Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/testing/btest/core/mmdb/explicit-open.zeek
Christian Kreibich 2e3270d7ec Add btest to verify behavior of re-opened MMDBs opened directly via BIFs 
The mmdb_open_location_db() and mmdb_open_asn_db() BiFs were untested, and Zeek
has a bug that makes any DBs opened that way fall back to looking up DBs via the
existing script-level config mechanism (via mmdb_dir), which is at least
unexpected and might well be unconfigured if somebody uses the direct BiFs.
2024-01-10 20:44:40 -08:00

50 lines
1.7 KiB
Text
Raw Blame History

# @TEST-DOC: verifies that the explicit BiFs for loading MMDBs work, including when re-opening.
#
# Like other MMDB tests, this uses a pcap to use each packet as a driver to
# touch the DBs involved upon each packet, triggering DB reloads.
#
# @TEST-REQUIRES: grep -q "#define USE_GEOIP" $BUILD/zeek-config.h
#
# @TEST-EXEC: cp -R $FILES/mmdb ./mmdb
# @TEST-EXEC: zeek -b -r $TRACES/rotation.trace %INPUT >out
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out
# @TEST-EXEC: zeek-cut -m < reporter.log > reporter.log.tmp && mv reporter.log.tmp reporter.log
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff reporter.log
@load base/frameworks/reporter
global pkt = 0;
global asn_fn = "./mmdb/GeoLite2-ASN.mmdb";
global city_fn = "./mmdb/GeoLite2-City.mmdb";
function timestamp(n: count): string
{
assert n <= 60;
return fmt("2020-01-01T00:%s:00", n);
}
event new_packet(c: connection, p: pkt_hdr)
{
++pkt;
print network_time(), pkt, 128.3.0.1, "asn", lookup_autonomous_system(128.3.0.1);
print network_time(), pkt, 128.3.0.1, "location", lookup_location(128.3.0.1);
print network_time(), pkt, 131.243.0.1, "asn", lookup_autonomous_system(131.243.0.1);
print network_time(), pkt, 131.243.0.1, "location", lookup_location(131.243.0.1);
# Increment MMDBs' modification time, triggering a re-open.
if ( ! piped_exec(fmt("touch -d %s %s", timestamp(pkt), safe_shell_quote(asn_fn)), "") )
exit(1);
if ( ! piped_exec(fmt("touch -d %s %s", timestamp(pkt), safe_shell_quote(city_fn)), "") )
exit(1);
if ( pkt == 4 )
terminate();
}
event zeek_init()
{
assert mmdb_open_asn_db(asn_fn);
assert mmdb_open_location_db(city_fn);
}
Reference in a new issue View git blame Copy permalink