Merge branch 'master' into topic/jsiwek/ipv6-comm

CHANGES

@@ -1,4 +1,35 @@
 
+2.0-341 | 2012-05-17 09:54:30 -0700
+
+  * Add a comment to explain the ICMPv6 error message types. (Daniel Thayer)
+
+  * Quieting external test output somehwat. (Robin Sommer)
+
+2.0-336 | 2012-05-14 17:15:44 -0700
+
+  * Don't print the various "weird" events to stderr. Address #805.
+    (Daniel Thayer)
+
+  * Generate icmp_error_message event for ICMPv6 error msgs.
+    Previously, icmp_sent was being generated, but icmp_error_message
+    contains more info.
+
+  * Improved documentation comments for icmp-related events. (Daniel
+    Thayer)
+
+2.0-330 | 2012-05-14 17:05:56 -0700
+
+  * Add `addr_to_uri` script-level function that adds brackets to an
+    address if it's IPv6 and will be included in a URI or when a
+    ":<port>" needs to be appended to it. (Jon Siwek)
+
+  * Also add a test case for content extraction. (Jon Siwek)
+
+  * Fix typos and improve INSTALL document. (Daniel Thayer)
+    
+  * Switching to new btest command TEST-SERIALIZE for communication
+    tests. (Robin Sommer)
+
 2.0-323 | 2012-05-04 21:04:34 -0700
 
   * Add SHA1 and SHA256 hashing BIFs. Addresses #542.

INSTALL

@@ -5,34 +5,44 @@ Installing Bro
 Prerequisites
 =============
 
-Bro relies on the following libraries and tools, which need to be installed
+Bro requires the following libraries and tools to be installed
 before you begin:
 
     * CMake 2.6.3 or greater            http://www.cmake.org
 
-    * Libpcap (headers and libraries)   http://www.tcpdump.org
+    * Perl  (used only during the Bro build process)
 
-    * OpenSSL (headers and libraries)   http://www.openssl.org
+    * Libpcap headers and libraries     http://www.tcpdump.org
 
-    * SWIG                              http://www.swig.org
+    * OpenSSL headers and libraries     http://www.openssl.org
+
+    * BIND8 headers and libraries
 
     * Libmagic
 
     * Libz
 
-Bro can make uses of some optional libraries if they are found at
+    * SWIG                              http://www.swig.org
-installation time:
 
-    * LibGeoIP  For geo-locating IP addresses.
-
-Bro also needs the following tools, but on most systems they will
-already come preinstalled:
-
-    * Bash  (For Bro Control).
-    * BIND8 (headers and libraries)
     * Bison (GNU Parser Generator)
+
     * Flex  (Fast Lexical Analyzer)
-    * Perl  (Used only during the Bro build process)
+
+    * Bash  (for BroControl)
+
+
+Bro can make use of some optional libraries and tools if they are found at
+build time:
+
+    * LibGeoIP (for geo-locating IP addresses)
+
+    * gperftools (tcmalloc is used to improve memory and CPU usage)
+
+    * sendmail (for BroControl)
+
+    * ipsumdump (for trace-summary)     http://www.cs.ucla.edu/~kohler/ipsumdump
+
+    * Ruby executable, library, and headers (for Broccoli Ruby bindings)
 
 
 Installation
@@ -44,7 +54,7 @@ To build and install into ``/usr/local/bro``::
     make
     make install
 
-This will first build Bro into a directory inside the distribution
+This will first build Bro in a directory inside the distribution
 called ``build/``, using default build options. It then installs all
 required files into ``/usr/local/bro``, including the Bro binary in
 ``/usr/local/bro/bin/bro``.
@@ -60,22 +70,22 @@ choices unless you are creating such a package.
 Run ``./configure --help`` for more options.
 
 Depending on the Bro package you downloaded, there may be auxiliary
-tools and libraries available in the ``aux/`` directory. All of them
+tools and libraries available in the ``aux/`` directory. Some of them
-except for ``aux/bro-aux`` will also be built and installed by doing
+will be automatically built and installed along with Bro. There are
-``make install``.  To install the programs that come in the
-``aux/bro-aux`` directory, use ``make install-aux``. There are
 ``--disable-*`` options that can be given to the configure script to
-turn off unwanted auxiliary projects.
+turn off unwanted auxiliary projects that would otherwise be installed
+automatically.  Finally, use ``make install-aux`` to install some of
+the other programs that are in the ``aux/bro-aux`` directory.
 
-OpenBSD users, please see our `FAQ
+OpenBSD users, please see our FAQ at
-<http://www.bro-ids.org/documentation/faq.html>` if you are having
+http://www.bro-ids.org/documentation/faq.html if you are having
 problems installing Bro.
 
 Running Bro
 ===========
 
 Bro is a complex program and it takes a bit of time to get familiar
-with it.  A good place for newcomers to start is the Quickstart Guide
+with it.  A good place for newcomers to start is the Quick Start Guide
 at http://www.bro-ids.org/documentation/quickstart.html.
 
 For developers that wish to run Bro directly from the ``build/``

VERSION

@@ -1 +1 @@
-2.0-323
+2.0-341

aux/broctl

@@ -1 +1 @@
-Subproject commit 76e6bd4b182e9ff43456890e08aeaf451f9e4615
+Subproject commit 519d2e21ee375833c89eb6f7dc95c1eac3de17ab

aux/btest

@@ -1 +1 @@
-Subproject commit c0bbe9b8676f4655e7a984ac5eb8dfba3cd061b2
+Subproject commit 76876ce0e7da4888c91b3aea024c5cfd36405310

configure

@@ -32,7 +32,7 @@ Usage: $0 [OPTION]... [VAR=VALUE]...
     --enable-perftools-debug use Google's perftools for debugging
     --disable-broccoli     don't build or install the Broccoli library
     --disable-broctl       don't install Broctl
-    --disable-auxtools     don't build or install auxilliary tools
+    --disable-auxtools     don't build or install auxiliary tools
     --disable-python       don't try to build python bindings for broccoli
     --disable-ruby         don't try to build ruby bindings for broccoli
 

scripts/base/protocols/ftp/main.bro

@@ -6,6 +6,7 @@
 @load ./utils-commands
 @load base/utils/paths
 @load base/utils/numbers
+@load base/utils/addrs
 
 module FTP;
 
@@ -169,12 +170,7 @@ function ftp_message(s: Info)
 		
 		local arg = s$cmdarg$arg;
 		if ( s$cmdarg$cmd in file_cmds )
-			{
+			arg = fmt("ftp://%s%s", addr_to_uri(s$id$resp_h), build_path_compressed(s$cwd, arg));
-			if ( is_v4_addr(s$id$resp_h) )
-				arg = fmt("ftp://%s%s", s$id$resp_h, build_path_compressed(s$cwd, arg));
-			else
-				arg = fmt("ftp://[%s]%s", s$id$resp_h, build_path_compressed(s$cwd, arg));
-			}
 		
 		s$ts=s$cmdarg$ts;
 		s$command=s$cmdarg$cmd;

scripts/base/protocols/http/utils.bro

@@ -1,6 +1,7 @@
 ##! Utilities specific for HTTP processing.
 
 @load ./main
+@load base/utils/addrs
 
 module HTTP;
 
@@ -51,7 +52,7 @@ function extract_keys(data: string, kv_splitter: pattern): string_vec
 function build_url(rec: Info): string
 	{
 	local uri  = rec?$uri ? rec$uri : "/<missed_request>";
-	local host = rec?$host ? rec$host : fmt("%s", rec$id$resp_h);
+	local host = rec?$host ? rec$host : addr_to_uri(rec$id$resp_h);
 	if ( rec$id$resp_p != 80/tcp )
 		host = fmt("%s:%s", host, rec$id$resp_p);
 	return fmt("%s%s", host, uri);

scripts/base/utils/files.bro

@@ -1,10 +1,11 @@
+@load ./addrs
 
 ## This function can be used to generate a consistent filename for when
 ## contents of a file, stream, or connection are being extracted to disk.
 function generate_extraction_filename(prefix: string, c: connection, suffix: string): string
 	{
-	local conn_info = fmt("%s:%d-%s:%d", 
+	local conn_info = fmt("%s:%d-%s:%d", addr_to_uri(c$id$orig_h), c$id$orig_p,
-	                      c$id$orig_h, c$id$orig_p, c$id$resp_h, c$id$resp_p);
+	                      addr_to_uri(c$id$resp_h), c$id$resp_p);
 	
 	if ( prefix != "" )
 		conn_info = fmt("%s_%s", prefix, conn_info);

src/ICMP.cc

@@ -181,6 +181,12 @@ void ICMP_Analyzer::NextICMP6(double t, const struct icmp* icmpp, int len, int c
 		case MLD_LISTENER_REDUCTION:
 #endif
 		default:
+			// Error messages (i.e., ICMPv6 type < 128) all have
+			// the same structure for their context, and are
+			// handled by the same function.
+			if ( icmpp->icmp_type < 128 )
+				Context6(t, icmpp, len, caplen, data, ip_hdr);
+			else
 				ICMPEvent(icmp_sent, icmpp, len, 1, ip_hdr);
 			break;
 		}
@@ -663,6 +669,10 @@ void ICMP_Analyzer::Context6(double t, const struct icmp* icmpp,
 		case ICMP6_PACKET_TOO_BIG:
 			f = icmp_packet_too_big;
 			break;
+
+		default:
+			f = icmp_error_message;
+			break;
 		}
 
 	if ( f )

src/Reporter.cc

@@ -149,7 +149,7 @@ void Reporter::WeirdHelper(EventHandlerPtr event, Val* conn_val, const char* add
 
 	va_list ap;
 	va_start(ap, fmt_name);
-	DoLog("weird", event, stderr, 0, vl, false, false, 0, fmt_name, ap);
+	DoLog("weird", event, 0, 0, vl, false, false, 0, fmt_name, ap);
 	va_end(ap);
 
 	delete vl;
@@ -163,7 +163,7 @@ void Reporter::WeirdFlowHelper(const IPAddr& orig, const IPAddr& resp, const cha
 
 	va_list ap;
 	va_start(ap, fmt_name);
-	DoLog("weird", flow_weird, stderr, 0, vl, false, false, 0, fmt_name, ap);
+	DoLog("weird", flow_weird, 0, 0, vl, false, false, 0, fmt_name, ap);
 	va_end(ap);
 
 	delete vl;
@@ -326,6 +326,7 @@ void Reporter::DoLog(const char* prefix, EventHandlerPtr event, FILE* out, Conne
 		s += buffer;
 		s += "\n";
 
+		if ( out )
 			fprintf(out, "%s", s.c_str());
 
 		if ( addl )

src/event.bif

@@ -762,10 +762,9 @@ event udp_contents%(u: connection, is_orig: bool, contents: string%);
 ## .. bro:see:: udp_contents udp_reply udp_request
 event udp_session_done%(u: connection%);
 
-## Generated for all ICMP messages that are not handled separetely with dedicated
+## Generated for all ICMP messages that are not handled separately with dedicated
 ## ICMP events. Bro's ICMP analyzer handles a number of ICMP messages directly
-## with dedicated events. This handlers acts as a fallback for those it doesn't.
+## with dedicated events. This event acts as a fallback for those it doesn't.
-## The *icmp* record provides more information about the message.
 ##
 ## See `Wikipedia
 ## <http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol>`__ for more
@@ -776,8 +775,7 @@ event udp_session_done%(u: connection%);
 ## icmp: Additional ICMP-specific information augmenting the standard
 ##       connection record *c*.
 ##
-## .. bro:see:: icmp_echo_reply icmp_echo_request icmp_redirect
+## .. bro:see:: icmp_error_message
-##    icmp_time_exceeded icmp_unreachable
 event icmp_sent%(c: connection, icmp: icmp_conn%);
 
 ## Generated for ICMP *echo request* messages.
@@ -798,8 +796,7 @@ event icmp_sent%(c: connection, icmp: icmp_conn%);
 ## payload: The message-specific data of the packet payload, i.e., everything after
 ##          the first 8 bytes of the ICMP header.
 ##
-## .. bro:see:: icmp_echo_reply  icmp_redirect icmp_sent
+## .. bro:see:: icmp_echo_reply
-##    icmp_time_exceeded icmp_unreachable
 event icmp_echo_request%(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string%);
 
 ## Generated for ICMP *echo reply* messages.
@@ -820,26 +817,30 @@ event icmp_echo_request%(c: connection, icmp: icmp_conn, id: count, seq: count,
 ## payload: The message-specific data of the packet payload, i.e., everything after
 ##          the first 8 bytes of the ICMP header.
 ##
-## .. bro:see::  icmp_echo_request icmp_redirect icmp_sent
+## .. bro:see:: icmp_echo_request
-##    icmp_time_exceeded icmp_unreachable
 event icmp_echo_reply%(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string%);
 
-## Generated for all ICMP error messages that are not handled separately with dedicated
+## Generated for all ICMPv6 error messages that are not handled
-## ICMP events. Bro's ICMP analyzer handles a number of ICMP messages directly
+## separately with dedicated events. Bro's ICMP analyzer handles a number
-## with dedicated events. This handler acts as a fallback for those it doesn't.
+## of ICMP error messages directly with dedicated events. This event acts
-## The *icmp* record provides more information about the message.
+## as a fallback for those it doesn't.
 ##
 ## See `Wikipedia
-## <http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol>`__ for more
+## <http://en.wikipedia.org/wiki/ICMPv6>`__ for more
-## information about the ICMP protocol.
+## information about the ICMPv6 protocol.
 ##
 ## c: The connection record for the corresponding ICMP flow.
 ##
 ## icmp: Additional ICMP-specific information augmenting the standard
 ##       connection record *c*.
 ##
-## .. bro:see:: icmp_echo_reply icmp_echo_request icmp_redirect
+## code: The ICMP code of the error message.
-##    icmp_time_exceeded icmp_unreachable
+##
+## context: A record with specifics of the original packet that the message refers
+##          to.
+##
+## .. bro:see:: icmp_unreachable icmp_packet_too_big
+##    icmp_time_exceeded icmp_parameter_problem
 event icmp_error_message%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%);
 
 ## Generated for ICMP *destination unreachable* messages.
@@ -861,15 +862,15 @@ event icmp_error_message%(c: connection, icmp: icmp_conn, code: count, context:
 ##          that if the *unreachable* includes only a partial IP header for some reason, no
 ##          fields of *context* will be filled out.
 ##
-## .. bro:see:: icmp_echo_reply icmp_echo_request icmp_redirect icmp_sent
+## .. bro:see:: icmp_error_message icmp_packet_too_big
-##    icmp_time_exceeded
+##    icmp_time_exceeded icmp_parameter_problem
 event icmp_unreachable%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%);
 
-## Generated for ICMP *packet too big* messages.
+## Generated for ICMPv6 *packet too big* messages.
 ##
 ## See `Wikipedia
-## <http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol>`__ for more
+## <http://en.wikipedia.org/wiki/ICMPv6>`__ for more
-## information about the ICMP protocol.
+## information about the ICMPv6 protocol.
 ##
 ## c: The connection record for the corresponding ICMP flow.
 ##
@@ -884,8 +885,8 @@ event icmp_unreachable%(c: connection, icmp: icmp_conn, code: count, context: ic
 ##          that if the *too big* includes only a partial IP header for some reason, no
 ##          fields of *context* will be filled out.
 ##
-## .. bro:see:: icmp_echo_reply icmp_echo_request icmp_redirect icmp_sent
+## .. bro:see:: icmp_error_message icmp_unreachable
-##    icmp_time_exceeded
+##    icmp_time_exceeded icmp_parameter_problem
 event icmp_packet_too_big%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%);
 
 ## Generated for ICMP *time exceeded* messages.
@@ -907,15 +908,15 @@ event icmp_packet_too_big%(c: connection, icmp: icmp_conn, code: count, context:
 ##          if the *exceeded* includes only a partial IP header for some reason, no fields
 ##          of *context* will be filled out.
 ##
-## .. bro:see:: icmp_echo_reply icmp_echo_request icmp_redirect icmp_sent
+## .. bro:see:: icmp_error_message icmp_unreachable icmp_packet_too_big
-##     icmp_unreachable
+##    icmp_parameter_problem
 event icmp_time_exceeded%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%);
 
-## Generated for ICMP *parameter problem* messages.
+## Generated for ICMPv6 *parameter problem* messages.
 ##
 ## See `Wikipedia
-## <http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol>`__ for more
+## <http://en.wikipedia.org/wiki/ICMPv6>`__ for more
-## information about the ICMP protocol.
+## information about the ICMPv6 protocol.
 ##
 ## c: The connection record for the corresponding ICMP flow.
 ##
@@ -930,8 +931,8 @@ event icmp_time_exceeded%(c: connection, icmp: icmp_conn, code: count, context:
 ##          if the *parameter problem* includes only a partial IP header for some reason, no fields
 ##          of *context* will be filled out.
 ##
-## .. bro:see:: icmp_echo_reply icmp_echo_request icmp_redirect icmp_sent
+## .. bro:see:: icmp_error_message icmp_unreachable icmp_packet_too_big
-##     icmp_unreachable
+##    icmp_time_exceeded
 event icmp_parameter_problem%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%);
 
 ## Generated for ICMP *router solicitation* messages.
@@ -945,8 +946,8 @@ event icmp_parameter_problem%(c: connection, icmp: icmp_conn, code: count, conte
 ## icmp: Additional ICMP-specific information augmenting the standard connection
 ##       record *c*.
 ##
-## .. bro:see:: icmp_echo_reply icmp_echo_request  icmp_sent
+## .. bro:see:: icmp_router_advertisement
-##    icmp_time_exceeded icmp_unreachable
+##    icmp_neighbor_solicitation icmp_neighbor_advertisement icmp_redirect
 event icmp_router_solicitation%(c: connection, icmp: icmp_conn%);
 
 ## Generated for ICMP *router advertisement* messages.
@@ -975,8 +976,14 @@ event icmp_router_solicitation%(c: connection, icmp: icmp_conn%);
 ##
 ## rsv: Remaining two reserved bits of router advertisement flags.
 ##
-## .. bro:see:: icmp_echo_reply icmp_echo_request  icmp_sent
+## router_lifetime: How long this router should be used as a default router.
-##    icmp_time_exceeded icmp_unreachable
+##
+## reachable_time: How long a neighbor should be considered reachable.
+##
+## retrans_timer: How long a host should wait before retransmitting.
+##
+## .. bro:see:: icmp_router_solicitation
+##    icmp_neighbor_solicitation icmp_neighbor_advertisement icmp_redirect
 event icmp_router_advertisement%(c: connection, icmp: icmp_conn, cur_hop_limit: count, managed: bool, other: bool, home_agent: bool, pref: count, proxy: bool, rsv: count, router_lifetime: interval, reachable_time: interval, retrans_timer: interval%);
 
 ## Generated for ICMP *neighbor solicitation* messages.
@@ -992,8 +999,8 @@ event icmp_router_advertisement%(c: connection, icmp: icmp_conn, cur_hop_limit:
 ##
 ## tgt: The IP address of the target of the solicitation.
 ##
-## .. bro:see:: icmp_echo_reply icmp_echo_request  icmp_sent
+## .. bro:see:: icmp_router_solicitation icmp_router_advertisement
-##    icmp_time_exceeded icmp_unreachable
+##    icmp_neighbor_advertisement icmp_redirect
 event icmp_neighbor_solicitation%(c: connection, icmp: icmp_conn, tgt:addr%);
 
 ## Generated for ICMP *neighbor advertisement* messages.
@@ -1016,8 +1023,8 @@ event icmp_neighbor_solicitation%(c: connection, icmp: icmp_conn, tgt:addr%);
 ## tgt: the Target Address in the soliciting message or the address whose
 ##      link-layer address has changed for unsolicited adverts.
 ##
-## .. bro:see:: icmp_echo_reply icmp_echo_request  icmp_sent
+## .. bro:see:: icmp_router_solicitation icmp_router_advertisement
-##    icmp_time_exceeded icmp_unreachable
+##    icmp_neighbor_solicitation icmp_redirect
 event icmp_neighbor_advertisement%(c: connection, icmp: icmp_conn, router: bool, solicited: bool, override: bool, tgt:addr%);
 
 ## Generated for ICMP *redirect* messages.
@@ -1036,10 +1043,8 @@ event icmp_neighbor_advertisement%(c: connection, icmp: icmp_conn, router: bool,
 ##
 ## dest: The address of the destination which is redirected to the target.
 ##
-## a: The new destination address the message is redirecting to.
+## .. bro:see:: icmp_router_solicitation icmp_router_advertisement
-##
+##    icmp_neighbor_solicitation icmp_neighbor_advertisement
-## .. bro:see:: icmp_echo_reply icmp_echo_request  icmp_sent
-##    icmp_time_exceeded icmp_unreachable
 event icmp_redirect%(c: connection, icmp: icmp_conn, tgt: addr, dest: addr%);
 
 ## Generated when a TCP connection terminated, passing on statistics about the

src/logging/WriterBackend.cc

@@ -1,6 +1,7 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 
 #include "util.h"
+#include "bro_inet_ntop.h"
 #include "threading/SerialTypes.h"
 
 #include "WriterBackend.h"
@@ -248,7 +249,7 @@ string WriterBackend::Render(const threading::Value::addr_t& addr) const
 		{
 		char s[INET_ADDRSTRLEN];
 
-		if ( inet_ntop(AF_INET, &addr.in.in4, s, INET_ADDRSTRLEN) == NULL )
+		if ( ! bro_inet_ntop(AF_INET, &addr.in.in4, s, INET_ADDRSTRLEN) )
 			return "<bad IPv4 address conversion>";
 		else
 			return s;
@@ -257,7 +258,7 @@ string WriterBackend::Render(const threading::Value::addr_t& addr) const
 		{
 		char s[INET6_ADDRSTRLEN];
 
-		if ( inet_ntop(AF_INET6, &addr.in.in6, s, INET6_ADDRSTRLEN) == NULL )
+		if ( ! bro_inet_ntop(AF_INET6, &addr.in.in6, s, INET6_ADDRSTRLEN) )
 			return "<bad IPv6 address conversion>";
 		else
 			return s;

testing/btest/Baseline/core.checksums/bad.out

@@ -1,13 +1,83 @@
-1332784981.078396 weird: bad_IP_checksum
+#separator \x09
-1332784885.686428 weird: bad_TCP_checksum
+#set_separator	,
-1332784933.501023 weird: bad_UDP_checksum
+#empty_field	(empty)
-1334075363.536871 weird: bad_ICMP_checksum
+#unset_field	-
-1332785210.013051 weird: routing0_hdr
+#path	weird
-1332785210.013051 weird: bad_TCP_checksum
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-1332782580.798420 weird: routing0_hdr
+#types	time	string	addr	port	addr	port	string	string	bool	string
-1332782580.798420 weird: bad_UDP_checksum
+1332784981.078396	-	-	-	-	-	bad_IP_checksum	-	F	bro
-1334075111.800086 weird: routing0_hdr
+#separator \x09
-1334075111.800086 weird: bad_ICMP_checksum
+#set_separator	,
-1332785250.469132 weird: bad_TCP_checksum
+#empty_field	(empty)
-1332781342.923813 weird: bad_UDP_checksum
+#unset_field	-
-1334074939.467194 weird: bad_ICMP_checksum
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332784885.686428	UWkUyAuUGXf	127.0.0.1	30000	127.0.0.1	80	bad_TCP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332784933.501023	UWkUyAuUGXf	127.0.0.1	30000	127.0.0.1	13000	bad_UDP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334075363.536871	UWkUyAuUGXf	192.168.1.100	8	192.168.1.101	0	bad_ICMP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332785210.013051	-	-	-	-	-	routing0_hdr	-	F	bro
+1332785210.013051	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:78:1:32::2	80	bad_TCP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332782580.798420	-	-	-	-	-	routing0_hdr	-	F	bro
+1332782580.798420	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:78:1:32::2	13000	bad_UDP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334075111.800086	-	-	-	-	-	routing0_hdr	-	F	bro
+1334075111.800086	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	128	2001:78:1:32::1	129	bad_ICMP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332785250.469132	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:4f8:4:7:2e0:81ff:fe52:9a6b	80	bad_TCP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332781342.923813	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:4f8:4:7:2e0:81ff:fe52:9a6b	13000	bad_UDP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334074939.467194	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	128	2001:4f8:4:7:2e0:81ff:fe52:9a6b	129	bad_ICMP_checksum	-	F	bro

testing/btest/Baseline/core.checksums/good.out

@@ -1,3 +1,56 @@
-1332785125.596793 weird: routing0_hdr
+#separator \x09
-1332782508.592037 weird: routing0_hdr
+#set_separator	,
-1334075027.053380 weird: routing0_hdr
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334074939.467194	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	128	2001:4f8:4:7:2e0:81ff:fe52:9a6b	129	bad_ICMP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332785125.596793	-	-	-	-	-	routing0_hdr	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332782508.592037	-	-	-	-	-	routing0_hdr	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334075027.053380	-	-	-	-	-	routing0_hdr	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334075027.053380	-	-	-	-	-	routing0_hdr	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334075027.053380	-	-	-	-	-	routing0_hdr	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334075027.053380	-	-	-	-	-	routing0_hdr	-	F	bro

testing/btest/Baseline/core.disable-mobile-ipv6/output

@@ -1 +0,0 @@
-1333663011.602839 weird: unknown_protocol_135

testing/btest/Baseline/core.disable-mobile-ipv6/weird.log

@@ -0,0 +1,8 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1333663011.602839	-	-	-	-	-	unknown_protocol_135	-	F	bro

testing/btest/Baseline/core.truncation/output

@@ -1,3 +1,24 @@
-1334160095.895421 weird: truncated_IP
+#separator \x09
-1334156241.519125 weird: truncated_IP
+#set_separator	,
-1334094648.590126 weird: truncated_IP
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334160095.895421	-	-	-	-	-	truncated_IP	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334156241.519125	-	-	-	-	-	truncated_IP	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334094648.590126	-	-	-	-	-	truncated_IP	-	F	bro

testing/btest/Baseline/istate.pybroccoli/bro..stdout

@@ -1,7 +1,7 @@
 ==== atomic
 -10
 2
-1330035434.516896
+1336411585.166009
 2.0 mins
 F
 1.5

testing/btest/Baseline/istate.pybroccoli/python..stdout.filtered

@@ -1,7 +1,7 @@
 ==== atomic a 1 ====
 -4L -4
 42 42
-1330035434.5180
+1336411585.1711
 60.0
 True True
 3.14
@@ -14,7 +14,7 @@ True True
 ==== atomic a 2 ====
 -10L -10
 2 2
-1330035434.5169
+1336411585.1660
 120.0
 False False
 1.5
@@ -27,7 +27,7 @@ False False
 ==== atomic b 2 ====
 -10L -10
 <broccoli.count instance at > 2
-<broccoli.time instance at > 1330035434.5169
+<broccoli.time instance at > 1336411585.1660
 <broccoli.interval instance at > 120.0
 False False
 1.5

testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/local.log

@@ -5,15 +5,15 @@
 #path	local
 #fields	ts	id.orig_h
 #types	time	addr
-1300475168.855330	141.142.220.118
+1300475168.859163	141.142.220.118
 1300475168.652003	141.142.220.118
 1300475168.895267	141.142.220.118
+1300475168.902635	141.142.220.118
+1300475168.892936	141.142.220.118
 1300475168.855305	141.142.220.118
-1300475168.859163	141.142.220.118
 1300475168.892913	141.142.220.118
 1300475168.724007	141.142.220.118
-1300475168.892936	141.142.220.118
+1300475168.855330	141.142.220.118
-1300475168.902635	141.142.220.118
 1300475168.891644	141.142.220.118
 1300475170.862384	141.142.220.226
 1300475168.853899	141.142.220.118

testing/btest/Baseline/scripts.base.protocols.conn.contents-default-extract/contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_orig.dat

@@ -0,0 +1,22 @@
+USER anonymous
+PASS test
+SYST
+FEAT
+PWD
+EPSV
+LIST
+EPSV
+NLST
+TYPE I
+SIZE robots.txt
+EPSV
+RETR robots.txt
+MDTM robots.txt
+SIZE robots.txt
+EPRT |2|2001:470:1f11:81f:c999:d94:aa7c:2e3e|49189|
+RETR robots.txt
+MDTM robots.txt
+TYPE A
+EPRT |2|2001:470:1f11:81f:c999:d94:aa7c:2e3e|49190|
+LIST
+QUIT

testing/btest/Baseline/scripts.base.protocols.conn.contents-default-extract/contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_resp.dat

@@ -0,0 +1,73 @@
+220 ftp.NetBSD.org FTP server (NetBSD-ftpd 20100320) ready.
+331 Guest login ok, type your name as password.
+230-
+    The NetBSD Project FTP Server located in Redwood City, CA, USA
+    1 Gbps connectivity courtesy of                          ,        ,
+    Internet Systems Consortium                 WELCOME!    /(        )`
+                                                            \ \___   / |
+      +--- Currently Supported Platforms ----+              /- _  `-/  '
+      |  acorn[26,32], algor, alpha, amd64,  |             (/\/ \ \   /\
+      |   amiga[,ppc], arc, atari, bebox,    |             / /   | `    \
+      |   cats, cesfic, cobalt, dreamcast,   |             O O   ) /    |
+      |  evb[arm,mips,ppc,sh3], hp[300,700], |             `-^--'`<     '
+      |       hpc[arm,mips,sh], i386,        |            (_.)  _  )   /
+      |      ibmnws, iyonix, luna68k,        |              .___/`    /
+      |    mac[m68k,ppc], mipsco, mmeye,     |               `-----' /
+      |      mvme[m68k,ppc], netwinders,     |  <----.     __ / __   \
+      |   news[m68k,mips], next68k, ofppc,   |  <----|====O)))==) \) /====
+      | playstation2, pmax, prep, sandpoint, |  <----'    `--' `.__,' \
+      |  sbmips, sgimips, shark, sparc[,64], |               |        |
+      |      sun[2,3], vax, x68k, xen        |                \       /
+      +--------------------------------------+           ______( (_  / \_____
+      See our website at http://www.NetBSD.org/        ,'  ,-----'   |       \
+       We log all FTP transfers and commands.          `--{__________)  (FL) \/
+230-
+    EXPORT NOTICE
+    
+    Please note that portions of this FTP site contain cryptographic
+    software controlled under the Export Administration Regulations (EAR).
+    
+    None of this software may be downloaded or otherwise exported or
+    re-exported into (or to a national or resident of) Cuba, Iran, Libya,
+    Sudan, North Korea, Syria or any other country to which the U.S. has
+    embargoed goods.
+    
+    By downloading or using said software, you are agreeing to the
+    foregoing and you are representing and warranting that you are not
+    located in, under the control of, or a national or resident of any
+    such country or on any such list.
+230 Guest login ok, access restrictions apply.
+215 UNIX Type: L8 Version: NetBSD-ftpd 20100320
+211-Features supported
+ MDTM
+ MLST Type*;Size*;Modify*;Perm*;Unique*;
+ REST STREAM
+ SIZE
+ TVFS
+211 End
+257 "/" is the current directory.
+229 Entering Extended Passive Mode (|||57086|)
+150 Opening ASCII mode data connection for '/bin/ls'.
+226 Transfer complete.
+229 Entering Extended Passive Mode (|||57087|)
+150 Opening ASCII mode data connection for 'file list'.
+226 Transfer complete.
+200 Type set to I.
+213 77
+229 Entering Extended Passive Mode (|||57088|)
+150 Opening BINARY mode data connection for 'robots.txt' (77 bytes).
+226 Transfer complete.
+213 20090816112038
+213 77
+200 EPRT command successful.
+150 Opening BINARY mode data connection for 'robots.txt' (77 bytes).
+226 Transfer complete.
+213 20090816112038
+200 Type set to A.
+200 EPRT command successful.
+150 Opening ASCII mode data connection for '/bin/ls'.
+226 Transfer complete.
+221-
+    Data traffic for this session was 154 bytes in 2 files.
+    Total traffic for this session was 4512 bytes in 5 transfers.
+221 Thank you for using the FTP service on ftp.NetBSD.org.

testing/btest/core/checksums.test

@@ -1,23 +1,42 @@
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-bad-chksum.pcap >>bad.out 2>&1
+# @TEST-EXEC: bro -r $TRACES/chksums/ip4-bad-chksum.pcap
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-tcp-bad-chksum.pcap >>bad.out 2>&1
+# @TEST-EXEC: mv weird.log bad.out
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-udp-bad-chksum.pcap >>bad.out 2>&1
+# @TEST-EXEC: bro -r $TRACES/chksums/ip4-tcp-bad-chksum.pcap
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-icmp-bad-chksum.pcap >>bad.out 2>&1
+# @TEST-EXEC: cat weird.log >> bad.out
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-tcp-bad-chksum.pcap >>bad.out 2>&1
+# @TEST-EXEC: bro -r $TRACES/chksums/ip4-udp-bad-chksum.pcap
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-udp-bad-chksum.pcap >>bad.out 2>&1
+# @TEST-EXEC: cat weird.log >> bad.out
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-icmp6-bad-chksum.pcap >>bad.out 2>&1
+# @TEST-EXEC: bro -r $TRACES/chksums/ip4-icmp-bad-chksum.pcap
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-tcp-bad-chksum.pcap >>bad.out 2>&1
+# @TEST-EXEC: cat weird.log >> bad.out
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-udp-bad-chksum.pcap >>bad.out 2>&1
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-tcp-bad-chksum.pcap
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-icmp6-bad-chksum.pcap >>bad.out 2>&1
+# @TEST-EXEC: cat weird.log >> bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-udp-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-icmp6-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-tcp-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-udp-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-icmp6-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
 
+# @TEST-EXEC: bro -r $TRACES/chksums/ip4-tcp-good-chksum.pcap
+# @TEST-EXEC: mv weird.log good.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip4-udp-good-chksum.pcap
+# @TEST-EXEC: test ! -e weird.log
+# @TEST-EXEC: bro -r $TRACES/chksums/ip4-icmp-good-chksum.pcap
+# @TEST-EXEC: test ! -e weird.log
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-tcp-good-chksum.pcap
+# @TEST-EXEC: cat weird.log >> good.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-udp-good-chksum.pcap
+# @TEST-EXEC: cat weird.log >> good.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-icmp6-good-chksum.pcap
+# @TEST-EXEC: cat weird.log >> good.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-tcp-good-chksum.pcap
+# @TEST-EXEC: cat weird.log >> good.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-udp-good-chksum.pcap
+# @TEST-EXEC: cat weird.log >> good.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap
+# @TEST-EXEC: cat weird.log >> good.out
 
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-tcp-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-udp-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-icmp-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-tcp-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-udp-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-icmp6-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-tcp-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-udp-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap >>good.out 2>&1
 # @TEST-EXEC: btest-diff bad.out
 # @TEST-EXEC: btest-diff good.out

testing/btest/core/disable-mobile-ipv6.test

@@ -1,6 +1,6 @@
 # @TEST-REQUIRES: grep -q "#undef ENABLE_MOBILE_IPV6" $BUILD/config.h
-# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT >output 2>&1
+# @TEST-EXEC: bro -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT
-# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: btest-diff weird.log
 
 event mobile_ipv6_message(p: pkt_hdr)
 	{

testing/btest/core/truncation.test

@@ -1,6 +1,9 @@
 # Truncated IP packet's should not be analyzed, and generate truncated_IP weird
 
-# @TEST-EXEC: bro -b -r $TRACES/trunc/ip4-trunc.pcap >>output 2>&1
+# @TEST-EXEC: bro -r $TRACES/trunc/ip4-trunc.pcap
-# @TEST-EXEC: bro -b -r $TRACES/trunc/ip6-trunc.pcap >>output 2>&1
+# @TEST-EXEC: mv weird.log output
-# @TEST-EXEC: bro -b -r $TRACES/trunc/ip6-ext-trunc.pcap >>output 2>&1
+# @TEST-EXEC: bro -r $TRACES/trunc/ip6-trunc.pcap
+# @TEST-EXEC: cat weird.log >> output
+# @TEST-EXEC: bro -r $TRACES/trunc/ip6-ext-trunc.pcap
+# @TEST-EXEC: cat weird.log >> output
 # @TEST-EXEC: btest-diff output

testing/btest/istate/broccoli-ipv6.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-REQUIRES: test -e $BUILD/aux/broccoli/src/libbroccoli.so || test -e $BUILD/aux/broccoli/src/libbroccoli.dylib
 #

testing/btest/istate/broccoli.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-REQUIRES: test -e $BUILD/aux/broccoli/src/libbroccoli.so || test -e $BUILD/aux/broccoli/src/libbroccoli.dylib
 #

testing/btest/istate/events-ssl.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run sender   bro -C -r $TRACES/web.trace --pseudo-realtime ../sender.bro
 # @TEST-EXEC: btest-bg-run receiver bro ../receiver.bro

testing/btest/istate/events.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run sender   bro -C -r $TRACES/web.trace --pseudo-realtime ../sender.bro
 # @TEST-EXEC: btest-bg-run receiver bro ../receiver.bro

testing/btest/istate/pybroccoli.py

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-REQUIRES: test -e $BUILD/aux/broccoli/src/libbroccoli.so || test -e $BUILD/aux/broccoli/src/libbroccoli.dylib
 # @TEST-REQUIRES: test -e $BUILD/aux/broccoli/bindings/broccoli-python/_broccoli_intern.so

testing/btest/istate/sync.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run sender   bro %INPUT ../sender.bro
 # @TEST-EXEC: btest-bg-run receiver bro %INPUT ../receiver.bro

testing/btest/scripts/base/frameworks/cluster/start-it-up.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
 # @TEST-EXEC: btest-bg-run proxy-1   BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT

testing/btest/scripts/base/frameworks/communication/communication_log_baseline.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run receiver bro -b ../receiver.bro
 # @TEST-EXEC: btest-bg-run sender   bro -b ../sender.bro

testing/btest/scripts/base/frameworks/control/configuration_update.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run controllee  BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controllee Communication::listen_port=65531/tcp 
 # @TEST-EXEC: btest-bg-run controller  BROPATH=$BROPATH:.. bro %INPUT test-redef frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65531/tcp Control::cmd=configuration_update

testing/btest/scripts/base/frameworks/control/id_value.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run controllee  BROPATH=$BROPATH:.. bro %INPUT only-for-controllee frameworks/control/controllee Communication::listen_port=65532/tcp 
 # @TEST-EXEC: btest-bg-run controller  BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65532/tcp Control::cmd=id_value Control::arg=test_var

testing/btest/scripts/base/frameworks/control/shutdown.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controllee Communication::listen_port=65530/tcp 
 # @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65530/tcp Control::cmd=shutdown

testing/btest/scripts/base/frameworks/logging/remote-types.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run sender bro --pseudo-realtime %INPUT ../sender.bro
 # @TEST-EXEC: btest-bg-run receiver bro --pseudo-realtime %INPUT ../receiver.bro

testing/btest/scripts/base/frameworks/logging/remote.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run sender bro --pseudo-realtime %INPUT ../sender.bro
 # @TEST-EXEC: sleep 1

testing/btest/scripts/base/frameworks/metrics/basic-cluster.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
 # @TEST-EXEC: btest-bg-run proxy-1   BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT

testing/btest/scripts/base/frameworks/metrics/cluster-intermediate-update.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
 # @TEST-EXEC: btest-bg-run proxy-1   BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT

testing/btest/scripts/base/frameworks/notice/cluster.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
 # @TEST-EXEC: btest-bg-run proxy-1   BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT

testing/btest/scripts/base/frameworks/notice/suppression-cluster.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
 # @TEST-EXEC: btest-bg-run proxy-1   BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT

testing/btest/scripts/base/protocols/conn/contents-default-extract.test

@@ -0,0 +1,3 @@
+# @TEST-EXEC: bro -f "tcp port 21" -r $TRACES/ipv6-ftp.trace "Conn::default_extract=T"
+# @TEST-EXEC: btest-diff contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_orig.dat
+# @TEST-EXEC: btest-diff contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_resp.dat

testing/external/Makefile

@@ -6,11 +6,11 @@ DIAG=diag.log
 
 all:
 	@rm -f $(DIAG)
-	@for repo in $(REPOS); do (cd $$repo && make ); done
+	@for repo in $(REPOS); do (cd $$repo && make -s ); done
 
 brief:
 	@rm -f $(DIAG)
-	@for repo in $(REPOS); do (cd $$repo && make brief ); done
+	@for repo in $(REPOS); do (cd $$repo && make -s brief ); done
 
 init:
 	git clone $(PUBLIC_REPO)

testing/external/scripts/update-traces

@@ -69,8 +69,8 @@ cat $cfg | while read line; do
         eval "$proxy curl $auth -f --anyauth $url -o $file"
         echo
         mv $fp.tmp $fp
-    else
+     #else
-        echo "`basename $file` already available."
+     #  echo "`basename $file` already available."
      fi
 
     rm -f $fp.tmp