Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/testing/btest/signatures/udp-packetwise-match.zeek
Arne Welzel 85b8c8866b testing/btest/*zeek: Comment all @TEST lines
2025-04-17 16:30:23 +02:00

53 lines
812 B
Text
Raw Permalink Blame History

# @TEST-EXEC: zeek -b -r $TRACES/udp-signature-test.pcap %INPUT | sort >out
# @TEST-EXEC: btest-diff out
@load-sigs test.sig
# @TEST-START-FILE test.sig
signature xxxx {
ip-proto = udp
payload /XXXX/
event "Found XXXX"
}
signature axxxx {
ip-proto = udp
payload /^XXXX/
event "Found ^XXXX"
}
signature sxxxx {
ip-proto = udp
payload /.*XXXX/
event "Found .*XXXX"
}
signature yyyy {
ip-proto = udp
payload /YYYY/
event "Found YYYY"
}
signature ayyyy {
ip-proto = udp
payload /^YYYY/
event "Found ^YYYY"
}
signature syyyy {
ip-proto = udp
payload /.*YYYY/
event "Found .*YYYY"
}
signature nope {
ip-proto = udp
payload /.*nope/
event "Found .*nope"
}
# @TEST-END-FILE
event signature_match(state: signature_state, msg: string, data: string)
{
print "signature match", msg, data;
}
Reference in a new issue View git blame Copy permalink