Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/testing/btest/signatures/custom-event.zeek
Arne Welzel 85b8c8866b testing/btest/*zeek: Comment all @TEST lines
2025-04-17 16:30:23 +02:00

59 lines
1.5 KiB
Text
Raw Blame History

# @TEST-DOC: Test the [event_name] notation within the event keyword of rules.
#
# @TEST-EXEC: zeek -b -s id -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >out
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr
# @TEST-EXEC: btest-diff out
# @TEST-START-FILE id.sig
signature udp-proto {
ip-proto == 17
event my_signature_match3 "message"
}
signature udp-proto-with-offset {
ip-proto == 17
event my_signature_match4 "message"
}
signature udp-proto-with-offset-no-msg {
ip-proto == 17
event my_signature_match5
}
signature udp-stuff {
dst-ip == mynets
event my_signature_match2
}
# @TEST-END-FILE
const mynets: set[subnet] = {
192.168.1.0/24,
10.0.0.0/8,
127.0.0.0/24
};
event signature_match(state: signature_state, msg: string, data: string)
{
print fmt("signature_match %s - %s", state$conn$id, msg);
}
event my_signature_match2(state: signature_state, data: string)
{
print fmt("signature_match2 %s", state$conn$id);
}
event my_signature_match3(state: signature_state, msg: string, data: string)
{
print fmt("signature_match3 %s - %s", state$conn$id, msg);
}
event my_signature_match4(state: signature_state, msg: string, data: string, end_of_match: count)
{
print fmt("signature_match4 %s - %s end_of_match=%s", state$conn$id, msg, end_of_match);
}
event my_signature_match5(state: signature_state, data: string, end_of_match: count)
{
print fmt("signature_match5 %s - end_of_match=%s", state$conn$id, end_of_match);
}
Reference in a new issue View git blame Copy permalink