Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/testing/btest/signatures/udp-packetwise-match.zeek
Robin Sommer 789cb376fd GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 
This also installs symlinks from "zeek" and "bro-config" to a wrapper
script that prints a deprecation warning.

The btests pass, but this is still WIP. broctl renaming is still
missing.

#239
2019-05-01 21:43:45 +00:00

53 lines
805 B
Text
Raw Blame History

# @TEST-EXEC: zeek -r $TRACES/udp-signature-test.pcap %INPUT | sort >out
# @TEST-EXEC: btest-diff out
@load-sigs test.sig
@TEST-START-FILE test.sig
signature xxxx {
ip-proto = udp
payload /XXXX/
event "Found XXXX"
}
signature axxxx {
ip-proto = udp
payload /^XXXX/
event "Found ^XXXX"
}
signature sxxxx {
ip-proto = udp
payload /.*XXXX/
event "Found .*XXXX"
}
signature yyyy {
ip-proto = udp
payload /YYYY/
event "Found YYYY"
}
signature ayyyy {
ip-proto = udp
payload /^YYYY/
event "Found ^YYYY"
}
signature syyyy {
ip-proto = udp
payload /.*YYYY/
event "Found .*YYYY"
}
signature nope {
ip-proto = udp
payload /.*nope/
event "Found .*nope"
}
@TEST-END-FILE
event signature_match(state: signature_state, msg: string, data: string)
{
print "signature match", msg, data;
}
Reference in a new issue View git blame Copy permalink