mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
33 lines
785 B
Text
33 lines
785 B
Text
# @TEST-REQUIRES: have-spicy
|
|
#
|
|
# @TEST-EXEC: spicyz -d -o test.hlto %INPUT ./foo.evt
|
|
# @TEST-EXEC: zeek -Cr ${TRACES}/ssh/ssh-over-udp.pcap test.hlto test.zeek
|
|
# @TEST-EXEC: btest-diff ssh.log
|
|
#
|
|
# @TEST-DOC: Pass data from inside a UDP analyzer to a Zeek analyzers that works on top of TCP. Regression tests for #92 and also #91.
|
|
#
|
|
|
|
module Foo;
|
|
|
|
import spicy;
|
|
import zeek;
|
|
|
|
public type Bar = unit {
|
|
on %init { zeek::protocol_begin("SSH"); }
|
|
data: bytes &eod { zeek::protocol_data_in(zeek::is_orig(), $$); }
|
|
};
|
|
|
|
# @TEST-START-FILE foo.evt
|
|
|
|
import zeek;
|
|
|
|
protocol analyzer spicy::Foo over UDP:
|
|
parse with Foo::Bar;
|
|
|
|
# @TEST-END-FILE
|
|
|
|
# @TEST-START-FILE test.zeek
|
|
event zeek_init() {
|
|
Analyzer::register_for_port(Analyzer::ANALYZER_SPICY_FOO, 1234/udp);
|
|
}
|
|
# @TEST-END-FILE
|