mirror of
https://github.com/zeek/zeek.git
synced 2025-10-03 15:18:20 +00:00
7967a5b0aa
- Use `-b` most everywhere, it will save time. - Start some intel tests upon the input file being fully read instead of at an arbitrary time. - Improve termination condition for some sumstats/cluster tests. - Filter uninteresting output from some supervisor tests. - Test for `notice_policy.log` is no longer needed.
42 lines
796 B
Text
42 lines
796 B
Text
# @TEST-EXEC: zeek -b -C -r $TRACES/wikipedia.trace %INPUT --pseudo-realtime >output
|
|
# @TEST-EXEC: btest-diff output
|
|
|
|
global init = F;
|
|
global last_network = network_time();
|
|
global last_current = current_time();
|
|
global cnt = 0;
|
|
global an = 0secs;
|
|
global ac = 0secs;
|
|
|
|
event new_packet(c: connection, p: pkt_hdr)
|
|
{
|
|
local tn = network_time();
|
|
local tc = current_time();
|
|
local dn = tn - last_network;
|
|
local dc = tc - last_current;
|
|
|
|
last_network = tn;
|
|
last_current = tc;
|
|
++cnt;
|
|
|
|
if ( ! init )
|
|
{
|
|
init = T;
|
|
return;
|
|
}
|
|
|
|
an += dn;
|
|
ac += dc;
|
|
|
|
# print fmt("num=%d agg_delta_network=%.1f agg_delta_real=%.1f", cnt, an, ac);
|
|
}
|
|
|
|
event zeek_done()
|
|
{
|
|
local d = (an - ac);
|
|
if ( d < 0 secs)
|
|
d = -d;
|
|
|
|
print fmt("real time %s trace time", d < 1.0secs ? "matches" : "does NOT match");
|
|
}
|
|
|