mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
7967a5b0aa
- Use `-b` most everywhere, it will save time. - Start some intel tests upon the input file being fully read instead of at an arbitrary time. - Improve termination condition for some sumstats/cluster tests. - Filter uninteresting output from some supervisor tests. - Test for `notice_policy.log` is no longer needed.
28 lines
664 B
Text
28 lines
664 B
Text
# @TEST-EXEC: zeek -b -r $TRACES/http/content-range-gap-skip.trace %INPUT
|
|
|
|
# In this trace, we should be able to determine that a gap lies
|
|
# entirely within the body of an entity that specifies Content-Range,
|
|
# and so further deliveries after the gap can still be made.
|
|
|
|
@load base/protocols/http
|
|
|
|
global got_gap = F;
|
|
global got_data_after_gap = F;
|
|
|
|
event http_entity_data(c: connection, is_orig: bool, length: count,
|
|
data: string)
|
|
{
|
|
if ( got_gap )
|
|
got_data_after_gap = T;
|
|
}
|
|
|
|
event content_gap(c: connection, is_orig: bool, seq: count, length: count)
|
|
{
|
|
got_gap = T;
|
|
}
|
|
|
|
event zeek_done()
|
|
{
|
|
if ( ! got_data_after_gap )
|
|
exit(1);
|
|
}
|