Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Propagate BPF_Program error message to script land

Browse source
This commit is contained in:
Tim Wojtulewicz 2022-05-23 17:36:26 -07:00
parent b30d5702f6
commit f8bc23d3e1
4 changed files with 18 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

11
scripts/base/frameworks/packet-filter/main.zeek
View file

@ -281,10 +281,17 @@ function install(): bool
NOTICE([$note=Compile_Failure, NOTICE([$note=Compile_Failure,
$msg=fmt("Compiling packet filter failed"), $msg=fmt("Compiling packet filter failed"),
$sub=tmp_filter]); $sub=tmp_filter]);
local error_string = fmt("Bad pcap filter '%s'", tmp_filter);
local pkt_src_error : string = Pcap::error();
if ( pkt_src_error != "no error" )
error_string = pkt_src_error;
if ( network_time() == 0.0 ) if ( network_time() == 0.0 )
Reporter::fatal(fmt("Bad pcap filter '%s'", tmp_filter)); Reporter::fatal(error_string);
else else
Reporter::warning(fmt("Bad pcap filter '%s'", tmp_filter)); Reporter::warning(error_string);
} }
local diff = current_time()-ts; local diff = current_time()-ts;
if ( diff > max_filter_compile_time ) if ( diff > max_filter_compile_time )

4
testing/btest/Baseline.cpp/core.pcap.filter-error/output
View file

@ -1,4 +0,0 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
fatal error: Bad pcap filter 'kaputt'
----
error, cannot compile BPF filter "kaputt, too"

4
testing/btest/Baseline/core.pcap.filter-error/output
View file

@ -1,4 +0,0 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
fatal error in <...>/main.zeek, line 285: Bad pcap filter 'kaputt'
----
error, cannot compile BPF filter "kaputt, too"

15
testing/btest/core/pcap/filter-error.zeek
View file

@ -1,9 +1,14 @@
# @TEST-EXEC-FAIL: zeek -r $TRACES/workshop_2011_browse.trace -f "kaputt" >>output 2>&1 # Due to the instability of the output from libpcap when it comes to errors when compiling
# filters, we can't rely on a fixed baseline here to diff against. Instead, just do some
# greps to validate that we got a syntax error in the output with the string that we passed
# as a filter.
# @TEST-EXEC-FAIL: zeek -r $TRACES/workshop_2011_browse.trace -f "kaputt" >output 2>&1
# @TEST-EXEC-FAIL: test -e conn.log # @TEST-EXEC-FAIL: test -e conn.log
# @TEST-EXEC: echo ---- >>output # @TEST-EXEC: grep "kaputt" output | grep -q "syntax error"
# @TEST-EXEC: zeek -r $TRACES/workshop_2011_browse.trace %INPUT >>output 2>&1 # @TEST-EXEC: zeek -r $TRACES/workshop_2011_browse.trace %INPUT >output 2>&1
# @TEST-EXEC: test -e conn.log # @TEST-EXEC: test -e conn.log
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output # @TEST-EXEC: grep "kaputt, too" output | grep -q "syntax error"
redef enum PcapFilterID += { A }; redef enum PcapFilterID += { A };
@ -12,5 +17,3 @@ event zeek_init()
if ( ! Pcap::precompile_pcap_filter(A, "kaputt, too") ) if ( ! Pcap::precompile_pcap_filter(A, "kaputt, too") )
print "error", Pcap::error(); print "error", Pcap::error();
} }