Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/testing/btest/language/expire_subnet.test
Jon Siwek 7967a5b0aa General btest cleanup 
- Use `-b` most everywhere, it will save time.

- Start some intel tests upon the input file being fully read instead of
  at an arbitrary time.

- Improve termination condition for some sumstats/cluster tests.

- Filter uninteresting output from some supervisor tests.

- Test for `notice_policy.log` is no longer needed.
2020-08-11 11:26:22 -07:00

102 lines
2.4 KiB
Text
Raw Blame History

# @TEST-EXEC: zeek -b -C -r $TRACES/var-services-std-ports.trace %INPUT >output
# @TEST-EXEC: btest-diff output
# @TEST-EXEC: btest-diff expire-nums-output
# @TEST-EXEC: btest-diff expire-nets-output
redef table_expire_interval = 1sec;
# The order of &expire_func calls between different tables does not have
# well-defined or expected order, so put their output in different files.
global expire_nums_out = open("expire-nums-output");
global expire_nets_out = open("expire-nets-output");
global start_time: time;
function time_past(): interval
{
return network_time() - start_time;
}
function expire_nums(tbl: table[count] of string, idx: count): interval
{
print expire_nums_out, fmt("Expired Num: %s --> %s at %s", idx, tbl[idx], time_past());
return 0sec;
}
function expire_nets(tbl: table[subnet] of string, idx: subnet): interval
{
print expire_nets_out, fmt("Expired Subnet: %s --> %s at %s", idx, tbl[idx], time_past());
return 0sec;
}
global nums: table[count] of string &read_expire=8sec &expire_func=expire_nums;
global nets: table[subnet] of string &read_expire=8sec &expire_func=expire_nets;
global step: count;
### Test ###
function execute_test()
{
local num_a = nums[2];
local num_b = nums[3];
local net_a = nets[192.168.2.0/24];
#local net_b = nets[192.168.3.0/24];
local nets_b = "";
local nets_b_tbl: table[subnet] of string;
nets_b_tbl = filter_subnet_table(192.168.3.0/24, nets);
for ( idx in nets_b_tbl )
nets_b += cat(", ", nets_b_tbl[idx]);
nets_b = nets_b[2:];
# writing resets expire as expected
#nets[192.168.2.0/24] = "accessed";
#nets[192.168.3.0/24] = "accessed";
print fmt("Accessed table nums: %s; %s", num_a, num_b);
print fmt("Accessed table nets: %s; %s", net_a, nets_b);
print fmt("Time: %s", time_past());
}
### Events ###
event zeek_init()
{
step = 0;
nums[0] = "zero";
nums[1] = "one";
nums[2] = "two";
nums[3] = "three";
nums[4] = "four";
nets[192.168.0.0/16] = "zero";
nets[192.168.1.0/24] = "one";
nets[192.168.2.0/24] = "two";
nets[192.168.3.0/24] = "three";
nets[192.168.4.0/24] = "four";
}
event new_packet(c: connection, p: pkt_hdr)
{
if ( step == 0 )
{
++step;
start_time = network_time();
print "All:";
for ( num in nums )
print fmt("%s --> %s", num, nums[num]);
for ( net in nets )
print fmt("%s --> %s", net, nets[net]);
print fmt("Time: %s", time_past());
print "";
}
if ( (time_past() > 7sec) && (step == 1) )
{
++step;
execute_test();
}
}
Reference in a new issue View git blame Copy permalink