From ff00104b5915ce32339986b1191060e9075210ca Mon Sep 17 00:00:00 2001 From: Arne Welzel Date: Thu, 31 Jul 2025 20:23:37 +0200 Subject: [PATCH] btest/plugins: Add smoke test for DeliverSkippedPacket() --- .../plugins.deliver-skipped-packet/output | 50 +++++++++++++ .../.btest-ignore | 0 .../src/Plugin.cc | 70 +++++++++++++++++++ .../src/Plugin.h | 18 +++++ .../btest/plugins/deliver-skipped-packet.zeek | 28 ++++++++ 5 files changed, 166 insertions(+) create mode 100644 testing/btest/Baseline/plugins.deliver-skipped-packet/output create mode 100644 testing/btest/plugins/deliver-skipped-packet-plugin/.btest-ignore create mode 100644 testing/btest/plugins/deliver-skipped-packet-plugin/src/Plugin.cc create mode 100644 testing/btest/plugins/deliver-skipped-packet-plugin/src/Plugin.h create mode 100644 testing/btest/plugins/deliver-skipped-packet.zeek diff --git a/testing/btest/Baseline/plugins.deliver-skipped-packet/output b/testing/btest/Baseline/plugins.deliver-skipped-packet/output new file mode 100644 index 0000000000..1b1f63a751 --- /dev/null +++ b/testing/btest/Baseline/plugins.deliver-skipped-packet/output @@ -0,0 +1,50 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +<...>/ip4-tcp-bad-chksum.pcap +Analyzer added to HhAvVGS1DHFjwGM9 +DeliverSkippedPacket len=0 orig=1 +=== +<...>/ip4-tcp-good-chksum.pcap +Analyzer added to HhAvVGS1DHFjwGM9 +Deliver Packet len=0 orig=1 +=== +<...>/ip4-udp-bad-chksum.pcap +Analyzer added to HhAvVGS1DHFjwGM9 +DeliverSkippedPacket len=12 orig=1 +=== +<...>/ip4-udp-good-chksum.pcap +Analyzer added to HhAvVGS1DHFjwGM9 +Deliver Packet len=4 orig=1 +=== +<...>/ip4-icmp-bad-chksum.pcap +Analyzer added to HhAvVGS1DHFjwGM9 +DeliverSkippedPacket len=8 orig=1 +=== +<...>/ip4-icmp-good-chksum.pcap +Analyzer added to HhAvVGS1DHFjwGM9 +Deliver Packet len=0 orig=1 +=== +<...>/ip6-icmp6-bad-chksum.pcap +Analyzer added to HhAvVGS1DHFjwGM9 +DeliverSkippedPacket len=15 orig=1 +=== +<...>/ip6-icmp6-good-chksum.pcap +Analyzer added to HhAvVGS1DHFjwGM9 +Deliver Packet len=7 orig=1 +=== +<...>/get.trace +Analyzer added to HhAvVGS1DHFjwGM9 +Deliver Packet len=0 orig=1 +Deliver Packet len=0 orig=0 +Deliver Packet len=0 orig=1 +Deliver Packet len=136 orig=1 +Deliver Packet len=0 orig=0 +Deliver Packet len=1448 orig=0 +Deliver Packet len=1448 orig=0 +Deliver Packet len=1448 orig=0 +Deliver Packet len=663 orig=0 +Deliver Packet len=0 orig=1 +Deliver Packet len=0 orig=1 +Deliver Packet len=0 orig=1 +Deliver Packet len=0 orig=0 +Deliver Packet len=0 orig=1 +=== diff --git a/testing/btest/plugins/deliver-skipped-packet-plugin/.btest-ignore b/testing/btest/plugins/deliver-skipped-packet-plugin/.btest-ignore new file mode 100644 index 0000000000..e69de29bb2 diff --git a/testing/btest/plugins/deliver-skipped-packet-plugin/src/Plugin.cc b/testing/btest/plugins/deliver-skipped-packet-plugin/src/Plugin.cc new file mode 100644 index 0000000000..12e539d1f4 --- /dev/null +++ b/testing/btest/plugins/deliver-skipped-packet-plugin/src/Plugin.cc @@ -0,0 +1,70 @@ +#include "Plugin.h" + +#include +#include + +#include "zeek/Reporter.h" +#include "zeek/analyzer/Analyzer.h" +#include "zeek/analyzer/Manager.h" +#include "zeek/analyzer/protocol/tcp/TCP.h" + +namespace { +class Foo : public zeek::analyzer::Analyzer { +public: + Foo(zeek::Connection* conn) : zeek::analyzer::Analyzer("FOO", conn) {} + + void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const zeek::IP_Hdr* ip, + int caplen) override { + std::printf("Deliver Packet len=%d orig=%d\n", len, orig); + } + + void DeliverSkippedPacket(int len, const u_char* data, bool orig, uint64_t seq, const zeek::IP_Hdr* ip, + int caplen) override { + std::printf("DeliverSkippedPacket len=%d orig=%d\n", len, orig); + } + + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new Foo(conn); } +}; +} // namespace + + +namespace btest::plugin::Demo_Hooks { + +Plugin plugin; + +zeek::plugin::Configuration Plugin::Configure() { + EnableHook(zeek::plugin::HOOK_SETUP_ANALYZER_TREE); + + AddComponent(new zeek::analyzer::Component("Foo", Foo::Instantiate)); + + zeek::plugin::Configuration config; + config.name = "Demo::Hooks"; + config.description = "Custom analyzer for all connections"; + config.version = {1, 0, 0}; + return config; +} + +void Plugin::HookSetupAnalyzerTree(zeek::Connection* conn) { + auto* analyzer = zeek::analyzer_mgr->InstantiateAnalyzer("FOO", conn); + + if ( ! analyzer ) + zeek::reporter->FatalError("could not instantiate analyzer"); + + if ( conn->ConnTransport() == TRANSPORT_TCP ) { + // Need to use AddChildPacketAnalyzer() for TCP packet analyzers, + // otherwise we only see packets if there's no reassembly. + auto* adapter = static_cast(conn->GetSessionAdapter()); + adapter->AddChildPacketAnalyzer(analyzer); + } + else { + auto* adapter = conn->GetSessionAdapter(); + adapter->AddChildAnalyzer(analyzer); + } + + // Init the uid for GetUID() + conn->GetVal(); + + std::printf("Analyzer added to %s\n", conn->GetUID().Base62().c_str()); +} + +} // namespace btest::plugin::Demo_Hooks diff --git a/testing/btest/plugins/deliver-skipped-packet-plugin/src/Plugin.h b/testing/btest/plugins/deliver-skipped-packet-plugin/src/Plugin.h new file mode 100644 index 0000000000..68e37f5e51 --- /dev/null +++ b/testing/btest/plugins/deliver-skipped-packet-plugin/src/Plugin.h @@ -0,0 +1,18 @@ + +#pragma once + +#include "zeek/plugin/Plugin.h" + +namespace btest::plugin::Demo_Hooks { + +class Plugin : public zeek::plugin::Plugin { +protected: + void HookSetupAnalyzerTree(zeek::Connection* conn) override; + + // Overridden from zeek::plugin::Plugin. + zeek::plugin::Configuration Configure() override; +}; + +extern Plugin plugin; + +} // namespace btest::plugin::Demo_Hooks diff --git a/testing/btest/plugins/deliver-skipped-packet.zeek b/testing/btest/plugins/deliver-skipped-packet.zeek new file mode 100644 index 0000000000..1fd1e207f8 --- /dev/null +++ b/testing/btest/plugins/deliver-skipped-packet.zeek @@ -0,0 +1,28 @@ +# @TEST-DOC: A plugin providing an analyzer implementing DeliverPacket() and DeliverSkippedPacket() and using HookSetupAnalyzer() to attach it to every new connection. +# +# @TEST-EXEC: ${DIST}/auxil/zeek-aux/plugin-support/init-plugin -u . Demo Hooks +# @TEST-EXEC: cp -r %DIR/deliver-skipped-packet-plugin/* . +# @TEST-EXEC: ./configure --zeek-dist=${DIST} && make +# +# @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::Hooks" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/chksums/ip4-tcp-bad-chksum.pcap %INPUT >>output +# @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::Hooks" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/chksums/ip4-tcp-good-chksum.pcap %INPUT >>output +# @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::Hooks" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/chksums/ip4-udp-bad-chksum.pcap %INPUT >>output +# @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::Hooks" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >>output +# @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::Hooks" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/chksums/ip4-icmp-bad-chksum.pcap %INPUT >>output +# @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::Hooks" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >>output +# @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::Hooks" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/chksums/ip6-icmp6-bad-chksum.pcap %INPUT >>output +# @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::Hooks" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap %INPUT >>output +# +# @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::Hooks" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/http/get.trace %INPUT >>output +# +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output + +event zeek_init() + { + print packet_source()$path; + } + +event zeek_done() + { + print "==="; + }