mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
0003495a9b
Mostly, treat HTTP0.9 completely separate. Because we're doing raw delivery of a body directly, fake enough (connection_close=1, and finish headers manually) so that the MIME infrastructure thinks it is seeing a body. This deals better with the body due to accounting for the first line. Also it avoids the content line analyzer to strip CRLF/LF and the analyzer then adding CRLF unconditionally by fully bypassing the content line analyzer. Concretely, the vlan-mpls test case contains a HTTP response with LF only, but the previous implementation would use CRLF, accounting for two many bytes. Same for the http.no-version test which would previously report a body length of 280 and now is at 323 (which agrees with wireshark). Further, the mime_type detection for the http-09 test case works because it's now seeing the full body. Drawback: We don't extract headers when a server actually replies with a HTTP/1.1 message, but grrr, something needs to give I guess. |
||
|---|---|---|
| .. | ||
| benchmark/broker | ||
| btest | ||
| coverage | ||
| external | ||
| scripts | ||
| .gitignore | ||
| CMakeLists.txt | ||
| Makefile | ||
| README | ||
This directory contains suites for testing for Zeek's correct
operation:
btest/
An ever-growing set of small unit tests testing Zeek's
functionality.
external/
A framework for downloading additional test sets that run more
complex Zeek configuration on larger traces files. Due to their
size, these are not included directly. See the README for more
information.
scripts/
Helpers scripts used by some tests.