Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add opcode/opcode_name to DNS log record

Browse source
This commit is contained in:
Tim Wojtulewicz 2025-09-09 13:57:20 -07:00
parent 26ada4b897
commit fa6eb6c928
31 changed files with 153 additions and 118 deletions
Download patch file Download diff file Expand all files Collapse all files

2
scripts/base/init-bare.zeek
View file

@ -2881,6 +2881,8 @@ type dns_msg: record {
num_answers: count; ##< Number of answer records. num_answers: count; ##< Number of answer records.
num_auth: count; ##< Number of authoritative records. num_auth: count; ##< Number of authoritative records.
num_addl: count; ##< Number of additional records. num_addl: count; ##< Number of additional records.
is_netbios: bool; ##< Whether this message came from NetBIOS.
}; };
## A DNS SOA record. ## A DNS SOA record.

17
scripts/base/protocols/dns/consts.zeek
View file

@ -194,4 +194,21 @@ export {
[5] = "ech", [5] = "ech",
[6] = "ipv6hint", [6] = "ipv6hint",
} &default = function(n: count): string { return fmt("key-%d", n); }; } &default = function(n: count): string { return fmt("key-%d", n); };
## Mapping of DNS operation type codes to human readable string
## representation. The NetBIOS opcodes overlap the standard opcodes,
## hence putting the string versions at invalid values to make lookups
## possible.
const opcodes = {
[0] = "query",
[1] = "iquery",
[2] = "server-status",
[4] = "notify",
[5] = "dynamic-update",
[6] = "dso",
[0xFFFF5] = "netbios-registration",
[0xFFFF6] = "netbios-release",
[0xFFFF7] = "netbios-wack",
[0xFFFF8] = "netbios-refresh",
} &default = function(n: count): string { return fmt("opcode-%d", n); };
} }

15
scripts/base/protocols/dns/main.zeek
View file

@ -71,6 +71,10 @@ export {
TTLs: vector of interval &log &optional; TTLs: vector of interval &log &optional;
## The DNS query was rejected by the server. ## The DNS query was rejected by the server.
rejected: bool &log &default=F; rejected: bool &log &default=F;
## The opcode value of the DNS request/response.
opcode: count &log &optional;
## A descriptive string for the opcode.
opcode_name: string &log &optional;
## The total number of resource records in a reply message's ## The total number of resource records in a reply message's
## answer section. ## answer section.
@ -343,11 +347,20 @@ hook set_session(c: connection, msg: dns_msg, is_query: bool) &priority=5
if ( msg$rcode != 0 && msg$num_queries == 0 ) if ( msg$rcode != 0 && msg$num_queries == 0 )
c$dns$rejected = T; c$dns$rejected = T;
} }
c$dns$opcode = msg$opcode;
if ( msg$is_netbios )
if ( msg$opcode >= 5 )
c$dns$opcode_name = opcodes[msg$opcode + 0xFFFF];
else
c$dns$opcode_name = fmt("netbios-%s", opcodes[msg$opcode]);
else
c$dns$opcode_name = opcodes[msg$opcode];
} }
event dns_message(c: connection, is_orig: bool, msg: dns_msg, len: count) &priority=5 event dns_message(c: connection, is_orig: bool, msg: dns_msg, len: count) &priority=5
{ {
if ( msg$opcode != 0 ) if ( msg$opcode != 0 && msg$opcode != 5 )
# Currently only standard queries are tracked. # Currently only standard queries are tracked.
return; return;

1
src/analyzer/protocol/dns/DNS.cc
View file

@ -1902,6 +1902,7 @@ RecordValPtr DNS_MsgInfo::BuildHdrVal() {
r->Assign(12, an_pr_count); r->Assign(12, an_pr_count);
r->Assign(13, ns_up_count); r->Assign(13, ns_up_count);
r->Assign(14, arcount); r->Assign(14, arcount);
r->Assign(15, is_netbios);
return r; return r;
} }

10
testing/btest/Baseline/core.ipv6-frag/dns.log
View file

@ -5,9 +5,9 @@
#unset_field - #unset_field -
#path dns #path dns
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected opcode opcode_name
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool #types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool count string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 2001:470:1f11:81f:d138:5f55:6d4:1fe2 51850 2607:f740:b::f93 53 udp 3903 0.079300 txtpadding_323.n1.netalyzr.icsi.berkeley.edu 1 C_INTERNET 16 TXT 0 NOERROR T F T F 0 TXT 33 This TXT record should be ignored TXT 21 As it is just padding TXT 136 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 1.000000 F XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 2001:470:1f11:81f:d138:5f55:6d4:1fe2 51850 2607:f740:b::f93 53 udp 3903 0.079300 txtpadding_323.n1.netalyzr.icsi.berkeley.edu 1 C_INTERNET 16 TXT 0 NOERROR T F T F 0 TXT 33 This TXT record should be ignored TXT 21 As it is just padding TXT 136 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 1.000000 F 0 query
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 2001:470:1f11:81f:d138:5f55:6d4:1fe2 51851 2607:f740:b::f93 53 udp 40849 5.084025 txtpadding_3230.n1.netalyzr.icsi.berkeley.edu 1 C_INTERNET 16 TXT 0 NOERROR T F T F 0 TXT 33 This TXT record should be ignored TXT 21 As it is just padding TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 192 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 1.000000 F XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 2001:470:1f11:81f:d138:5f55:6d4:1fe2 51851 2607:f740:b::f93 53 udp 40849 5.084025 txtpadding_3230.n1.netalyzr.icsi.berkeley.edu 1 C_INTERNET 16 TXT 0 NOERROR T F T F 0 TXT 33 This TXT record should be ignored TXT 21 As it is just padding TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 192 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 1.000000 F 0 query
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 2001:470:1f11:81f:d138:5f55:6d4:1fe2 51851 2607:f740:b::f93 53 udp 40849 - txtpadding_3230.n1.netalyzr.icsi.berkeley.edu 1 C_INTERNET 16 TXT - - F F T F 0 - - F XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 2001:470:1f11:81f:d138:5f55:6d4:1fe2 51851 2607:f740:b::f93 53 udp 40849 - txtpadding_3230.n1.netalyzr.icsi.berkeley.edu 1 C_INTERNET 16 TXT - - F F T F 0 - - F 0 query
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

8
testing/btest/Baseline/core.tunnels.gre-over-udp/dns.log
View file

@ -5,8 +5,8 @@
#unset_field - #unset_field -
#path dns #path dns
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected opcode opcode_name
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool #types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool count string
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 172.17.0.2 51714 1.1.1.1 53 udp 63844 0.054238 zeek.org 1 C_INTERNET 1 A 0 NOERROR F F T T 0 192.0.78.150,192.0.78.212 52.000000,52.000000 F XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 172.17.0.2 51714 1.1.1.1 53 udp 63844 0.054238 zeek.org 1 C_INTERNET 1 A 0 NOERROR F F T T 0 192.0.78.150,192.0.78.212 52.000000,52.000000 F 0 query
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 172.17.0.2 51714 1.1.1.1 53 udp 12391 - zeek.org 1 C_INTERNET 28 AAAA 0 NOERROR F F T F 0 - - F XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 172.17.0.2 51714 1.1.1.1 53 udp 12391 - zeek.org 1 C_INTERNET 28 AAAA 0 NOERROR F F T F 0 - - F 0 query
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/core.tunnels.gre-pptp/dns.log
View file

@ -5,7 +5,7 @@
#unset_field - #unset_field -
#path dns #path dns
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected opcode opcode_name
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool #types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool count string
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 172.16.44.3 40768 8.8.8.8 53 udp 42540 - xqt-detect-mode2-97712e88-167a-45b9-93ee-913140e76678 1 C_INTERNET 28 AAAA 3 NXDOMAIN F F T F 0 - - F XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 172.16.44.3 40768 8.8.8.8 53 udp 42540 - xqt-detect-mode2-97712e88-167a-45b9-93ee-913140e76678 1 C_INTERNET 28 AAAA 3 NXDOMAIN F F T F 0 - - F 0 query
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

8
testing/btest/Baseline/core.tunnels.gre/dns.log
View file

@ -5,8 +5,8 @@
#unset_field - #unset_field -
#path dns #path dns
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected opcode opcode_name
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool #types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool count string
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 66.59.111.190 37675 172.28.2.3 53 udp 48554 - www.gleeble.org 1 C_INTERNET 255 * - - F F T F 0 - - F XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 66.59.111.190 37675 172.28.2.3 53 udp 48554 - www.gleeble.org 1 C_INTERNET 255 * - - F F T F 0 - - F 0 query
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 66.59.111.190 37675 172.28.2.3 53 udp 48554 - www.gleeble.org 1 C_INTERNET 255 * - - F F T F 0 - - F XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 66.59.111.190 37675 172.28.2.3 53 udp 48554 - www.gleeble.org 1 C_INTERNET 255 * - - F F T F 0 - - F 0 query
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/core.tunnels.gtp.false_gtp/dns.log
View file

@ -5,7 +5,7 @@
#unset_field - #unset_field -
#path dns #path dns
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected opcode opcode_name
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool #types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool count string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.131.24.6 2152 195.178.38.3 53 udp 27595 - abcd.efg.hijklm.nm 1 C_INTERNET 1 A - - F F T F 0 - - F XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.131.24.6 2152 195.178.38.3 53 udp 27595 - abcd.efg.hijklm.nm 1 C_INTERNET 1 A - - F F T F 0 - - F 0 query
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/coverage.record-fields/out.default
View file

@ -100,6 +100,8 @@ connection {
* answers: vector of string, log=T, optional=T * answers: vector of string, log=T, optional=T
* id: record conn_id, log=T, optional=F * id: record conn_id, log=T, optional=F
conn_id { ... } conn_id { ... }
* opcode: count, log=T, optional=T
* opcode_name: string, log=T, optional=T
* proto: enum transport_proto, log=T, optional=F * proto: enum transport_proto, log=T, optional=F
* qclass: count, log=T, optional=T * qclass: count, log=T, optional=T
* qclass_name: string, log=T, optional=T * qclass_name: string, log=T, optional=T

72
testing/btest/Baseline/opt.basic/dns.log
View file

@ -5,40 +5,40 @@
#unset_field - #unset_field -
#path dns #path dns
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected opcode opcode_name
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool #types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool count string
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 43927 141.142.2.2 53 udp 42996 - upload.wikimedia.org 1 C_INTERNET 28 AAAA 0 NOERROR F F T F 0 - - F XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 43927 141.142.2.2 53 udp 42996 - upload.wikimedia.org 1 C_INTERNET 28 AAAA 0 NOERROR F F T F 0 - - F 0 query
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 37676 141.142.2.2 53 udp 26428 - upload.wikimedia.org.ncsa.uiuc.edu 1 C_INTERNET 28 AAAA 3 NXDOMAIN F F T F 0 - - F XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 37676 141.142.2.2 53 udp 26428 - upload.wikimedia.org.ncsa.uiuc.edu 1 C_INTERNET 28 AAAA 3 NXDOMAIN F F T F 0 - - F 0 query
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 40526 141.142.2.2 53 udp 26096 0.000392 upload.wikimedia.org 1 C_INTERNET 1 A 0 NOERROR F F T T 0 upload.pmtpa.wikimedia.org,208.80.152.3 124.000000,2156.000000 F XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 40526 141.142.2.2 53 udp 26096 0.000392 upload.wikimedia.org 1 C_INTERNET 1 A 0 NOERROR F F T T 0 upload.pmtpa.wikimedia.org,208.80.152.3 124.000000,2156.000000 F 0 query
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 32902 141.142.2.2 53 udp 31201 - upload.wikimedia.org 1 C_INTERNET 28 AAAA 0 NOERROR F F T F 0 - - F XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 32902 141.142.2.2 53 udp 31201 - upload.wikimedia.org 1 C_INTERNET 28 AAAA 0 NOERROR F F T F 0 - - F 0 query
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 59816 141.142.2.2 53 udp 39814 - upload.wikimedia.org.ncsa.uiuc.edu 1 C_INTERNET 28 AAAA 3 NXDOMAIN F F T F 0 - - F XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 59816 141.142.2.2 53 udp 39814 - upload.wikimedia.org.ncsa.uiuc.edu 1 C_INTERNET 28 AAAA 3 NXDOMAIN F F T F 0 - - F 0 query
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 59714 141.142.2.2 53 udp 56376 0.000375 upload.wikimedia.org 1 C_INTERNET 1 A 0 NOERROR F F T T 0 upload.pmtpa.wikimedia.org,208.80.152.3 124.000000,2156.000000 F XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 59714 141.142.2.2 53 udp 56376 0.000375 upload.wikimedia.org 1 C_INTERNET 1 A 0 NOERROR F F T T 0 upload.pmtpa.wikimedia.org,208.80.152.3 124.000000,2156.000000 F 0 query
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 58206 141.142.2.2 53 udp 51988 - upload.wikimedia.org 1 C_INTERNET 28 AAAA 0 NOERROR F F T F 0 - - F XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 58206 141.142.2.2 53 udp 51988 - upload.wikimedia.org 1 C_INTERNET 28 AAAA 0 NOERROR F F T F 0 - - F 0 query
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 38911 141.142.2.2 53 udp 1085 - upload.wikimedia.org.ncsa.uiuc.edu 1 C_INTERNET 28 AAAA 3 NXDOMAIN F F T F 0 - - F XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 38911 141.142.2.2 53 udp 1085 - upload.wikimedia.org.ncsa.uiuc.edu 1 C_INTERNET 28 AAAA 3 NXDOMAIN F F T F 0 - - F 0 query
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 59746 141.142.2.2 53 udp 10729 0.000421 upload.wikimedia.org 1 C_INTERNET 1 A 0 NOERROR F F T T 0 upload.pmtpa.wikimedia.org,208.80.152.3 124.000000,2156.000000 F XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 59746 141.142.2.2 53 udp 10729 0.000421 upload.wikimedia.org 1 C_INTERNET 1 A 0 NOERROR F F T T 0 upload.pmtpa.wikimedia.org,208.80.152.3 124.000000,2156.000000 F 0 query
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 45000 141.142.2.2 53 udp 56663 - upload.wikimedia.org 1 C_INTERNET 28 AAAA 0 NOERROR F F T F 0 - - F XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 45000 141.142.2.2 53 udp 56663 - upload.wikimedia.org 1 C_INTERNET 28 AAAA 0 NOERROR F F T F 0 - - F 0 query
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 48479 141.142.2.2 53 udp 41417 - upload.wikimedia.org.ncsa.uiuc.edu 1 C_INTERNET 28 AAAA 3 NXDOMAIN F F T F 0 - - F XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 48479 141.142.2.2 53 udp 41417 - upload.wikimedia.org.ncsa.uiuc.edu 1 C_INTERNET 28 AAAA 3 NXDOMAIN F F T F 0 - - F 0 query
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 48128 141.142.2.2 53 udp 49233 0.000423 upload.wikimedia.org 1 C_INTERNET 1 A 0 NOERROR F F T T 0 upload.pmtpa.wikimedia.org,208.80.152.3 124.000000,2156.000000 F XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 48128 141.142.2.2 53 udp 49233 0.000423 upload.wikimedia.org 1 C_INTERNET 1 A 0 NOERROR F F T T 0 upload.pmtpa.wikimedia.org,208.80.152.3 124.000000,2156.000000 F 0 query
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.118 56056 141.142.2.2 53 udp 17147 0.000402 meta.wikimedia.org 1 C_INTERNET 28 AAAA 0 NOERROR F F T T 0 text.wikimedia.org,text.pmtpa.wikimedia.org 723.000000,593.000000 F XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.118 56056 141.142.2.2 53 udp 17147 0.000402 meta.wikimedia.org 1 C_INTERNET 28 AAAA 0 NOERROR F F T T 0 text.wikimedia.org,text.pmtpa.wikimedia.org 723.000000,593.000000 F 0 query
XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.118 55092 141.142.2.2 53 udp 16954 0.000374 meta.wikimedia.org 1 C_INTERNET 1 A 0 NOERROR F F T T 0 text.wikimedia.org,text.pmtpa.wikimedia.org,208.80.152.2 723.000000,593.000000,2141.000000 F XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.118 55092 141.142.2.2 53 udp 16954 0.000374 meta.wikimedia.org 1 C_INTERNET 1 A 0 NOERROR F F T T 0 text.wikimedia.org,text.pmtpa.wikimedia.org,208.80.152.2 723.000000,593.000000,2141.000000 F 0 query
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.202 5353 224.0.0.251 5353 udp 0 - gemini._sftp-ssh._tcp.local 1 C_INTERNET 33 SRV - - F F F F 0 - - F XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.202 5353 224.0.0.251 5353 udp 0 - gemini._sftp-ssh._tcp.local 1 C_INTERNET 33 SRV - - F F F F 0 - - F 0 query
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp 0 - gemini._sftp-ssh._tcp.local - - - - 0 NOERROR T F F F 0 gemini.local 120.000000 F XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp 0 - gemini._sftp-ssh._tcp.local - - - - 0 NOERROR T F F F 0 gemini.local 120.000000 F 0 query
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.50 5353 224.0.0.251 5353 udp 0 - gemini._sftp-ssh._tcp.local - - - - 0 NOERROR T F F F 0 gemini.local 120.000000 F XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.50 5353 224.0.0.251 5353 udp 0 - gemini._sftp-ssh._tcp.local - - - - 0 NOERROR T F F F 0 gemini.local 120.000000 F 0 query
XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.44 5353 224.0.0.251 5353 udp 0 - gomez._sftp-ssh._tcp.local 1 C_INTERNET 16 TXT - - F F F F 0 - - F XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.44 5353 224.0.0.251 5353 udp 0 - gomez._sftp-ssh._tcp.local 1 C_INTERNET 16 TXT - - F F F F 0 - - F 0 query
XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 137 141.142.220.255 137 udp 65390 - BRWC0CB383D1F42 1 C_INTERNET 32 NIMLOC - - F F T F 1 - - F XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 137 141.142.220.255 137 udp 65390 - BRWC0CB383D1F42 1 C_INTERNET 32 NIMLOC - - F F T F 1 - - F 0 netbios-query
XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 137 141.142.220.255 137 udp 65394 - BRWC0CB383D1F42 1 C_INTERNET 32 NIMLOC - - F F T F 1 - - F XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 137 141.142.220.255 137 udp 65394 - BRWC0CB383D1F42 1 C_INTERNET 32 NIMLOC - - F F T F 1 - - F 0 netbios-query
XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 137 141.142.220.255 137 udp 65394 - BRWC0CB383D1F42 1 C_INTERNET 32 NIMLOC - - F F T F 1 - - F XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 137 141.142.220.255 137 udp 65394 - BRWC0CB383D1F42 1 C_INTERNET 32 NIMLOC - - F F T F 1 - - F 0 netbios-query
XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 137 141.142.220.255 137 udp 65394 - BRWC0CB383D1F42 1 C_INTERNET 32 NIMLOC - - F F T F 1 - - F XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 137 141.142.220.255 137 udp 65394 - BRWC0CB383D1F42 1 C_INTERNET 32 NIMLOC - - F F T F 1 - - F 0 netbios-query
XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 137 141.142.220.255 137 udp 65390 - BRWC0CB383D1F42 1 C_INTERNET 32 NIMLOC - - F F T F 1 - - F XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 137 141.142.220.255 137 udp 65390 - BRWC0CB383D1F42 1 C_INTERNET 32 NIMLOC - - F F T F 1 - - F 0 netbios-query
XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 137 141.142.220.255 137 udp 65390 - BRWC0CB383D1F42 1 C_INTERNET 32 NIMLOC - - F F T F 1 - - F XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 137 141.142.220.255 137 udp 65390 - BRWC0CB383D1F42 1 C_INTERNET 32 NIMLOC - - F F T F 1 - - F 0 netbios-query
XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 137 141.142.220.255 137 udp 65398 - BRWC0CB383D1F42 1 C_INTERNET 32 NIMLOC - - F F T F 1 - - F XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 137 141.142.220.255 137 udp 65398 - BRWC0CB383D1F42 1 C_INTERNET 32 NIMLOC - - F F T F 1 - - F 0 netbios-query
XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp 17952 - brwc0cb383d1f42 1 C_INTERNET 1 A - - F F F F 0 - - F XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp 17952 - brwc0cb383d1f42 1 C_INTERNET 1 A - - F F F F 0 - - F 0 query
XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp 17952 - brwc0cb383d1f42 1 C_INTERNET 1 A - - F F F F 0 - - F XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp 17952 - brwc0cb383d1f42 1 C_INTERNET 1 A - - F F F F 0 - - F 0 query
XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.226 55131 224.0.0.252 5355 udp 17952 - brwc0cb383d1f42 1 C_INTERNET 1 A - - F F F F 0 - - F XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.226 55131 224.0.0.252 5355 udp 17952 - brwc0cb383d1f42 1 C_INTERNET 1 A - - F F F F 0 - - F 0 query
XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.226 55131 224.0.0.252 5355 udp 17952 - brwc0cb383d1f42 1 C_INTERNET 1 A - - F F F F 0 - - F XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.226 55131 224.0.0.252 5355 udp 17952 - brwc0cb383d1f42 1 C_INTERNET 1 A - - F F F F 0 - - F 0 query
XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp 47948 - brwc0cb383d1f42 1 C_INTERNET 1 A - - F F F F 0 - - F XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp 47948 - brwc0cb383d1f42 1 C_INTERNET 1 A - - F F F F 0 - - F 0 query
XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp 47948 - brwc0cb383d1f42 1 C_INTERNET 1 A - - F F F F 0 - - F XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp 47948 - brwc0cb383d1f42 1 C_INTERNET 1 A - - F F F F 0 - - F 0 query
XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 141.142.220.226 55671 224.0.0.252 5355 udp 47948 - brwc0cb383d1f42 1 C_INTERNET 1 A - - F F F F 0 - - F XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 141.142.220.226 55671 224.0.0.252 5355 udp 47948 - brwc0cb383d1f42 1 C_INTERNET 1 A - - F F F F 0 - - F 0 query
XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 141.142.220.226 55671 224.0.0.252 5355 udp 47948 - brwc0cb383d1f42 1 C_INTERNET 1 A - - F F F F 0 - - F XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 141.142.220.226 55671 224.0.0.252 5355 udp 47948 - brwc0cb383d1f42 1 C_INTERNET 1 A - - F F F F 0 - - F 0 query
XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 141.142.220.238 56641 141.142.220.255 137 udp 9321 - WORKGROUP 1 C_INTERNET 32 NIMLOC - - F F T F 1 - - F XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 141.142.220.238 56641 141.142.220.255 137 udp 9321 - WORKGROUP 1 C_INTERNET 32 NIMLOC - - F F T F 1 - - F 0 netbios-query
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.dns.binds/dns.log
View file

@ -5,7 +5,7 @@
#unset_field - #unset_field -
#path dns #path dns
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected auth addl #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected opcode opcode_name auth addl
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool set[string] set[string] #types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool count string set[string] set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.87.3.74 51871 10.87.1.10 53 udp 27571 0.002004 example.net 1 C_INTERNET 65534 query-65534 0 NOERROR T F T T 2 BIND9 signing signal,BIND9 signing signal,BIND9 signing signal,BIND9 signing signal,BIND9 signing signal,BIND9 signing signal,BIND9 signing signal,BIND9 signing signal,BIND9 signing signal,BIND9 signing signal,BIND9 signing signal,BIND9 signing signal,BIND9 signing signal,BIND9 signing signal,BIND9 signing signal,BIND9 signing signal 0.000000,0.000000,0.000000,0.000000,0.000000,0.000000,0.000000,0.000000,0.000000,0.000000,0.000000,0.000000,0.000000,0.000000,0.000000,0.000000 F - - XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.87.3.74 51871 10.87.1.10 53 udp 27571 0.002004 example.net 1 C_INTERNET 65534 query-65534 0 NOERROR T F T T 2 BIND9 signing signal,BIND9 signing signal,BIND9 signing signal,BIND9 signing signal,BIND9 signing signal,BIND9 signing signal,BIND9 signing signal,BIND9 signing signal,BIND9 signing signal,BIND9 signing signal,BIND9 signing signal,BIND9 signing signal,BIND9 signing signal,BIND9 signing signal,BIND9 signing signal,BIND9 signing signal 0.000000,0.000000,0.000000,0.000000,0.000000,0.000000,0.000000,0.000000,0.000000,0.000000,0.000000,0.000000,0.000000,0.000000,0.000000,0.000000 F 0 query - -
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.dns.dns-key/dns.log
View file

@ -5,7 +5,7 @@
#unset_field - #unset_field -
#path dns #path dns
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected opcode opcode_name
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool #types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool count string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.6.10 53209 192.168.129.36 53 udp 41477 0.075138 paypal.com 1 C_INTERNET 48 DNSKEY 0 NOERROR F F T T 1 DNSKEY 5,DNSKEY 5,RRSIG 48 paypal.com,RRSIG 48 paypal.com 455.000000,455.000000,455.000000,455.000000 F XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.6.10 53209 192.168.129.36 53 udp 41477 0.075138 paypal.com 1 C_INTERNET 48 DNSKEY 0 NOERROR F F T T 1 DNSKEY 5,DNSKEY 5,RRSIG 48 paypal.com,RRSIG 48 paypal.com 455.000000,455.000000,455.000000,455.000000 F 0 query
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.dns.dnskey/dns.log
View file

@ -5,7 +5,7 @@
#unset_field - #unset_field -
#path dns #path dns
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected opcode opcode_name
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool #types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool count string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.153.129 50729 192.168.153.2 53 udp 22666 0.018166 upenn.edu 1 C_INTERNET 48 DNSKEY 0 NOERROR F F T T 2 DNSKEY 5,DNSKEY 5,DNSKEY 5,RRSIG 48 upenn.edu,RRSIG 48 upenn.edu 5.000000,5.000000,5.000000,3444.000000,3444.000000 F XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.153.129 50729 192.168.153.2 53 udp 22666 0.018166 upenn.edu 1 C_INTERNET 48 DNSKEY 0 NOERROR F F T T 2 DNSKEY 5,DNSKEY 5,DNSKEY 5,RRSIG 48 upenn.edu,RRSIG 48 upenn.edu 5.000000,5.000000,5.000000,3444.000000,3444.000000 F 0 query
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.dns.ds/dns.log
View file

@ -5,7 +5,7 @@
#unset_field - #unset_field -
#path dns #path dns
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected opcode opcode_name
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool #types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool count string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.153.129 50729 192.168.153.2 53 udp 39080 0.017821 upenn.edu 1 C_INTERNET 43 DS 0 NOERROR F F T T 2 DS 5 1,DS 5 2,RRSIG 43 edu 5.000000,5.000000,5.000000 F XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.153.129 50729 192.168.153.2 53 udp 39080 0.017821 upenn.edu 1 C_INTERNET 43 DS 0 NOERROR F F T T 2 DS 5 1,DS 5 2,RRSIG 43 edu 5.000000,5.000000,5.000000 F 0 query
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

8
testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/dns.log
View file

@ -5,8 +5,8 @@
#unset_field - #unset_field -
#path dns #path dns
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected opcode opcode_name
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool #types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool count string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 55.247.223.174 27285 222.195.43.124 53 udp 21140 0.000214 www.cmu.edu 1 C_INTERNET 1 A 0 NOERROR T F F F 1 www-cmu.andrew.cmu.edu,RRSIG 5 cmu.edu,www-cmu-2.andrew.cmu.edu,128.2.10.163 86400.000000,86400.000000,5.000000,21600.000000 F XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 55.247.223.174 27285 222.195.43.124 53 udp 21140 0.000214 www.cmu.edu 1 C_INTERNET 1 A 0 NOERROR T F F F 1 www-cmu.andrew.cmu.edu,RRSIG 5 cmu.edu,www-cmu-2.andrew.cmu.edu,128.2.10.163 86400.000000,86400.000000,5.000000,21600.000000 F 0 query
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 55.247.223.174 27285 222.195.43.124 53 udp 21140 - www.cmu.edu - - - - 0 NOERROR T F F F 0 www-cmu.andrew.cmu.edu,RRSIG 5 cmu.edu,www-cmu-2.andrew.cmu.edu,128.2.10.163 86400.000000,86400.000000,5.000000,21600.000000 F XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 55.247.223.174 27285 222.195.43.124 53 udp 21140 - www.cmu.edu - - - - 0 NOERROR T F F F 0 www-cmu.andrew.cmu.edu,RRSIG 5 cmu.edu,www-cmu-2.andrew.cmu.edu,128.2.10.163 86400.000000,86400.000000,5.000000,21600.000000 F 0 query
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.dns.flip/dns.log
View file

@ -5,7 +5,7 @@
#unset_field - #unset_field -
#path dns #path dns
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected opcode opcode_name
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool #types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool count string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.20.1.31 53 207.158.192.40 53 udp 25701 - us.v27.distributed.net - - - - 0 NOERROR T F F T 0 206.109.64.186,216.1.205.81,205.149.163.211,134.53.131.135,134.53.131.192,128.104.18.148,204.152.186.139,63.77.33.226 900.000000,900.000000,900.000000,900.000000,900.000000,900.000000,900.000000,900.000000 F XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.20.1.31 53 207.158.192.40 53 udp 25701 - us.v27.distributed.net - - - - 0 NOERROR T F F T 0 206.109.64.186,216.1.205.81,205.149.163.211,134.53.131.135,134.53.131.192,128.104.18.148,204.152.186.139,63.77.33.226 900.000000,900.000000,900.000000,900.000000,900.000000,900.000000,900.000000,900.000000 F 0 query
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.dns.hinfo/.stdout
View file

@ -1,2 +1,2 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
HINFO, [id=51592, opcode=0, rcode=0, QR=T, AA=T, TC=F, RD=T, RA=T, Z=0, AD=F, CD=F, num_queries=1, num_answers=1, num_auth=0, num_addl=1], [answer_type=1, query=zeek.example.net, qtype=13, qclass=1, TTL=1.0 hr], INTEL-386, Windows HINFO, [id=51592, opcode=0, rcode=0, QR=T, AA=T, TC=F, RD=T, RA=T, Z=0, AD=F, CD=F, num_queries=1, num_answers=1, num_auth=0, num_addl=1, is_netbios=F], [answer_type=1, query=zeek.example.net, qtype=13, qclass=1, TTL=1.0 hr], INTEL-386, Windows

6
testing/btest/Baseline/scripts.base.protocols.dns.loc/dns.log
View file

@ -5,7 +5,7 @@
#unset_field - #unset_field -
#path dns #path dns
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected opcode opcode_name
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool #types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool count string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 79.141.82.250 57483 192.188.22.52 53 udp 33295 0.000195 sunn-pt1.es.net 1 C_INTERNET 255 * 0 NOERROR T F F F 0 LOC: 18 21 19,RRSIG 29 es.net 600.000000,600.000000 F XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 79.141.82.250 57483 192.188.22.52 53 udp 33295 0.000195 sunn-pt1.es.net 1 C_INTERNET 255 * 0 NOERROR T F F F 0 LOC: 18 21 19,RRSIG 29 es.net 600.000000,600.000000 F 0 query
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.dns.multiple-txt-strings/dns.log
View file

@ -5,7 +5,7 @@
#unset_field - #unset_field -
#path dns #path dns
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected opcode opcode_name
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool #types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool count string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.150.187.50 51946 68.142.255.16 53 udp 28079 - flkr._domainkey.flickr.com - - - - 0 NOERROR T F F F 0 fa14._domainkey.flickr.com,fa14._domainkey.yahoo.com,TXT 127 k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPdPfyJM2R2GqMyZM1flTzFeDIU+e7KmiKRw5yz3Xht+cgEIiHmm5lIGBuWCc5rtiy0CcxePpqccPKjn TXT 98 HSrDI23PU+HOuqJ6ergE1IOsL6LOEgG6YT53vMb8Z6UiBSsYPlrDEC+8CUIkTLMLXJauRK5bNRKV1ATGzGFpf3TjZtWwIDAQAB 900.000000,900.000000,7200.000000 F XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.150.187.50 51946 68.142.255.16 53 udp 28079 - flkr._domainkey.flickr.com - - - - 0 NOERROR T F F F 0 fa14._domainkey.flickr.com,fa14._domainkey.yahoo.com,TXT 127 k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPdPfyJM2R2GqMyZM1flTzFeDIU+e7KmiKRw5yz3Xht+cgEIiHmm5lIGBuWCc5rtiy0CcxePpqccPKjn TXT 98 HSrDI23PU+HOuqJ6ergE1IOsL6LOEgG6YT53vMb8Z6UiBSsYPlrDEC+8CUIkTLMLXJauRK5bNRKV1ATGzGFpf3TjZtWwIDAQAB 900.000000,900.000000,7200.000000 F 0 query
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.dns.naptr/out
View file

@ -1,2 +1,2 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
NAPTR, [id=20970, opcode=0, rcode=0, QR=T, AA=F, TC=F, RD=T, RA=T, Z=0, AD=F, CD=F, num_queries=1, num_answers=1, num_auth=0, num_addl=0], [answer_type=1, query=fp-de-carrier-vodafone.rcs.telephony.goog, qtype=35, qclass=1, TTL=2.0 mins 48.0 secs], [order=100, preference=100, flags=s, service=SIPS+D2T, regexp=, replacement=_sips._tcp.fp-de-carrier-vodafone.rcs.telephony.goog] NAPTR, [id=20970, opcode=0, rcode=0, QR=T, AA=F, TC=F, RD=T, RA=T, Z=0, AD=F, CD=F, num_queries=1, num_answers=1, num_auth=0, num_addl=0, is_netbios=F], [answer_type=1, query=fp-de-carrier-vodafone.rcs.telephony.goog, qtype=35, qclass=1, TTL=2.0 mins 48.0 secs], [order=100, preference=100, flags=s, service=SIPS+D2T, regexp=, replacement=_sips._tcp.fp-de-carrier-vodafone.rcs.telephony.goog]

8
testing/btest/Baseline/scripts.base.protocols.dns.nsec/dns.log
View file

@ -5,8 +5,8 @@
#unset_field - #unset_field -
#path dns #path dns
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected auth addl #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected opcode opcode_name auth addl
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool set[string] set[string] #types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool count string set[string] set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 35.184.172.191 57073 128.175.13.16 53 udp 130 - dla.library.upenn.edu 1 C_INTERNET 28 AAAA 0 NOERROR F F F F 1 - - F RRSIG 47 upenn.edu,RRSIG 6 upenn.edu,NSEC dla.library.upenn.edu dlxssvr.library.upenn.edu,assailants.net.isc.upenn.edu - XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 35.184.172.191 57073 128.175.13.16 53 udp 130 - dla.library.upenn.edu 1 C_INTERNET 28 AAAA 0 NOERROR F F F F 1 - - F 0 query RRSIG 47 upenn.edu,RRSIG 6 upenn.edu,NSEC dla.library.upenn.edu dlxssvr.library.upenn.edu,assailants.net.isc.upenn.edu -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 35.184.172.191 50693 128.175.13.16 53 udp 51063 0.001515 www.upenn.edu 1 C_INTERNET 1 A 0 NOERROR T F F F 1 www.upenn.edgekey.net,RRSIG 5 upenn.edu 300.000000,300.000000 F - - XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 35.184.172.191 50693 128.175.13.16 53 udp 51063 0.001515 www.upenn.edu 1 C_INTERNET 1 A 0 NOERROR T F F F 1 www.upenn.edgekey.net,RRSIG 5 upenn.edu 300.000000,300.000000 F 0 query - -
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.dns.nsec3/dns.log
View file

@ -5,7 +5,7 @@
#unset_field - #unset_field -
#path dns #path dns
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected auth addl #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected opcode opcode_name auth addl
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool set[string] set[string] #types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool count string set[string] set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.102 49324 192.168.1.1 53 udp 9835 - foobar.sshfp.net 1 C_INTERNET 1 A 3 NXDOMAIN F F T F 2 - - F ns0.weberdns.de,RRSIG 6 sshfp.net,NSEC3,RRSIG 50 sshfp.net - XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.102 49324 192.168.1.1 53 udp 9835 - foobar.sshfp.net 1 C_INTERNET 1 A 3 NXDOMAIN F F T F 2 - - F 0 query ns0.weberdns.de,RRSIG 6 sshfp.net,NSEC3,RRSIG 50 sshfp.net -
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.dns.nsec3param/dns.log
View file

@ -5,7 +5,7 @@
#unset_field - #unset_field -
#path dns #path dns
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected auth addl #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected opcode opcode_name auth addl
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool set[string] set[string] #types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool count string set[string] set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.87.3.18 53540 10.87.1.54 53 udp 15626 0.522010 sshfp.net 1 C_INTERNET 51 NSEC3PARAM 0 NOERROR F F T T 2 NSEC3PARAM 0.000000 F - - XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.87.3.18 53540 10.87.1.54 53 udp 15626 0.522010 sshfp.net 1 C_INTERNET 51 NSEC3PARAM 0 NOERROR F F T T 2 NSEC3PARAM 0.000000 F 0 query - -
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

12
testing/btest/Baseline/scripts.base.protocols.dns.rrsig/dns.log
View file

@ -5,10 +5,10 @@
#unset_field - #unset_field -
#path dns #path dns
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected opcode opcode_name
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool #types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool count string
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 35.184.172.191 10267 128.175.13.16 53 udp 17129 0.003405 virgo.sas.upenn.edu 1 C_INTERNET 1 A 0 NOERROR T F F F 1 128.91.234.142,RRSIG 1 upenn.edu 30.000000,30.000000 F XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 35.184.172.191 10267 128.175.13.16 53 udp 17129 0.003405 virgo.sas.upenn.edu 1 C_INTERNET 1 A 0 NOERROR T F F F 1 128.91.234.142,RRSIG 1 upenn.edu 30.000000,30.000000 F 0 query
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 35.184.172.191 50056 128.175.13.16 53 udp 26222 0.003363 virgo.sas.upenn.edu 1 C_INTERNET 1 A 0 NOERROR T F F F 1 128.91.234.142,RRSIG 1 upenn.edu 30.000000,30.000000 F XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 35.184.172.191 50056 128.175.13.16 53 udp 26222 0.003363 virgo.sas.upenn.edu 1 C_INTERNET 1 A 0 NOERROR T F F F 1 128.91.234.142,RRSIG 1 upenn.edu 30.000000,30.000000 F 0 query
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 35.184.172.191 39975 128.175.13.16 53 udp 27118 0.003748 workfamily.sas.upenn.edu 1 C_INTERNET 1 A 0 NOERROR T F F F 1 quasar.sas.upenn.edu,RRSIG 5 upenn.edu,128.91.234.145,RRSIG 1 upenn.edu 900.000000,900.000000,30.000000,30.000000 F XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 35.184.172.191 39975 128.175.13.16 53 udp 27118 0.003748 workfamily.sas.upenn.edu 1 C_INTERNET 1 A 0 NOERROR T F F F 1 quasar.sas.upenn.edu,RRSIG 5 upenn.edu,128.91.234.145,RRSIG 1 upenn.edu 900.000000,900.000000,30.000000,30.000000 F 0 query
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 35.184.172.191 5386 128.175.13.16 53 udp 62809 - virgo.sas.upenn.edu 1 C_INTERNET 1 A - - F F F F 1 - - F XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 35.184.172.191 5386 128.175.13.16 53 udp 62809 - virgo.sas.upenn.edu 1 C_INTERNET 1 A - - F F F F 1 - - F 0 query
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.dns.spf/dns.log
View file

@ -5,7 +5,7 @@
#unset_field - #unset_field -
#path dns #path dns
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected opcode opcode_name
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool #types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool count string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.91.0.62 57806 10.91.1.59 53 udp 64161 - mail.vladg.net - - - - 0 NOERROR F F F T 0 SPF 19 v=spf1 mx -all test,SPF 14 v=spf1 mx -all 300.000000,300.000000 F XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.91.0.62 57806 10.91.1.59 53 udp 64161 - mail.vladg.net - - - - 0 NOERROR F F F T 0 SPF 19 v=spf1 mx -all test,SPF 14 v=spf1 mx -all 300.000000,300.000000 F 0 query
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

8
testing/btest/Baseline/scripts.base.protocols.dns.sshfp/dns.log
View file

@ -5,8 +5,8 @@
#unset_field - #unset_field -
#path dns #path dns
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected opcode opcode_name
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool #types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool count string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 128.3.121.180 54109 192.188.22.52 53 udp 40916 0.000200 mon.lbl.gov 1 C_INTERNET 44 SSHFP 0 NOERROR T F F F 1 SSHFP: a6b95f9eba1104a7272a362e8bfbcbebd5726dcf,SSHFP: 520711b47c300b819cfb696a845007c420de4df30ae3953004b6cfb2bd2c6a46,SSHFP: 5b72c59cceaea2c210f14156e20e6aff829b3e3b,SSHFP: c052721a978470b36fe5b9222f234400f369172b,SSHFP: 0b24d970aa05b708804d35eea3a8c1a6c355e545,SSHFP: 2870056915073c1e189fc7bf04bbce4512be09a0104f64ae3cfa072b8e06dd2b,SSHFP: 562cb91a82129b62ee4fd92ca202a72b844b7e84ac29dec75654453550201e82,SSHFP: c692deb7667ceee670d3e6863b5de7b140fe0ba0183a52f6ccbb4247f7b0ab29,RRSIG 44 lbl.gov 43200.000000,43200.000000,43200.000000,43200.000000,43200.000000,43200.000000,43200.000000,43200.000000,43200.000000 F XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 128.3.121.180 54109 192.188.22.52 53 udp 40916 0.000200 mon.lbl.gov 1 C_INTERNET 44 SSHFP 0 NOERROR T F F F 1 SSHFP: a6b95f9eba1104a7272a362e8bfbcbebd5726dcf,SSHFP: 520711b47c300b819cfb696a845007c420de4df30ae3953004b6cfb2bd2c6a46,SSHFP: 5b72c59cceaea2c210f14156e20e6aff829b3e3b,SSHFP: c052721a978470b36fe5b9222f234400f369172b,SSHFP: 0b24d970aa05b708804d35eea3a8c1a6c355e545,SSHFP: 2870056915073c1e189fc7bf04bbce4512be09a0104f64ae3cfa072b8e06dd2b,SSHFP: 562cb91a82129b62ee4fd92ca202a72b844b7e84ac29dec75654453550201e82,SSHFP: c692deb7667ceee670d3e6863b5de7b140fe0ba0183a52f6ccbb4247f7b0ab29,RRSIG 44 lbl.gov 43200.000000,43200.000000,43200.000000,43200.000000,43200.000000,43200.000000,43200.000000,43200.000000,43200.000000 F 0 query
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 128.3.121.180 54109 192.188.22.52 53 udp 22044 - n0019.savio1.lbl.gov 1 C_INTERNET 1 A 3 NXDOMAIN F F F F 0 - - F XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 128.3.121.180 54109 192.188.22.52 53 udp 22044 - n0019.savio1.lbl.gov 1 C_INTERNET 1 A 3 NXDOMAIN F F F F 0 - - F 0 query
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.dns.tkey/dns.log
View file

@ -5,7 +5,7 @@
#unset_field - #unset_field -
#path dns #path dns
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected opcode opcode_name
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool #types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool count string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.106 50138 192.168.1.108 53 tcp 52640 - 1068-ms-7.309-2c6e448.7a9463b8-b109-11ed-26a3-080027f220e5 1 C_INTERNET 249 TKEY 0 NOERROR F F F F 0 - - F XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.106 50138 192.168.1.108 53 tcp 52640 - 1068-ms-7.309-2c6e448.7a9463b8-b109-11ed-26a3-080027f220e5 1 C_INTERNET 249 TKEY 0 NOERROR F F F F 0 - - F 0 query
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.dns.wks/dns.log
View file

@ -5,7 +5,7 @@
#unset_field - #unset_field -
#path dns #path dns
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected auth addl #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected opcode opcode_name auth addl
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool set[string] set[string] #types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool count string set[string] set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.87.3.18 60059 10.87.1.10 53 udp 63119 0.001993 zeek.example.net 1 C_INTERNET 11 WKS 0 NOERROR T F T T 2 - - F - - XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.87.3.18 60059 10.87.1.10 53 udp 63119 0.001993 zeek.example.net 1 C_INTERNET 11 WKS 0 NOERROR T F T T 2 - - F 0 query - -
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.dns.zero-responses/dns.log
View file

@ -5,7 +5,7 @@
#unset_field - #unset_field -
#path dns #path dns
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected opcode opcode_name
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool #types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool count string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.64 49204 146.186.163.66 53 udp 17323 - psu.edu 1 C_INTERNET 28 AAAA 0 NOERROR F F T F 0 - - F XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.64 49204 146.186.163.66 53 udp 17323 - psu.edu 1 C_INTERNET 28 AAAA 0 NOERROR F F T F 0 - - F 0 query
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.policy.protocols.dns.original_case/dns.log
View file

@ -5,7 +5,7 @@
#unset_field - #unset_field -
#path dns #path dns
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected original_query #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected opcode opcode_name original_query
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool string #types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool count string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.3.138 63374 192.168.3.1 53 udp 20877 - us.v27.distributed.net 1 C_INTERNET 1 A - - F F T F 2 - - F Us.V27.DiStRiBuTeD.NET XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.3.138 63374 192.168.3.1 53 udp 20877 - us.v27.distributed.net 1 C_INTERNET 1 A - - F F T F 2 - - F 0 query Us.V27.DiStRiBuTeD.NET
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX