Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/testing/btest/core
History
Robin Sommer 6fbebc5e94
Fixing productive connections with missing SYN still considered partial after flipping direction. 
In https://github.com/zeek/zeek/pull/2191, we added endpoint flipping
for cases where a connection starts with a SYN/ACK followed by ACK or
data. The goal was to treat the connection as productive and go ahead
and parse it. But the TCP analyzer could continue to consider it
partial after flipping, meaning that app layers would bail out. #2426
shows such a case: HTTP gets correctly activated after flipping
through content inspection, but it won't process anything because
`IsPartial()` returns true. As the is-partial state reflects
whether we saw the first packets each in direction, this patch now
overrides that state for the originally missing SYN after flipping.

We actually had the same problem at a couple of other locations already
as well. One of that only happened to work because of the originally
inconsistent state flipping that was fixed in the previous commit. The
corresponding unit test now broke after that change. This commit
updates that logic as well to override the state.

This fix is a bit of a hack, but the best solution I could think of
without introducing larger changes.

Closes #2426.
2022-11-16 09:56:51 +01:00
..
event-groups Reintroduce event groups 2022-10-25 18:03:26 +02:00
icmp GH-1019: deprecate icmp_conn params for ICMP events 2020-07-10 11:06:28 -07:00
pcap Add btest that exercises the pcap filter warnings 2022-10-21 10:50:00 -07:00
tcp Fixing productive connections with missing SYN still considered partial after flipping direction. 2022-11-16 09:56:51 +01:00
tunnels packet_analysis: Do not raise analyzer_confirmation per-packet for tunnels 2022-09-27 12:49:56 +02:00
analyzer-confirmation-violation-info-ftp.zeek Introduce generic analyzer_confirmation_info and analyzer_violation_info 2022-09-27 17:49:51 +02:00
analyzer-confirmation-violation-info.zeek Introduce generic analyzer_confirmation_info and analyzer_violation_info 2022-09-27 17:49:51 +02:00
bits_per_uid.zeek General btest cleanup 2020-08-11 11:26:22 -07:00
check-unused-event-handlers.test undo inadvertently committed tweak to test 2022-09-16 18:44:09 -07:00
checksums.test General btest cleanup 2020-08-11 11:26:22 -07:00
checksums_ignore_nets.test ignore_checksums_nets: Add test for multiple subnets 2021-09-14 21:17:01 +02:00
checksums_ignore_nets_runtime_update.test Do not lookup ignore_checksums_nets for every packet 2021-08-06 10:32:53 +01:00
cisco-fabric-path.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
command-line-option-redefs.zeek Fix several issues with command-line option redefs 2020-06-18 20:07:47 -07:00
conn-size-threshold.zeek General btest cleanup 2020-08-11 11:26:22 -07:00
conn-stats.zeek Add test for get_conn_stats BIF before reworking session stats 2021-04-29 10:24:45 -07:00
conn-uid.zeek determinism for concurrent Zeek test suite invocations; split out deprecations 2021-03-18 16:17:25 -07:00
connection_flip_roles.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
connection_status_update.zeek GH-1321: Prevent compounding of connection_status_update event timers 2020-12-08 11:20:02 -08:00
dict-iteration-expire1.zeek ZAM maintenance for recent changes and some newly exercised corner cases 2022-05-01 14:33:58 -07:00
dict-iteration-expire4.zeek Add tests exercising dictionary iteration during modification. 2022-04-14 11:12:11 +02:00
dict-iteration-expire5.zeek Add tests exercising dictionary iteration during modification. 2022-04-14 11:12:11 +02:00
discarder.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
div-by-zero.zeek updates to test suite tests for compatibility with upcoming ZAM functionality 2021-06-01 09:25:30 -07:00
dns-init.zeek General btest cleanup 2020-08-11 11:26:22 -07:00
doctest.zeek Add btest that runs the doctest-based unit tests. 2022-07-19 11:35:09 +02:00
embedded-null.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
empty_conn_weird.zeek Merge remote-tracking branch 'htonl/weird_segfault' 2021-06-27 10:46:30 -07:00
enum-redef-exists.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
erspan.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
erspanI.zeek Add tests for ERSPAN Type I patch 2021-03-17 14:41:29 +01:00
erspanII.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
erspanIII.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
ether-addrs.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
event-arg-reuse.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
expired-conn-weird.zeek GH-998: Fix Reporter::conn_weird() to handle expired connections 2020-06-15 12:57:47 -07:00
expr-exception.zeek General btest cleanup 2020-08-11 11:26:22 -07:00
fake_dns.zeek updates to btests to support switch to expression-based initialization 2022-03-23 15:36:35 -07:00
file-analyzer-violation.zeek file_analysis: Implement AnalyzerViolation() for file_analysis/Analyzer 2022-09-27 17:49:58 +02:00
global_opaque_val.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
history-flip.zeek Remove @load base/frameworks/dpd from tests 2022-08-31 17:00:55 +02:00
init-error.zeek Force event order in core/init-error btest 2022-08-24 12:47:25 +10:00
ip-broken-header.zeek Fix handling of IP packets with bogus IP header lengths 2021-05-27 16:33:50 -07:00
ipv6-atomic-frag.test General btest cleanup 2020-08-11 11:26:22 -07:00
ipv6-flow-labels.test GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
ipv6-frag.test General btest cleanup 2020-08-11 11:26:22 -07:00
ipv6_esp.test GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
ipv6_ext_headers.test GH-545: add "addl" parameter to flow_weird and net_weird events 2019-08-20 22:45:22 -04:00
ipv6_zero_len_ah.test GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
linuxsll2.zeek Skip test based on preprocessor flag set by cmake 2022-08-24 12:47:32 +10:00
load-duplicates-links.zeek GH-928: use realpath() instead of inode to de-duplicate scripts 2020-07-07 17:29:52 -07:00
load-duplicates.zeek updates for gen-C++ maintenance, including skipping some inappropriate tests 2022-08-01 16:47:17 -07:00
load-file-extension.zeek Remove support for .bro script extension and BRO_ environment variables 2021-01-27 10:52:40 -07:00
load-pkg.zeek Remove support for .bro script extension and BRO_ environment variables 2021-01-27 10:52:40 -07:00
load-prefixes.zeek Remove support for .bro script extension and BRO_ environment variables 2021-01-27 10:52:40 -07:00
load-relative.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
load-stdin.zeek updates for gen-C++ maintenance, including skipping some inappropriate tests 2022-08-01 16:47:17 -07:00
load-unload.zeek Merge remote-tracking branch 'origin/topic/timw/deprecation-cleanup' 2021-01-29 16:40:54 -08:00
mobile-ipv6-dst-opts.test GH-1216: Enable Mobile IPv6 support by default 2021-06-28 11:11:55 -07:00
mobile-ipv6-home-addr.test GH-1216: Enable Mobile IPv6 support by default 2021-06-28 11:11:55 -07:00
mobile-ipv6-routing.test GH-1216: Enable Mobile IPv6 support by default 2021-06-28 11:11:55 -07:00
mobility-checksums.test GH-1216: Enable Mobile IPv6 support by default 2021-06-28 11:11:55 -07:00
mobility_msg.test GH-1216: Enable Mobile IPv6 support by default 2021-06-28 11:11:55 -07:00
mpls-in-vlan.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
negative-time.test GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
network-time-init.zeek GH-938: fix IO loop iterations sometimes skipping offline pcap sources 2020-04-30 16:19:30 -07:00
network-time.zeek Merge branch 'network-time-init' of https://github.com/J-Gras/zeek 2020-05-04 17:51:39 -07:00
nflog.zeek General btest cleanup 2020-08-11 11:26:22 -07:00
nop.zeek General btest cleanup 2020-08-11 11:26:22 -07:00
option-errors.zeek General btest cleanup 2020-08-11 11:26:22 -07:00
option-priorities.zeek General btest cleanup 2020-08-11 11:26:22 -07:00
option-redef.zeek General btest cleanup 2020-08-11 11:26:22 -07:00
option-runtime-errors.zeek General btest cleanup 2020-08-11 11:26:22 -07:00
option-zeek-done.zeek option.bif: Short-circuit option changes when terminating 2022-07-29 18:22:03 +02:00
parse-only-signature-file-issues.zeek Allow --parse-only to work with --usage-issues flag 2021-02-05 14:46:47 -08:00
parse-only-usage-issues.zeek updates for usage issues: support for -uu, maybe/definitely distinctions 2021-09-08 10:23:38 -07:00
pcap_file_done.zeek Add Pcap::file_done event 2020-02-06 17:50:17 -08:00
pppoe-over-qinq.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
pppoe.test GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
print-bpf-filters.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
print-interval.zeek GH-589: improve printing of sub-microsecond intervals 2019-09-23 19:57:49 -07:00
proc-status-file.zeek Make set_processing_status() signal-safe. 2020-08-24 10:26:58 +00:00
protocol-registration-error.zeek GH-1215: Remove dispatch_map from packet analysis, replace with BIF methods for registering dispatches 2020-11-02 19:03:25 +00:00
q-in-q.zeek General btest cleanup 2020-08-11 11:26:22 -07:00
radiotap.zeek Remove @load base/frameworks/dpd from tests 2022-08-31 17:00:55 +02:00
raw_packet.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
reassembly.zeek General btest cleanup 2020-08-11 11:26:22 -07:00
record-field-redef-errors.zeek Support redef'ing the &log attribute of record fields 2022-08-10 17:27:05 +02:00
record-field-redef.zeek Support redef'ing the &log attribute of record fields 2022-08-10 17:27:05 +02:00
recursive-event.zeek General btest cleanup 2020-08-11 11:26:22 -07:00
recursive-types.zeek GH-1819: Handle recursive types when describing type in binary mode 2021-11-08 15:19:57 -07:00
reporter-error-in-handler.zeek Separate stdout from stderr in btest baselines 2021-03-30 16:23:23 -07:00
reporter-fmt-strings.zeek Fix code format of various reporter btests 2020-02-14 22:03:11 -08:00
reporter-parse-error.zeek Fix code format of various reporter btests 2020-02-14 22:03:11 -08:00
reporter-runtime-error.zeek Fix code format of various reporter btests 2020-02-14 22:03:11 -08:00
reporter-shutdown-order-errors.zeek General btest cleanup 2020-08-11 11:26:22 -07:00
reporter-type-mismatch.zeek Fix code format of various reporter btests 2020-02-14 22:03:11 -08:00
reporter-weird-sampling-disable.zeek GH-545: add "addl" parameter to flow_weird and net_weird events 2019-08-20 22:45:22 -04:00
reporter-weird-sampling-global.zeek Merge remote-tracking branch 'origin/topic/robin/gh-623-sampling' 2020-09-08 17:06:40 -07:00
reporter-weird-sampling.zeek GH-545: add "addl" parameter to flow_weird and net_weird events 2019-08-20 22:45:22 -04:00
reporter.zeek Fix code format of various reporter btests 2020-02-14 22:03:11 -08:00
scalar-vector.zeek annotated scripts to skip when testing compilation-to-C++ 2022-09-16 16:47:43 -07:00
script-args.zeek updates for gen-C++ maintenance, including skipping some inappropriate tests 2022-08-01 16:47:17 -07:00
sigterm-regular.sh Add btests to verify Zeek's handling of SIGTERM and reading stdin 2022-07-09 11:17:14 -07:00
sigterm-stdin.sh Add btests to verify Zeek's handling of SIGTERM and reading stdin 2022-07-09 11:17:14 -07:00
skip_analyzer.zeek GH-1215: Remove dispatch_map from packet analysis, replace with BIF methods for registering dispatches 2020-11-02 19:03:25 +00:00
truncation.test General btest cleanup 2020-08-11 11:26:22 -07:00
udp-content-ports.zeek Add "udp_content_ports" option 2020-04-07 13:02:29 -07:00
udp-contents-delivery-ports-use-resp.zeek Add new "udp_content_delivery_ports_use_resp" option 2020-04-06 14:51:34 -07:00
unknown-protocol-event.zeek Move UnknownProtocol options to init-bare.zeek 2020-11-11 12:58:38 -08:00
vector-assignment.zeek General btest cleanup 2020-08-11 11:26:22 -07:00
vlan-mpls.zeek Remove @load base/frameworks/dpd from tests 2022-08-31 17:00:55 +02:00
vntag.zeek Merge remote-tracking branch 'origin/topic/timw/1389-vntag' 2021-02-03 11:22:13 -08:00
when-interpreter-exceptions.zeek update existing test suite usage of "when" statements to include captures 2022-01-07 14:54:06 -08:00
wlanmon.zeek Remove @load base/frameworks/dpd from tests 2022-08-31 17:00:55 +02:00
x509-generalizedtime.zeek General btest cleanup 2020-08-11 11:26:22 -07:00