Skip to content

Commit

Permalink
Add registration for GRE-over-UDP
Browse files Browse the repository at this point in the history
  • Loading branch information
@timwoj
timwoj committed Oct 16, 2023
1 parent 01302a8 commit 6d9d452
Show file tree
Hide file tree
Showing 14 changed files with 85 additions and 12 deletions.
6 changes: 6 additions & 0 deletions scripts/base/packet-protocols/gre/main.zeek
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,10 @@ module PacketAnalyzer::GRE;

export {
const default_analyzer: PacketAnalyzer::Tag = PacketAnalyzer::ANALYZER_IPTUNNEL &redef;
const gre_ports = { 4754/udp } &redef;
}

event zeek_init() &priority=20
{
PacketAnalyzer::register_for_ports(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GRE, gre_ports);
}
4 changes: 0 additions & 4 deletions scripts/base/packet-protocols/udp/main.zeek
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1 @@
module PacketAnalyzer::UDP;

#event zeek_init() &priority=20
# {
# }
9 changes: 5 additions & 4 deletions testing/btest/Baseline/core.print-bpf-filters/output2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
1 4011
3 443
1 445
1 4754
1 4789
1 502
1 5060
Expand Down Expand Up @@ -64,8 +65,8 @@
1 992
1 993
1 995
73 and
72 or
73 port
74 and
73 or
74 port
46 tcp
27 udp
28 udp
14 changes: 14 additions & 0 deletions testing/btest/Baseline/core.tunnels.gre-over-udp/conn.log
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path conn
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 172.17.0.5 45690 1.1.1.1 53 udp dns 0.000158 52 0 S0 T F 0 D 2 108 0 0 ClEkJM2Vm5giqnMf4h
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 172.17.0.5 47478 192.0.78.150 80 tcp http 0.090287 72 0 SH T F 0 SADF 6 332 0 0 ClEkJM2Vm5giqnMf4h
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.0.107 48282 192.168.5.1 4754 udp - 0.000158 116 0 S0 T T 0 D 2 172 0 0 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 192.168.0.107 49714 192.168.5.1 4754 udp - 0.090287 356 0 S0 T T 0 D 6 524 0 0 -
#close XXXX-XX-XX-XX-XX-XX
12 changes: 12 additions & 0 deletions testing/btest/Baseline/core.tunnels.gre-over-udp/dns.log
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path dns
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 172.17.0.5 45690 1.1.1.1 53 udp 55478 - zeek.org 1 C_INTERNET 1 A - - F F T F 0 - - F
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 172.17.0.5 45690 1.1.1.1 53 udp 42431 - zeek.org 1 C_INTERNET 28 AAAA - - F F T F 0 - - F
#close XXXX-XX-XX-XX-XX-XX
11 changes: 11 additions & 0 deletions testing/btest/Baseline/core.tunnels.gre-over-udp/http.log
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path http
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent origin request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types
#types time string addr port addr port count string string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string]
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 172.17.0.5 47478 192.0.78.150 80 1 GET zeek.org / - - curl/7.87.0 - 0 0 - - - - (empty) - - - - - - - - -
#close XXXX-XX-XX-XX-XX-XX
11 changes: 11 additions & 0 deletions testing/btest/Baseline/core.tunnels.gre-over-udp/tunnel.log
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path tunnel
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
#types time string addr port addr port enum enum
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.0.107 0 192.168.5.1 0 Tunnel::GRE Tunnel::DISCOVER
#close XXXX-XX-XX-XX-XX-XX
12 changes: 12 additions & 0 deletions testing/btest/Baseline/plugins.hooks/output
View file
Original file line number Diff line number Diff line change
Expand Up @@ -192,12 +192,14 @@
0.000000 MetaHookPost CallFunction(Option::set_change_handler, <frame>, (udp_content_ports, Config::config_option_changed{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)) -> <no result>
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_for_port, <frame>, (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_AYIYA, 5072/udp)) -> <no result>
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_for_port, <frame>, (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GENEVE, 6081/udp)) -> <no result>
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_for_port, <frame>, (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GRE, 4754/udp)) -> <no result>
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_for_port, <frame>, (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GTPV1, 2123/udp)) -> <no result>
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_for_port, <frame>, (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GTPV1, 2152/udp)) -> <no result>
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_for_port, <frame>, (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_TEREDO, 3544/udp)) -> <no result>
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_for_port, <frame>, (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_VXLAN, 4789/udp)) -> <no result>
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_for_ports, <frame>, (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_AYIYA, {5072/udp})) -> <no result>
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_for_ports, <frame>, (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GENEVE, {6081/udp})) -> <no result>
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_for_ports, <frame>, (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GRE, {4754/udp})) -> <no result>
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_for_ports, <frame>, (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GTPV1, {2152<...>/udp})) -> <no result>
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_for_ports, <frame>, (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_TEREDO, {3544/udp})) -> <no result>
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_for_ports, <frame>, (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_VXLAN, {4789/udp})) -> <no result>
Expand Down Expand Up @@ -296,6 +298,7 @@
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_UDP, 2123, PacketAnalyzer::ANALYZER_GTPV1)) -> <no result>
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_UDP, 2152, PacketAnalyzer::ANALYZER_GTPV1)) -> <no result>
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_UDP, 3544, PacketAnalyzer::ANALYZER_TEREDO)) -> <no result>
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_UDP, 4754, PacketAnalyzer::ANALYZER_GRE)) -> <no result>
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_UDP, 4789, PacketAnalyzer::ANALYZER_VXLAN)) -> <no result>
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_UDP, 5072, PacketAnalyzer::ANALYZER_AYIYA)) -> <no result>
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_UDP, 6081, PacketAnalyzer::ANALYZER_GENEVE)) -> <no result>
Expand Down Expand Up @@ -342,6 +345,7 @@
0.000000 MetaHookPost CallFunction(port_to_count, <frame>, (2123/udp)) -> <no result>
0.000000 MetaHookPost CallFunction(port_to_count, <frame>, (2152/udp)) -> <no result>
0.000000 MetaHookPost CallFunction(port_to_count, <frame>, (3544/udp)) -> <no result>
0.000000 MetaHookPost CallFunction(port_to_count, <frame>, (4754/udp)) -> <no result>
0.000000 MetaHookPost CallFunction(port_to_count, <frame>, (4789/udp)) -> <no result>
0.000000 MetaHookPost CallFunction(port_to_count, <frame>, (5072/udp)) -> <no result>
0.000000 MetaHookPost CallFunction(port_to_count, <frame>, (6081/udp)) -> <no result>
Expand Down Expand Up @@ -1122,12 +1126,14 @@
0.000000 MetaHookPre CallFunction(Option::set_change_handler, <frame>, (udp_content_ports, Config::config_option_changed{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100))
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_for_port, <frame>, (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_AYIYA, 5072/udp))
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_for_port, <frame>, (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GENEVE, 6081/udp))
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_for_port, <frame>, (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GRE, 4754/udp))
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_for_port, <frame>, (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GTPV1, 2123/udp))
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_for_port, <frame>, (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GTPV1, 2152/udp))
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_for_port, <frame>, (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_TEREDO, 3544/udp))
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_for_port, <frame>, (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_VXLAN, 4789/udp))
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_for_ports, <frame>, (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_AYIYA, {5072/udp}))
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_for_ports, <frame>, (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GENEVE, {6081/udp}))
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_for_ports, <frame>, (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GRE, {4754/udp}))
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_for_ports, <frame>, (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GTPV1, {2152<...>/udp}))
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_for_ports, <frame>, (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_TEREDO, {3544/udp}))
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_for_ports, <frame>, (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_VXLAN, {4789/udp}))
Expand Down Expand Up @@ -1226,6 +1232,7 @@
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_UDP, 2123, PacketAnalyzer::ANALYZER_GTPV1))
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_UDP, 2152, PacketAnalyzer::ANALYZER_GTPV1))
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_UDP, 3544, PacketAnalyzer::ANALYZER_TEREDO))
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_UDP, 4754, PacketAnalyzer::ANALYZER_GRE))
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_UDP, 4789, PacketAnalyzer::ANALYZER_VXLAN))
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_UDP, 5072, PacketAnalyzer::ANALYZER_AYIYA))
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_UDP, 6081, PacketAnalyzer::ANALYZER_GENEVE))
Expand Down Expand Up @@ -1272,6 +1279,7 @@
0.000000 MetaHookPre CallFunction(port_to_count, <frame>, (2123/udp))
0.000000 MetaHookPre CallFunction(port_to_count, <frame>, (2152/udp))
0.000000 MetaHookPre CallFunction(port_to_count, <frame>, (3544/udp))
0.000000 MetaHookPre CallFunction(port_to_count, <frame>, (4754/udp))
0.000000 MetaHookPre CallFunction(port_to_count, <frame>, (4789/udp))
0.000000 MetaHookPre CallFunction(port_to_count, <frame>, (5072/udp))
0.000000 MetaHookPre CallFunction(port_to_count, <frame>, (6081/udp))
Expand Down Expand Up @@ -2051,12 +2059,14 @@
0.000000 | HookCallFunction Option::set_change_handler(udp_content_ports, Config::config_option_changed{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)
0.000000 | HookCallFunction PacketAnalyzer::register_for_port(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_AYIYA, 5072/udp)
0.000000 | HookCallFunction PacketAnalyzer::register_for_port(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GENEVE, 6081/udp)
0.000000 | HookCallFunction PacketAnalyzer::register_for_port(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GRE, 4754/udp)
0.000000 | HookCallFunction PacketAnalyzer::register_for_port(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GTPV1, 2123/udp)
0.000000 | HookCallFunction PacketAnalyzer::register_for_port(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GTPV1, 2152/udp)
0.000000 | HookCallFunction PacketAnalyzer::register_for_port(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_TEREDO, 3544/udp)
0.000000 | HookCallFunction PacketAnalyzer::register_for_port(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_VXLAN, 4789/udp)
0.000000 | HookCallFunction PacketAnalyzer::register_for_ports(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_AYIYA, {5072/udp})
0.000000 | HookCallFunction PacketAnalyzer::register_for_ports(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GENEVE, {6081/udp})
0.000000 | HookCallFunction PacketAnalyzer::register_for_ports(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GRE, {4754/udp})
0.000000 | HookCallFunction PacketAnalyzer::register_for_ports(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GTPV1, {2152<...>/udp})
0.000000 | HookCallFunction PacketAnalyzer::register_for_ports(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_TEREDO, {3544/udp})
0.000000 | HookCallFunction PacketAnalyzer::register_for_ports(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_VXLAN, {4789/udp})
Expand Down Expand Up @@ -2155,6 +2165,7 @@
0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_UDP, 2123, PacketAnalyzer::ANALYZER_GTPV1)
0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_UDP, 2152, PacketAnalyzer::ANALYZER_GTPV1)
0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_UDP, 3544, PacketAnalyzer::ANALYZER_TEREDO)
0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_UDP, 4754, PacketAnalyzer::ANALYZER_GRE)
0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_UDP, 4789, PacketAnalyzer::ANALYZER_VXLAN)
0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_UDP, 5072, PacketAnalyzer::ANALYZER_AYIYA)
0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_UDP, 6081, PacketAnalyzer::ANALYZER_GENEVE)
Expand Down Expand Up @@ -2201,6 +2212,7 @@
0.000000 | HookCallFunction port_to_count(2123/udp)
0.000000 | HookCallFunction port_to_count(2152/udp)
0.000000 | HookCallFunction port_to_count(3544/udp)
0.000000 | HookCallFunction port_to_count(4754/udp)
0.000000 | HookCallFunction port_to_count(4789/udp)
0.000000 | HookCallFunction port_to_count(5072/udp)
0.000000 | HookCallFunction port_to_count(6081/udp)
Expand Down
2 changes: 1 addition & 1 deletion testing/btest/Baseline/signatures.dpd/dpd-ipv4.out
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|Analyzer::all_registered_ports()|, 5
|Analyzer::all_registered_ports()|, 6
signature_match [orig_h=141.142.220.235, orig_p=50003/tcp, resp_h=199.233.217.249, resp_p=21/tcp] - matched my_ftp_client
ftp_reply 199.233.217.249:21 - 220 ftp.NetBSD.org FTP server (NetBSD-ftpd 20100320) ready.
ftp_request 141.142.220.235:50003 - USER anonymous
Expand Down
2 changes: 1 addition & 1 deletion testing/btest/Baseline/signatures.dpd/dpd-ipv6.out
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|Analyzer::all_registered_ports()|, 5
|Analyzer::all_registered_ports()|, 6
signature_match [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49185/tcp, resp_h=2001:470:4867:99::21, resp_p=21/tcp] - matched my_ftp_client
ftp_reply [2001:470:4867:99::21]:21 - 220 ftp.NetBSD.org FTP server (NetBSD-ftpd 20100320) ready.
ftp_request [2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185 - USER anonymous
Expand Down
2 changes: 1 addition & 1 deletion testing/btest/Baseline/signatures.dpd/nosig-ipv4.out
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|Analyzer::all_registered_ports()|, 5
|Analyzer::all_registered_ports()|, 6
2 changes: 1 addition & 1 deletion testing/btest/Baseline/signatures.dpd/nosig-ipv6.out
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|Analyzer::all_registered_ports()|, 5
|Analyzer::all_registered_ports()|, 6
Binary file added testing/btest/Traces/tunnels/gre-over-udp-4754.pcap
View file
Binary file not shown.
10 changes: 10 additions & 0 deletions testing/btest/core/tunnels/gre-over-udp.test
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# @TEST-EXEC: zeek -b -r $TRACES/tunnels/gre-over-udp-4754.pcap %INPUT
# @TEST-EXEC: btest-diff conn.log
# @TEST-EXEC: btest-diff tunnel.log
# @TEST-EXEC: btest-diff dns.log
# @TEST-EXEC: btest-diff http.log
#
@load base/frameworks/tunnels
@load base/protocols/conn
@load base/protocols/dns
@load base/protocols/http

0 comments on commit 6d9d452

Please sign in to comment.