From 9322c063cc59cc2a52716da85b6e55cbb5c351f5 Mon Sep 17 00:00:00 2001 From: "Gilbert Clark gc355804@ohio.edu" Date: Mon, 8 Aug 2011 22:12:40 -0700 Subject: [PATCH 1/9] Some working code. Adds UID pools classified by string. Just compiles and runs; need to go back through and make sure this code is actually doing what I want it to do. Note: Added new function unique_id_from(pool: string, prefix: string) that allows the user to explicitly specify a randomness pool to use when generating unique IDs. --- src/bro.bif | 8 ++- src/util.cc | 73 +++++++++++++++++------- src/util.h | 3 + testing/btest/bifs/unique_id-rnd.bro | 3 + testing/btest/bifs/unique_id.bro | 3 + testing/btest/btest.cfg | 1 + testing/btest/profiles/default/finish | 2 + testing/btest/profiles/default/setup | 2 + testing/btest/profiles/default/supported | 2 + testing/btest/profiles/default/transform | 2 + 10 files changed, 78 insertions(+), 21 deletions(-) create mode 100755 testing/btest/profiles/default/finish create mode 100755 testing/btest/profiles/default/setup create mode 100755 testing/btest/profiles/default/supported create mode 100755 testing/btest/profiles/default/transform diff --git a/src/bro.bif b/src/bro.bif index d3bbd7c072..0aa6850b18 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -3414,10 +3414,16 @@ function bro_has_ipv6%(%) : bool function unique_id%(prefix: string%) : string %{ char tmp[20]; - uint64 uid = calculate_unique_id(); + uint64 uid = calculate_unique_id(BRO_SCRIPT_UID_POOL); return new StringVal(uitoa_n(uid, tmp, sizeof(tmp), 62, prefix->CheckString())); %} +function unique_id_from%(pool: string, prefix: string%) : string + %{ + char tmp[20]; + uint64 uid = calculate_unique_id(string((const char *)pool->Bytes(), pool->Len())); + return new StringVal(uitoa_n(uid, tmp, sizeof(tmp), 62, prefix->CheckString())); + %} %%{ #include #include diff --git a/src/util.cc b/src/util.cc index 528a505f60..70c65713af 100644 --- a/src/util.cc +++ b/src/util.cc @@ -1206,15 +1206,30 @@ int time_compare(struct timeval* tv_a, struct timeval* tv_b) return tv_a->tv_sec - tv_b->tv_sec; } -static uint64 uid_counter; // Counter for unique IDs. -static uint64 uid_instance; // Instance ID, computed once. +struct BroUidEntry +{ + uint64 instance; + uint64 counter; + BroUidEntry(const uint64 i) + : instance(i), counter(0) { } +}; + +static std::map uid_pool; +static const std::string default_pool = string(BRO_DEFAULT_UID_POOL); uint64 calculate_unique_id() { - if ( uid_instance == 0 ) - { - // This is the first time we need a UID. + return calculate_unique_id(default_pool); + } +uint64 calculate_unique_id(const std::string& pool) + { + uint64 uid_instance = 0; + std::map::iterator pool_iter = uid_pool.find(pool); + if ( pool_iter == uid_pool.end() ) + { + // This is the first time we need a UID for this pool. + const size_t pool_sz = (pool.length() < 32) ? pool.length() : 32; //Only keep the first 32 characters of the pool name if ( ! have_random_seed() ) { // If we don't need deterministic output (as @@ -1222,14 +1237,16 @@ uint64 calculate_unique_id() // instance ID by hashing something likely to be // globally unique. struct { - char hostname[128]; + char hostname[96]; + char pool[32]; struct timeval time; pid_t pid; int rnd; } unique; memset(&unique, 0, sizeof(unique)); // Make valgrind happy. - gethostname(unique.hostname, 128); + gethostname(unique.hostname, 96); + memcpy(unique.pool, pool.c_str(), pool_sz); unique.hostname[sizeof(unique.hostname)-1] = '\0'; gettimeofday(&unique.time, 0); unique.pid = getpid(); @@ -1238,22 +1255,38 @@ uint64 calculate_unique_id() uid_instance = HashKey::HashBytes(&unique, sizeof(unique)); ++uid_instance; // Now it's larger than zero. } - else - // Generate determistic UIDs. - uid_instance = 1; + { + // Generate determistic UIDs for each individual pool + uid_instance = HashKey::HashBytes(pool.c_str(), strnlen(pool.c_str(), pool_sz)); + } + // Guarantee no collisions (keep hashing until we get a unique instance) + bool found_collision = true; + while(found_collision) + { + found_collision = false; + for(pool_iter = uid_pool.begin(); pool_iter != uid_pool.end(); ++pool_iter) + { + if(pool_iter->second.instance == uid_instance) + { + found_collision = true; + uid_instance = HashKey::HashBytes(&uid_instance, sizeof(uid_instance)); + } + } + } + // Our instance is unique. Huzzah. + uid_pool.insert(std::make_pair(pool, BroUidEntry(uid_instance))); + pool_iter = uid_pool.end(); } + + if(pool_iter == uid_pool.end()) + { + pool_iter = uid_pool.find(pool); + } + assert(pool_iter != uid_pool.end()); // After all that work, wouldn't it be a shame...? + ++(pool_iter->second.counter); - // Now calculate the unique ID. - struct { - uint64 counter; - hash_t instance; - } key; - - key.counter = ++uid_counter; - key.instance = uid_instance; - - uint64_t h = HashKey::HashBytes(&key, sizeof(key)); + uint64_t h = HashKey::HashBytes(&(pool_iter->second), sizeof(pool_iter->second)); return h; } diff --git a/src/util.h b/src/util.h index 82c86da950..e104169af2 100644 --- a/src/util.h +++ b/src/util.h @@ -226,7 +226,10 @@ extern int time_compare(struct timeval* tv_a, struct timeval* tv_b); // Returns an integer that's very likely to be unique, even across Bro // instances. +#define BRO_DEFAULT_UID_POOL "bro" +#define BRO_SCRIPT_UID_POOL "bro script" extern uint64 calculate_unique_id(); +extern uint64 calculate_unique_id(const std::string& pool); // For now, don't use hash_maps - they're not fully portable. #if 0 diff --git a/testing/btest/bifs/unique_id-rnd.bro b/testing/btest/bifs/unique_id-rnd.bro index d3b3b85849..fdb04e05bc 100644 --- a/testing/btest/bifs/unique_id-rnd.bro +++ b/testing/btest/bifs/unique_id-rnd.bro @@ -7,3 +7,6 @@ print unique_id("A-"); print unique_id("B-"); print unique_id("C-"); +print unique_id_from("alpha", "D-"); +print unique_id_from("beta", "E-"); +print unique_id_from("beta", "F-"); diff --git a/testing/btest/bifs/unique_id.bro b/testing/btest/bifs/unique_id.bro index d421803aa0..1451426556 100644 --- a/testing/btest/bifs/unique_id.bro +++ b/testing/btest/bifs/unique_id.bro @@ -5,3 +5,6 @@ print unique_id("A-"); print unique_id("B-"); print unique_id("C-"); +print unique_id_from("alpha", "D-"); +print unique_id_from("beta", "E-"); +print unique_id_from("beta", "F-"); diff --git a/testing/btest/btest.cfg b/testing/btest/btest.cfg index 1aa7b28f25..d33d533b28 100644 --- a/testing/btest/btest.cfg +++ b/testing/btest/btest.cfg @@ -1,4 +1,5 @@ [btest] +ProfileDir = profiles TestDirs = doc bifs language core policy istate TmpDir = %(testbase)s/.tmp BaselineDir = %(testbase)s/Baseline diff --git a/testing/btest/profiles/default/finish b/testing/btest/profiles/default/finish new file mode 100755 index 0000000000..20d602bdd3 --- /dev/null +++ b/testing/btest/profiles/default/finish @@ -0,0 +1,2 @@ +#!/usr/bin/env bash + diff --git a/testing/btest/profiles/default/setup b/testing/btest/profiles/default/setup new file mode 100755 index 0000000000..20d602bdd3 --- /dev/null +++ b/testing/btest/profiles/default/setup @@ -0,0 +1,2 @@ +#!/usr/bin/env bash + diff --git a/testing/btest/profiles/default/supported b/testing/btest/profiles/default/supported new file mode 100755 index 0000000000..20d602bdd3 --- /dev/null +++ b/testing/btest/profiles/default/supported @@ -0,0 +1,2 @@ +#!/usr/bin/env bash + diff --git a/testing/btest/profiles/default/transform b/testing/btest/profiles/default/transform new file mode 100755 index 0000000000..20d602bdd3 --- /dev/null +++ b/testing/btest/profiles/default/transform @@ -0,0 +1,2 @@ +#!/usr/bin/env bash + From 90bad36e49112f13df3faca0c93aa49970260c91 Mon Sep 17 00:00:00 2001 From: "Gilbert Clark gc355804@ohio.edu" Date: Mon, 8 Aug 2011 22:50:36 -0700 Subject: [PATCH 2/9] Simple test to verify various pools are not affecting each other. --- testing/btest/bifs/unique_id-pools.bro | 27 ++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 testing/btest/bifs/unique_id-pools.bro diff --git a/testing/btest/bifs/unique_id-pools.bro b/testing/btest/bifs/unique_id-pools.bro new file mode 100644 index 0000000000..d8c3e9aa5f --- /dev/null +++ b/testing/btest/bifs/unique_id-pools.bro @@ -0,0 +1,27 @@ +# +# @TEST-EXEC: bro order_rand | sort >out.1 +# @TEST-EXEC: bro order_base | sort >out.2 +# @TEST-EXEC: cmp out.1 out.2 + +@TEST-START-FILE order_rand.bro + +print unique_id("A-"); +print unique_id_from("beta", "E-"); +print unique_id("B-"); +print unique_id_from("alpha", "D-"); +print unique_id("C-"); +print unique_id_from("beta", "F-"); + +@TEST-END-FILE + +@TEST-START-FILE order_base.bro + +print unique_id("A-"); +print unique_id("B-"); +print unique_id("C-"); +print unique_id_from("alpha", "D-"); +print unique_id_from("beta", "E-"); +print unique_id_from("beta", "F-"); + +@TEST-END-FILE + From df142b9c4b204f0d4b3ed57fc5a341b775f97141 Mon Sep 17 00:00:00 2001 From: "Gilbert Clark gc355804@ohio.edu" Date: Mon, 8 Aug 2011 23:16:16 -0700 Subject: [PATCH 3/9] Testing long (>32 character) pool names. --- .../btest/bifs/unique_id-long-pool-names.bro | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 testing/btest/bifs/unique_id-long-pool-names.bro diff --git a/testing/btest/bifs/unique_id-long-pool-names.bro b/testing/btest/bifs/unique_id-long-pool-names.bro new file mode 100644 index 0000000000..de770ed412 --- /dev/null +++ b/testing/btest/bifs/unique_id-long-pool-names.bro @@ -0,0 +1,35 @@ +# Tests to ensure that collisions are resolved correctly. Note that pools only use the +# first 32 characters of their name to generate randomness. Thus, hashes of pools with +# more than 32 characters will be the same, inducing a collision. When this happens, +# the hash is repeated until an unused instance ID is determined. +# +# The order here is expected to be deterministic *if and only if* the first entries for +# each individual pool are created in a common order (e.g. ...7890 is created before +# ...7891 is created before ...7892). +# +# @TEST-EXEC: bro order_rand | sort >out.1 +# @TEST-EXEC: bro order_base | sort >out.2 +# @TEST-EXEC: cmp out.1 out.2 + +@TEST-START-FILE order_rand.bro + +print unique_id_from("1234567890123456789012345678901234567890", "A-"); +print unique_id_from("1234567890123456789012345678901234567891", "B-"); +print unique_id_from("1234567890123456789012345678901234567890", "C-"); +print unique_id_from("1234567890123456789012345678901234567891", "D-"); +print unique_id_from("1234567890123456789012345678901234567890", "E-"); +print unique_id_from("1234567890123456789012345678901234567892", "F-"); + +@TEST-END-FILE + +@TEST-START-FILE order_base.bro + +print unique_id_from("1234567890123456789012345678901234567890", "A-"); +print unique_id_from("1234567890123456789012345678901234567890", "C-"); +print unique_id_from("1234567890123456789012345678901234567890", "E-"); +print unique_id_from("1234567890123456789012345678901234567891", "B-"); +print unique_id_from("1234567890123456789012345678901234567891", "D-"); +print unique_id_from("1234567890123456789012345678901234567892", "F-"); + +@TEST-END-FILE + From e21feb8487e3ae14c6d2d0de01b9c5f41b317145 Mon Sep 17 00:00:00 2001 From: "Gilbert Clark gc355804@ohio.edu" Date: Tue, 9 Aug 2011 09:44:31 -0700 Subject: [PATCH 4/9] A few minor tweaks to make code less braindead. Fixed-length piece of pool name now only used to hash when determinism is not required; otherwise, whole pool name is used. Note that collisions between pool name hashes will lead to sensitivity to initialization order within the UID generator. --- src/util.cc | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/src/util.cc b/src/util.cc index 70c65713af..85e9321bfc 100644 --- a/src/util.cc +++ b/src/util.cc @@ -1229,13 +1229,13 @@ uint64 calculate_unique_id(const std::string& pool) if ( pool_iter == uid_pool.end() ) { // This is the first time we need a UID for this pool. - const size_t pool_sz = (pool.length() < 32) ? pool.length() : 32; //Only keep the first 32 characters of the pool name if ( ! have_random_seed() ) { // If we don't need deterministic output (as // indicated by a set seed), we calculate the // instance ID by hashing something likely to be // globally unique. + const size_t pool_sz = (pool.length() < 32) ? pool.length() : 32; //Only keep the first 32 characters of the pool name struct { char hostname[96]; char pool[32]; @@ -1258,7 +1258,7 @@ uint64 calculate_unique_id(const std::string& pool) else { // Generate determistic UIDs for each individual pool - uid_instance = HashKey::HashBytes(pool.c_str(), strnlen(pool.c_str(), pool_sz)); + uid_instance = HashKey::HashBytes(pool.c_str(), pool.length()); } // Guarantee no collisions (keep hashing until we get a unique instance) bool found_collision = true; @@ -1276,16 +1276,10 @@ uint64 calculate_unique_id(const std::string& pool) } // Our instance is unique. Huzzah. uid_pool.insert(std::make_pair(pool, BroUidEntry(uid_instance))); - pool_iter = uid_pool.end(); - } - - if(pool_iter == uid_pool.end()) - { pool_iter = uid_pool.find(pool); } assert(pool_iter != uid_pool.end()); // After all that work, wouldn't it be a shame...? ++(pool_iter->second.counter); - uint64_t h = HashKey::HashBytes(&(pool_iter->second), sizeof(pool_iter->second)); return h; } From 8feae0b7a70ac03f8455f687d4325e424f2578ee Mon Sep 17 00:00:00 2001 From: "Gilbert Clark gc355804@ohio.edu" Date: Tue, 9 Aug 2011 09:47:47 -0700 Subject: [PATCH 5/9] Test no longer relevant. Need a way to generate and test collisions. --- .../btest/bifs/unique_id-long-pool-names.bro | 35 ------------------- 1 file changed, 35 deletions(-) delete mode 100644 testing/btest/bifs/unique_id-long-pool-names.bro diff --git a/testing/btest/bifs/unique_id-long-pool-names.bro b/testing/btest/bifs/unique_id-long-pool-names.bro deleted file mode 100644 index de770ed412..0000000000 --- a/testing/btest/bifs/unique_id-long-pool-names.bro +++ /dev/null @@ -1,35 +0,0 @@ -# Tests to ensure that collisions are resolved correctly. Note that pools only use the -# first 32 characters of their name to generate randomness. Thus, hashes of pools with -# more than 32 characters will be the same, inducing a collision. When this happens, -# the hash is repeated until an unused instance ID is determined. -# -# The order here is expected to be deterministic *if and only if* the first entries for -# each individual pool are created in a common order (e.g. ...7890 is created before -# ...7891 is created before ...7892). -# -# @TEST-EXEC: bro order_rand | sort >out.1 -# @TEST-EXEC: bro order_base | sort >out.2 -# @TEST-EXEC: cmp out.1 out.2 - -@TEST-START-FILE order_rand.bro - -print unique_id_from("1234567890123456789012345678901234567890", "A-"); -print unique_id_from("1234567890123456789012345678901234567891", "B-"); -print unique_id_from("1234567890123456789012345678901234567890", "C-"); -print unique_id_from("1234567890123456789012345678901234567891", "D-"); -print unique_id_from("1234567890123456789012345678901234567890", "E-"); -print unique_id_from("1234567890123456789012345678901234567892", "F-"); - -@TEST-END-FILE - -@TEST-START-FILE order_base.bro - -print unique_id_from("1234567890123456789012345678901234567890", "A-"); -print unique_id_from("1234567890123456789012345678901234567890", "C-"); -print unique_id_from("1234567890123456789012345678901234567890", "E-"); -print unique_id_from("1234567890123456789012345678901234567891", "B-"); -print unique_id_from("1234567890123456789012345678901234567891", "D-"); -print unique_id_from("1234567890123456789012345678901234567892", "F-"); - -@TEST-END-FILE - From 066ca80ab452c40a0b07e8d0adf0231e84331cfb Mon Sep 17 00:00:00 2001 From: "Gilbert Clark gc355804@ohio.edu" Date: Sun, 14 Aug 2011 22:16:46 -0700 Subject: [PATCH 6/9] Updating tests. --- .../btest/Baseline/bifs.unique_id-rnd/count | 2 +- testing/btest/Baseline/bifs.unique_id/out | 9 ++- testing/btest/Baseline/core.conn-uid/output | 78 +++++++++---------- .../btest/Baseline/core.conn-uid/output.cc | 78 +++++++++---------- .../btest/Baseline/core.conn-uid/output.cc2 | 78 +++++++++---------- .../core.print-bpf-filters-ipv4/conn.log | 2 +- .../btest/Baseline/core.vlan-mpls/conn.log | 6 +- .../istate.events-ssl/receiver.http.log | 2 +- .../istate.events-ssl/sender.http.log | 2 +- .../Baseline/istate.events/receiver.http.log | 2 +- .../Baseline/istate.events/sender.http.log | 2 +- .../dns.log | 2 +- .../http.log | 10 +-- .../http.log | 10 +-- .../policy.protocols.irc.basic/irc.log | 8 +- .../policy.protocols.irc.dcc-extract/irc.log | 8 +- 16 files changed, 151 insertions(+), 148 deletions(-) diff --git a/testing/btest/Baseline/bifs.unique_id-rnd/count b/testing/btest/Baseline/bifs.unique_id-rnd/count index 1e8b314962..48082f72f0 100644 --- a/testing/btest/Baseline/bifs.unique_id-rnd/count +++ b/testing/btest/Baseline/bifs.unique_id-rnd/count @@ -1 +1 @@ -6 +12 diff --git a/testing/btest/Baseline/bifs.unique_id/out b/testing/btest/Baseline/bifs.unique_id/out index f1275a52d4..4462de460b 100644 --- a/testing/btest/Baseline/bifs.unique_id/out +++ b/testing/btest/Baseline/bifs.unique_id/out @@ -1,3 +1,6 @@ -A-UWkUyAuUGXf -B-56gKBmhBBB6 -C-50da4BEzauh +A-QEredbF4G74 +B-GPd09JY6cn6 +C-enbKRz0Bp0a +D-kZIfYOWUxVi +E-kWcyWkqbEUg +F-irFNiS1QPpg diff --git a/testing/btest/Baseline/core.conn-uid/output b/testing/btest/Baseline/core.conn-uid/output index ff6514e133..e07e83120e 100644 --- a/testing/btest/Baseline/core.conn-uid/output +++ b/testing/btest/Baseline/core.conn-uid/output @@ -1,39 +1,39 @@ -[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf -[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 56gKBmhBBB6 -[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], 50da4BEzauh -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], ecqdozAET6c -[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], tdkrEYpj5ja -[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], F5XgctwO3Vl -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 -[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], nSEQzFk1LZc -[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], rmXOq6wncn1 -[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], 4YYJTjETe1i -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 -[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], R8BqVlcp23e -[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], duYdXg7bTa3 -[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], yzqaQTU9DXe -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti -[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], N6rbUGwigQ7 -[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], 8b9q7qPtzhd -[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], KOdlL7sC9z2 -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k -[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], FHu81uYujA9 -[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], 2M1wDTa0C7a -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk -[orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp], tpUWfNdSLE -[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], ra1C6ZLut4b -[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], UElDH5b9qA5 -[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], sO3mBXBav1h -[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], xAQqZE8Wdp4 -[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], zVecVnfOlsf +[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], fy6xiLr8WMl +[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], rs0oKVCARFb +[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], TydSZAPSnUf +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CBxih2i8leh +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CBxih2i8leh +[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], G7cPfJNUB7l +[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], SdSLy1wlf2c +[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], WTlLNH35ckf +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], MH90l08qRaa +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], qeN1HyRHpc6 +[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], w5rU7L9Lbi4 +[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], kdTi9xhoA51 +[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], BGGpa2FRSKa +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], HFpdIhKARP5 +[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], deH6MH2gGX4 +[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], lOMhOvhRTD +[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], QG8fxWUYz6a +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UIP6iZhtlr6 +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Afy8jm0Ud4 +[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], KPGOQiXPvk1 +[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], nqlkNbjwfRa +[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], fMtKHwQfRy5 +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], FRRZfatA245 +[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], BtftcY0cTm +[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], VYKU5X3Lyvg +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], PdBORleidTl +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], qeN1HyRHpc6 +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], MH90l08qRaa +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], HFpdIhKARP5 +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Afy8jm0Ud4 +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UIP6iZhtlr6 +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], FRRZfatA245 +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], PdBORleidTl +[orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp], n5MDsVnlWob +[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 7bufSycmF0g +[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], 4XYJohCKlth +[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], kN69dOI3f3l +[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], MBl4p2dighc +[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], M7BBMucyPff diff --git a/testing/btest/Baseline/core.conn-uid/output.cc b/testing/btest/Baseline/core.conn-uid/output.cc index ff6514e133..e07e83120e 100644 --- a/testing/btest/Baseline/core.conn-uid/output.cc +++ b/testing/btest/Baseline/core.conn-uid/output.cc @@ -1,39 +1,39 @@ -[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf -[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 56gKBmhBBB6 -[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], 50da4BEzauh -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], ecqdozAET6c -[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], tdkrEYpj5ja -[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], F5XgctwO3Vl -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 -[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], nSEQzFk1LZc -[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], rmXOq6wncn1 -[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], 4YYJTjETe1i -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 -[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], R8BqVlcp23e -[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], duYdXg7bTa3 -[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], yzqaQTU9DXe -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti -[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], N6rbUGwigQ7 -[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], 8b9q7qPtzhd -[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], KOdlL7sC9z2 -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k -[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], FHu81uYujA9 -[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], 2M1wDTa0C7a -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk -[orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp], tpUWfNdSLE -[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], ra1C6ZLut4b -[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], UElDH5b9qA5 -[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], sO3mBXBav1h -[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], xAQqZE8Wdp4 -[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], zVecVnfOlsf +[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], fy6xiLr8WMl +[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], rs0oKVCARFb +[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], TydSZAPSnUf +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CBxih2i8leh +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CBxih2i8leh +[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], G7cPfJNUB7l +[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], SdSLy1wlf2c +[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], WTlLNH35ckf +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], MH90l08qRaa +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], qeN1HyRHpc6 +[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], w5rU7L9Lbi4 +[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], kdTi9xhoA51 +[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], BGGpa2FRSKa +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], HFpdIhKARP5 +[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], deH6MH2gGX4 +[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], lOMhOvhRTD +[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], QG8fxWUYz6a +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UIP6iZhtlr6 +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Afy8jm0Ud4 +[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], KPGOQiXPvk1 +[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], nqlkNbjwfRa +[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], fMtKHwQfRy5 +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], FRRZfatA245 +[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], BtftcY0cTm +[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], VYKU5X3Lyvg +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], PdBORleidTl +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], qeN1HyRHpc6 +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], MH90l08qRaa +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], HFpdIhKARP5 +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Afy8jm0Ud4 +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UIP6iZhtlr6 +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], FRRZfatA245 +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], PdBORleidTl +[orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp], n5MDsVnlWob +[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 7bufSycmF0g +[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], 4XYJohCKlth +[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], kN69dOI3f3l +[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], MBl4p2dighc +[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], M7BBMucyPff diff --git a/testing/btest/Baseline/core.conn-uid/output.cc2 b/testing/btest/Baseline/core.conn-uid/output.cc2 index ff6514e133..e07e83120e 100644 --- a/testing/btest/Baseline/core.conn-uid/output.cc2 +++ b/testing/btest/Baseline/core.conn-uid/output.cc2 @@ -1,39 +1,39 @@ -[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf -[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 56gKBmhBBB6 -[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], 50da4BEzauh -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], ecqdozAET6c -[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], tdkrEYpj5ja -[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], F5XgctwO3Vl -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 -[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], nSEQzFk1LZc -[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], rmXOq6wncn1 -[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], 4YYJTjETe1i -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 -[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], R8BqVlcp23e -[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], duYdXg7bTa3 -[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], yzqaQTU9DXe -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti -[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], N6rbUGwigQ7 -[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], 8b9q7qPtzhd -[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], KOdlL7sC9z2 -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k -[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], FHu81uYujA9 -[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], 2M1wDTa0C7a -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk -[orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp], tpUWfNdSLE -[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], ra1C6ZLut4b -[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], UElDH5b9qA5 -[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], sO3mBXBav1h -[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], xAQqZE8Wdp4 -[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], zVecVnfOlsf +[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], fy6xiLr8WMl +[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], rs0oKVCARFb +[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], TydSZAPSnUf +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CBxih2i8leh +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CBxih2i8leh +[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], G7cPfJNUB7l +[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], SdSLy1wlf2c +[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], WTlLNH35ckf +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], MH90l08qRaa +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], qeN1HyRHpc6 +[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], w5rU7L9Lbi4 +[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], kdTi9xhoA51 +[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], BGGpa2FRSKa +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], HFpdIhKARP5 +[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], deH6MH2gGX4 +[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], lOMhOvhRTD +[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], QG8fxWUYz6a +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UIP6iZhtlr6 +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Afy8jm0Ud4 +[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], KPGOQiXPvk1 +[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], nqlkNbjwfRa +[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], fMtKHwQfRy5 +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], FRRZfatA245 +[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], BtftcY0cTm +[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], VYKU5X3Lyvg +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], PdBORleidTl +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], qeN1HyRHpc6 +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], MH90l08qRaa +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], HFpdIhKARP5 +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Afy8jm0Ud4 +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UIP6iZhtlr6 +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], FRRZfatA245 +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], PdBORleidTl +[orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp], n5MDsVnlWob +[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 7bufSycmF0g +[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], 4XYJohCKlth +[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], kN69dOI3f3l +[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], MBl4p2dighc +[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], M7BBMucyPff diff --git a/testing/btest/Baseline/core.print-bpf-filters-ipv4/conn.log b/testing/btest/Baseline/core.print-bpf-filters-ipv4/conn.log index a744346519..899c8e13e7 100644 --- a/testing/btest/Baseline/core.print-bpf-filters-ipv4/conn.log +++ b/testing/btest/Baseline/core.print-bpf-filters-ipv4/conn.log @@ -1,2 +1,2 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history -1128727435.450898 UWkUyAuUGXf 141.42.64.125 56730 125.190.109.199 80 tcp http 1.73330307006836 98 9417 SF - 0 ShADdFaf +1128727435.450898 fy6xiLr8WMl 141.42.64.125 56730 125.190.109.199 80 tcp http 1.73330307006836 98 9417 SF - 0 ShADdFaf diff --git a/testing/btest/Baseline/core.vlan-mpls/conn.log b/testing/btest/Baseline/core.vlan-mpls/conn.log index 1d46bd7ab1..8a135818c8 100644 --- a/testing/btest/Baseline/core.vlan-mpls/conn.log +++ b/testing/btest/Baseline/core.vlan-mpls/conn.log @@ -1,4 +1,4 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history -952109346.874907 UWkUyAuUGXf 10.1.2.1 11001 10.34.0.1 23 tcp - 2.10255992412567 25 0 SH - 0 - -1128727435.450898 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 tcp http 1.73330307006836 98 9417 SF - 0 ShADdFaf -1278600802.069419 50da4BEzauh 10.20.80.1 50343 10.0.0.15 80 tcp - 0.00415205955505371 9 3429 SF - 0 ShADadfF +952109346.874907 fy6xiLr8WMl 10.1.2.1 11001 10.34.0.1 23 tcp - 2.10255992412567 25 0 SH - 0 - +1128727435.450898 rs0oKVCARFb 141.42.64.125 56730 125.190.109.199 80 tcp http 1.73330307006836 98 9417 SF - 0 ShADdFaf +1278600802.069419 TydSZAPSnUf 10.20.80.1 50343 10.0.0.15 80 tcp - 0.00415205955505371 9 3429 SF - 0 ShADadfF diff --git a/testing/btest/Baseline/istate.events-ssl/receiver.http.log b/testing/btest/Baseline/istate.events-ssl/receiver.http.log index 2e56522dae..ad5c544954 100644 --- a/testing/btest/Baseline/istate.events-ssl/receiver.http.log +++ b/testing/btest/Baseline/istate.events-ssl/receiver.http.log @@ -1,2 +1,2 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file -1310750785.32134 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - +1313385054.894163 rs0oKVCARFb 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - diff --git a/testing/btest/Baseline/istate.events-ssl/sender.http.log b/testing/btest/Baseline/istate.events-ssl/sender.http.log index 2e56522dae..ad5c544954 100644 --- a/testing/btest/Baseline/istate.events-ssl/sender.http.log +++ b/testing/btest/Baseline/istate.events-ssl/sender.http.log @@ -1,2 +1,2 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file -1310750785.32134 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - +1313385054.894163 rs0oKVCARFb 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - diff --git a/testing/btest/Baseline/istate.events/receiver.http.log b/testing/btest/Baseline/istate.events/receiver.http.log index 38ba563dc7..b95de8511e 100644 --- a/testing/btest/Baseline/istate.events/receiver.http.log +++ b/testing/btest/Baseline/istate.events/receiver.http.log @@ -1,2 +1,2 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file -1310750770.8185 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - +1313385081.412259 rs0oKVCARFb 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - diff --git a/testing/btest/Baseline/istate.events/sender.http.log b/testing/btest/Baseline/istate.events/sender.http.log index 38ba563dc7..b95de8511e 100644 --- a/testing/btest/Baseline/istate.events/sender.http.log +++ b/testing/btest/Baseline/istate.events/sender.http.log @@ -1,2 +1,2 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file -1310750770.8185 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - +1313385081.412259 rs0oKVCARFb 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - diff --git a/testing/btest/Baseline/policy.protocols.dns.event-priority/dns.log b/testing/btest/Baseline/policy.protocols.dns.event-priority/dns.log index 6a5b6c6044..867880cfed 100644 --- a/testing/btest/Baseline/policy.protocols.dns.event-priority/dns.log +++ b/testing/btest/Baseline/policy.protocols.dns.event-priority/dns.log @@ -1,2 +1,2 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id query qclass qclass_name qtype qtype_name rcode rcode_name QR AA TC RD RA Z TTL answers auth addl -930613226.529070 UWkUyAuUGXf 212.180.42.100 25000 131.243.64.3 53 tcp 34798 - - - - - 0 NOERROR F F F F T 0 31337.0 4.3.2.1 - - +930613226.529070 fy6xiLr8WMl 212.180.42.100 25000 131.243.64.3 53 tcp 34798 - - - - - 0 NOERROR F F F F T 0 31337.0 4.3.2.1 - - diff --git a/testing/btest/Baseline/policy.protocols.http.http-mime-and-md5/http.log b/testing/btest/Baseline/policy.protocols.http.http-mime-and-md5/http.log index ee07722d92..50738b4760 100644 --- a/testing/btest/Baseline/policy.protocols.http.http-mime-and-md5/http.log +++ b/testing/btest/Baseline/policy.protocols.http.http-mime-and-md5/http.log @@ -1,6 +1,6 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file -1258577884.844956 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 946 200 OK - - - - - FAKE_MIME - - -1258577884.960135 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 6716 200 OK - - - - - FAKE_MIME - - -1258577885.317160 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 94 200 OK - - - - - FAKE_MIME - - -1258577885.349639 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/key-point-top.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 2349 200 OK - - - - - image/png e0029eea80812e9a8e57b8d05d52938a - -1258577885.394612 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /projects/calendar/images/header-sunbird.png http://www.mozilla.org/projects/calendar/calendar.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 27579 200 OK - - - - - image/png 30aa926344f58019d047e85ba049ca1e - +1258577884.844956 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 946 200 OK - - - - - FAKE_MIME - - +1258577884.960135 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 6716 200 OK - - - - - FAKE_MIME - - +1258577885.317160 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 94 200 OK - - - - - FAKE_MIME - - +1258577885.349639 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/key-point-top.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 2349 200 OK - - - - - image/png e0029eea80812e9a8e57b8d05d52938a - +1258577885.394612 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /projects/calendar/images/header-sunbird.png http://www.mozilla.org/projects/calendar/calendar.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 27579 200 OK - - - - - image/png 30aa926344f58019d047e85ba049ca1e - diff --git a/testing/btest/Baseline/policy.protocols.http.http-pipelining/http.log b/testing/btest/Baseline/policy.protocols.http.http-pipelining/http.log index 1c9e7eb7d6..9b22b581a2 100644 --- a/testing/btest/Baseline/policy.protocols.http.http-pipelining/http.log +++ b/testing/btest/Baseline/policy.protocols.http.http-pipelining/http.log @@ -1,6 +1,6 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied md5 extraction_file -1258577884.844956 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 946 200 OK - - - - - - - -1258577884.960135 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 6716 200 OK - - - - - - - -1258577885.317160 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 94 200 OK - - - - - - - -1258577885.349639 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/key-point-top.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 2349 200 OK - - - - - - - -1258577885.394612 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /projects/calendar/images/header-sunbird.png http://www.mozilla.org/projects/calendar/calendar.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 27579 200 OK - - - - - - - +1258577884.844956 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 946 200 OK - - - - - - - +1258577884.960135 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 6716 200 OK - - - - - - - +1258577885.317160 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 94 200 OK - - - - - - - +1258577885.349639 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/key-point-top.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 2349 200 OK - - - - - - - +1258577885.394612 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /projects/calendar/images/header-sunbird.png http://www.mozilla.org/projects/calendar/calendar.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 27579 200 OK - - - - - - - diff --git a/testing/btest/Baseline/policy.protocols.irc.basic/irc.log b/testing/btest/Baseline/policy.protocols.irc.basic/irc.log index bea67dcf5b..126cce3bca 100644 --- a/testing/btest/Baseline/policy.protocols.irc.basic/irc.log +++ b/testing/btest/Baseline/policy.protocols.irc.basic/irc.log @@ -1,5 +1,5 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p nick user channels command value addl tags dcc_file_name dcc_file_size extraction_file -1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 - - - NICK bloed - - - - - -1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed - - USER sdkfje sdkfje Montreal.QC.CA.Undernet.org dkdkrwq - - - - -1311189174.474127 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - JOIN #easymovies - - - - - -1311189316.326025 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - DCC #easymovies - - ladyvampress-default(2011-07-07)-OS.zip 42208 - +1311189164.119437 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 - - - NICK bloed - - - - - +1311189164.119437 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 bloed - - USER sdkfje sdkfje Montreal.QC.CA.Undernet.org dkdkrwq - - - - +1311189174.474127 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - JOIN #easymovies - - - - - +1311189316.326025 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - DCC #easymovies - - ladyvampress-default(2011-07-07)-OS.zip 42208 - diff --git a/testing/btest/Baseline/policy.protocols.irc.dcc-extract/irc.log b/testing/btest/Baseline/policy.protocols.irc.dcc-extract/irc.log index fcb002698e..df2aabbdd3 100644 --- a/testing/btest/Baseline/policy.protocols.irc.dcc-extract/irc.log +++ b/testing/btest/Baseline/policy.protocols.irc.dcc-extract/irc.log @@ -1,5 +1,5 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p nick user channels command value addl tags dcc_file_name dcc_file_size dcc_mime_type extraction_file -1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 - - - NICK bloed - - - - - - -1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed - - USER sdkfje sdkfje Montreal.QC.CA.Undernet.org dkdkrwq - - - - - -1311189174.474127 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - JOIN #easymovies - - - - - - -1311189316.326025 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - DCC #easymovies - IRC::EXTRACTED_FILE ladyvampress-default(2011-07-07)-OS.zip 42208 FAKE_MIME irc-dcc-item_192.168.1.77:57655-209.197.168.151:1024_1.dat +1311189164.119437 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 - - - NICK bloed - - - - - - +1311189164.119437 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 bloed - - USER sdkfje sdkfje Montreal.QC.CA.Undernet.org dkdkrwq - - - - - +1311189174.474127 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - JOIN #easymovies - - - - - - +1311189316.326025 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - DCC #easymovies - IRC::EXTRACTED_FILE ladyvampress-default(2011-07-07)-OS.zip 42208 FAKE_MIME irc-dcc-item_192.168.1.77:57655-209.197.168.151:1024_1.dat From 7bea71a2c2a541cae68429666e3d8561ae104c70 Mon Sep 17 00:00:00 2001 From: "Gilbert Clark gc355804@ohio.edu" Date: Mon, 15 Aug 2011 15:47:39 -0700 Subject: [PATCH 7/9] Updated uid pools to use integer values instead of strings. --- src/bro.bif | 4 +- src/util.cc | 57 ++++++++------ src/util.h | 6 +- testing/btest/Baseline/bifs.unique_id/out | 12 +-- testing/btest/Baseline/core.conn-uid/output | 78 +++++++++---------- .../btest/Baseline/core.conn-uid/output.cc | 78 +++++++++---------- .../btest/Baseline/core.conn-uid/output.cc2 | 78 +++++++++---------- .../core.print-bpf-filters-ipv4/conn.log | 2 +- .../btest/Baseline/core.vlan-mpls/conn.log | 6 +- .../istate.events-ssl/receiver.http.log | 2 +- .../istate.events-ssl/sender.http.log | 2 +- .../Baseline/istate.events/receiver.http.log | 2 +- .../Baseline/istate.events/sender.http.log | 2 +- .../dns.log | 2 +- .../http.log | 10 +-- .../http.log | 10 +-- .../policy.protocols.irc.basic/irc.log | 8 +- .../policy.protocols.irc.dcc-extract/irc.log | 8 +- .../policy.protocols.smtp.basic/smtp.log | 2 +- .../smtp_entities.log | 6 +- .../smtp_entities.log | 6 +- testing/btest/bifs/unique_id-pools.bro | 12 +-- testing/btest/bifs/unique_id-rnd.bro | 6 +- testing/btest/bifs/unique_id.bro | 6 +- 24 files changed, 209 insertions(+), 196 deletions(-) diff --git a/src/bro.bif b/src/bro.bif index a2185534b0..6c450c044a 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -3418,10 +3418,10 @@ function unique_id%(prefix: string%) : string return new StringVal(uitoa_n(uid, tmp, sizeof(tmp), 62, prefix->CheckString())); %} -function unique_id_from%(pool: string, prefix: string%) : string +function unique_id_from%(pool: int, prefix: string%) : string %{ char tmp[20]; - uint64 uid = calculate_unique_id(string((const char *)pool->Bytes(), pool->Len())); + uint64 uid = calculate_unique_id(pool); return new StringVal(uitoa_n(uid, tmp, sizeof(tmp), 62, prefix->CheckString())); %} %%{ diff --git a/src/util.cc b/src/util.cc index fa772bc8f8..82daa49adc 100644 --- a/src/util.cc +++ b/src/util.cc @@ -1184,25 +1184,38 @@ int time_compare(struct timeval* tv_a, struct timeval* tv_b) struct BroUidEntry { - uint64 instance; - uint64 counter; + struct BroUidKey + { + uint64 instance; + uint64 counter; + BroUidKey(uint64 i, uint64 c) + : instance(i), counter(c) { } + } key; + bool needs_init; + BroUidEntry(const uint64 i) - : instance(i), counter(0) { } + : key(i, 0), needs_init(false) { } + + BroUidEntry() + : key(0, 0), needs_init(true) { } }; -static std::map uid_pool; -static const std::string default_pool = string(BRO_DEFAULT_UID_POOL); +static std::vector uid_pool; uint64 calculate_unique_id() { - return calculate_unique_id(default_pool); + return calculate_unique_id(BRO_DEFAULT_UID_POOL); } -uint64 calculate_unique_id(const std::string& pool) +uint64 calculate_unique_id(const size_t pool) { uint64 uid_instance = 0; - std::map::iterator pool_iter = uid_pool.find(pool); - if ( pool_iter == uid_pool.end() ) + if(uid_pool.size() <= pool) + { + assert(pool < 100000); // ... Yeah. No. + uid_pool.resize(pool + 1); + } + if ( uid_pool[pool].needs_init ) { // This is the first time we need a UID for this pool. if ( ! have_random_seed() ) @@ -1211,18 +1224,17 @@ uint64 calculate_unique_id(const std::string& pool) // indicated by a set seed), we calculate the // instance ID by hashing something likely to be // globally unique. - const size_t pool_sz = (pool.length() < 32) ? pool.length() : 32; //Only keep the first 32 characters of the pool name struct { - char hostname[96]; - char pool[32]; + char hostname[120]; + uint64 pool; struct timeval time; pid_t pid; int rnd; } unique; memset(&unique, 0, sizeof(unique)); // Make valgrind happy. - gethostname(unique.hostname, 96); - memcpy(unique.pool, pool.c_str(), pool_sz); + gethostname(unique.hostname, 120); + memcpy(&unique.pool, &pool, sizeof(pool)); unique.hostname[sizeof(unique.hostname)-1] = '\0'; gettimeofday(&unique.time, 0); unique.pid = getpid(); @@ -1234,16 +1246,16 @@ uint64 calculate_unique_id(const std::string& pool) else { // Generate determistic UIDs for each individual pool - uid_instance = HashKey::HashBytes(pool.c_str(), pool.length()); + uid_instance = pool; } // Guarantee no collisions (keep hashing until we get a unique instance) bool found_collision = true; while(found_collision) { found_collision = false; - for(pool_iter = uid_pool.begin(); pool_iter != uid_pool.end(); ++pool_iter) + for(size_t i = 0; i < uid_pool.size(); ++i) { - if(pool_iter->second.instance == uid_instance) + if(!uid_pool[i].needs_init && uid_pool[i].key.instance == uid_instance) { found_collision = true; uid_instance = HashKey::HashBytes(&uid_instance, sizeof(uid_instance)); @@ -1251,12 +1263,13 @@ uint64 calculate_unique_id(const std::string& pool) } } // Our instance is unique. Huzzah. - uid_pool.insert(std::make_pair(pool, BroUidEntry(uid_instance))); - pool_iter = uid_pool.find(pool); + uid_pool[pool] = BroUidEntry(uid_instance); + uid_pool[pool].needs_init = false; } - assert(pool_iter != uid_pool.end()); // After all that work, wouldn't it be a shame...? - ++(pool_iter->second.counter); - uint64_t h = HashKey::HashBytes(&(pool_iter->second), sizeof(pool_iter->second)); + ++(uid_pool[pool].key.counter); + assert(!uid_pool[pool].needs_init); + assert(uid_pool[pool].key.instance != 0); + uint64_t h = HashKey::HashBytes(&(uid_pool[pool].key), sizeof(uid_pool[pool].key)); return h; } diff --git a/src/util.h b/src/util.h index 3647e85db8..299926c057 100644 --- a/src/util.h +++ b/src/util.h @@ -226,10 +226,10 @@ extern int time_compare(struct timeval* tv_a, struct timeval* tv_b); // Returns an integer that's very likely to be unique, even across Bro // instances. -#define BRO_DEFAULT_UID_POOL "bro" -#define BRO_SCRIPT_UID_POOL "bro script" +#define BRO_DEFAULT_UID_POOL 1 +#define BRO_SCRIPT_UID_POOL 2 extern uint64 calculate_unique_id(); -extern uint64 calculate_unique_id(const std::string& pool); +extern uint64 calculate_unique_id(const size_t pool); // For now, don't use hash_maps - they're not fully portable. #if 0 diff --git a/testing/btest/Baseline/bifs.unique_id/out b/testing/btest/Baseline/bifs.unique_id/out index 4462de460b..8a796b3db6 100644 --- a/testing/btest/Baseline/bifs.unique_id/out +++ b/testing/btest/Baseline/bifs.unique_id/out @@ -1,6 +1,6 @@ -A-QEredbF4G74 -B-GPd09JY6cn6 -C-enbKRz0Bp0a -D-kZIfYOWUxVi -E-kWcyWkqbEUg -F-irFNiS1QPpg +A-56gKBmhBBB6 +B-PjbroujOxH4 +C-N4zgPFAv3J +D-WUjEZFOdSS +E-ecqdozAET6c +F-qOawpgrpAdl diff --git a/testing/btest/Baseline/core.conn-uid/output b/testing/btest/Baseline/core.conn-uid/output index e07e83120e..25001033e3 100644 --- a/testing/btest/Baseline/core.conn-uid/output +++ b/testing/btest/Baseline/core.conn-uid/output @@ -1,39 +1,39 @@ -[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], fy6xiLr8WMl -[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], rs0oKVCARFb -[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], TydSZAPSnUf -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CBxih2i8leh -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CBxih2i8leh -[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], G7cPfJNUB7l -[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], SdSLy1wlf2c -[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], WTlLNH35ckf -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], MH90l08qRaa -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], qeN1HyRHpc6 -[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], w5rU7L9Lbi4 -[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], kdTi9xhoA51 -[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], BGGpa2FRSKa -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], HFpdIhKARP5 -[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], deH6MH2gGX4 -[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], lOMhOvhRTD -[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], QG8fxWUYz6a -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UIP6iZhtlr6 -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Afy8jm0Ud4 -[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], KPGOQiXPvk1 -[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], nqlkNbjwfRa -[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], fMtKHwQfRy5 -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], FRRZfatA245 -[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], BtftcY0cTm -[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], VYKU5X3Lyvg -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], PdBORleidTl -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], qeN1HyRHpc6 -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], MH90l08qRaa -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], HFpdIhKARP5 -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Afy8jm0Ud4 -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UIP6iZhtlr6 -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], FRRZfatA245 -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], PdBORleidTl -[orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp], n5MDsVnlWob -[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 7bufSycmF0g -[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], 4XYJohCKlth -[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], kN69dOI3f3l -[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], MBl4p2dighc -[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], M7BBMucyPff +[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf +[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], arKYeMETxOg +[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], k6kgXLOoSKl +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], nQcgTWjvg4c +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], nQcgTWjvg4c +[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], j4u32Pc5bif +[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], TEfuqmmG4bh +[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], FrJExwHcSal +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 5OKnoww6xl4 +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 3PKsZ2Uye21 +[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], VW0XPVINV8a +[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], fRFu0wcOle6 +[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], qSsw6ESzHV4 +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], iE6yhOq3SF +[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], GSxOnSLghOa +[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], qCaWGmzFtM5 +[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], 70MGiRM1Qf4 +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], h5DsfNtYzi1 +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], P654jzLoe3a +[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], Tw8jXtpTGu6 +[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], c4Zw9TmAE05 +[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], EAr0uf4mhq +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], GvmoxJFXdTa +[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], 0Q4FH8sESw5 +[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], slFea8xwSmb +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], UfGkYA2HI2g +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 3PKsZ2Uye21 +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 5OKnoww6xl4 +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], iE6yhOq3SF +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], P654jzLoe3a +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], h5DsfNtYzi1 +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], GvmoxJFXdTa +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], UfGkYA2HI2g +[orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp], i2rO3KD1Syg +[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 2cx26uAvUPl +[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], BWaU4aSuwkc +[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], 10XodEwRycf +[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], zno26fFZkrh +[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], v5rgkJBig5l diff --git a/testing/btest/Baseline/core.conn-uid/output.cc b/testing/btest/Baseline/core.conn-uid/output.cc index e07e83120e..25001033e3 100644 --- a/testing/btest/Baseline/core.conn-uid/output.cc +++ b/testing/btest/Baseline/core.conn-uid/output.cc @@ -1,39 +1,39 @@ -[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], fy6xiLr8WMl -[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], rs0oKVCARFb -[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], TydSZAPSnUf -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CBxih2i8leh -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CBxih2i8leh -[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], G7cPfJNUB7l -[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], SdSLy1wlf2c -[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], WTlLNH35ckf -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], MH90l08qRaa -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], qeN1HyRHpc6 -[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], w5rU7L9Lbi4 -[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], kdTi9xhoA51 -[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], BGGpa2FRSKa -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], HFpdIhKARP5 -[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], deH6MH2gGX4 -[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], lOMhOvhRTD -[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], QG8fxWUYz6a -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UIP6iZhtlr6 -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Afy8jm0Ud4 -[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], KPGOQiXPvk1 -[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], nqlkNbjwfRa -[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], fMtKHwQfRy5 -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], FRRZfatA245 -[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], BtftcY0cTm -[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], VYKU5X3Lyvg -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], PdBORleidTl -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], qeN1HyRHpc6 -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], MH90l08qRaa -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], HFpdIhKARP5 -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Afy8jm0Ud4 -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UIP6iZhtlr6 -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], FRRZfatA245 -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], PdBORleidTl -[orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp], n5MDsVnlWob -[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 7bufSycmF0g -[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], 4XYJohCKlth -[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], kN69dOI3f3l -[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], MBl4p2dighc -[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], M7BBMucyPff +[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf +[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], arKYeMETxOg +[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], k6kgXLOoSKl +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], nQcgTWjvg4c +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], nQcgTWjvg4c +[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], j4u32Pc5bif +[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], TEfuqmmG4bh +[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], FrJExwHcSal +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 5OKnoww6xl4 +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 3PKsZ2Uye21 +[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], VW0XPVINV8a +[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], fRFu0wcOle6 +[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], qSsw6ESzHV4 +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], iE6yhOq3SF +[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], GSxOnSLghOa +[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], qCaWGmzFtM5 +[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], 70MGiRM1Qf4 +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], h5DsfNtYzi1 +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], P654jzLoe3a +[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], Tw8jXtpTGu6 +[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], c4Zw9TmAE05 +[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], EAr0uf4mhq +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], GvmoxJFXdTa +[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], 0Q4FH8sESw5 +[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], slFea8xwSmb +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], UfGkYA2HI2g +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 3PKsZ2Uye21 +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 5OKnoww6xl4 +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], iE6yhOq3SF +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], P654jzLoe3a +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], h5DsfNtYzi1 +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], GvmoxJFXdTa +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], UfGkYA2HI2g +[orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp], i2rO3KD1Syg +[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 2cx26uAvUPl +[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], BWaU4aSuwkc +[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], 10XodEwRycf +[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], zno26fFZkrh +[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], v5rgkJBig5l diff --git a/testing/btest/Baseline/core.conn-uid/output.cc2 b/testing/btest/Baseline/core.conn-uid/output.cc2 index e07e83120e..25001033e3 100644 --- a/testing/btest/Baseline/core.conn-uid/output.cc2 +++ b/testing/btest/Baseline/core.conn-uid/output.cc2 @@ -1,39 +1,39 @@ -[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], fy6xiLr8WMl -[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], rs0oKVCARFb -[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], TydSZAPSnUf -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CBxih2i8leh -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CBxih2i8leh -[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], G7cPfJNUB7l -[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], SdSLy1wlf2c -[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], WTlLNH35ckf -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], MH90l08qRaa -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], qeN1HyRHpc6 -[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], w5rU7L9Lbi4 -[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], kdTi9xhoA51 -[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], BGGpa2FRSKa -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], HFpdIhKARP5 -[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], deH6MH2gGX4 -[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], lOMhOvhRTD -[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], QG8fxWUYz6a -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UIP6iZhtlr6 -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Afy8jm0Ud4 -[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], KPGOQiXPvk1 -[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], nqlkNbjwfRa -[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], fMtKHwQfRy5 -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], FRRZfatA245 -[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], BtftcY0cTm -[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], VYKU5X3Lyvg -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], PdBORleidTl -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], qeN1HyRHpc6 -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], MH90l08qRaa -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], HFpdIhKARP5 -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Afy8jm0Ud4 -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UIP6iZhtlr6 -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], FRRZfatA245 -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], PdBORleidTl -[orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp], n5MDsVnlWob -[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 7bufSycmF0g -[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], 4XYJohCKlth -[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], kN69dOI3f3l -[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], MBl4p2dighc -[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], M7BBMucyPff +[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf +[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], arKYeMETxOg +[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], k6kgXLOoSKl +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], nQcgTWjvg4c +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], nQcgTWjvg4c +[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], j4u32Pc5bif +[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], TEfuqmmG4bh +[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], FrJExwHcSal +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 5OKnoww6xl4 +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 3PKsZ2Uye21 +[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], VW0XPVINV8a +[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], fRFu0wcOle6 +[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], qSsw6ESzHV4 +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], iE6yhOq3SF +[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], GSxOnSLghOa +[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], qCaWGmzFtM5 +[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], 70MGiRM1Qf4 +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], h5DsfNtYzi1 +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], P654jzLoe3a +[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], Tw8jXtpTGu6 +[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], c4Zw9TmAE05 +[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], EAr0uf4mhq +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], GvmoxJFXdTa +[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], 0Q4FH8sESw5 +[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], slFea8xwSmb +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], UfGkYA2HI2g +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 3PKsZ2Uye21 +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 5OKnoww6xl4 +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], iE6yhOq3SF +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], P654jzLoe3a +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], h5DsfNtYzi1 +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], GvmoxJFXdTa +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], UfGkYA2HI2g +[orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp], i2rO3KD1Syg +[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 2cx26uAvUPl +[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], BWaU4aSuwkc +[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], 10XodEwRycf +[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], zno26fFZkrh +[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], v5rgkJBig5l diff --git a/testing/btest/Baseline/core.print-bpf-filters-ipv4/conn.log b/testing/btest/Baseline/core.print-bpf-filters-ipv4/conn.log index 899c8e13e7..a744346519 100644 --- a/testing/btest/Baseline/core.print-bpf-filters-ipv4/conn.log +++ b/testing/btest/Baseline/core.print-bpf-filters-ipv4/conn.log @@ -1,2 +1,2 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history -1128727435.450898 fy6xiLr8WMl 141.42.64.125 56730 125.190.109.199 80 tcp http 1.73330307006836 98 9417 SF - 0 ShADdFaf +1128727435.450898 UWkUyAuUGXf 141.42.64.125 56730 125.190.109.199 80 tcp http 1.73330307006836 98 9417 SF - 0 ShADdFaf diff --git a/testing/btest/Baseline/core.vlan-mpls/conn.log b/testing/btest/Baseline/core.vlan-mpls/conn.log index 8a135818c8..c0b6af7f11 100644 --- a/testing/btest/Baseline/core.vlan-mpls/conn.log +++ b/testing/btest/Baseline/core.vlan-mpls/conn.log @@ -1,4 +1,4 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history -952109346.874907 fy6xiLr8WMl 10.1.2.1 11001 10.34.0.1 23 tcp - 2.10255992412567 25 0 SH - 0 - -1128727435.450898 rs0oKVCARFb 141.42.64.125 56730 125.190.109.199 80 tcp http 1.73330307006836 98 9417 SF - 0 ShADdFaf -1278600802.069419 TydSZAPSnUf 10.20.80.1 50343 10.0.0.15 80 tcp - 0.00415205955505371 9 3429 SF - 0 ShADadfF +952109346.874907 UWkUyAuUGXf 10.1.2.1 11001 10.34.0.1 23 tcp - 2.10255992412567 25 0 SH - 0 - +1128727435.450898 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 tcp http 1.73330307006836 98 9417 SF - 0 ShADdFaf +1278600802.069419 k6kgXLOoSKl 10.20.80.1 50343 10.0.0.15 80 tcp - 0.00415205955505371 9 3429 SF - 0 ShADadfF diff --git a/testing/btest/Baseline/istate.events-ssl/receiver.http.log b/testing/btest/Baseline/istate.events-ssl/receiver.http.log index ad5c544954..30b4085ae2 100644 --- a/testing/btest/Baseline/istate.events-ssl/receiver.http.log +++ b/testing/btest/Baseline/istate.events-ssl/receiver.http.log @@ -1,2 +1,2 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file -1313385054.894163 rs0oKVCARFb 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - +1313448356.390278 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - diff --git a/testing/btest/Baseline/istate.events-ssl/sender.http.log b/testing/btest/Baseline/istate.events-ssl/sender.http.log index ad5c544954..30b4085ae2 100644 --- a/testing/btest/Baseline/istate.events-ssl/sender.http.log +++ b/testing/btest/Baseline/istate.events-ssl/sender.http.log @@ -1,2 +1,2 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file -1313385054.894163 rs0oKVCARFb 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - +1313448356.390278 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - diff --git a/testing/btest/Baseline/istate.events/receiver.http.log b/testing/btest/Baseline/istate.events/receiver.http.log index b95de8511e..e57465a850 100644 --- a/testing/btest/Baseline/istate.events/receiver.http.log +++ b/testing/btest/Baseline/istate.events/receiver.http.log @@ -1,2 +1,2 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file -1313385081.412259 rs0oKVCARFb 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - +1313448372.638550 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - diff --git a/testing/btest/Baseline/istate.events/sender.http.log b/testing/btest/Baseline/istate.events/sender.http.log index b95de8511e..e57465a850 100644 --- a/testing/btest/Baseline/istate.events/sender.http.log +++ b/testing/btest/Baseline/istate.events/sender.http.log @@ -1,2 +1,2 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file -1313385081.412259 rs0oKVCARFb 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - +1313448372.638550 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - diff --git a/testing/btest/Baseline/policy.protocols.dns.event-priority/dns.log b/testing/btest/Baseline/policy.protocols.dns.event-priority/dns.log index 867880cfed..6a5b6c6044 100644 --- a/testing/btest/Baseline/policy.protocols.dns.event-priority/dns.log +++ b/testing/btest/Baseline/policy.protocols.dns.event-priority/dns.log @@ -1,2 +1,2 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id query qclass qclass_name qtype qtype_name rcode rcode_name QR AA TC RD RA Z TTL answers auth addl -930613226.529070 fy6xiLr8WMl 212.180.42.100 25000 131.243.64.3 53 tcp 34798 - - - - - 0 NOERROR F F F F T 0 31337.0 4.3.2.1 - - +930613226.529070 UWkUyAuUGXf 212.180.42.100 25000 131.243.64.3 53 tcp 34798 - - - - - 0 NOERROR F F F F T 0 31337.0 4.3.2.1 - - diff --git a/testing/btest/Baseline/policy.protocols.http.http-mime-and-md5/http.log b/testing/btest/Baseline/policy.protocols.http.http-mime-and-md5/http.log index 50738b4760..ee07722d92 100644 --- a/testing/btest/Baseline/policy.protocols.http.http-mime-and-md5/http.log +++ b/testing/btest/Baseline/policy.protocols.http.http-mime-and-md5/http.log @@ -1,6 +1,6 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file -1258577884.844956 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 946 200 OK - - - - - FAKE_MIME - - -1258577884.960135 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 6716 200 OK - - - - - FAKE_MIME - - -1258577885.317160 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 94 200 OK - - - - - FAKE_MIME - - -1258577885.349639 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/key-point-top.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 2349 200 OK - - - - - image/png e0029eea80812e9a8e57b8d05d52938a - -1258577885.394612 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /projects/calendar/images/header-sunbird.png http://www.mozilla.org/projects/calendar/calendar.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 27579 200 OK - - - - - image/png 30aa926344f58019d047e85ba049ca1e - +1258577884.844956 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 946 200 OK - - - - - FAKE_MIME - - +1258577884.960135 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 6716 200 OK - - - - - FAKE_MIME - - +1258577885.317160 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 94 200 OK - - - - - FAKE_MIME - - +1258577885.349639 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/key-point-top.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 2349 200 OK - - - - - image/png e0029eea80812e9a8e57b8d05d52938a - +1258577885.394612 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /projects/calendar/images/header-sunbird.png http://www.mozilla.org/projects/calendar/calendar.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 27579 200 OK - - - - - image/png 30aa926344f58019d047e85ba049ca1e - diff --git a/testing/btest/Baseline/policy.protocols.http.http-pipelining/http.log b/testing/btest/Baseline/policy.protocols.http.http-pipelining/http.log index 9b22b581a2..1c9e7eb7d6 100644 --- a/testing/btest/Baseline/policy.protocols.http.http-pipelining/http.log +++ b/testing/btest/Baseline/policy.protocols.http.http-pipelining/http.log @@ -1,6 +1,6 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied md5 extraction_file -1258577884.844956 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 946 200 OK - - - - - - - -1258577884.960135 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 6716 200 OK - - - - - - - -1258577885.317160 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 94 200 OK - - - - - - - -1258577885.349639 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/key-point-top.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 2349 200 OK - - - - - - - -1258577885.394612 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /projects/calendar/images/header-sunbird.png http://www.mozilla.org/projects/calendar/calendar.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 27579 200 OK - - - - - - - +1258577884.844956 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 946 200 OK - - - - - - - +1258577884.960135 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 6716 200 OK - - - - - - - +1258577885.317160 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 94 200 OK - - - - - - - +1258577885.349639 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/key-point-top.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 2349 200 OK - - - - - - - +1258577885.394612 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /projects/calendar/images/header-sunbird.png http://www.mozilla.org/projects/calendar/calendar.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 27579 200 OK - - - - - - - diff --git a/testing/btest/Baseline/policy.protocols.irc.basic/irc.log b/testing/btest/Baseline/policy.protocols.irc.basic/irc.log index 126cce3bca..bea67dcf5b 100644 --- a/testing/btest/Baseline/policy.protocols.irc.basic/irc.log +++ b/testing/btest/Baseline/policy.protocols.irc.basic/irc.log @@ -1,5 +1,5 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p nick user channels command value addl tags dcc_file_name dcc_file_size extraction_file -1311189164.119437 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 - - - NICK bloed - - - - - -1311189164.119437 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 bloed - - USER sdkfje sdkfje Montreal.QC.CA.Undernet.org dkdkrwq - - - - -1311189174.474127 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - JOIN #easymovies - - - - - -1311189316.326025 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - DCC #easymovies - - ladyvampress-default(2011-07-07)-OS.zip 42208 - +1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 - - - NICK bloed - - - - - +1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed - - USER sdkfje sdkfje Montreal.QC.CA.Undernet.org dkdkrwq - - - - +1311189174.474127 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - JOIN #easymovies - - - - - +1311189316.326025 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - DCC #easymovies - - ladyvampress-default(2011-07-07)-OS.zip 42208 - diff --git a/testing/btest/Baseline/policy.protocols.irc.dcc-extract/irc.log b/testing/btest/Baseline/policy.protocols.irc.dcc-extract/irc.log index df2aabbdd3..fcb002698e 100644 --- a/testing/btest/Baseline/policy.protocols.irc.dcc-extract/irc.log +++ b/testing/btest/Baseline/policy.protocols.irc.dcc-extract/irc.log @@ -1,5 +1,5 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p nick user channels command value addl tags dcc_file_name dcc_file_size dcc_mime_type extraction_file -1311189164.119437 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 - - - NICK bloed - - - - - - -1311189164.119437 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 bloed - - USER sdkfje sdkfje Montreal.QC.CA.Undernet.org dkdkrwq - - - - - -1311189174.474127 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - JOIN #easymovies - - - - - - -1311189316.326025 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - DCC #easymovies - IRC::EXTRACTED_FILE ladyvampress-default(2011-07-07)-OS.zip 42208 FAKE_MIME irc-dcc-item_192.168.1.77:57655-209.197.168.151:1024_1.dat +1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 - - - NICK bloed - - - - - - +1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed - - USER sdkfje sdkfje Montreal.QC.CA.Undernet.org dkdkrwq - - - - - +1311189174.474127 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - JOIN #easymovies - - - - - - +1311189316.326025 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - DCC #easymovies - IRC::EXTRACTED_FILE ladyvampress-default(2011-07-07)-OS.zip 42208 FAKE_MIME irc-dcc-item_192.168.1.77:57655-209.197.168.151:1024_1.dat diff --git a/testing/btest/Baseline/policy.protocols.smtp.basic/smtp.log b/testing/btest/Baseline/policy.protocols.smtp.basic/smtp.log index ea638d1892..db7d92f946 100644 --- a/testing/btest/Baseline/policy.protocols.smtp.basic/smtp.log +++ b/testing/btest/Baseline/policy.protocols.smtp.basic/smtp.log @@ -1,2 +1,2 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p mid helo mailfrom rcptto date from to reply_to msg_id in_reply_to subject x_originating_ip first_received second_received last_reply path user_agent -1254722768.219663 56gKBmhBBB6 10.10.1.4 1470 74.53.140.153 25 @50da4BEzauh GP Mon, 5 Oct 2009 11:36:07 +0530 "Gurpartap Singh" - <000301ca4581$ef9e57f0$cedb07d0$@in> - SMTP - - - 250 OK id=1Mugho-0003Dg-Un 74.53.140.153,10.10.1.4 Microsoft Office Outlook 12.0 +1254722768.219663 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 @56gKBmhBBB6 GP Mon, 5 Oct 2009 11:36:07 +0530 "Gurpartap Singh" - <000301ca4581$ef9e57f0$cedb07d0$@in> - SMTP - - - 250 OK id=1Mugho-0003Dg-Un 74.53.140.153,10.10.1.4 Microsoft Office Outlook 12.0 diff --git a/testing/btest/Baseline/policy.protocols.smtp.mime-extract/smtp_entities.log b/testing/btest/Baseline/policy.protocols.smtp.mime-extract/smtp_entities.log index 9496887d65..76794985ee 100644 --- a/testing/btest/Baseline/policy.protocols.smtp.mime-extract/smtp_entities.log +++ b/testing/btest/Baseline/policy.protocols.smtp.mime-extract/smtp_entities.log @@ -1,4 +1,4 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p mid filename content_len mime_type md5 extraction_file excerpt -1254722770.692743 56gKBmhBBB6 10.10.1.4 1470 74.53.140.153 25 @50da4BEzauh - 79 FAKE_MIME - smtp-entity_10.10.1.4:1470-74.53.140.153:25_1.dat - -1254722770.692743 56gKBmhBBB6 10.10.1.4 1470 74.53.140.153 25 @50da4BEzauh - 1918 FAKE_MIME - - - -1254722770.692804 56gKBmhBBB6 10.10.1.4 1470 74.53.140.153 25 @50da4BEzauh NEWS.txt 10823 FAKE_MIME - smtp-entity_10.10.1.4:1470-74.53.140.153:25_2.dat - +1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 @56gKBmhBBB6 - 79 FAKE_MIME - smtp-entity_10.10.1.4:1470-74.53.140.153:25_1.dat - +1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 @56gKBmhBBB6 - 1918 FAKE_MIME - - - +1254722770.692804 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 @56gKBmhBBB6 NEWS.txt 10823 FAKE_MIME - smtp-entity_10.10.1.4:1470-74.53.140.153:25_2.dat - diff --git a/testing/btest/Baseline/policy.protocols.smtp.mime/smtp_entities.log b/testing/btest/Baseline/policy.protocols.smtp.mime/smtp_entities.log index 2b143eacda..1cd3397097 100644 --- a/testing/btest/Baseline/policy.protocols.smtp.mime/smtp_entities.log +++ b/testing/btest/Baseline/policy.protocols.smtp.mime/smtp_entities.log @@ -1,4 +1,4 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p mid filename content_len mime_type md5 extraction_file excerpt -1254722770.692743 56gKBmhBBB6 10.10.1.4 1470 74.53.140.153 25 @50da4BEzauh - 79 FAKE_MIME 92bca2e6cdcde73647125da7dccbdd07 - - -1254722770.692743 56gKBmhBBB6 10.10.1.4 1470 74.53.140.153 25 @50da4BEzauh - 1918 FAKE_MIME - - - -1254722770.692804 56gKBmhBBB6 10.10.1.4 1470 74.53.140.153 25 @50da4BEzauh NEWS.txt 10823 FAKE_MIME a968bb0f9f9d95835b2e74c845877e87 - - +1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 @56gKBmhBBB6 - 79 FAKE_MIME 92bca2e6cdcde73647125da7dccbdd07 - - +1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 @56gKBmhBBB6 - 1918 FAKE_MIME - - - +1254722770.692804 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 @56gKBmhBBB6 NEWS.txt 10823 FAKE_MIME a968bb0f9f9d95835b2e74c845877e87 - - diff --git a/testing/btest/bifs/unique_id-pools.bro b/testing/btest/bifs/unique_id-pools.bro index d8c3e9aa5f..abdc4b22ba 100644 --- a/testing/btest/bifs/unique_id-pools.bro +++ b/testing/btest/bifs/unique_id-pools.bro @@ -6,11 +6,11 @@ @TEST-START-FILE order_rand.bro print unique_id("A-"); -print unique_id_from("beta", "E-"); +print unique_id_from(5, "E-"); print unique_id("B-"); -print unique_id_from("alpha", "D-"); +print unique_id_from(4, "D-"); print unique_id("C-"); -print unique_id_from("beta", "F-"); +print unique_id_from(5, "F-"); @TEST-END-FILE @@ -19,9 +19,9 @@ print unique_id_from("beta", "F-"); print unique_id("A-"); print unique_id("B-"); print unique_id("C-"); -print unique_id_from("alpha", "D-"); -print unique_id_from("beta", "E-"); -print unique_id_from("beta", "F-"); +print unique_id_from(4, "D-"); +print unique_id_from(5, "E-"); +print unique_id_from(5, "F-"); @TEST-END-FILE diff --git a/testing/btest/bifs/unique_id-rnd.bro b/testing/btest/bifs/unique_id-rnd.bro index fdb04e05bc..4188725373 100644 --- a/testing/btest/bifs/unique_id-rnd.bro +++ b/testing/btest/bifs/unique_id-rnd.bro @@ -7,6 +7,6 @@ print unique_id("A-"); print unique_id("B-"); print unique_id("C-"); -print unique_id_from("alpha", "D-"); -print unique_id_from("beta", "E-"); -print unique_id_from("beta", "F-"); +print unique_id_from(4, "D-"); +print unique_id_from(5, "E-"); +print unique_id_from(5, "F-"); diff --git a/testing/btest/bifs/unique_id.bro b/testing/btest/bifs/unique_id.bro index 1451426556..097f5d490d 100644 --- a/testing/btest/bifs/unique_id.bro +++ b/testing/btest/bifs/unique_id.bro @@ -5,6 +5,6 @@ print unique_id("A-"); print unique_id("B-"); print unique_id("C-"); -print unique_id_from("alpha", "D-"); -print unique_id_from("beta", "E-"); -print unique_id_from("beta", "F-"); +print unique_id_from(4, "D-"); +print unique_id_from(5, "E-"); +print unique_id_from(5, "F-"); From cff47dd98ff802a39caa6e50e1b89bdb964fa73f Mon Sep 17 00:00:00 2001 From: "Gilbert Clark gc355804@ohio.edu" Date: Mon, 5 Sep 2011 12:12:09 -0700 Subject: [PATCH 8/9] Updating tests. --- testing/btest/Baseline/core.vlan-mpls/conn.log | 4 ++-- testing/btest/Baseline/istate.events-ssl/receiver.http.log | 2 +- testing/btest/Baseline/istate.events-ssl/sender.http.log | 2 +- testing/btest/Baseline/istate.events/receiver.http.log | 2 +- testing/btest/Baseline/istate.events/sender.http.log | 7 +------ .../scripts.base.protocols.http.http-mime-and-md5/http.log | 5 ++++- .../scripts.base.protocols.irc.dcc-extract/irc.log | 5 ++++- .../Baseline/scripts.base.protocols.smtp.basic/smtp.log | 2 +- .../smtp_entities.log | 5 ++++- .../scripts.base.protocols.smtp.mime/smtp_entities.log | 5 ++++- 10 files changed, 23 insertions(+), 16 deletions(-) diff --git a/testing/btest/Baseline/core.vlan-mpls/conn.log b/testing/btest/Baseline/core.vlan-mpls/conn.log index 9c65be0b34..5cc726c7b5 100644 --- a/testing/btest/Baseline/core.vlan-mpls/conn.log +++ b/testing/btest/Baseline/core.vlan-mpls/conn.log @@ -3,5 +3,5 @@ #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes #types time string addr port addr port enum string interval count count string bool count string count count count count 952109346.874907 UWkUyAuUGXf 10.1.2.1 11001 10.34.0.1 23 tcp - 2.102560 25 0 SH - 0 - 11 280 0 0 -1128727435.450898 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 tcp http 1.733303 98 9417 SF - 0 ShADdFaf 12 710 10 9945 -1278600802.069419 50da4BEzauh 10.20.80.1 50343 10.0.0.15 80 tcp - 0.004152 9 3429 SF - 0 ShADadfF 7 361 7 3801 +1128727435.450898 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 tcp http 1.733303 98 9417 SF - 0 ShADdFaf 12 710 10 9945 +1278600802.069419 k6kgXLOoSKl 10.20.80.1 50343 10.0.0.15 80 tcp - 0.004152 9 3429 SF - 0 ShADadfF 7 361 7 3801 diff --git a/testing/btest/Baseline/istate.events-ssl/receiver.http.log b/testing/btest/Baseline/istate.events-ssl/receiver.http.log index 3e53efd7f2..59d0e4205e 100644 --- a/testing/btest/Baseline/istate.events-ssl/receiver.http.log +++ b/testing/btest/Baseline/istate.events-ssl/receiver.http.log @@ -2,4 +2,4 @@ #path http #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file #types time string addr port addr port string string string string string count count count string string table string string table string string file -1315167107.671488 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - +1315248437.500464 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - diff --git a/testing/btest/Baseline/istate.events-ssl/sender.http.log b/testing/btest/Baseline/istate.events-ssl/sender.http.log index 3e53efd7f2..59d0e4205e 100644 --- a/testing/btest/Baseline/istate.events-ssl/sender.http.log +++ b/testing/btest/Baseline/istate.events-ssl/sender.http.log @@ -2,4 +2,4 @@ #path http #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file #types time string addr port addr port string string string string string count count count string string table string string table string string file -1315167107.671488 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - +1315248437.500464 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - diff --git a/testing/btest/Baseline/istate.events/receiver.http.log b/testing/btest/Baseline/istate.events/receiver.http.log index 85d74c943c..c85a3cad22 100644 --- a/testing/btest/Baseline/istate.events/receiver.http.log +++ b/testing/btest/Baseline/istate.events/receiver.http.log @@ -2,4 +2,4 @@ #path http #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file #types time string addr port addr port string string string string string count count count string string table string string table string string file -1315167116.842377 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - +1315248460.480614 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - diff --git a/testing/btest/Baseline/istate.events/sender.http.log b/testing/btest/Baseline/istate.events/sender.http.log index 79b5b67b04..c85a3cad22 100644 --- a/testing/btest/Baseline/istate.events/sender.http.log +++ b/testing/btest/Baseline/istate.events/sender.http.log @@ -1,10 +1,5 @@ -<<<<<<< HEAD -# ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file -1313448372.638550 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - -======= #separator \x09 #path http #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file #types time string addr port addr port string string string string string count count count string string table string string table string string file -1315167116.842377 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - ->>>>>>> master +1315248460.480614 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-mime-and-md5/http.log b/testing/btest/Baseline/scripts.base.protocols.http.http-mime-and-md5/http.log index ee07722d92..6e38a9459f 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.http-mime-and-md5/http.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-mime-and-md5/http.log @@ -1,4 +1,7 @@ -# ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file +#separator \x09 +#path http +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file +#types time string addr port addr port string string string string string count count count string string table string string table string string file 1258577884.844956 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 946 200 OK - - - - - FAKE_MIME - - 1258577884.960135 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 6716 200 OK - - - - - FAKE_MIME - - 1258577885.317160 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 94 200 OK - - - - - FAKE_MIME - - diff --git a/testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc.log b/testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc.log index fcb002698e..a692d2dd4d 100644 --- a/testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc.log +++ b/testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc.log @@ -1,4 +1,7 @@ -# ts uid id.orig_h id.orig_p id.resp_h id.resp_p nick user channels command value addl tags dcc_file_name dcc_file_size dcc_mime_type extraction_file +#separator \x09 +#path irc +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p nick user channels command value addl tags dcc_file_name dcc_file_size dcc_mime_type extraction_file +#types time string addr port addr port string string table string string string table string count string file 1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 - - - NICK bloed - - - - - - 1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed - - USER sdkfje sdkfje Montreal.QC.CA.Undernet.org dkdkrwq - - - - - 1311189174.474127 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - JOIN #easymovies - - - - - - diff --git a/testing/btest/Baseline/scripts.base.protocols.smtp.basic/smtp.log b/testing/btest/Baseline/scripts.base.protocols.smtp.basic/smtp.log index 817207108c..324d8a2557 100644 --- a/testing/btest/Baseline/scripts.base.protocols.smtp.basic/smtp.log +++ b/testing/btest/Baseline/scripts.base.protocols.smtp.basic/smtp.log @@ -2,4 +2,4 @@ #path smtp #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p mid helo mailfrom rcptto date from to reply_to msg_id in_reply_to subject x_originating_ip first_received second_received last_reply path user_agent #types time string addr port addr port string string string table string string table string string string string addr string string string vector string -1254722768.219663 56gKBmhBBB6 10.10.1.4 1470 74.53.140.153 25 @50da4BEzauh GP Mon, 5 Oct 2009 11:36:07 +0530 "Gurpartap Singh" - <000301ca4581$ef9e57f0$cedb07d0$@in> - SMTP - - - 250 OK id=1Mugho-0003Dg-Un 74.53.140.153,10.10.1.4 Microsoft Office Outlook 12.0 +1254722768.219663 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 @56gKBmhBBB6 GP Mon, 5 Oct 2009 11:36:07 +0530 "Gurpartap Singh" - <000301ca4581$ef9e57f0$cedb07d0$@in> - SMTP - - - 250 OK id=1Mugho-0003Dg-Un 74.53.140.153,10.10.1.4 Microsoft Office Outlook 12.0 diff --git a/testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp_entities.log b/testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp_entities.log index 76794985ee..30566ba6f9 100644 --- a/testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp_entities.log +++ b/testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp_entities.log @@ -1,4 +1,7 @@ -# ts uid id.orig_h id.orig_p id.resp_h id.resp_p mid filename content_len mime_type md5 extraction_file excerpt +#separator \x09 +#path smtp_entities +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p mid filename content_len mime_type md5 extraction_file excerpt +#types time string addr port addr port string string count string string file string 1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 @56gKBmhBBB6 - 79 FAKE_MIME - smtp-entity_10.10.1.4:1470-74.53.140.153:25_1.dat - 1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 @56gKBmhBBB6 - 1918 FAKE_MIME - - - 1254722770.692804 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 @56gKBmhBBB6 NEWS.txt 10823 FAKE_MIME - smtp-entity_10.10.1.4:1470-74.53.140.153:25_2.dat - diff --git a/testing/btest/Baseline/scripts.base.protocols.smtp.mime/smtp_entities.log b/testing/btest/Baseline/scripts.base.protocols.smtp.mime/smtp_entities.log index 1cd3397097..562848404c 100644 --- a/testing/btest/Baseline/scripts.base.protocols.smtp.mime/smtp_entities.log +++ b/testing/btest/Baseline/scripts.base.protocols.smtp.mime/smtp_entities.log @@ -1,4 +1,7 @@ -# ts uid id.orig_h id.orig_p id.resp_h id.resp_p mid filename content_len mime_type md5 extraction_file excerpt +#separator \x09 +#path smtp_entities +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p mid filename content_len mime_type md5 extraction_file excerpt +#types time string addr port addr port string string count string string file string 1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 @56gKBmhBBB6 - 79 FAKE_MIME 92bca2e6cdcde73647125da7dccbdd07 - - 1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 @56gKBmhBBB6 - 1918 FAKE_MIME - - - 1254722770.692804 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 @56gKBmhBBB6 NEWS.txt 10823 FAKE_MIME a968bb0f9f9d95835b2e74c845877e87 - - From f868af101cd4e789094984fa0950d26822defcdc Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 7 Sep 2011 11:03:36 -0700 Subject: [PATCH 9/9] Potential fix for #588. --- CHANGES | 14 ++++++++++++++ VERSION | 2 +- src/LogMgr.cc | 5 +++-- 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 2732e9e29a..e3c500d6d8 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,18 @@ +1.6-dev-1198 | 2011-09-07 11:03:36 -0700 + + * Extended header for ASCII log that make it easier for scripts to + parse Bro log files. (Gilbert Clark) + + * Potential fix for rotation crashes. Addresses #588. (Robin Sommer) + + * Added PF_RING load balancing support to the scripting layer, + enabled by loading the misc/pf-ring-load-balancing script. (Seth + Hall) + + * Added a BiF setenv() for setting environment variables. (Seth + Hall) + 1.6-dev-1184 | 2011-09-04 09:34:50 -0700 * FindPCAP now links against thread library when necessary (e.g. diff --git a/VERSION b/VERSION index 3128920913..64f5808603 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.6-dev-1184 +1.6-dev-1198 diff --git a/src/LogMgr.cc b/src/LogMgr.cc index 950de24a8f..700237e693 100644 --- a/src/LogMgr.cc +++ b/src/LogMgr.cc @@ -444,7 +444,7 @@ LogMgr::WriterInfo* LogMgr::FindWriter(LogWriter* writer) { WriterInfo* winfo = i->second; - if ( winfo->writer == writer ) + if ( winfo && winfo->writer == writer ) return winfo; } } @@ -1506,7 +1506,8 @@ bool LogMgr::FinishedRotation(LogWriter* writer, string new_name, string old_nam writer->Path().c_str(), network_time, new_name.c_str()); WriterInfo* winfo = FindWriter(writer); - assert(winfo); + if ( ! winfo ) + return true; RecordVal* rc = LookupRotationControl(winfo->type, winfo->writer->Path());