mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
672602dae7
We were parsing MySQL using bigendian even though the protocol is specified as with "least significant byte first" [1]. This is most problematic when parsing length encoded strings with 2 byte length fields... Further, I think, the EOF_Packet parsing was borked, either due to testing the CLIENT_DEPRECATE_EOF with the wrong endianness, or due to the workaround in Resultset processing raising mysql_ok(). Introduce a new mysql_eof() that triggers for EOF_Packet's and remove the fake mysql_ok() Resultset invocation to fix. Adapt the mysql script and tests to account for the new event. This is a quite backwards incompatible change on the event level, but due to being quite buggy in general, doubt this matters to many. I think there is more buried, but this fixes the violation of the simple "SHOW ENGINE INNODB STATUS" and the existing tests continue to succeed... [1] https://dev.mysql.com/doc/dev/mysql-server/latest/page_protocol_basic_dt_integers.html
32 lines
757 B
Text
32 lines
757 B
Text
# Test a show engine innodb status invocation.
|
|
|
|
# @TEST-EXEC: zeek -b -r $TRACES/mysql/mysql-show-engine-innodb-status-no-password.pcap %INPUT > out
|
|
# @TEST-EXEC: btest-diff out
|
|
# @TEST-EXEC: btest-diff mysql.log
|
|
|
|
@load base/protocols/mysql
|
|
|
|
event mysql_ok(c: connection, affected_rows: count)
|
|
{
|
|
print "mysql ok", affected_rows;
|
|
}
|
|
|
|
event mysql_eof(c: connection, is_intermediate: bool)
|
|
{
|
|
print "mysql eof", is_intermediate;
|
|
}
|
|
|
|
event mysql_result_row(c: connection, row: string_vec)
|
|
{
|
|
print "mysql result row", |row|, row[0][:70];
|
|
}
|
|
|
|
event mysql_error(c: connection, code: count, msg: string)
|
|
{
|
|
print "mysql error", code, msg;
|
|
}
|
|
|
|
event mysql_command_request(c: connection, command: count, arg: string)
|
|
{
|
|
print "mysql request", command, arg;
|
|
}
|