TEST-COPY-FILE: ${TRACES}/krb/smb2_krb.keytab # @TEST-EXEC: zeek -b -C -r $TRACES/krb/smb2_krb.pcap %INPUT diff --git a/testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test b/testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test index e54b0d4ece..557b0128b5 100644 --- a/testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test +++ b/testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test @@ -1,7 +1,7 @@ # This test verifies that without a keytab file no entries are # created and no errors happen. # -# @TEST-REQUIRES: grep -q "#define USE_KRB5" $BUILD/bro-config.h +# @TEST-REQUIRES: grep -q "#define USE_KRB5" $BUILD/zeek-config.h # # @TEST-COPY-FILE: ${TRACES}/krb/smb2_krb.keytab # @TEST-EXEC: zeek -C -r $TRACES/krb/smb2_krb.pcap %INPUT diff --git a/testing/btest/scripts/base/protocols/modbus/exception_handling.test b/testing/btest/scripts/base/protocols/modbus/exception_handling.test index cb62bd7a3b..b249fd33b0 100644 --- a/testing/btest/scripts/base/protocols/modbus/exception_handling.test +++ b/testing/btest/scripts/base/protocols/modbus/exception_handling.test @@ -5,4 +5,4 @@ # the binpac-generated analyzer code to throw a binpac::ExceptionOutOfBound. # This should be correctly caught as a type of binpac::Exception and the # binpac::ModbusTCP::Exception type that's defined as part of the analyzer -# shouldn't interfere with that handling and definitely shouldn't crash bro. +# shouldn't interfere with that handling and definitely shouldn't crash Zeek. diff --git a/testing/btest/scripts/base/protocols/mysql/encrypted.test b/testing/btest/scripts/base/protocols/mysql/encrypted.test index 0f806e4e25..d6bfb0a271 100644 --- a/testing/btest/scripts/base/protocols/mysql/encrypted.test +++ b/testing/btest/scripts/base/protocols/mysql/encrypted.test @@ -1,8 +1,9 @@ -# This tests how Bro deals with encrypted connections. Right now, it doesn't log them as it -# can't parse much of value. We're testing for an empty mysql.log file. +# This tests how Zeek deals with encrypted connections. Right now, it +# doesn't log them as it can't parse much of value. We're testing for an +# empty mysql.log file. # @TEST-EXEC: touch mysql.log # @TEST-EXEC: zeek -b -r $TRACES/mysql/encrypted.trace %INPUT # @TEST-EXEC: btest-diff mysql.log -@load base/protocols/mysql \ No newline at end of file +@load base/protocols/mysql diff --git a/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test b/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test index 2f11f84df1..ce405cb405 100644 --- a/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test +++ b/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test @@ -1,4 +1,4 @@ -# This tests if Bro does not crash when exposed to CVE-2015-3194 +# This tests if Zeek does not crash when exposed to CVE-2015-3194 # @TEST-EXEC: zeek -r $TRACES/tls/CVE-2015-3194.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log diff --git a/testing/btest/scripts/policy/frameworks/intel/removal.zeek b/testing/btest/scripts/policy/frameworks/intel/removal.zeek index 7ca2bd5541..fe2938e711 100644 --- a/testing/btest/scripts/policy/frameworks/intel/removal.zeek +++ b/testing/btest/scripts/policy/frameworks/intel/removal.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: btest-bg-run broproc zeek %INPUT +# @TEST-EXEC: btest-bg-run zeekproc zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 5 -# @TEST-EXEC: btest-diff broproc/intel.log +# @TEST-EXEC: btest-diff zeekproc/intel.log @TEST-START-FILE intel.dat #fields indicator indicator_type meta.source meta.remove diff --git a/testing/btest/scripts/site/local-compat.test b/testing/btest/scripts/site/local-compat.test index 036f9184b0..1627b00523 100644 --- a/testing/btest/scripts/site/local-compat.test +++ b/testing/btest/scripts/site/local-compat.test @@ -1,14 +1,14 @@ # @TEST-EXEC: zeek local-`cat $DIST/VERSION | sed 's/\([0-9].[0-9]\).*/\1/g'`.bro # This tests the compatibility of the past release's site/local.bro -# script with the current version of Bro. If the test fails because +# script with the current version of Zeek. If the test fails because # it doesn't find the right file, that means everything stayed # compatibile between releases, so just add a TEST-START-FILE with -# the contents the latest Bro version's site/local.zeek script. +# the contents the latest Zeek version's site/local.zeek script. # If the test fails while loading the old local.bro, it usually # indicates a note will need to be made in NEWS explaining to users # how to migrate to the new version and this test's TEST-START-FILE -# should be updated with the latest contents of site/local.bro. +# should be updated with the latest contents of site/local.zeek. @TEST-START-FILE local-2.6.bro ##! Local site policy. Customize as appropriate. diff --git a/testing/coverage/README b/testing/coverage/README index d1352640f2..cc21827817 100644 --- a/testing/coverage/README +++ b/testing/coverage/README @@ -1,5 +1,5 @@ -On a Bro build configured with --enable-coverage, this script produces a code -coverage report after Bro has been invoked. The intended application of this +On a Zeek build configured with --enable-coverage, this script produces a code +coverage report after Zeek has been invoked. The intended application of this script is after the btest testsuite has run. This combination (btests first, coverage computation afterward) happens automatically when running "make" in the testing directory. This script puts .gcov files (which are included in diff --git a/testing/coverage/code_coverage.sh b/testing/coverage/code_coverage.sh index 758b2fa915..79999abe19 100755 --- a/testing/coverage/code_coverage.sh +++ b/testing/coverage/code_coverage.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash # -# On a Bro build configured with --enable-coverage, this script -# produces a code coverage report after Bro has been invoked. The +# On a Zeek build configured with --enable-coverage, this script +# produces a code coverage report after Zeek has been invoked. The # intended application of this script is after the btest testsuite has # run. This combination (btests first, coverage computation afterward) # happens automatically when running "make" in the testing directory. @@ -12,7 +12,7 @@ # 1. Run test suite # 2. Check for .gcda files existing. # 3a. Run gcov (-p to preserve path) -# 3b. Prune .gcov files for objects outside of the Bro tree +# 3b. Prune .gcov files for objects outside of the Zeek tree # 4a. Analyze .gcov files generated and create summary file # 4b. Send .gcov files to appropriate path # @@ -52,7 +52,7 @@ function check_file_coverage { function check_group_coverage { DATA="$1" # FILE CONTAINING COVERAGE DATA - SRC_FOLDER="$2" # WHERE BRO WAS COMPILED + SRC_FOLDER="$2" # WHERE ZEEK WAS COMPILED OUTPUT="$3" # Prints all the relevant directories @@ -117,9 +117,9 @@ else exit 1 fi -# 3b. Prune gcov files that fall outside of the Bro tree: +# 3b. Prune gcov files that fall outside of the Zeek tree: # Look for files containing gcov's slash substitution character "#" -# and remove any that don't contain the Bro path root. +# and remove any that don't contain the Zeek path root. echo -n "Pruning out-of-tree coverage files... " PREFIX=$(echo "$BASE" | sed 's|/|#|g') for i in "$TMP"/*#*.gcov; do diff --git a/testing/coverage/lcov_html.sh b/testing/coverage/lcov_html.sh index c729b2145c..f17e583e2c 100755 --- a/testing/coverage/lcov_html.sh +++ b/testing/coverage/lcov_html.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash # -# On a Bro build configured with --enable-coverage, this script -# produces a code coverage report in HTML format after Bro has been invoked. The +# On a Zeek build configured with --enable-coverage, this script +# produces a code coverage report in HTML format after Zeek has been invoked. The # intended application of this script is after the btest testsuite has run. # This depends on lcov to run. diff --git a/testing/external/README b/testing/external/README index ee6d71979e..6ab327b581 100644 --- a/testing/external/README +++ b/testing/external/README @@ -2,9 +2,9 @@ Test Suite for Large Trace Files ================================ -This test-suite runs more complex Bro configurations on larger trace +This test-suite runs more complex Zeek configurations on larger trace files, and compares the results to a pre-established baseline. Due to -their size, both traces and baseline are not part of the main Bro +their size, both traces and baseline are not part of the main Zeek repository but kept externally. In addition to the publically provided files, one can also add a local set to the test-suite for running on private traces. @@ -60,7 +60,7 @@ To update a test's baseline, first run ``btest`` in update mode: .. console: - > cd bro-testing + > cd zeek-testing > btest -u tests/test-you-want-to-update Then use ``git`` to commit the changes and push the changes upstream diff --git a/testing/external/scripts/diff-all b/testing/external/scripts/diff-all index d51f3b294f..0caa5078be 100755 --- a/testing/external/scripts/diff-all +++ b/testing/external/scripts/diff-all @@ -27,7 +27,7 @@ for i in `echo $files_cwd $files_baseline | sort | uniq`; do if [[ "$i" == "reporter.log" ]]; then # Do not diff the reporter.log if it only complains about missing # GeoIP support. - if ! egrep -v "^#|Bro was not configured for GeoIP support" $i; then + if ! egrep -v "^#|Zeek was not configured for GeoIP support" $i; then continue fi fi diff --git a/testing/external/scripts/perftools-adapt-paths b/testing/external/scripts/perftools-adapt-paths index cfecd39993..cbfaa610ab 100755 --- a/testing/external/scripts/perftools-adapt-paths +++ b/testing/external/scripts/perftools-adapt-paths @@ -5,6 +5,6 @@ # # Returns an exit code > 0 if there's a leak. -cat $1 | sed "s#bro *\"\./#../../../build/src/bro \".tmp/$TEST_NAME/#g" | sed 's/ *--gv//g' >$1.tmp && mv $1.tmp $1 +cat $1 | sed "s#zeek *\"\./#../../../build/src/zeek \".tmp/$TEST_NAME/#g" | sed 's/ *--gv//g' >$1.tmp && mv $1.tmp $1 grep -qv "detected leaks of" $1 diff --git a/testing/external/scripts/skel/test.skeleton b/testing/external/scripts/skel/test.skeleton index a76f3d4d09..aa32e72e7a 100644 --- a/testing/external/scripts/skel/test.skeleton +++ b/testing/external/scripts/skel/test.skeleton @@ -1,4 +1,4 @@ -# @TEST-EXEC: zcat $TRACES/trace.gz | bro -r - %INPUT +# @TEST-EXEC: zcat $TRACES/trace.gz | zeek -r - %INPUT # @TEST-EXEC: $SCRIPTS/diff-all '*.log' @load testing-setup diff --git a/testing/external/scripts/testing-setup.zeek b/testing/external/scripts/testing-setup.zeek index d24813e1fc..18e7c4783f 100644 --- a/testing/external/scripts/testing-setup.zeek +++ b/testing/external/scripts/testing-setup.zeek @@ -9,6 +9,6 @@ @ifdef ( LogAscii::use_json ) # Don't start logging everything as JSON. - # (json-logs.bro activates this). + # (json-logs.zeek activates this). redef LogAscii::use_json = F; @endif diff --git a/testing/scripts/coverage-calc b/testing/scripts/coverage-calc index df12e0c86f..3645f57144 100755 --- a/testing/scripts/coverage-calc +++ b/testing/scripts/coverage-calc @@ -1,12 +1,12 @@ #! /usr/bin/env python -# This script aggregates many files containing Bro script coverage information +# This script aggregates many files containing Zeek script coverage information # into a single file and reports the overall coverage information. Usage: # # coverage-calc