Make tests Zeek v6 ready.

corelight · Sep 26, 2023 · 93929ba · 93929ba
1 parent fc53f4b
commit 93929ba
Show file tree

Hide file tree

Showing 16 changed files with 35 additions and 69 deletions.
diff --git a/CHANGES b/CHANGES
@@ -1,4 +1,5 @@
+v0.1.7      Make tests Zeek v6 ready.
 v0.1.6		Make Zeek v6 ready.	
 v0.1.5		Make Zeek v5 ready.	
-v0.1.4      	Changed protocol_confirmation to analyzer_confirmation for Zeek v5.
+v0.1.4      Changed protocol_confirmation to analyzer_confirmation for Zeek v5.
 v0.1.3     	Provided a new event with access to the SSL data.
diff --git a/tests/analyzer/openvpn.zeek b/tests/analyzer/openvpn.zeek
@@ -1,6 +1,7 @@
 # @TEST-EXEC: zeek -C -r ${TRACES}/openvpn.pcap %INPUT >openvpn.out
+# @TEST-EXEC: cat conn.log | zeek-cut -m -n local_orig local_resp >conn.log.filtered
 # @TEST-EXEC: btest-diff openvpn.out
-# @TEST-EXEC: btest-diff conn.log
+# @TEST-EXEC: btest-diff conn.log.filtered
 # @TEST-EXEC: btest-diff ssl.log
 
 @load analyzer

diff --git a/tests/analyzer/openvpnhmac.zeek b/tests/analyzer/openvpnhmac.zeek
@@ -1,6 +1,7 @@
 # @TEST-EXEC: zeek -C -r ${TRACES}/openvpn_udp_tls-auth.pcap %INPUT >openvpn.out
+# @TEST-EXEC: cat conn.log | zeek-cut -m -n local_orig local_resp >conn.log.filtered
 # @TEST-EXEC: btest-diff openvpn.out
-# @TEST-EXEC: btest-diff conn.log
+# @TEST-EXEC: btest-diff conn.log.filtered
 # @TEST-EXEC: btest-diff ssl.log
 
 @load analyzer

diff --git a/tests/analyzer/openvpnhmac256.zeek b/tests/analyzer/openvpnhmac256.zeek
@@ -1,6 +1,7 @@
 # @TEST-EXEC: zeek -C -r ${TRACES}/openvpn_udp_hmac_256.pcap %INPUT >openvpn.out
+# @TEST-EXEC: cat conn.log | zeek-cut -m -n local_orig local_resp >conn.log.filtered
 # @TEST-EXEC: btest-diff openvpn.out
-# @TEST-EXEC: btest-diff conn.log
+# @TEST-EXEC: btest-diff conn.log.filtered
 # @TEST-EXEC: btest-diff ssl.log
 
 @load analyzer

diff --git a/tests/analyzer/openvpntcp.zeek b/tests/analyzer/openvpntcp.zeek
@@ -1,6 +1,7 @@
 # @TEST-EXEC: zeek -C -r ${TRACES}/openvpn_tcp_nontlsauth.pcap %INPUT >openvpn.out
+# @TEST-EXEC: cat conn.log | zeek-cut -m -n local_orig local_resp >conn.log.filtered
 # @TEST-EXEC: btest-diff openvpn.out
-# @TEST-EXEC: btest-diff conn.log
+# @TEST-EXEC: btest-diff conn.log.filtered
 # @TEST-EXEC: btest-diff ssl.log
 
 @load analyzer

diff --git a/tests/analyzer/openvpntcphmac.zeek b/tests/analyzer/openvpntcphmac.zeek
@@ -1,6 +1,7 @@
 # @TEST-EXEC: zeek -C -r ${TRACES}/openvpn-tcp-tls-auth.pcap %INPUT >openvpn.out
+# @TEST-EXEC: cat conn.log | zeek-cut -m -n local_orig local_resp >conn.log.filtered
 # @TEST-EXEC: btest-diff openvpn.out
-# @TEST-EXEC: btest-diff conn.log
+# @TEST-EXEC: btest-diff conn.log.filtered
 # @TEST-EXEC: btest-diff ssl.log
 
 @load analyzer

diff --git a/tests/baseline/analyzer.openvpn/conn.log b/tests/baseline/analyzer.openvpn/conn.log
diff --git a/tests/baseline/analyzer.openvpn/conn.log.filtered b/tests/baseline/analyzer.openvpn/conn.log.filtered
@@ -0,0 +1,4 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+### NOTE: This file has been sorted with diff-sort.
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.88.3	50568	46.246.122.61	1198	udp	spicy_openvpn_udp,ssl	44.271572	5825	8524	SF	0	Dd	57	7421	48	9868	-
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
diff --git a/tests/baseline/analyzer.openvpnhmac/conn.log b/tests/baseline/analyzer.openvpnhmac/conn.log
diff --git a/tests/baseline/analyzer.openvpnhmac/conn.log.filtered b/tests/baseline/analyzer.openvpnhmac/conn.log.filtered
@@ -0,0 +1,6 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+### NOTE: This file has been sorted with diff-sort.
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.56.103	33198	192.168.56.102	1194	udp	ssl,spicy_openvpn_udp_hmac_sha1	61.136881	10040	11479	SF	0	Dd	111	13148	109	14531	-
+XXXXXXXXXX.XXXXXX	ClEkJM2Vm5giqnMf4h	192.168.56.104	35701	192.168.56.102	1194	udp	ssl,spicy_openvpn_udp_hmac_sha1	59.861846	9985	11479	SF	0	Dd	110	13065	109	14531	-
+XXXXXXXXXX.XXXXXX	C4J4Th3PJpwUYZZ6gc	192.168.56.104	3	192.168.56.102	3	icmp	-	-	-	-	OTH	0	-	1	109	0	0	-
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
diff --git a/tests/baseline/analyzer.openvpnhmac256/conn.log b/tests/baseline/analyzer.openvpnhmac256/conn.log
diff --git a/tests/baseline/analyzer.openvpnhmac256/conn.log.filtered b/tests/baseline/analyzer.openvpnhmac256/conn.log.filtered
@@ -0,0 +1,4 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+### NOTE: This file has been sorted with diff-sort.
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.88.5	61984	68.235.38.75	1194	udp	ssl,spicy_openvpn_udp_hmac_sha256	12.394935	10452	5407	SF	0	Dd	73	12496	16	5855	-
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
diff --git a/tests/baseline/analyzer.openvpntcp/conn.log b/tests/baseline/analyzer.openvpntcp/conn.log
diff --git a/tests/baseline/analyzer.openvpntcp/conn.log.filtered b/tests/baseline/analyzer.openvpntcp/conn.log.filtered
@@ -0,0 +1,4 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+### NOTE: This file has been sorted with diff-sort.
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.56.103	39772	192.168.56.102	1194	tcp	spicy_openvpn_tcp,ssl	32.021256	6986	7709	S1	0	ShADad	100	12194	95	12657	-
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
diff --git a/tests/baseline/analyzer.openvpntcphmac/conn.log b/tests/baseline/analyzer.openvpntcphmac/conn.log
diff --git a/tests/baseline/analyzer.openvpntcphmac/conn.log.filtered b/tests/baseline/analyzer.openvpntcphmac/conn.log.filtered
@@ -0,0 +1,5 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+### NOTE: This file has been sorted with diff-sort.
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.56.103	51089	192.168.56.102	1194	tcp	spicy_openvpn_tcp_hmac_sha1,ssl	64.386546	10015	11642	SF	0	ShADadFf	112	15847	110	17370	-
+XXXXXXXXXX.XXXXXX	ClEkJM2Vm5giqnMf4h	192.168.56.104	55161	192.168.56.102	1194	tcp	spicy_openvpn_tcp_hmac_sha1,ssl	53.707781	9965	11587	SF	0	ShADadFf	109	15641	107	17159	-
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents