zeek/testing/btest/signatures/bad-eval-condition.zeek

# @TEST-EXEC-FAIL: zeek -b -r $TRACES/ftp/ipv4.trace %INPUT
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath  btest-diff .stderr

@load-sigs blah.sig

@TEST-START-FILE blah.sig
signature blah
	{
	ip-proto == tcp
	src-port == 21
	payload /.*/
	eval mark_conn
	}
@TEST-END-FILE

# wrong function signature for use with signature 'eval' conditions
# needs to be reported
function mark_conn(state: signature_state): bool
	{
	add state$conn$service["blah"];
	return T;
	}