mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
31b548babc
A user reported being confused about the fuid association of subsequent FTP commands when a data transfer has completed. It seems reasonable to unset fuid upon logging a FTP command which had a fuid. The current behavior results in the PORT or PASV commands after a RETR or STOR to have the fuid of the prior file transfer. Similarly, any CWD or DEL commands following a file transfer will unnecessarily be logged with the fuid of the prior file transfer. This tickles the baselines for the private testing PCAP a lot, primarily because there data connections in that pcap are never established properly. E.g, the fuids FzDzid1Dxm9srVKHXf and FEfYX73q5C6GEQZXX9 have been re-used for multiple commands. This may look like we're losing information, but the fuids vanishing in the normal btests belong to a LIST command that isn't logged by default into ftp.log. If it was, the fuid would be attached to it. |
||
|---|---|---|
| .. | ||
| benchmark/broker | ||
| btest | ||
| builtin-plugins | ||
| coverage | ||
| external | ||
| scripts | ||
| .gitignore | ||
| CMakeLists.txt | ||
| Makefile | ||
| README | ||
This directory contains suites for testing for Zeek's correct
operation:
btest/
An ever-growing set of small unit tests testing Zeek's
functionality.
external/
A framework for downloading additional test sets that run more
complex Zeek configuration on larger traces files. Due to their
size, these are not included directly. See the README for more
information.
scripts/
Helpers scripts used by some tests.