bro-aux-0.35/0000775002342100234210000000000012535376153012646 5ustar johannajohannabro-aux-0.35/rst/0000775002342100234210000000000012535376152013455 5ustar johannajohannabro-aux-0.35/rst/rst.c0000664002342100234210000002346312535376152014441 0ustar johannajohanna/* Derived from traceroute, which has the following copyright: * * Copyright (c) 1999, 2002 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #ifndef lint static const char copyright[] = "@(#) Copyright (c) 1999, 2002\nThe Regents of the University of California. All rights reserved.\n"; #endif /* need this due to linux's funny idea of a tcphdr */ #if defined(__linux__) #define _BSD_SOURCE #endif #include #include #include #include #include #include #include #include #include #include #include #include #include "config.h" /* Forwards */ void gripe(const char *, const char *); void pgripe(const char *); u_short in_cksum(register u_short *, register int); int ones_complement_checksum(const void *, int, u_int32_t); int tcp_checksum(const struct ip *, const struct tcphdr *, int); void send_pkt(int, struct in_addr, int, u_int32_t, struct in_addr, int, u_int32_t, int, int, int, int, const char *); void terminate(int, const char *, int, u_int32_t, const char *, int, u_int32_t, int, int, int, int, const char *); void usage(void); int main(int, char **); const char *prog_name; void gripe(const char *fmt, const char *arg) { fprintf(stderr, "%s: ", prog_name); fprintf(stderr, fmt, arg); fprintf(stderr, "\n"); } void pgripe(const char *msg) { fprintf(stderr, "%s: %s (%s)\n", prog_name, msg, strerror(errno)); exit(1); } /* * Checksum routine for Internet Protocol family headers (C Version) */ u_short in_cksum(register u_short *addr, register int len) { register int nleft = len; register u_short *w = addr; register u_short answer; register int sum = 0; /* * Our algorithm is simple, using a 32 bit accumulator (sum), * we add sequential 16 bit words to it, and at the end, fold * back all the carry bits from the top 16 bits into the lower * 16 bits. */ while (nleft > 1) { sum += *w++; nleft -= 2; } /* mop up an odd byte, if necessary */ if (nleft == 1) sum += *(u_char *)w; /* * add back carry outs from top 16 bits to low 16 bits */ sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */ sum += (sum >> 16); /* add carry */ answer = ~sum; /* truncate to 16 bits */ return (answer); } // - adapted from tcpdump // Returns the ones-complement checksum of a chunk of b short-aligned bytes. int ones_complement_checksum(const void *p, int b, u_int32_t sum) { const u_short *sp = (u_short *) p; // better be aligned! b /= 2; // convert to count of short's /* No need for endian conversions. */ while ( --b >= 0 ) sum += *sp++; while ( sum > 0xffff ) sum = (sum & 0xffff) + (sum >> 16); return sum; } int tcp_checksum(const struct ip *ip, const struct tcphdr *tp, int len) { int tcp_len = tp->th_off * 4 + len; u_int32_t sum, addl_pseudo; if ( len % 2 == 1 ) // Add in pad byte. sum = htons(((const u_char*) tp)[tcp_len - 1] << 8); else sum = 0; sum = ones_complement_checksum((void*) &ip->ip_src.s_addr, 4, sum); sum = ones_complement_checksum((void*) &ip->ip_dst.s_addr, 4, sum); addl_pseudo = (htons(IPPROTO_TCP) << 16) | htons((unsigned short) tcp_len); sum = ones_complement_checksum((void*) &addl_pseudo, 4, sum); sum = ones_complement_checksum((void*) tp, tcp_len, sum); return sum; } void send_pkt(int s, struct in_addr from, int from_port, u_int32_t from_seq, struct in_addr to, int to_port, u_int32_t to_seq, int size, int redundancy, int delay, int flags, const char *inject) { int cc; int pktlen = 40 + size; const int max_injection_size = 4096; char *pkt = malloc(pktlen + max_injection_size + 1024 /* slop */); struct ip *ip = (struct ip *) pkt; struct tcphdr *tcp = (struct tcphdr *) &pkt[20]; if ( ! pkt ) pgripe("couldn't malloc memory"); if ( inject && *inject ) { size = strlen(inject); if ( size > max_injection_size ) gripe("injection text too large%s", ""); pktlen = 40 + size; } memset(pkt, 0, pktlen); ip->ip_v = IPVERSION; ip->ip_len = pktlen; /* on FreeBSD, don't use htons(); YMMV */ ip->ip_off = 0; ip->ip_src = from; ip->ip_dst = to; ip->ip_hl = 5; ip->ip_p = IPPROTO_TCP; ip->ip_ttl = 255; ip->ip_id = 0; ip->ip_sum = in_cksum((u_short *) ip, sizeof(*ip)); if (ip->ip_sum == 0) ip->ip_sum = 0xffff; tcp->th_sport = htons(from_port); tcp->th_dport = htons(to_port); tcp->th_seq = htonl(from_seq); tcp->th_ack = htonl(to_seq); tcp->th_off = 5; tcp->th_flags = flags; tcp->th_win = 0; tcp->th_urp = 0; tcp->th_sum = 0; if ( inject && *inject ) { char *payload = &pkt[40]; strcpy(payload, inject); } else if ( size > 0 ) { const char *fill_string = (inject && *inject) ? inject : "BRO-RST\n"; char *payload = &pkt[40]; int n = strlen(fill_string); int i; for ( i = size; i > n + 1; i -= n ) { strcpy(payload, fill_string); payload += n; } for ( ; i > 0; --i ) *(payload++) = '\n'; } tcp->th_sum = ~tcp_checksum(ip, tcp, size); while ( redundancy-- > 0 ) { cc = send(s, (char *) ip, pktlen, 0); if (cc < 0 || cc != pktlen) pgripe("problem in sendto()"); usleep(delay * 1000); } free(pkt); } void terminate(int s, const char *from_addr, int from_port, u_int32_t from_seq, const char *to_addr, int to_port, u_int32_t to_seq, int num, int redundancy, int stride, int delay, const char *inject) { struct sockaddr_in where_from, where_to; struct sockaddr_in *from = (struct sockaddr_in *) &where_from; struct sockaddr_in *to = (struct sockaddr_in *) &where_to; memset(from, 0, sizeof(*from)); memset(to, 0, sizeof(*to)); #ifdef SIN_LEN from->sin_len = to->sin_len = sizeof(*to); #endif /* SIN_LEN */ from->sin_family = to->sin_family = AF_INET; if ( inet_aton(from_addr, (struct in_addr *) &from->sin_addr) == 0 ) gripe("bad from address %s", from_addr); if ( inet_aton(to_addr, (struct in_addr *) &to->sin_addr) == 0 ) gripe("bad to address %s", to_addr); if ( connect(s, (struct sockaddr *) &where_to, sizeof(where_to)) < 0 ) pgripe("can't connect"); while ( num-- > 0 ) { send_pkt(s, from->sin_addr, from_port, from_seq, to->sin_addr, to_port, to_seq, 0, redundancy, delay, (*inject ? 0 : TH_RST) | TH_ACK, inject); if ( num > 0 && stride > 1 ) send_pkt(s, from->sin_addr, from_port, from_seq, to->sin_addr, to_port, to_seq, stride, redundancy, delay, TH_ACK, inject); from_seq += stride; } } void usage() { #if defined(__linux__) fprintf(stderr, "%s [-R] [-I text-to-inject] [-i interface] [-d delay-msec] [-n num] [-r redundancy] [-s stride] from_addr from_port from_seq to_addr to_port to_seq\n", prog_name); #else fprintf(stderr, "%s [-R] [-I text-to-inject] [-d delay-msec] [-n num] [-r redundancy] [-s stride] from_addr from_port from_seq to_addr to_port to_seq\n", prog_name); #endif exit(0); } int main(int argc, char **argv) { extern char* optarg; extern int optind, opterr; const char *from_addr, *to_addr; char inject[8192]; int from_port, to_port; u_int32_t from_seq, to_seq; int delay = 0.0; int redundancy = 1; int num = 1; int stride = 1; int reverse = 0; int s; int on = 1; int op; prog_name = argv[0]; opterr = 0; inject[0] = 0; #if defined(__linux__) char *interface = NULL; while ( (op = getopt(argc, argv, "RI:i:d:n:r:s:")) != EOF ) #else while ( (op = getopt(argc, argv, "RI:d:n:r:s:")) != EOF ) #endif switch ( op ) { case 'R': reverse = 1; break; case 'I': { char *ap = optarg; char *ip; for ( ip = inject; *ap; ++ip, ++ap ) { if ( ap[0] == '\\' && ap[1] == 'n' ) *ip = '\n', ++ap; else *ip = *ap; } } break; #if defined(__linux__) case 'i': interface = optarg; break; #endif case 'd': delay = atoi(optarg); break; case 'n': num = atoi(optarg); break; case 'r': redundancy = atoi(optarg); break; case 's': stride = atoi(optarg); break; default: usage(); break; } if ( argc - optind != 6 ) usage(); s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW); if ( s < 0 ) pgripe("couldn't create raw socket"); setuid(getuid()); if ( setsockopt(s, 0, IP_HDRINCL, (char *) &on, sizeof(on)) < 0 ) pgripe("can't turn on IP_HDRINCL"); #if defined(__linux__) if ( interface ){ if ( setsockopt(s, SOL_SOCKET, SO_BINDTODEVICE, interface, strlen(interface)) < 0 ) pgripe("can't set interface"); } #endif from_addr = argv[optind++]; from_port = atoi(argv[optind++]); from_seq = strtoul(argv[optind++], 0, 10); to_addr = argv[optind++]; to_port = atoi(argv[optind++]); to_seq = strtoul(argv[optind++], 0, 10); if ( reverse ) terminate(s, to_addr, to_port, to_seq, from_addr, from_port, from_seq, num, redundancy, stride, delay, inject); else terminate(s, from_addr, from_port, from_seq, to_addr, to_port, to_seq, num, redundancy, stride, delay, inject); return 0; } bro-aux-0.35/rst/CMakeLists.txt0000664002342100234210000000020012535376152016205 0ustar johannajohannaset(rst_SRCS rst.c ) add_executable(rst ${rst_SRCS}) target_link_libraries(rst ${BIND_LIBRARY}) AddAuxInstallTarget(rst) bro-aux-0.35/devel-tools/0000775002342100234210000000000012535376152015102 5ustar johannajohannabro-aux-0.35/devel-tools/check-release0000775002342100234210000000072112535376152017523 0ustar johannajohanna#! /usr/bin/env bash # # Checks the current repository and all if its submodules for being # in "release shape". repo_status="`dirname $0`/repo-status" check_cmd="test -e CHANGES && $repo_status" printf ' %20s %-10s %-8s %-8s %-7s %-5s %-15s %s\n' "" "Branch" "CHANGES" "Pending" "Modif" "Sub" "VERSION" "Tags" ( eval $check_cmd; git submodule foreach -q --recursive "$check_cmd; true" ) \ | awk '/!/{print "- ", $0; next;} {print "+ ", $0; next;}' bro-aux-0.35/devel-tools/update-changes0000775002342100234210000002743312535376152017731 0ustar johannajohanna#! /usr/bin/env bash # # Assembles a draft CHANGES entry out of revisions committed since the last # entry was added. The entry is prepended to the current CHANGES file, and the user # then gets a chance to further edit it in the editor before it gets committed. # # The script also maintains and updates a VERSION file. # # If the script finds a file called .update-changes.cfg it sources it at beginning. That # script can define a function "new_version_hook" that will be called with the new # version number. It may use any of the replace_version_* functions defined below # to update other files as necessary. # # If $1 is given, it's interpreted as a release version and a corresponding # tag is created. file_changes="CHANGES" # The CHANGES file. file_version="VERSION" # The VERSION file. file_config=".update-changes.cfg" # This will be sourced if available. new_version_hook="new_version_hook" # Function that will be called with new version number. release_tag="release" # We mark the current release with this tag. beta_tag="beta" # We mark the current beta with this tag. new_commit_msg="Updating CHANGES and VERSION." # Commit message when creating a new commit. show_authors=1 # Include author names with commit. # The command line used to generate a revision's version string. git_describe="git describe --always" # {rev} will be added. # The command line used to generate a revision's date. The revision will be appended. # Not used with Bro style. git_rev_date="git show -s --pretty=tformat:%ci" # The command line used to generate the list of revision between old and new state. git_rev_list="git rev-list --topo-order HEAD" # ^{past-rev} will be added. # The command line used to show the one-line summary of a revision before editing. git_rev_summary="git show -s '--pretty=tformat: %h | %aN | %s'" # {rev} will be added. # The command line used to get a revision's author. git_author="git show -s --pretty=format:%aN" # {rev} will be added. # The command line used to get a revision's message. git_msg="git show -s --pretty=format:%B" # {rev} will be added. function usage { echo "usage: `basename $0` [options]" echo echo " -p Explicitly name the past revision to compare with." echo " -R Tag the current revision as a release. Use VERSION to use that." echo " -B Tag the current revision as a beta release. Use VERSION to use that." echo " -I Initialize a new, initially empty CHANGES file." echo " -c Check whether CHANGES is up to date." echo exit 1 } ### Functions that can be used to replace version strings in other files. ### To use them, create a file $file_config and define a function "new_version_hook" ### in there that does whatever is necessary, like calling any of thse. # Function that looks for lines of the form 'VERSION="1.2.3"' in $1. It will replace # the version number with $2 and then git-adds the change. function replace_version_in_script { file=$1 version=$2 cat $file | sed "s#^\\( *VERSION *= *\\)\"\\([0-9.-]\\{1,\\}\\)\"#\1\"$version\"#g" >$file.tmp cat $file.tmp >$file rm -f $file.tmp git add $file } # Function that looks for lines of the form '.. |version| replace:: 0.3' in $1. It will replace # the version number with $2 and then git-adds the change. function replace_version_in_rst { file=$1 version=$2 cat $file | sed "s#^\\( *\.\. *|version| *replace:: *\\)\\([0-9a-zA-Z.-]\\{1,\\}\\)#\1$version#g" >$file.tmp cat $file.tmp >$file rm -f $file.tmp git add $file } # Function that looks for version information in setup.py in $1. It will replace # the version number with $2 and then git-adds the change. function replace_version_in_setup_py { file=$1 version=$2 cat $file | sed "s#\\([\\t ]*version[\\t ]*=[\\t ]*\\)\"\\([0-9.-]\\{1,\}\\)\"#\\1\"$version\"#g" >$file.tmp cat $file.tmp >$file rm -f $file.tmp git add $file } # Function that looks for lines of the form "#define .*VERSION "0.3"", with the number being "version * 100". It will # replace the version with $2 and then git-adds the change. function replace_version_in_c_header { file=$1 version=$2 cat $file | sed "s#\\([\\t ]*\\#define[\\t ]*[_A-Za-z0-9]*_VERSION[\\t ]*\\)\"[0-9.-]\\{1,\\}\"#\\1\"$version\"#g" >$file.tmp mv $file.tmp $file git add $file } ### function version { rev=$1 $git_describe $rev 2>/dev/null | sed 's/^v//g' | sed 's/-g.*//g' } function start_changes_entry { version=$1 dst=$2 if [ "$bro_style" == "0" ]; then date=`$git_rev_date HEAD` printf '%s | %s\n' "$version" "$date" >>$dst else date=`date` printf '%s %s\n' "$version" "$date" >>$dst fi } function add_to_changes_entry { rev=$1 dst=$2 msg=$3 whoami=`whoami` author=`cat /etc/passwd | grep '$whoami:'` if [ "$msg" == "" ]; then author=`$git_author $rev` msg=`$git_msg $rev` fi if [ "$msg" == "" ]; then return 1 fi if echo $msg | grep -q "^$new_commit_msg\$"; then # Ignore our own automated commits. return 1; fi echo >>$dst if [ "$bro_style" == "0" ]; then bullet=" *" else bullet="-" fi ( echo -n "$msg"; test "$author" != "" && test "$show_authors" == "1" && printf " (%s)" "$author" ) \ | awk -v bullet="$bullet" 'NR==1{printf "%s %s\n", bullet, $0; next }{printf " %s\n", $0}' \ | sed 's/[\t ]*$//' >>$dst return 0; } function init_changes { echo >>$file_changes start_changes_entry `version HEAD` $file_changes echo >>$file_changes echo " * Starting $file_changes." >>$file_changes } function get_last_rev { version=`cat $file_changes | egrep '^[0-9a-zA-Z.-]+ *\|' | head -1 | awk '{print $1}'` if echo $version | grep -q -- '-'; then # v1.0.4-14 # Find the revision with that number. for rev in `git rev-list HEAD`; do v=`version $rev` if [ "$v" == "$version" ]; then echo $rev return fi done echo "Cannot determine revision for version $version." >/dev/stderr exit 1 else # A tag. echo "v$version" fi } function check_release_tag { if [ "$release" != "" ]; then git tag -d $release_tag 2>/dev/null git tag -a $release_tag -m "Current stable release." sleep 2 # Make sure git describe picks the next one. git tag -d $release 2>/dev/null git tag -a $release -m "Version tag" echo "Tagged with new tag $release and moved tag 'release' to here." echo echo "IMPORTANT: Don't forget to 'git push --tags'." fi } function check_beta_tag { if [ "$beta" != "" ]; then git tag -d $beta_tag 2>/dev/null git tag -a $beta_tag -m "Current stable beta." sleep 2 # Make sure git describe picks the next one. git tag -d $beta 2>/dev/null git tag -a $beta -m "Beta version tag" echo "Tagged with new tag $beta and moved tag 'beta' to here." echo echo "IMPORTANT: Don't forget to 'git push --tags'." fi } function check_submodules { if git submodule status --recursive | grep ^+; then cat <".' exit 1 fi auto_version=`version HEAD` if [ "$auto_version" == "" ]; then echo "Cannot determine version for HEAD did not return anything." exit 1 fi tmp=${file_changes}.$$.tmp trap "rm -f $tmp" EXIT rm -f $tmp found=0 echo >>$tmp new_version=$auto_version version=`version $rev` if [ "$version" == "" ]; then echo "Cannot determine version for $rev." exit 1 fi if [ "$release" != "" ]; then new_version=`echo $release | sed 's/v//g'` fi if [ "$beta" != "" ]; then new_version=`echo $beta | sed 's/v//g'` fi if [ "$quiet" != "1" ]; then echo "New version is $new_version." echo "Listing revisions commited since `version $last_rev` ($last_rev) ... " echo fi start_changes_entry $new_version $tmp for rev in `$git_rev_list ^$last_rev`; do version=`version $rev` if [ "$version" == "" ]; then version="" fi # printf "%15s |" $version if add_to_changes_entry $rev $tmp; then found=1 if [ "$quiet" != "1" ]; then eval "$git_rev_summary $rev | grep -v '^$' | cat" fi fi done if [ "$found" == "0" ]; then if [ "$check" == "1" ]; then echo "CHANGES is up to date." exit 0 fi echo " None." echo if [ "$release" != "" -o "$beta" != "" ]; then add_to_changes_entry head $tmp "Release $new_version." else exit 0 fi fi if [ "$check" == "1" ]; then echo "CHANGES is NOT to date." exit 0 fi echo >>$tmp cat $file_changes >>$tmp # If we are ahead of origin, we can amend. If not, we need to create a new commit even # if the user wants otherwise. amend=0 if git remote | grep -q origin; then if git rev-list origin..HEAD | grep -q .; then amend=1 fi fi echo if [ "$amend" == "0" ]; then echo Update to $file_changes will become a new commit. else echo Update to $file_changes will be amended to last commit. fi echo echo Type Enter to edit new $file_changes, or CTRL-C to abort without any modifications. read # Run editor. eval $EDITOR $tmp # Put changes in place. mv $tmp $file_changes echo "Updated $file_changes." if [ "$file_version" != "" ]; then echo $new_version >$file_version echo "Updated $version to $new_version." fi # Call hook function if it exists. if type $new_version_hook >/dev/null 2>&1; then $new_version_hook $new_version fi # Commit changes. git add $file_changes $file_version if [ "$amend" == "1" ]; then git commit --amend else git commit -m "$new_commit_msg" fi echo "Updates committed." check_release_tag check_beta_tag bro-aux-0.35/devel-tools/git-move-submodules0000775002342100234210000000207712535376152020745 0ustar johannajohanna#! /usr/bin/env bash # # Recursively check outs the most recent version of all submodules on a given # branch, and commits the updates to the parents. branch=$1 if [ "$branch" == "" ]; then echo "usage: `basename $0` " exit 1 fi function update_module { local cwd=$1 local i local modules="" cd $cwd # Note we don't use --recursive here, as we want to do a depth-first # search so that we update childrens first. for i in `git submodule foreach -q 'echo $path'`; do # See if repository has a branch of the given name. Otherwise leave it alone. ( cd $i && git show-ref --verify --quiet refs/heads/$branch ) || continue modules="$modules $i" echo "--- Checking out $branch of `basename $i`" cd $i git checkout -q $branch || exit 1 update_module $cwd/$i cd $cwd done if [ "$modules" != "" ]; then echo "+++ Commiting updates to `basename $cwd`" git commit -m 'Updating submodule(s). [nomail]' --only $modules fi } update_module `pwd` bro-aux-0.35/devel-tools/git-pre-push-hook0000775002342100234210000000150312535376152020311 0ustar johannajohanna#!/bin/sh # # A pre-push hook that makes sure all testing/external changes # have been pushed already. If not, it will abort. Note that # it will only check for unpushed commits, not for uncommited # changes. # # To install this, copy it into you Bro tree's .git/hooks/pre-push. # # This hook is called with the following parameters: # # $1 -- Name of the remote to which the push is being done # $2 -- URL to which the push is being done # # If this script exits with a non-zero status nothing will be pushed. test -d testing/external || exit 0 cd testing/external base=`pwd` abort=0 for repo in `./scripts/find-git-repos`; do cd ${base}/${repo} && \ git rev-list @{u}.. | grep -q . && \ echo "ERROR: testing/external/`basename $repo` has commits that are not pushed." && \ abort=1 done exit ${abort} bro-aux-0.35/devel-tools/git-show-fastpath0000775002342100234210000000063412535376152020404 0ustar johannajohanna#! /usr/bin/env bash # # Shows pending fastpath commits for all modules. show="git show-ref -q origin/fastpath && git --no-pager log --format=oneline origin/fastpath ^master || exit 0" ( echo "Entering " && eval $show && git submodule foreach --recursive "$show" ) | awk ' /Entering/ { current = $2; next } { if ( current != "" ) print "==" current; print; current = ""; } ' bro-aux-0.35/devel-tools/repo-status0000775002342100234210000000161212535376152017316 0ustar johannajohanna#! /usr/bin/env bash # # Helper for check-release. repo=`basename \`git config --get remote.origin.url\` | sed 's/^[^:]*://'` head=`basename \`git symbolic-ref -q HEAD\`` update_changes="`dirname $0`/update-changes" printf "%20s " "$repo" printf "%-10s " "$head" printf "%-8s " `$update_changes -c | grep -q NOT && echo 'old!' || echo ok` printf "%-8s " `git log --oneline $head ^origin/$head | wc -l | awk '$1==0{printf("%s",$1)} $1!=0{printf("%s!",$1)}'` printf "%-7s " `git status --porcelain | awk 'NF!=1' | grep -q '.' && echo 'Mod!' || echo ok` printf "%-5s " `git submodule status --recursive | sed 's/^\(\.\).*/\1/g' | grep -q '^ $' && echo 'Mod!' || echo ok` printf "%-15s " `cat VERSION | awk '/-/{printf("%s!", $1); next} {printf("%s", $1)}'` printf "%s" `git tag -l --contains HEAD | sort -r | paste -sd ',' | awk '/release|beta/{printf("%s",$1); next;} {printf("%s!",$1)}'` echo bro-aux-0.35/devel-tools/git-delete-old-branches0000775002342100234210000000142512535376152021414 0ustar johannajohanna# ! /usr/bin/env bash # # Adapted from http://devblog.springest.com/a-script-to-remove-old-git-branches # # This has to be run from master git checkout master # Update our list of remotes git fetch git remote prune origin # # Remove local fully merged branches # git branch --merged master | grep -v 'master$' | xargs git branch -d # Show remote fully merged branches echo "The following remote branches are fully merged and will be removed:" git branch -r --merged master | sed 's/ *origin\///' | grep '^topic/' if [ $? != 0 ]; then exit 0 fi read -p "Continue (y/n)? " if [ "$REPLY" == "y" ] then # Remove remote fully merged branches git branch -r --merged master | sed 's/ *origin\///' \ | grep '^topic/' | xargs -I% git push origin :% echo "Done!" fi bro-aux-0.35/devel-tools/cpu-bench-with-trace0000775002342100234210000000155412535376152020746 0ustar johannajohanna#! /usr/bin/env bash # # This runs a number of Bro configurations on trace $2. It # starts with the bare config and then # kept adding the scripts load from init-default.bro and local.bro one # by one, measuring user time for each run (i.e., the measurements are # cumulative). if [ "$2" == "" ]; then echo "usage: `basename $0` " exit 1 fi bro=$1 trace=$2 tmp=/tmp/bench.$$.bro export BROPATH=`$bro/build/bro-path-dev` cat $tmp cat $bro/scripts/base/init-default.bro $bro/scripts/site/local.bro | grep '^ *@load' | while read line; do echo $line >>$tmp script=`echo $line | awk '{print $2}' | sed 's#/#.#g'` output="bench.output.$script.log" ( time -p $bro/build/src/bro -b -r $trace $tmp ) >$output 2>&1 user=`cat $output | grep user | awk '{print $2}'` printf "%40s %s\n" $script $user done rm -f $tmp bro-aux-0.35/devel-tools/extract-conn-by-uid0000775002342100234210000000143612535376152020630 0ustar johannajohanna#! /usr/bin/env bash # # Searches the connection with UID $1 in conn.log, and then extracts # it from trace file $2. if [ $# != 2 ]; then echo "usage: `basename $0` " exit 1 fi uid=$1 trace=$2 if [ ! -e conn.log ]; then echo "no conn.log found" exit 1 fi if [ ! -e $trace ]; then echo "trace $trace not found" exit 1 fi filter=`awk -v uid=$uid '$2==uid { printf("host %s and port %s and host %s and port %s\n", $3, $4, $5, $6)}' " exit 1 fi if ! gpg-agent -q; then echo "GPG agent not running." exit 1 fi FILE=$1 $GPG --detach-sign -a -u $KEY --openpgp -o $FILE.asc $FILE bro-aux-0.35/devel-tools/gen-mozilla-ca-list.rb0000775002342100234210000000411212535376152021200 0ustar johannajohanna#!/usr/bin/env ruby require 'open-uri' tmpcert = "/tmp/tmpcert.der" incert=false intrust=false url = 'http://mxr.mozilla.org/mozilla-central/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1' io = open(url); puts "# Don't edit! This file is automatically generated." puts "# Generated at: #{Time.now}" puts "# Generated from: #{url}" puts "#" puts "# The original source file comes with this licensing statement:" puts "#" puts "# This Source Code Form is subject to the terms of the Mozilla Public" puts "# License, v. 2.0. If a copy of the MPL was not distributed with this" puts "# file, You can obtain one at http://mozilla.org/MPL/2.0/." puts "" puts "@load base/protocols/ssl" puts "module SSL;"; puts "redef root_certs += {"; all_certs = [] all_subjects = [] cert_name = "" cert = "" io.each do |line| line.chomp! if intrust if line =~ /^CKA_TRUST_SERVER_AUTH/ if line =~ /CKT_NSS_TRUSTED_DELEGATOR/ File.open(tmpcert, "wb") do |f| byteArray = cert.split("\\x") max = byteArray.length() - 1 byteArray[1..max].each do | byte | f.print byte.hex.chr end end cert_subj = `openssl x509 -in #{tmpcert} -inform DER -noout -subject -nameopt RFC2253` cert_subj["subject= "]= "" cert_subj.chomp! File.delete(tmpcert) if not all_subjects.include?(cert_subj) puts " [\"#{cert_subj}\"] = \"#{cert}\"," all_subjects << cert_subj end end intrust=false end else if line =~ /^CKA_LABEL/ cert_name = line.sub(/.*\"(.*)\".*/, "\\1") i = 0 while all_certs.include?(cert_name) i+=1 cert_name += " #{i}" end all_certs << cert_name elsif line =~ /^CKA_VALUE MULTILINE_OCTAL/ incert=true cert="" elsif line =~ /^CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST/ intrust=true elsif line =~ /^END/ incert=false elsif incert cert += line.split(/\\/).collect { |x| x.oct.chr.unpack("H2")[0].upcase if x!="" }.join("\\x") end end end puts "};" bro-aux-0.35/devel-tools/make-release0000775002342100234210000000517012535376152017366 0ustar johannajohanna#! /usr/bin/env bash # # Makes release tarballs for the repository in the current directory; # and if --recursive is given, also for all submodules. DEST="`pwd`/build/dist" # Where to put the TGZs. LOGS="$DEST/.log" # Where to put build logs. dists="" function usage() { echo "Usage: `basename $0` [--recursive]" } function release() { mod=$1 tmp="$LOGS/make-release.`basename $mod`.log" cat $tmp echo "--- Building distribution for $mod" >&2 echo "Log in $tmp." >&2 make dist >$tmp 2>&1 cat $tmp | awk '/CPack:.*generated/ {print $4} /^Package: / {print $2}' | while read tgz; do if echo $tgz | grep -qv ^/; then tgz="`pwd`/$tgz" fi version=`git tag --contains HEAD | egrep '^(release|beta)$'` if [ "$version" == "" ]; then version="git" fi echo "Distribution in $tgz ($version)" >&2 ls -al $tgz | awk '{print " ", $0; }' >&2 echo "$tgz#$version" done } if [ "$1" == "--recursive" ]; then submodules=1 shift fi if [ "$submodules" == "1" ]; then mods=`git submodule foreach -q --recursive pwd | grep -v /cmake` fi if [ -e $DEST ]; then echo echo "$DEST exists already, proceeding will delete it." echo ">> Continue? (y/n)" read line if [ "$line" != "y" ]; then exit 1 fi fi rm -rf $DEST install -d $DEST install -d $LOGS mods="$mods ." build= for mod in $mods; do cwd=`pwd` cd $mod if [ "$mod" = "." ]; then mod=`pwd` mod=`basename $mod` fi if [ ! '(' -e CMakeLists.txt -o -e Makefile ')' ]; then echo "No CMakeLists.txt or Makefile in $mod, skipping." cd $cwd continue fi ignore=1 if [ "`git describe HEAD`" = "`git describe release 2>/dev/null`" ]; then ignore=0 fi if [ "`git describe HEAD`" = "`git describe beta 2>/dev/null`" ]; then ignore=0 fi if [ "$ignore" = "1" ]; then echo "Module $mod is not tagged for release or beta, skipping." cd $cwd continue fi dist=`release $mod` ( echo $dist | grep -qv "^ *$" ) || echo "No distribution found for $mod." dists="$dists $dist" echo cd $cwd done for dist in $dists; do tgz=`echo $dist | cut -d '#' -f 1` version=`echo $dist | cut -d '#' -f 2` dst=`basename $tgz` dst="$DEST/$version/`echo $dst | sed 's/\.tgz/.tar.gz/g'`" install -d $DEST/$version mv $tgz $dst echo Signing $dst ... sign-file $dst done echo "--- All distributions in $DEST:" all=`find $DEST -path '*gz*'` test "$all" != "" && ls -rl $all || echo "None." echo bro-aux-0.35/bro-cut/0000775002342100234210000000000012535376152014220 5ustar johannajohannabro-aux-0.35/bro-cut/bro-cut.10000664002342100234210000000376212535376152015665 0ustar johannajohanna.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.46.4. .TH BRO-CUT "1" "November 2014" "bro-cut " "User Commands" .SH NAME bro-cut \- parse Bro logs .SH SYNOPSIS .B bro\-cut [\fIoptions\fR] [\fIcolumns\fR] .SH DESCRIPTION Extracts the given columns from ASCII Bro logs on standard input, and outputs them to standard output. If no columns are given, all are selected. By default, .B bro\-cut does not include format header blocks in the output. .PP Columns are specified as a list of space-separated field names. The order of field names given to \fBbro-cut\fR determines the output order, which means \fBbro-cut\fR can be used to reorder columns. .PP The ASCII Bro logs read on standard input must have intact format header blocks because \fBbro-cut\fR needs this information to correctly interpret the log file format. In fact, \fBbro-cut\fR can process the concatenation of multiple ASCII log files that have different column layouts. .SH OPTIONS .TP \fB\-c\fR Include the first format header block into the output. .TP \fB\-C\fR Include all format header blocks into the output. .TP \fB\-d\fR Convert time values into human\-readable format. .HP \fB\-D\fR Like \fB\-d\fR, but specify format for time (see strftime(3) for syntax). .HP \fB\-F\fR Sets a different output field separator. .TP \fB\-n\fR Print all fields except those specified. .TP \fB\-u\fR Like \fB\-d\fR, but print timestamps in UTC instead of local time. .HP \fB\-U\fR Like \fB\-D\fR, but print timestamps in UTC instead of local time. .SH ENVIRONMENT .TP .B BRO_CUT_TIMEFMT For time conversion option \fB\-d\fR or \fB\-u\fR, the format string can be specified by setting this environment variable. .SH EXAMPLES Output three columns and convert time values: .br cat conn.log | bro-cut -d ts id.orig_h id.orig_p .PP Output all columns and convert time values with a custom format string: .br cat conn.log | bro-cut -D "%Y-%m-%d %H:%M:%S" .SH SEE ALSO strftime(3) .SH AUTHOR .B bro-cut was written by The Bro Project . bro-aux-0.35/bro-cut/bro-cut.c0000664002342100234210000003570412535376152015750 0ustar johannajohanna// See the file "COPYING" in the main distribution directory for copyright. #include // define required for FreeBSD #define _WITH_GETLINE #include #include #include #include /* The maximum length of converted timestamp that bro-cut can handle. */ #define MAX_TIMESTAMP_LEN 100 /* User-specified options that stay constant during a run of bro-cut. */ struct useropts { int showhdr; /* show log headers? (0=no, 1=only first, 2=all) */ int negate; /* show all but the specified columns? (0=no, 1=yes) */ int timeconv; /* do time conversion? (0=no, 1=local, 2=UTC) */ char **columns; /* array of user-specified column names */ int num_columns; /* number of user-specified column names */ const char *ofs; /* user-specified output field separator character */ const char *timefmt; /* strftime format string for time conversion */ }; /* Parameters that might change with each log file being processed. */ struct logparams { int *out_indexes; /* array of log file column indices to output */ int num_out_indexes; /* number of elements in "out_indexes" */ int idx_range; /* max. value in "out_indexes" plus one */ int *time_cols; /* array of columns (0=not timestamp, 1=timestamp) */ char **tmp_fields; /* array of pointers to each field on a line */ int num_fields; /* number of fields in log file */ char ifs[2]; /* input field separator character */ char ofs[2]; /* output field separator character */ }; int usage(void) { puts("\nbro-cut [options] []\n"); puts("Extracts the given columns from an ASCII Bro log on standard input."); puts("If no columns are given, all are selected. By default, bro-cut does"); puts("not include format header blocks into the output."); puts("\nExample: cat conn.log | bro-cut -d ts id.orig_h id.orig_p"); puts("\n -c Include the first format header block into the output."); puts(" -C Include all format header blocks into the output."); puts(" -d Convert time values into human-readable format."); puts(" -D Like -d, but specify format for time (see strftime(3) for syntax)."); puts(" -F Sets a different output field separator."); puts(" -n Print all fields *except* those specified."); puts(" -u Like -d, but print timestamps in UTC instead of local time."); puts(" -U Like -D, but print timestamps in UTC instead of local time.\n"); puts("For time conversion option -d or -u, the format string can be specified by"); puts("setting an environment variable BRO_CUT_TIMEFMT.\n"); exit(1); } /* Return the index in "haystack" where "needle" is located (or -1 if not * found). */ int string_index(char *haystack[], int haystack_size, const char *needle) { int i; for (i = 0; i < haystack_size; ++i) { if (!strcmp(haystack[i], needle)) { return i; } } return -1; } /* Return whether or not "needle" is contained in "haystack" (0=false, 1=true). */ int contains(int *haystack, int haystack_size, int needle) { int i; for (i = 0; i < haystack_size; ++i) { if (haystack[i] == needle) { return 1; } } return 0; } /* Return the input field separator from the log's "#separator " header line. */ char parsesep(const char *sepstr) { char ifs; if (!strncmp(sepstr, "\\x", 2)) { long sepval = strtol(sepstr + 2, NULL, 16); ifs = sepval; } else { ifs = sepstr[0]; } return ifs; } /* Determine the columns (if any) where the field is "time". Return 0 for * success, and non-zero otherwise. */ int find_timecol(const char *line, struct logparams *lp) { int i; int *tmpptr; char *copy_of_line; char *field_ptr; char *field; tmpptr = (int *) realloc(lp->time_cols, lp->idx_range * sizeof(int)); if (tmpptr == NULL) { fputs("bro-cut: out of memory\n", stderr); return 1; } lp->time_cols = tmpptr; if ((copy_of_line = strdup(line)) == NULL) { fputs("bro-cut: out of memory\n", stderr); return 1; } field_ptr = copy_of_line; int ret = 0; for (i = 0; i < lp->idx_range; ++i) { if ((field = strsep(&field_ptr, lp->ifs)) == NULL) { fputs("bro-cut: log header does not have enough fields\n", stderr); ret = 1; break; } /* Set value of 1 for each "time" column, or 0 otherwise */ lp->time_cols[i] = strcmp("time", field) ? 0 : 1; } free(copy_of_line); return ret; } /* Allocate memory for "out_indexes" and store index numbers there * corresponding to the columns in "line" that we want to output later. * Set the number of elements in "out_indexes". Also * store in "idx_range" the maximum value contained in "out_indexes" plus one. * Return 0 for success, and non-zero otherwise. */ int find_output_indexes(char *line, struct logparams *lp, struct useropts *bopts) { int idx; int *out_indexes; char *field_ptr; char *copy_of_line = NULL; char *field; /* Get the number of fields */ lp->num_fields = 0; field = line; while ((field = strchr(field, lp->ifs[0])) != NULL) { lp->num_fields++; field++; } lp->num_fields++; char **tmpptr; /* note: size is num_fields+1 because header lines have an extra field */ tmpptr = (char **) realloc(lp->tmp_fields, (lp->num_fields + 1) * sizeof(char *)); if (tmpptr == NULL) { return 1; } lp->tmp_fields = tmpptr; if (bopts->num_columns == 0) { /* No columns specified on cmd-line, so use all the columns */ out_indexes = (int *) realloc(lp->out_indexes, lp->num_fields * sizeof(int)); if (out_indexes == NULL) { return 1; } for (idx = 0; idx < lp->num_fields; ++idx) { out_indexes[idx] = idx; } lp->out_indexes = out_indexes; lp->idx_range = lp->num_fields; lp->num_out_indexes = lp->num_fields; return 0; } /* Set tmp_fields to point to each field on the line */ if ((copy_of_line = strdup(line)) == NULL) { return 1; } field_ptr = copy_of_line; idx = 0; while ((field = strsep(&field_ptr, lp->ifs)) != NULL) { lp->tmp_fields[idx++] = field; } int out_idx = 0; int maxval = 0; if (!bopts->negate) { /* One or more column names were specified on cmd-line */ out_indexes = (int *) realloc(lp->out_indexes, bopts->num_columns * sizeof(int)); if (out_indexes == NULL) { return 1; } for (idx = 0; idx < bopts->num_columns; ++idx) { out_indexes[idx] = string_index(lp->tmp_fields, lp->num_fields, bopts->columns[idx]); if (out_indexes[idx] > maxval) { maxval = out_indexes[idx]; } } out_idx = bopts->num_columns; } else { /* The "-n" option was specified on cmd-line */ out_indexes = (int *) realloc(lp->out_indexes, lp->num_fields * sizeof(int)); if (out_indexes == NULL) { return 1; } for (idx = 0; idx < lp->num_fields; ++idx) { if (string_index(bopts->columns, bopts->num_columns, lp->tmp_fields[idx]) == -1) { out_indexes[out_idx++] = idx; if (idx > maxval) { maxval = idx; } } } } free(copy_of_line); lp->out_indexes = out_indexes; lp->idx_range = maxval + 1; lp->num_out_indexes = out_idx; return 0; } /* Output the columns of "line" that the user specified. The value of "hdr" * indicates whether "line" is a header line or not (0=not header, 1=header). */ void output_indexes(int hdr, char *line, struct logparams *lp, struct useropts *bopts) { int i; char *field; int dotimeconv = 0; /* do a time conversion on this line? (0=no, 1=yes) */ int dotimetypeconv = 0; /* change time type on this line? (0=no, 1=yes) */ int idxrange = lp->idx_range + hdr; /* header lines have one extra field */ int firstdone = 0; /* If user selected time conversion and this line is not a header line, * then try to do a time conversion. */ if (bopts->timeconv && !hdr) { dotimeconv = 1; } for (i = 0; i < idxrange; ++i) { if ((field = strsep(&line, lp->ifs)) == NULL) { fputs("bro-cut: skipping log line (not enough fields)\n", stderr); return; } lp->tmp_fields[i] = field; } /* If user selected time conversion and this line is a "#types" header, * then try to change the "time" type field. */ if (bopts->timeconv && hdr && !strcmp(lp->tmp_fields[0], "#types")) { dotimetypeconv = 1; } if (hdr) { /* Output the initial "#" field on the header line */ fputs(lp->tmp_fields[0], stdout); firstdone = 1; } for (i = 0; i < lp->num_out_indexes; ++i) { int idxval = lp->out_indexes[i]; if (firstdone) fputs(lp->ofs, stdout); if (idxval != -1) { if (dotimeconv && lp->time_cols[idxval]) { /* convert time */ time_t tt = atol(lp->tmp_fields[idxval]); struct tm *tmptr; char tbuf[MAX_TIMESTAMP_LEN]; tmptr = bopts->timeconv == 1 ? localtime(&tt) : gmtime(&tt); if (!strftime(tbuf, sizeof(tbuf), bopts->timefmt, tmptr)) { tbuf[sizeof(tbuf) - 1] = '\0'; fputs("bro-cut: truncating timestamp (too long)\n", stderr); } fputs(tbuf, stdout); } else if (dotimetypeconv && !strcmp("time", lp->tmp_fields[idxval + hdr])) { /* change the "time" type field to "string" */ fputs("string", stdout); } else { /* output the field without modification */ fputs(lp->tmp_fields[idxval + hdr], stdout); } } /* Note: even when idxval == -1, we still need to set "firstdone" so * that a separator is output. */ firstdone = 1; } putchar('\n'); } /* Reads one or more log files from stdin and outputs them to stdout according * to the options specified in "bopts". Returns 0 on success, and non-zero * otherwise. */ int bro_cut(struct useropts bopts) { int ret = 0; struct logparams lp; /* parameters specific to each log file */ int headers_seen = 0; /* 0=no header blocks seen, 1=one seen, 2=2+ seen */ int prev_line_hdr = 0; /* previous line was a header line? 0=no, 1=yes */ int prev_fields_line = 0; /* previous line was #fields line? 0=no, 1=yes */ ssize_t linelen; size_t linesize = 100000; char *line = (char *) malloc(linesize); if (line == NULL) { fputs("bro-cut: out of memory\n", stderr); return 1; } lp.out_indexes = NULL; lp.num_out_indexes = 0; lp.idx_range = 0; lp.time_cols = NULL; lp.tmp_fields = NULL; lp.num_fields = 0; lp.ofs[0] = '\t'; lp.ofs[1] = '\0'; lp.ifs[0] = '\t'; lp.ifs[1] = '\0'; while ((linelen = getline(&line, &linesize, stdin)) > 0) { /* Remove trailing '\n' */ line[linelen - 1] = '\0'; if (prev_fields_line && strncmp(line, "#types", 6)) { fputs("bro-cut: bad log header (missing #types line)\n", stderr); ret = 1; break; } /* Check if this line is a header line or not */ if (line[0] != '#') { prev_line_hdr = 0; output_indexes(0, line, &lp, &bopts); continue; } /* The rest of this loop is for header processing */ if (!prev_line_hdr) { /* Here we are transitioning from non-header to header line */ prev_line_hdr = 1; /* Once we've seen two header blocks, we stop counting them */ if (headers_seen < 2) { headers_seen++; } } if (!strncmp(line, "#separator ", 11)) { lp.ifs[0] = parsesep(line + 11); /* If user-specified ofs is set, then use it. Otherwise, just * use the log file's input field separator. */ lp.ofs[0] = bopts.ofs[0] ? bopts.ofs[0] : lp.ifs[0]; } else if (!strncmp(line, "#fields", 7)) { prev_fields_line = 1; if (find_output_indexes(line + 8, &lp, &bopts)) { fputs("bro-cut: out of memory\n", stderr); ret = 1; break; } } else if (!strncmp(line, "#types", 6)) { if (!prev_fields_line) { fputs("bro-cut: bad log header (missing #fields line)\n", stderr); ret = 1; break; } prev_fields_line = 0; if (bopts.timeconv) { if (find_timecol(line + 7, &lp)) { ret = 1; break; } } } /* Decide if we want to output this header */ if (bopts.showhdr >= headers_seen) { if (!strncmp(line, "#fields", 7) || !strncmp(line, "#types", 6)) { /* Output a modified "#fields" or "#types" header line */ output_indexes(1, line, &lp, &bopts); } else { /* Output the header line with no changes */ puts(line); } } } free(lp.time_cols); free(lp.out_indexes); free(lp.tmp_fields); free(line); return ret; } int main(int argc, char *argv[]) { int c; char *envtimefmt = getenv("BRO_CUT_TIMEFMT"); struct useropts bopts; bopts.showhdr = 0; bopts.negate = 0; bopts.timeconv = 0; bopts.ofs = ""; bopts.timefmt = envtimefmt ? envtimefmt : "%Y-%m-%dT%H:%M:%S%z"; while ((c = getopt(argc, argv, "cCnF:duD:U:h")) != -1) { switch (c) { case 'c': bopts.showhdr = 1; break; case 'C': bopts.showhdr = 2; break; case 'n': bopts.negate = 1; break; case 'F': if (strlen(optarg) != 1) { fputs("bro-cut: field separator must be a single character\n", stderr); exit(1); } bopts.ofs = optarg; break; case 'd': bopts.timeconv = 1; break; case 'u': bopts.timeconv = 2; break; case 'D': bopts.timeconv = 1; bopts.timefmt = optarg; break; case 'U': bopts.timeconv = 2; bopts.timefmt = optarg; break; default: usage(); break; } } bopts.columns = &argv[optind]; bopts.num_columns = argc - optind; return bro_cut(bopts); } bro-aux-0.35/bro-cut/CMakeLists.txt0000664002342100234210000000021412535376152016755 0ustar johannajohannaset(brocut_SRCS bro-cut.c ) add_executable(bro-cut ${brocut_SRCS}) install(FILES bro-cut.1 DESTINATION ${BRO_MAN_INSTALL_PATH}/man1) bro-aux-0.35/adtrace/0000775002342100234210000000000012535376152014250 5ustar johannajohannabro-aux-0.35/adtrace/adtrace.c0000664002342100234210000000360512535376152016023 0ustar johannajohanna#include #include #include #include #include #include #include #include #include "ip.h" #include "ether.h" #include "ethertype.h" pcap_t *p; const u_char* printEAddr(const u_char* pkt, u_char* endp){ const struct ether_header *ep; int i=0; ep = (const struct ether_header*) pkt; if (pkt+ETHER_HDRLEN > endp || ntohs(ep->ether_type) != ETHERTYPE_IP){ return 0; } for (i = 0; i0) putchar(':'); printf("%02x", ep->ether_shost[i]); } putchar (' '); for (i = 0; i0) putchar(':'); printf("%02x", ep->ether_dhost[i]); } putchar(' '); return (pkt+ETHER_HDRLEN); } void printIPAddr(const u_char* pkt, u_char* endp){ const struct ip* iph; if (pkt+sizeof(struct ip) > endp) return; iph = (const struct ip*) pkt; fputs ((char*) inet_ntoa(iph->ip_src), stdout); putchar(' '); puts ((char*) inet_ntoa(iph->ip_dst)); } void handler(u_char *user, const struct pcap_pkthdr *head, const u_char *packet){ u_char* endp; endp =(u_char*) packet + head->caplen; packet = printEAddr(packet, endp); if (packet) printIPAddr(packet, endp); } void usage(char *av[]) { fprintf(stderr,"usage: %s filename \n", av[0]); exit(1); } int main (int argc, char *argv[]) { char *file; char errbuf[PCAP_ERRBUF_SIZE]; u_char* pkt, endp; struct pcap_pkthdr *head; if ( argc != 2 ) usage(argv); file = argv[1]; p = pcap_open_offline(file, errbuf); if(p==NULL){ fprintf (stderr, "cannot open %s: %s\n", file, errbuf); exit(2); } if (pcap_datalink(p) != DLT_EN10MB){ fputs ("sorry, currently only ethernet links supported\n", stderr); exit(1); //if it is not ethernet we are watching we won't have MACs } pcap_loop(p, -1, handler, NULL); pcap_close(p); return(0); } bro-aux-0.35/adtrace/ether.h0000664002342100234210000000464412535376152015540 0ustar johannajohanna/* @(#) $Header$ (LBL) */ /* * Copyright (c) 1982, 1986, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)if_ether.h 8.3 (Berkeley) 5/2/95 */ #define ETHERMTU 1500 /* * The number of bytes in an ethernet (MAC) address. */ #define ETHER_ADDR_LEN 6 /* * Structure of a DEC/Intel/Xerox or 802.3 Ethernet header. */ struct ether_header { u_int8_t ether_dhost[ETHER_ADDR_LEN]; u_int8_t ether_shost[ETHER_ADDR_LEN]; u_int16_t ether_type; }; /* * Length of a DEC/Intel/Xerox or 802.3 Ethernet header; note that some * compilers may pad "struct ether_header" to a multiple of 4 bytes, * for example, so "sizeof (struct ether_header)" may not give the right * answer. */ #define ETHER_HDRLEN 14 bro-aux-0.35/adtrace/CMakeLists.txt0000664002342100234210000000031512535376152017007 0ustar johannajohannaset(adtrace_SRCS adtrace.c ether.h ethertype.h ip.h ) add_executable(adtrace ${adtrace_SRCS}) target_link_libraries(adtrace ${PCAP_LIBRARY} ${BIND_LIBRARY}) AddAuxInstallTarget(adtrace) bro-aux-0.35/adtrace/ethertype.h0000664002342100234210000000665012535376152016441 0ustar johannajohanna/* * Copyright (c) 1993, 1994, 1996 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * @(#) $Header$ (LBL) */ /* * Ethernet types. * * We wrap the declarations with #ifdef, so that if a file includes * , which may declare some of these, we don't * get a bunch of complaints from the C compiler about redefinitions * of these values. * * We declare all of them here so that no file has to include * if all it needs are ETHERTYPE_ values. */ #ifndef ETHERTYPE_PUP #define ETHERTYPE_PUP 0x0200 /* PUP protocol */ #endif #ifndef ETHERTYPE_IP #define ETHERTYPE_IP 0x0800 /* IP protocol */ #endif #ifndef ETHERTYPE_ARP #define ETHERTYPE_ARP 0x0806 /* Addr. resolution protocol */ #endif #ifndef ETHERTYPE_REVARP #define ETHERTYPE_REVARP 0x8035 /* reverse Addr. resolution protocol */ #endif #ifndef ETHERTYPE_NS #define ETHERTYPE_NS 0x0600 #endif #ifndef ETHERTYPE_SPRITE #define ETHERTYPE_SPRITE 0x0500 #endif #ifndef ETHERTYPE_TRAIL #define ETHERTYPE_TRAIL 0x1000 #endif #ifndef ETHERTYPE_MOPDL #define ETHERTYPE_MOPDL 0x6001 #endif #ifndef ETHERTYPE_MOPRC #define ETHERTYPE_MOPRC 0x6002 #endif #ifndef ETHERTYPE_DN #define ETHERTYPE_DN 0x6003 #endif #ifndef ETHERTYPE_LAT #define ETHERTYPE_LAT 0x6004 #endif #ifndef ETHERTYPE_SCA #define ETHERTYPE_SCA 0x6007 #endif #ifndef ETHERTYPE_REVARP #define ETHERTYPE_REVARP 0x8035 #endif #ifndef ETHERTYPE_LANBRIDGE #define ETHERTYPE_LANBRIDGE 0x8038 #endif #ifndef ETHERTYPE_DECDNS #define ETHERTYPE_DECDNS 0x803c #endif #ifndef ETHERTYPE_DECDTS #define ETHERTYPE_DECDTS 0x803e #endif #ifndef ETHERTYPE_VEXP #define ETHERTYPE_VEXP 0x805b #endif #ifndef ETHERTYPE_VPROD #define ETHERTYPE_VPROD 0x805c #endif #ifndef ETHERTYPE_ATALK #define ETHERTYPE_ATALK 0x809b #endif #ifndef ETHERTYPE_AARP #define ETHERTYPE_AARP 0x80f3 #endif #ifndef ETHERTYPE_8021Q #define ETHERTYPE_8021Q 0x8100 #endif #ifndef ETHERTYPE_IPX #define ETHERTYPE_IPX 0x8137 #endif #ifndef ETHERTYPE_IPV6 #define ETHERTYPE_IPV6 0x86dd #endif #ifndef ETHERTYPE_PPP #define ETHERTYPE_PPP 0x880b #endif #ifndef ETHERTYPE_MPLS #define ETHERTYPE_MPLS 0x8847 #endif #ifndef ETHERTYPE_MPLS_MULTI #define ETHERTYPE_MPLS_MULTI 0x8848 #endif #ifndef ETHERTYPE_PPPOED #define ETHERTYPE_PPPOED 0x8863 #endif #ifndef ETHERTYPE_PPPOES #define ETHERTYPE_PPPOES 0x8864 #endif #ifndef ETHERTYPE_LOOPBACK #define ETHERTYPE_LOOPBACK 0x9000 #endif bro-aux-0.35/adtrace/ip.h0000664002342100234210000001304412535376152015033 0ustar johannajohanna/* @(#) $Header$ (LBL) */ /* * Copyright (c) 1982, 1986, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)ip.h 8.2 (Berkeley) 6/1/94 */ /* * Definitions for internet protocol version 4. * Per RFC 791, September 1981. */ #define IPVERSION 4 /* * Structure of an internet header, naked of options. * * We declare ip_len and ip_off to be short, rather than u_short * pragmatically since otherwise unsigned comparisons can result * against negative integers quite easily, and fail in subtle ways. */ struct ip { u_int8_t ip_vhl; /* header length, version */ #define IP_V(ip) (((ip)->ip_vhl & 0xf0) >> 4) #define IP_HL(ip) ((ip)->ip_vhl & 0x0f) u_int8_t ip_tos; /* type of service */ u_int16_t ip_len; /* total length */ u_int16_t ip_id; /* identification */ u_int16_t ip_off; /* fragment offset field */ #define IP_DF 0x4000 /* dont fragment flag */ #define IP_MF 0x2000 /* more fragments flag */ #define IP_OFFMASK 0x1fff /* mask for fragmenting bits */ u_int8_t ip_ttl; /* time to live */ u_int8_t ip_p; /* protocol */ u_int16_t ip_sum; /* checksum */ struct in_addr ip_src,ip_dst; /* source and dest address */ }; #define IP_MAXPACKET 65535 /* maximum packet size */ /* * Definitions for IP type of service (ip_tos) */ #define IPTOS_LOWDELAY 0x10 #define IPTOS_THROUGHPUT 0x08 #define IPTOS_RELIABILITY 0x04 /* * Definitions for IP precedence (also in ip_tos) (hopefully unused) */ #define IPTOS_PREC_NETCONTROL 0xe0 #define IPTOS_PREC_INTERNETCONTROL 0xc0 #define IPTOS_PREC_CRITIC_ECP 0xa0 #define IPTOS_PREC_FLASHOVERRIDE 0x80 #define IPTOS_PREC_FLASH 0x60 #define IPTOS_PREC_IMMEDIATE 0x40 #define IPTOS_PREC_PRIORITY 0x20 #define IPTOS_PREC_ROUTINE 0x00 /* * Definitions for options. */ #define IPOPT_COPIED(o) ((o)&0x80) #define IPOPT_CLASS(o) ((o)&0x60) #define IPOPT_NUMBER(o) ((o)&0x1f) #define IPOPT_CONTROL 0x00 #define IPOPT_RESERVED1 0x20 #define IPOPT_DEBMEAS 0x40 #define IPOPT_RESERVED2 0x60 #define IPOPT_EOL 0 /* end of option list */ #define IPOPT_NOP 1 /* no operation */ #define IPOPT_RR 7 /* record packet route */ #define IPOPT_TS 68 /* timestamp */ #define IPOPT_SECURITY 130 /* provide s,c,h,tcc */ #define IPOPT_LSRR 131 /* loose source route */ #define IPOPT_SATID 136 /* satnet id */ #define IPOPT_SSRR 137 /* strict source route */ /* * Offsets to fields in options other than EOL and NOP. */ #define IPOPT_OPTVAL 0 /* option ID */ #define IPOPT_OLEN 1 /* option length */ #define IPOPT_OFFSET 2 /* offset within option */ #define IPOPT_MINOFF 4 /* min value of above */ /* * Time stamp option structure. */ struct ip_timestamp { u_int8_t ipt_code; /* IPOPT_TS */ u_int8_t ipt_len; /* size of structure (variable) */ u_int8_t ipt_ptr; /* index of current entry */ u_int8_t ipt_oflwflg; /* flags, overflow counter */ #define IPTS_OFLW(ip) (((ipt)->ipt_oflwflg & 0xf0) >> 4) #define IPTS_FLG(ip) ((ipt)->ipt_oflwflg & 0x0f) union ipt_timestamp { u_int32_t ipt_time[1]; struct ipt_ta { struct in_addr ipt_addr; u_int32_t ipt_time; } ipt_ta[1]; } ipt_timestamp; }; /* flag bits for ipt_flg */ #define IPOPT_TS_TSONLY 0 /* timestamps only */ #define IPOPT_TS_TSANDADDR 1 /* timestamps and addresses */ #define IPOPT_TS_PRESPEC 3 /* specified modules only */ /* bits for security (not byte swapped) */ #define IPOPT_SECUR_UNCLASS 0x0000 #define IPOPT_SECUR_CONFID 0xf135 #define IPOPT_SECUR_EFTO 0x789a #define IPOPT_SECUR_MMMM 0xbc4d #define IPOPT_SECUR_RESTR 0xaf13 #define IPOPT_SECUR_SECRET 0xd788 #define IPOPT_SECUR_TOPSECRET 0x6bc5 /* * Internet implementation parameters. */ #define MAXTTL 255 /* maximum time to live (seconds) */ #define IPDEFTTL 64 /* default ttl, from RFC 1340 */ #define IPFRAGTTL 60 /* time to live for frags, slowhz */ #define IPTTLDEC 1 /* subtracted when forwarding */ #define IP_MSS 576 /* default maximum segment size */ bro-aux-0.35/README0000664002342100234210000000426112535376152013530 0ustar johannajohanna.. -*- mode: rst; -*- .. .. Version number is filled in automatically. .. |version| replace:: 0.35 ====================== Bro Auxiliary Programs ====================== .. contents:: :Version: |version| Handy auxiliary programs related to the use of the Bro Network Security Monitor (http://www.bro.org). Installation ============ Installation is simple and standard:: ./configure make make install adtrace ======= The "adtrace" utility is used to compute the network address that compose the internal and extern nets that bro is monitoring. This program just reads a pcap (tcpdump) file and writes out the src MAC, dst MAC, src IP, dst IP for each packet seen in the file. bro-cut ======= The "bro-cut" utility reads ASCII Bro logs on standard input and outputs them with only the specified columns (if no column names are specified, then all columns are output). There are also options to convert the timestamps into human-readable format, as well as whether or not to include the format header blocks in the output (by default, they're not included). Use the "-h" option to see a list of all options. devel-tools =========== A set of scripts used commonly for Bro development. Note that none of these scripts are installed by 'make install'. extract-conn-by-uid Extracts a connection from a trace file based on its UID found in Bro's conn.log gen-mozilla-ca-list.rb Generates list of Mozilla SSL root certificates in a format readable by Bro. update-changes A script to maintain the CHANGES and VERSION files. git-show-fastpath Show commits to the fastpath branch not yet merged into master. cpu-bench-with-trace Run a number of Bro benchmarks on a trace file. nftools ======= The "nfcollector" and "ftwire2bro" utilities are for dealing with Bro's custom file format for storing NetFlow records. The "nfcollector" utility reads NetFlow data from a socket and writes it in Bro's format. The "ftwire2bro" utility reads NetFlow "wire" format (e.g., as generated by a 'flow-export' directive) and writes it in Bro's format. rst === The "rst" utility can be invoked by a Bro script to terminate an established TCP connection by forging RST tear-down packets. bro-aux-0.35/btest0000664002342100234210000000000012535376152013677 0ustar johannajohannabro-aux-0.35/testing/0000775002342100234210000000000012535376153014323 5ustar johannajohannabro-aux-0.35/testing/bro-cut/0000775002342100234210000000000012535376153015676 5ustar johannajohannabro-aux-0.35/testing/bro-cut/time-fmt-env.test0000664002342100234210000000151112535376153021105 0ustar johannajohanna# Test bro-cut with time conversion options and BRO_CUT_TIMEFMT. # # Output local time with format from environment. # @TEST-EXEC: cat $LOGS/conn.log | BRO_CUT_TIMEFMT="%H%M_%y%m%d" bro-cut -d > env-local # @TEST-EXEC: btest-diff env-local # Output UTC with format from environment. # @TEST-EXEC: cat $LOGS/conn.log | BRO_CUT_TIMEFMT="%H%M_%y%m%d" bro-cut -u > env-utc # @TEST-EXEC: btest-diff env-utc # Test that command-line format string overrides environment variable. # @TEST-EXEC: cat $LOGS/conn.log | BRO_CUT_TIMEFMT="%H%M_%y%m%d" bro-cut -D "%H %M %y %m %d" > env-local-fmt # @TEST-EXEC: btest-diff env-local-fmt # Test that command-line format string overrides environment variable. # @TEST-EXEC: cat $LOGS/conn.log | BRO_CUT_TIMEFMT="%H%M_%y%m%d" bro-cut -U "%H %M %y %m %d" > env-utc-fmt # @TEST-EXEC: btest-diff env-utc-fmt bro-aux-0.35/testing/bro-cut/time-header.test0000664002342100234210000000256612535376153020774 0ustar johannajohanna# Test bro-cut with both time conversion and show header options. # # Test that time format string does not affect the header timestamps. # @TEST-EXEC: cat $LOGS/test.log | bro-cut -C -U "%H %M %y %m %d" > utc-fmt # @TEST-EXEC: btest-diff utc-fmt # Log file uses non-default field separator. # @TEST-EXEC: cat $LOGS/conncomma.log | bro-cut -C -d proto ts id.orig_h > nondefault-separator # @TEST-EXEC: btest-diff nondefault-separator # Field separator changes between two log files. # @TEST-EXEC: cat $LOGS/conn.log $LOGS/conncomma.log | bro-cut -C -d proto ts id.orig_h > different-field-separator # @TEST-EXEC: btest-diff different-field-separator # Column order changes between two log files. # @TEST-EXEC: cat $LOGS/conn.log $LOGS/conntimelast.log | bro-cut -C -d proto ts id.orig_h > different-col-order # @TEST-EXEC: btest-diff different-col-order # Test with one file that has timestamps and one file that does not. # @TEST-EXEC: cat $LOGS/conn.log $LOGS/onecolumn.log | bro-cut -C -d ts id.orig_h > missing-ts-one-file # @TEST-EXEC: btest-diff missing-ts-one-file # Specify ts twice. # @TEST-EXEC: cat $LOGS/conn.log | bro-cut -C -d ts id.orig_h ts > ts-twice # @TEST-EXEC: btest-diff ts-twice # Test with a log file that has more than one time column. # @TEST-EXEC: cat $LOGS/multiple-times.log | bro-cut -C -d proto ts2 ts1 > multiple-times # @TEST-EXEC: btest-diff multiple-times bro-aux-0.35/testing/bro-cut/not-columns.test0000664002342100234210000000302212535376153021052 0ustar johannajohanna# Test bro-cut with the -n option. # # Show all columns but one. # @TEST-EXEC: cat $LOGS/test.log | bro-cut -n uid > not-one # @TEST-EXEC: btest-diff not-one # Show all columns but two (and specify them in swapped order). # @TEST-EXEC: cat $LOGS/test.log | bro-cut -n id.resp_h uid > not-two-swapped # @TEST-EXEC: btest-diff not-two-swapped # Show all columns but one, but specify the same column twice. # @TEST-EXEC: cat $LOGS/test.log | bro-cut -n uid uid > not-one-twice # @TEST-EXEC: btest-diff not-one-twice # Column order changes between two log files. # @TEST-EXEC: cat $LOGS/conn.log $LOGS/conntimelast.log | bro-cut -n ts uid > different-col-order # @TEST-EXEC: btest-diff different-col-order # Don't show any columns (i.e., list all columns in the log file). # @TEST-EXEC: cat $LOGS/test.log | bro-cut -n ts uid id.orig_h id.orig_p id.resp_h > not-all # @TEST-EXEC: btest-diff not-all # Don't show the only column in the log. # @TEST-EXEC: cat $LOGS/onecolumn.log | bro-cut -n id.orig_h > not-only # @TEST-EXEC: btest-diff not-only # Don't specify any column names to exclude. # @TEST-EXEC: cat $LOGS/test.log | bro-cut -n > not-none # @TEST-EXEC: btest-diff not-none # Show all columns but one, and also specify a nonexistent column name. # @TEST-EXEC: cat $LOGS/test.log | bro-cut -n uid proto > not-one-nonexistent # @TEST-EXEC: btest-diff not-one-nonexistent # Show that the -n option also affects the header. # @TEST-EXEC: cat $LOGS/test.log | bro-cut -c -n uid > not-one-show-header # @TEST-EXEC: btest-diff not-one-show-header bro-aux-0.35/testing/bro-cut/no-options.test0000664002342100234210000000043712535376153020710 0ustar johannajohanna# Test bro-cut without any command-line options. # # No options. # @TEST-EXEC: cat $LOGS/conn.log | bro-cut > no-opts # @TEST-EXEC: btest-diff no-opts # Log file in "tsv" (tab-separated-values) format. # @TEST-EXEC: cat $LOGS/conn-tsv.log | bro-cut > tsv # @TEST-EXEC: btest-diff tsv bro-aux-0.35/testing/bro-cut/bad-logs.test0000664002342100234210000000244512535376153020274 0ustar johannajohanna# Test bro-cut with invalid log files. # # The "#separator" log header line is missing. # @TEST-EXEC: grep -v '^#separator' $LOGS/conn.log | bro-cut uid proto > missing-sep-header # @TEST-EXEC: btest-diff missing-sep-header # The "#fields" log header line is missing (show header). # @TEST-EXEC-FAIL: grep -v '^#fields' $LOGS/conn.log | bro-cut -C 2> missing-fields-header # @TEST-EXEC: btest-diff missing-fields-header # The "#types" log header line is missing (convert times). # @TEST-EXEC-FAIL: grep -v '^#types' $LOGS/conn.log | bro-cut -d 2> missing-types-header # @TEST-EXEC: btest-diff missing-types-header # All log header lines are missing (show header). # @TEST-EXEC: grep -v '^#' $LOGS/conn.log | bro-cut -c > no-header-show # @TEST-EXEC: btest-diff no-header-show # All log header lines are missing (convert times). # @TEST-EXEC: grep -v '^#' $LOGS/conn.log | bro-cut -d > no-header-time # @TEST-EXEC: btest-diff no-header-time # All log header lines are missing (select column to show). # @TEST-EXEC: grep -v '^#' $LOGS/conn.log | bro-cut uid > no-header-column # @TEST-EXEC: btest-diff no-header-column # All log header lines are missing (select column to not show). # @TEST-EXEC: grep -v '^#' $LOGS/conn.log | bro-cut -n uid > no-header-not-column # @TEST-EXEC: btest-diff no-header-not-column bro-aux-0.35/testing/bro-cut/show-header.test0000664002342100234210000000313512535376153021007 0ustar johannajohanna# Test bro-cut with -c and -C options. # # Show first header for one log file. # @TEST-EXEC: cat $LOGS/conn.log | bro-cut -c > one-1st-nocols # @TEST-EXEC: btest-diff one-1st-nocols # Show all headers for one log file. # @TEST-EXEC: cat $LOGS/conn.log | bro-cut -C > one-all-nocols # @TEST-EXEC: btest-diff one-all-nocols # Show first header for two log files. # @TEST-EXEC: cat $LOGS/conn.log $LOGS/test.log | bro-cut -c uid ts > two-1st-withcols # @TEST-EXEC: btest-diff two-1st-withcols # Show all headers for two log files. # @TEST-EXEC: cat $LOGS/conn.log $LOGS/test.log | bro-cut -C uid ts > two-all-withcols # @TEST-EXEC: btest-diff two-all-withcols # Show all headers for two logs (-C overrides -c). # @TEST-EXEC: cat $LOGS/conn.log $LOGS/test.log | bro-cut -c -C uid ts > both-c-opts-all # @TEST-EXEC: btest-diff both-c-opts-all # Show first header for two logs (-c overrides -C). # @TEST-EXEC: cat $LOGS/conn.log $LOGS/test.log | bro-cut -C -c uid ts > both-c-opts-one # @TEST-EXEC: btest-diff both-c-opts-one # Log files use different field separators. # @TEST-EXEC: cat $LOGS/conn.log $LOGS/conncomma.log | bro-cut -C proto uid > nondefault-separator # @TEST-EXEC: btest-diff nondefault-separator # Column order changes between two log files. # @TEST-EXEC: cat $LOGS/conn.log $LOGS/conntimelast.log | bro-cut -C > different-col-order # @TEST-EXEC: btest-diff different-col-order # Column order changes between two log files (and don't show all columns). # @TEST-EXEC: cat $LOGS/conn.log $LOGS/conntimelast.log | bro-cut -C ts uid > different-col-order-some # @TEST-EXEC: btest-diff different-col-order-some bro-aux-0.35/testing/bro-cut/columns.test0000664002342100234210000000247612535376153020270 0ustar johannajohanna# Test bro-cut with column names, but no other options. # # One column. # @TEST-EXEC: cat $LOGS/conn.log | bro-cut uid > one # @TEST-EXEC: btest-diff one # Log file has only one column. # @TEST-EXEC: cat $LOGS/onecolumn.log | bro-cut id.orig_h > only # @TEST-EXEC: btest-diff only # Swap the order of two columns. # @TEST-EXEC: cat $LOGS/conn.log | bro-cut proto uid > swap-order # @TEST-EXEC: btest-diff swap-order # Specify all columns in the log file. # @TEST-EXEC: cat $LOGS/test.log | bro-cut ts uid id.orig_h id.orig_p id.resp_h > all # @TEST-EXEC: btest-diff all # Log files use different field separators. # @TEST-EXEC: cat $LOGS/conn.log $LOGS/conncomma.log | bro-cut proto uid > nondefault-separator # @TEST-EXEC: btest-diff nondefault-separator # Column order changes between two log files. # @TEST-EXEC: cat $LOGS/conn.log $LOGS/conntimelast.log | bro-cut ts uid > different-col-order # @TEST-EXEC: btest-diff different-col-order # Specify a column name that exists only in the first log file. # @TEST-EXEC: cat $LOGS/conn.log $LOGS/test.log | bro-cut uid proto > one-nonexistent-1 # @TEST-EXEC: btest-diff one-nonexistent-1 # Specify a column name that exists only in the second log file. # @TEST-EXEC: cat $LOGS/test.log $LOGS/conn.log | bro-cut uid proto > one-nonexistent-2 # @TEST-EXEC: btest-diff one-nonexistent-2 bro-aux-0.35/testing/bro-cut/help.test0000664002342100234210000000015612535376153017531 0ustar johannajohanna# Test bro-cut with -h option. # # @TEST-EXEC-FAIL: bro-cut -h > show-help # @TEST-EXEC: btest-diff show-help bro-aux-0.35/testing/bro-cut/ofs.test0000664002342100234210000000135012535376153017365 0ustar johannajohanna# Test bro-cut with -F option. # # Use a different field separator on two columns. # @TEST-EXEC: cat $LOGS/conn.log | bro-cut -F , uid ts > some-columns # @TEST-EXEC: btest-diff some-columns # Show that -F option is used even when field separator in log files changes. # @TEST-EXEC: cat $LOGS/conn.log $LOGS/conncomma.log | bro-cut -F : proto uid > nondefault-separator # @TEST-EXEC: btest-diff nondefault-separator # Field separator is not relevant because log has only one column. # @TEST-EXEC: cat $LOGS/onecolumn.log | bro-cut -F , > only-column # @TEST-EXEC: btest-diff only-column # Show header and use a different field separator. # @TEST-EXEC: cat $LOGS/conn.log | bro-cut -F . -c > show-header # @TEST-EXEC: btest-diff show-header bro-aux-0.35/testing/bro-cut/time-fmt.test0000664002342100234210000000174012535376153020323 0ustar johannajohanna# Test bro-cut with time conversion options (-D/-U). # # Test -D option. # @TEST-EXEC: cat $LOGS/conn.log | bro-cut -D "%H %M %y %m %d" > local-fmt # @TEST-EXEC: btest-diff local-fmt # Test -U option. # @TEST-EXEC: cat $LOGS/conn.log | bro-cut -U "%H %M %y %m %d" > utc-fmt # @TEST-EXEC: btest-diff utc-fmt # Test that -D can override -u. # @TEST-EXEC: cat $LOGS/conn.log | bro-cut -u -D "%H %M %y %m %d" > utc-local-fmt # @TEST-EXEC: btest-diff utc-local-fmt # Test that UTC time is output, but with format string from -D. # @TEST-EXEC: cat $LOGS/conn.log | bro-cut -D "%H %M %y %m %d" -u > local-fmt-utc # @TEST-EXEC: btest-diff local-fmt-utc # Test that -U can override -d. # @TEST-EXEC: cat $LOGS/conn.log | bro-cut -d -U "%H %M %y %m %d" > local-utc-fmt # @TEST-EXEC: btest-diff local-utc-fmt # Test that local time is output, but with format string from -U. # @TEST-EXEC: cat $LOGS/conn.log | bro-cut -U "%H %M %y %m %d" -d > utc-fmt-local # @TEST-EXEC: btest-diff utc-fmt-local bro-aux-0.35/testing/bro-cut/time-conversion.test0000664002342100234210000000240612535376153021722 0ustar johannajohanna# Test bro-cut with time conversion options (-d/-u). # # Test -d option. # @TEST-EXEC: cat $LOGS/conn.log | bro-cut -d > local # @TEST-EXEC: btest-diff local # Test -u option. # @TEST-EXEC: cat $LOGS/conn.log | bro-cut -u > utc # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-time-zone btest-diff utc # Test that -u can override -d. # @TEST-EXEC: cat $LOGS/conn.log | bro-cut -d -u > both-1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-time-zone btest-diff both-1 # Test that -d can override -u. # @TEST-EXEC: cat $LOGS/conn.log | bro-cut -u -d > both-2 # @TEST-EXEC: btest-diff both-2 # Test with a file that has timestamp, but not in the first column. # @TEST-EXEC: cat $LOGS/conntimelast.log | bro-cut -d > time-last-col # @TEST-EXEC: btest-diff time-last-col # Column order changes between two log files. # @TEST-EXEC: cat $LOGS/conn.log $LOGS/conntimelast.log | bro-cut -d > different-col-order # @TEST-EXEC: btest-diff different-col-order # Test with a file that has no timestamps. # @TEST-EXEC: cat $LOGS/onecolumn.log | bro-cut -d > no-timestamps # @TEST-EXEC: btest-diff no-timestamps # Test what happens when input is missing the log header lines. # @TEST-EXEC: grep -v '^#' $LOGS/conn.log | bro-cut -d > missing-header # @TEST-EXEC: btest-diff missing-header bro-aux-0.35/testing/Logs/0000775002342100234210000000000012535376153015227 5ustar johannajohannabro-aux-0.35/testing/Logs/conntimelast.log0000664002342100234210000000225612535376153020437 0ustar johannajohanna#separator \x09 #set_separator , #empty_field (empty) #unset_field - #path conntimelast #open 2014-04-01-23-15-49 #fields uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ts #types string addr port addr port enum string interval count count string bool count string count count count count set[string] time CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty) 1329843175.736107 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty) 1329843179.871641 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty) 1329843194.151526 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty) 1329843197.783443 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty) 1329843161.968492 #close 2014-04-01-23-15-49 bro-aux-0.35/testing/Logs/multiple-times.log0000664002342100234210000000045112535376153020704 0ustar johannajohanna#separator \x09 #set_separator , #empty_field (empty) #unset_field - #path test #open 2014-04-01-23-16-29 #fields ts1 proto ts2 #types time enum time 1329843175.736107 tcp 1329843185.736107 1329843179.871641 udp 1329843189.871641 1329843194.151526 tcp 1329843204.151526 #close 2014-04-01-23-16-29 bro-aux-0.35/testing/Logs/conn-tsv.log0000664002342100234210000000162512535376153017505 0ustar johannajohannats uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents 1329843175.736107 CHUSyo3gjtvVLqrHGk 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty) 1329843179.871641 CWMUpO2OZ5t5tLk6Hk 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty) 1329843194.151526 CtII2N2AidtNJlD9f7 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty) 1329843161.968492 CQyLvn3Dh4UDubXFRh 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty) 1329843197.783443 CuFJh714tTrtlGOxl7 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty) bro-aux-0.35/testing/Logs/conncomma.log0000664002342100234210000000224312535376153017705 0ustar johannajohanna#separator , #set_separator,, #empty_field,(empty) #unset_field,- #path,conn #open,2014-06-30-16-10-54 #fields,ts,uid,id.orig_h,id.orig_p,id.resp_h,id.resp_p,proto,service,duration,orig_bytes,resp_bytes,conn_state,local_orig,missed_bytes,history,orig_pkts,orig_ip_bytes,resp_pkts,resp_ip_bytes,tunnel_parents #types,time,string,addr,port,addr,port,enum,string,interval,count,count,string,bool,count,string,count,count,count,count,set[string] 1329843175.736107,CNbXUV0IZ29or3MK6,141.142.220.235,37604,199.233.217.249,56666,tcp,ftp-data,0.112432,0,342,SF,-,0,ShAdfFa,4,216,4,562,(empty) 1329843179.871641,CJ8woc3c6CfBLdiyp5,141.142.220.235,59378,199.233.217.249,56667,tcp,ftp-data,0.111218,0,77,SF,-,0,ShAdfFa,4,216,4,297,(empty) 1329843194.151526,CXlgj54ftP8Yc2GSnb,199.233.217.249,61920,141.142.220.235,33582,tcp,ftp-data,0.056211,342,0,SF,-,0,ShADaFf,5,614,3,164,(empty) 1329843161.968492,Czw8Gd1zEVn3Xz5x7i,141.142.220.235,50003,199.233.217.249,21,tcp,ftp,38.055625,180,3146,SF,-,0,ShAdDfFa,38,2164,25,4458,(empty) 1329843197.783443,Cys4aQ15qDqHzsIk3l,199.233.217.249,61918,141.142.220.235,37835,tcp,ftp-data,0.056005,77,0,SF,-,0,ShADaFf,5,349,3,164,(empty) #close,2014-06-30-16-10-55 bro-aux-0.35/testing/Logs/test.log0000664002342100234210000000146112535376153016713 0ustar johannajohanna#separator \x09 #set_separator , #empty_field (empty) #unset_field - #path test #open 2014-04-01-23-15-51 #fields ts uid id.orig_h id.orig_p id.resp_h #types time string addr port addr 1329327783.316897 CjhGID4nQcgTWjvg4c 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49186 2001:470:4867:99::21 1329327786.524332 CCvvfg3TEfuqmmG4bh 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49187 2001:470:4867:99::21 1329327787.289095 CsRx2w45OKnoww6xl4 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49188 2001:470:4867:99::21 1329327795.571921 CRJuHdVW0XPVINV8a 2001:470:4867:99::21 55785 2001:470:1f11:81f:c999:d94:aa7c:2e3e 1329327777.822004 CXWv6p3arKYeMETxOg 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49185 2001:470:4867:99::21 1329327800.017649 CPbrpk1qSsw6ESzHV4 2001:470:4867:99::21 55647 2001:470:1f11:81f:c999:d94:aa7c:2e3e #close 2014-04-01-23-15-51 bro-aux-0.35/testing/Logs/onecolumn.log0000664002342100234210000000026612535376153017735 0ustar johannajohanna#separator \x09 #set_separator , #empty_field (empty) #unset_field - #path onecolumn #open 2014-04-01-23-15-59 #fields id.orig_h #types addr 79.26.245.236 #close 2014-04-01-23-15-59 bro-aux-0.35/testing/Logs/conn.log0000664002342100234210000000224612535376153016673 0ustar johannajohanna#separator \x09 #set_separator , #empty_field (empty) #unset_field - #path conn #open 2014-04-01-23-15-49 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool count string count count count count set[string] 1329843175.736107 CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty) 1329843179.871641 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty) 1329843194.151526 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty) 1329843197.783443 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty) 1329843161.968492 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty) #close 2014-04-01-23-15-49 bro-aux-0.35/testing/Scripts/0000775002342100234210000000000012535376153015752 5ustar johannajohannabro-aux-0.35/testing/Scripts/diff-time-zone0000775002342100234210000000051612535376153020517 0ustar johannajohanna#! /usr/bin/env bash # # Replace the time zone with "+0000". This is needed for any bro-cut tests # that convert UTC timestamps and show the time zone, because strftime # with the "%z" format string behaves differently on OS X (it just always # shows the local time zone instead of "+0000"). sed 's/[+-][0-9][0-9][0-9][0-9]/+0000/' bro-aux-0.35/testing/btest.cfg0000664002342100234210000000057212535376153016131 0ustar johannajohanna[btest] TestDirs = bro-cut TmpDir = %(testbase)s/.tmp BaselineDir = %(testbase)s/Baseline IgnoreDirs = .svn CVS .tmp IgnoreFiles = *.tmp *.swp #* *.trace .DS_Store [environment] TZ=PST+8 LC_ALL=C PATH=%(testbase)s/../../../build/aux/bro-aux/bro-cut:%(testbase)s/../../btest:%(default_path)s LOGS=%(testbase)s/Logs TMPDIR=%(testbase)s/.tmp SCRIPTS=%(testbase)s/Scripts bro-aux-0.35/testing/Baseline/0000775002342100234210000000000012535376153016045 5ustar johannajohannabro-aux-0.35/testing/Baseline/bro-cut.columns/0000775002342100234210000000000012535376152021076 5ustar johannajohannabro-aux-0.35/testing/Baseline/bro-cut.columns/one0000664002342100234210000000013612535376152021602 0ustar johannajohannaCjhGID4nQcgTWjvg4c CCvvfg3TEfuqmmG4bh CsRx2w45OKnoww6xl4 CRJuHdVW0XPVINV8a CXWv6p3arKYeMETxOg bro-aux-0.35/testing/Baseline/bro-cut.columns/only0000664002342100234210000000001612535376152021777 0ustar johannajohanna79.26.245.236 bro-aux-0.35/testing/Baseline/bro-cut.columns/one-nonexistent-10000664002342100234210000000035112535376152024313 0ustar johannajohannaCjhGID4nQcgTWjvg4c tcp CCvvfg3TEfuqmmG4bh tcp CsRx2w45OKnoww6xl4 tcp CRJuHdVW0XPVINV8a tcp CXWv6p3arKYeMETxOg tcp CjhGID4nQcgTWjvg4c CCvvfg3TEfuqmmG4bh CsRx2w45OKnoww6xl4 CRJuHdVW0XPVINV8a CXWv6p3arKYeMETxOg CPbrpk1qSsw6ESzHV4 bro-aux-0.35/testing/Baseline/bro-cut.columns/one-nonexistent-20000664002342100234210000000035112535376152024314 0ustar johannajohannaCjhGID4nQcgTWjvg4c CCvvfg3TEfuqmmG4bh CsRx2w45OKnoww6xl4 CRJuHdVW0XPVINV8a CXWv6p3arKYeMETxOg CPbrpk1qSsw6ESzHV4 CjhGID4nQcgTWjvg4c tcp CCvvfg3TEfuqmmG4bh tcp CsRx2w45OKnoww6xl4 tcp CRJuHdVW0XPVINV8a tcp CXWv6p3arKYeMETxOg tcp bro-aux-0.35/testing/Baseline/bro-cut.columns/nondefault-separator0000664002342100234210000000034412535376152025157 0ustar johannajohannatcp CjhGID4nQcgTWjvg4c tcp CCvvfg3TEfuqmmG4bh tcp CsRx2w45OKnoww6xl4 tcp CRJuHdVW0XPVINV8a tcp CXWv6p3arKYeMETxOg tcp,CNbXUV0IZ29or3MK6 tcp,CJ8woc3c6CfBLdiyp5 tcp,CXlgj54ftP8Yc2GSnb tcp,Czw8Gd1zEVn3Xz5x7i tcp,Cys4aQ15qDqHzsIk3l bro-aux-0.35/testing/Baseline/bro-cut.columns/swap-order0000664002342100234210000000016212535376152023103 0ustar johannajohannatcp CjhGID4nQcgTWjvg4c tcp CCvvfg3TEfuqmmG4bh tcp CsRx2w45OKnoww6xl4 tcp CRJuHdVW0XPVINV8a tcp CXWv6p3arKYeMETxOg bro-aux-0.35/testing/Baseline/bro-cut.columns/all0000664002342100234210000000113512535376152021571 0ustar johannajohanna1329327783.316897 CjhGID4nQcgTWjvg4c 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49186 2001:470:4867:99::21 1329327786.524332 CCvvfg3TEfuqmmG4bh 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49187 2001:470:4867:99::21 1329327787.289095 CsRx2w45OKnoww6xl4 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49188 2001:470:4867:99::21 1329327795.571921 CRJuHdVW0XPVINV8a 2001:470:4867:99::21 55785 2001:470:1f11:81f:c999:d94:aa7c:2e3e 1329327777.822004 CXWv6p3arKYeMETxOg 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49185 2001:470:4867:99::21 1329327800.017649 CPbrpk1qSsw6ESzHV4 2001:470:4867:99::21 55647 2001:470:1f11:81f:c999:d94:aa7c:2e3e bro-aux-0.35/testing/Baseline/bro-cut.columns/different-col-order0000664002342100234210000000056012535376152024654 0ustar johannajohanna1329843175.736107 CjhGID4nQcgTWjvg4c 1329843179.871641 CCvvfg3TEfuqmmG4bh 1329843194.151526 CsRx2w45OKnoww6xl4 1329843197.783443 CRJuHdVW0XPVINV8a 1329843161.968492 CXWv6p3arKYeMETxOg 1329843175.736107 CjhGID4nQcgTWjvg4c 1329843179.871641 CCvvfg3TEfuqmmG4bh 1329843194.151526 CsRx2w45OKnoww6xl4 1329843197.783443 CRJuHdVW0XPVINV8a 1329843161.968492 CXWv6p3arKYeMETxOg bro-aux-0.35/testing/Baseline/bro-cut.time-fmt-env/0000775002342100234210000000000012535376153021727 5ustar johannajohannabro-aux-0.35/testing/Baseline/bro-cut.time-fmt-env/env-utc-fmt0000664002342100234210000000127712535376153024026 0ustar johannajohanna16 52 12 02 21 CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty) 16 52 12 02 21 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty) 16 53 12 02 21 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty) 16 53 12 02 21 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty) 16 52 12 02 21 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty) bro-aux-0.35/testing/Baseline/bro-cut.time-fmt-env/env-utc0000664002342100234210000000126012535376153023232 0ustar johannajohanna1652_120221 CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty) 1652_120221 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty) 1653_120221 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty) 1653_120221 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty) 1652_120221 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty) bro-aux-0.35/testing/Baseline/bro-cut.time-fmt-env/env-local0000664002342100234210000000126012535376153023531 0ustar johannajohanna0852_120221 CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty) 0852_120221 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty) 0853_120221 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty) 0853_120221 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty) 0852_120221 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty) bro-aux-0.35/testing/Baseline/bro-cut.time-fmt-env/env-local-fmt0000664002342100234210000000127712535376153024325 0ustar johannajohanna08 52 12 02 21 CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty) 08 52 12 02 21 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty) 08 53 12 02 21 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty) 08 53 12 02 21 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty) 08 52 12 02 21 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty) bro-aux-0.35/testing/Baseline/bro-cut.show-header/0000775002342100234210000000000012535376153021625 5ustar johannajohannabro-aux-0.35/testing/Baseline/bro-cut.show-header/two-all-withcols0000664002342100234210000000134312535376153024762 0ustar johannajohanna#separator \x09 #set_separator , #empty_field (empty) #unset_field - #path conn #open 2014-04-01-23-15-49 #fields uid ts #types string time CjhGID4nQcgTWjvg4c 1329843175.736107 CCvvfg3TEfuqmmG4bh 1329843179.871641 CsRx2w45OKnoww6xl4 1329843194.151526 CRJuHdVW0XPVINV8a 1329843197.783443 CXWv6p3arKYeMETxOg 1329843161.968492 #close 2014-04-01-23-15-49 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path test #open 2014-04-01-23-15-51 #fields uid ts #types string time CjhGID4nQcgTWjvg4c 1329327783.316897 CCvvfg3TEfuqmmG4bh 1329327786.524332 CsRx2w45OKnoww6xl4 1329327787.289095 CRJuHdVW0XPVINV8a 1329327795.571921 CXWv6p3arKYeMETxOg 1329327777.822004 CPbrpk1qSsw6ESzHV4 1329327800.017649 #close 2014-04-01-23-15-51 bro-aux-0.35/testing/Baseline/bro-cut.show-header/both-c-opts-one0000664002342100234210000000104112535376152024461 0ustar johannajohanna#separator \x09 #set_separator , #empty_field (empty) #unset_field - #path conn #open 2014-04-01-23-15-49 #fields uid ts #types string time CjhGID4nQcgTWjvg4c 1329843175.736107 CCvvfg3TEfuqmmG4bh 1329843179.871641 CsRx2w45OKnoww6xl4 1329843194.151526 CRJuHdVW0XPVINV8a 1329843197.783443 CXWv6p3arKYeMETxOg 1329843161.968492 CjhGID4nQcgTWjvg4c 1329327783.316897 CCvvfg3TEfuqmmG4bh 1329327786.524332 CsRx2w45OKnoww6xl4 1329327787.289095 CRJuHdVW0XPVINV8a 1329327795.571921 CXWv6p3arKYeMETxOg 1329327777.822004 CPbrpk1qSsw6ESzHV4 1329327800.017649 bro-aux-0.35/testing/Baseline/bro-cut.show-header/one-all-nocols0000664002342100234210000000224612535376152024375 0ustar johannajohanna#separator \x09 #set_separator , #empty_field (empty) #unset_field - #path conn #open 2014-04-01-23-15-49 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool count string count count count count set[string] 1329843175.736107 CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty) 1329843179.871641 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty) 1329843194.151526 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty) 1329843197.783443 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty) 1329843161.968492 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty) #close 2014-04-01-23-15-49 bro-aux-0.35/testing/Baseline/bro-cut.show-header/nondefault-separator0000664002342100234210000000106512535376152025706 0ustar johannajohanna#separator \x09 #set_separator , #empty_field (empty) #unset_field - #path conn #open 2014-04-01-23-15-49 #fields proto uid #types enum string tcp CjhGID4nQcgTWjvg4c tcp CCvvfg3TEfuqmmG4bh tcp CsRx2w45OKnoww6xl4 tcp CRJuHdVW0XPVINV8a tcp CXWv6p3arKYeMETxOg #close 2014-04-01-23-15-49 #separator , #set_separator,, #empty_field,(empty) #unset_field,- #path,conn #open,2014-06-30-16-10-54 #fields,proto,uid #types,enum,string tcp,CNbXUV0IZ29or3MK6 tcp,CJ8woc3c6CfBLdiyp5 tcp,CXlgj54ftP8Yc2GSnb tcp,Czw8Gd1zEVn3Xz5x7i tcp,Cys4aQ15qDqHzsIk3l #close,2014-06-30-16-10-55 bro-aux-0.35/testing/Baseline/bro-cut.show-header/different-col-order-some0000664002342100234210000000130612535376152026342 0ustar johannajohanna#separator \x09 #set_separator , #empty_field (empty) #unset_field - #path conn #open 2014-04-01-23-15-49 #fields ts uid #types time string 1329843175.736107 CjhGID4nQcgTWjvg4c 1329843179.871641 CCvvfg3TEfuqmmG4bh 1329843194.151526 CsRx2w45OKnoww6xl4 1329843197.783443 CRJuHdVW0XPVINV8a 1329843161.968492 CXWv6p3arKYeMETxOg #close 2014-04-01-23-15-49 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path conntimelast #open 2014-04-01-23-15-49 #fields ts uid #types time string 1329843175.736107 CjhGID4nQcgTWjvg4c 1329843179.871641 CCvvfg3TEfuqmmG4bh 1329843194.151526 CsRx2w45OKnoww6xl4 1329843197.783443 CRJuHdVW0XPVINV8a 1329843161.968492 CXWv6p3arKYeMETxOg #close 2014-04-01-23-15-49 bro-aux-0.35/testing/Baseline/bro-cut.show-header/two-1st-withcols0000664002342100234210000000104112535376153024714 0ustar johannajohanna#separator \x09 #set_separator , #empty_field (empty) #unset_field - #path conn #open 2014-04-01-23-15-49 #fields uid ts #types string time CjhGID4nQcgTWjvg4c 1329843175.736107 CCvvfg3TEfuqmmG4bh 1329843179.871641 CsRx2w45OKnoww6xl4 1329843194.151526 CRJuHdVW0XPVINV8a 1329843197.783443 CXWv6p3arKYeMETxOg 1329843161.968492 CjhGID4nQcgTWjvg4c 1329327783.316897 CCvvfg3TEfuqmmG4bh 1329327786.524332 CsRx2w45OKnoww6xl4 1329327787.289095 CRJuHdVW0XPVINV8a 1329327795.571921 CXWv6p3arKYeMETxOg 1329327777.822004 CPbrpk1qSsw6ESzHV4 1329327800.017649 bro-aux-0.35/testing/Baseline/bro-cut.show-header/one-1st-nocols0000664002342100234210000000221312535376152024326 0ustar johannajohanna#separator \x09 #set_separator , #empty_field (empty) #unset_field - #path conn #open 2014-04-01-23-15-49 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool count string count count count count set[string] 1329843175.736107 CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty) 1329843179.871641 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty) 1329843194.151526 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty) 1329843197.783443 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty) 1329843161.968492 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty) bro-aux-0.35/testing/Baseline/bro-cut.show-header/different-col-order0000664002342100234210000000452412535376152025406 0ustar johannajohanna#separator \x09 #set_separator , #empty_field (empty) #unset_field - #path conn #open 2014-04-01-23-15-49 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool count string count count count count set[string] 1329843175.736107 CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty) 1329843179.871641 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty) 1329843194.151526 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty) 1329843197.783443 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty) 1329843161.968492 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty) #close 2014-04-01-23-15-49 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path conntimelast #open 2014-04-01-23-15-49 #fields uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ts #types string addr port addr port enum string interval count count string bool count string count count count count set[string] time CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty) 1329843175.736107 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty) 1329843179.871641 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty) 1329843194.151526 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty) 1329843197.783443 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty) 1329843161.968492 #close 2014-04-01-23-15-49 bro-aux-0.35/testing/Baseline/bro-cut.show-header/both-c-opts-all0000664002342100234210000000134312535376152024455 0ustar johannajohanna#separator \x09 #set_separator , #empty_field (empty) #unset_field - #path conn #open 2014-04-01-23-15-49 #fields uid ts #types string time CjhGID4nQcgTWjvg4c 1329843175.736107 CCvvfg3TEfuqmmG4bh 1329843179.871641 CsRx2w45OKnoww6xl4 1329843194.151526 CRJuHdVW0XPVINV8a 1329843197.783443 CXWv6p3arKYeMETxOg 1329843161.968492 #close 2014-04-01-23-15-49 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path test #open 2014-04-01-23-15-51 #fields uid ts #types string time CjhGID4nQcgTWjvg4c 1329327783.316897 CCvvfg3TEfuqmmG4bh 1329327786.524332 CsRx2w45OKnoww6xl4 1329327787.289095 CRJuHdVW0XPVINV8a 1329327795.571921 CXWv6p3arKYeMETxOg 1329327777.822004 CPbrpk1qSsw6ESzHV4 1329327800.017649 #close 2014-04-01-23-15-51 bro-aux-0.35/testing/Baseline/bro-cut.time-fmt/0000775002342100234210000000000012535376153021141 5ustar johannajohannabro-aux-0.35/testing/Baseline/bro-cut.time-fmt/local-fmt-utc0000664002342100234210000000127712535376153023542 0ustar johannajohanna16 52 12 02 21 CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty) 16 52 12 02 21 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty) 16 53 12 02 21 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty) 16 53 12 02 21 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty) 16 52 12 02 21 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty) bro-aux-0.35/testing/Baseline/bro-cut.time-fmt/utc-fmt0000664002342100234210000000127712535376153022452 0ustar johannajohanna16 52 12 02 21 CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty) 16 52 12 02 21 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty) 16 53 12 02 21 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty) 16 53 12 02 21 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty) 16 52 12 02 21 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty) bro-aux-0.35/testing/Baseline/bro-cut.time-fmt/utc-local-fmt0000664002342100234210000000127712535376153023542 0ustar johannajohanna08 52 12 02 21 CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty) 08 52 12 02 21 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty) 08 53 12 02 21 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty) 08 53 12 02 21 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty) 08 52 12 02 21 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty) bro-aux-0.35/testing/Baseline/bro-cut.time-fmt/utc-fmt-local0000664002342100234210000000127712535376153023542 0ustar johannajohanna08 52 12 02 21 CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty) 08 52 12 02 21 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty) 08 53 12 02 21 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty) 08 53 12 02 21 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty) 08 52 12 02 21 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty) bro-aux-0.35/testing/Baseline/bro-cut.time-fmt/local-utc-fmt0000664002342100234210000000127712535376153023542 0ustar johannajohanna16 52 12 02 21 CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty) 16 52 12 02 21 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty) 16 53 12 02 21 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty) 16 53 12 02 21 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty) 16 52 12 02 21 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty) bro-aux-0.35/testing/Baseline/bro-cut.time-fmt/local-fmt0000664002342100234210000000127712535376153022751 0ustar johannajohanna08 52 12 02 21 CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty) 08 52 12 02 21 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty) 08 53 12 02 21 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty) 08 53 12 02 21 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty) 08 52 12 02 21 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty) bro-aux-0.35/testing/Baseline/bro-cut.bad-logs/0000775002342100234210000000000012535376152021106 5ustar johannajohannabro-aux-0.35/testing/Baseline/bro-cut.bad-logs/missing-types-header0000664002342100234210000000005612535376152025073 0ustar johannajohannabro-cut: bad log header (missing #types line) bro-aux-0.35/testing/Baseline/bro-cut.bad-logs/no-header-time0000664002342100234210000000000512535376152023622 0ustar johannajohanna bro-aux-0.35/testing/Baseline/bro-cut.bad-logs/missing-fields-header0000664002342100234210000000005712535376152025176 0ustar johannajohannabro-cut: bad log header (missing #fields line) bro-aux-0.35/testing/Baseline/bro-cut.bad-logs/missing-sep-header0000664002342100234210000000016212535376152024514 0ustar johannajohannaCjhGID4nQcgTWjvg4c tcp CCvvfg3TEfuqmmG4bh tcp CsRx2w45OKnoww6xl4 tcp CRJuHdVW0XPVINV8a tcp CXWv6p3arKYeMETxOg tcp bro-aux-0.35/testing/Baseline/bro-cut.bad-logs/no-header-show0000664002342100234210000000000512535376152023644 0ustar johannajohanna bro-aux-0.35/testing/Baseline/bro-cut.bad-logs/no-header-not-column0000664002342100234210000000000512535376152024757 0ustar johannajohanna bro-aux-0.35/testing/Baseline/bro-cut.bad-logs/no-header-column0000664002342100234210000000000512535376152024161 0ustar johannajohanna bro-aux-0.35/testing/Baseline/bro-cut.not-columns/0000775002342100234210000000000012535376152021674 5ustar johannajohannabro-aux-0.35/testing/Baseline/bro-cut.not-columns/not-only0000664002342100234210000000000112535376152023365 0ustar johannajohanna bro-aux-0.35/testing/Baseline/bro-cut.not-columns/not-one0000664002342100234210000000075412535376152023204 0ustar johannajohanna1329327783.316897 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49186 2001:470:4867:99::21 1329327786.524332 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49187 2001:470:4867:99::21 1329327787.289095 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49188 2001:470:4867:99::21 1329327795.571921 2001:470:4867:99::21 55785 2001:470:1f11:81f:c999:d94:aa7c:2e3e 1329327777.822004 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49185 2001:470:4867:99::21 1329327800.017649 2001:470:4867:99::21 55647 2001:470:1f11:81f:c999:d94:aa7c:2e3e bro-aux-0.35/testing/Baseline/bro-cut.not-columns/not-none0000664002342100234210000000113512535376152023354 0ustar johannajohanna1329327783.316897 CjhGID4nQcgTWjvg4c 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49186 2001:470:4867:99::21 1329327786.524332 CCvvfg3TEfuqmmG4bh 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49187 2001:470:4867:99::21 1329327787.289095 CsRx2w45OKnoww6xl4 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49188 2001:470:4867:99::21 1329327795.571921 CRJuHdVW0XPVINV8a 2001:470:4867:99::21 55785 2001:470:1f11:81f:c999:d94:aa7c:2e3e 1329327777.822004 CXWv6p3arKYeMETxOg 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49185 2001:470:4867:99::21 1329327800.017649 CPbrpk1qSsw6ESzHV4 2001:470:4867:99::21 55647 2001:470:1f11:81f:c999:d94:aa7c:2e3e bro-aux-0.35/testing/Baseline/bro-cut.not-columns/not-all0000664002342100234210000000000612535376152023161 0ustar johannajohanna bro-aux-0.35/testing/Baseline/bro-cut.not-columns/not-one-twice0000664002342100234210000000075412535376152024315 0ustar johannajohanna1329327783.316897 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49186 2001:470:4867:99::21 1329327786.524332 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49187 2001:470:4867:99::21 1329327787.289095 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49188 2001:470:4867:99::21 1329327795.571921 2001:470:4867:99::21 55785 2001:470:1f11:81f:c999:d94:aa7c:2e3e 1329327777.822004 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49185 2001:470:4867:99::21 1329327800.017649 2001:470:4867:99::21 55647 2001:470:1f11:81f:c999:d94:aa7c:2e3e bro-aux-0.35/testing/Baseline/bro-cut.not-columns/not-one-nonexistent0000664002342100234210000000075412535376152025560 0ustar johannajohanna1329327783.316897 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49186 2001:470:4867:99::21 1329327786.524332 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49187 2001:470:4867:99::21 1329327787.289095 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49188 2001:470:4867:99::21 1329327795.571921 2001:470:4867:99::21 55785 2001:470:1f11:81f:c999:d94:aa7c:2e3e 1329327777.822004 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49185 2001:470:4867:99::21 1329327800.017649 2001:470:4867:99::21 55647 2001:470:1f11:81f:c999:d94:aa7c:2e3e bro-aux-0.35/testing/Baseline/bro-cut.not-columns/not-two-swapped0000664002342100234210000000051612535376152024671 0ustar johannajohanna1329327783.316897 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49186 1329327786.524332 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49187 1329327787.289095 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49188 1329327795.571921 2001:470:4867:99::21 55785 1329327777.822004 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49185 1329327800.017649 2001:470:4867:99::21 55647 bro-aux-0.35/testing/Baseline/bro-cut.not-columns/different-col-order0000664002342100234210000000205412535376152025452 0ustar johannajohanna141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty) 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty) 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty) 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty) 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty) 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty) 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty) 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty) 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty) 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty) bro-aux-0.35/testing/Baseline/bro-cut.not-columns/not-one-show-header0000664002342100234210000000123212535376152025400 0ustar johannajohanna#separator \x09 #set_separator , #empty_field (empty) #unset_field - #path test #open 2014-04-01-23-15-51 #fields ts id.orig_h id.orig_p id.resp_h #types time addr port addr 1329327783.316897 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49186 2001:470:4867:99::21 1329327786.524332 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49187 2001:470:4867:99::21 1329327787.289095 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49188 2001:470:4867:99::21 1329327795.571921 2001:470:4867:99::21 55785 2001:470:1f11:81f:c999:d94:aa7c:2e3e 1329327777.822004 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49185 2001:470:4867:99::21 1329327800.017649 2001:470:4867:99::21 55647 2001:470:1f11:81f:c999:d94:aa7c:2e3e bro-aux-0.35/testing/Baseline/bro-cut.time-conversion/0000775002342100234210000000000012535376153022540 5ustar johannajohannabro-aux-0.35/testing/Baseline/bro-cut.time-conversion/missing-header0000664002342100234210000000000512535376153025355 0ustar johannajohanna bro-aux-0.35/testing/Baseline/bro-cut.time-conversion/both-10000664002342100234210000000136112535376153023556 0ustar johannajohanna2012-02-21T16:52:55+0000 CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty) 2012-02-21T16:52:59+0000 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty) 2012-02-21T16:53:14+0000 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty) 2012-02-21T16:53:17+0000 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty) 2012-02-21T16:52:41+0000 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty) bro-aux-0.35/testing/Baseline/bro-cut.time-conversion/both-20000664002342100234210000000136112535376153023557 0ustar johannajohanna2012-02-21T08:52:55-0800 CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty) 2012-02-21T08:52:59-0800 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty) 2012-02-21T08:53:14-0800 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty) 2012-02-21T08:53:17-0800 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty) 2012-02-21T08:52:41-0800 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty) bro-aux-0.35/testing/Baseline/bro-cut.time-conversion/time-last-col0000664002342100234210000000136112535376153025136 0ustar johannajohannaCjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty) 2012-02-21T08:52:55-0800 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty) 2012-02-21T08:52:59-0800 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty) 2012-02-21T08:53:14-0800 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty) 2012-02-21T08:53:17-0800 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty) 2012-02-21T08:52:41-0800 bro-aux-0.35/testing/Baseline/bro-cut.time-conversion/no-timestamps0000664002342100234210000000001612535376153025260 0ustar johannajohanna79.26.245.236 bro-aux-0.35/testing/Baseline/bro-cut.time-conversion/local0000664002342100234210000000136112535376153023556 0ustar johannajohanna2012-02-21T08:52:55-0800 CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty) 2012-02-21T08:52:59-0800 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty) 2012-02-21T08:53:14-0800 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty) 2012-02-21T08:53:17-0800 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty) 2012-02-21T08:52:41-0800 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty) bro-aux-0.35/testing/Baseline/bro-cut.time-conversion/different-col-order0000664002342100234210000000274212535376153026322 0ustar johannajohanna2012-02-21T08:52:55-0800 CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty) 2012-02-21T08:52:59-0800 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty) 2012-02-21T08:53:14-0800 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty) 2012-02-21T08:53:17-0800 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty) 2012-02-21T08:52:41-0800 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty) CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty) 2012-02-21T08:52:55-0800 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty) 2012-02-21T08:52:59-0800 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty) 2012-02-21T08:53:14-0800 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty) 2012-02-21T08:53:17-0800 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty) 2012-02-21T08:52:41-0800 bro-aux-0.35/testing/Baseline/bro-cut.time-conversion/utc0000664002342100234210000000136112535376153023257 0ustar johannajohanna2012-02-21T16:52:55+0000 CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty) 2012-02-21T16:52:59+0000 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty) 2012-02-21T16:53:14+0000 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty) 2012-02-21T16:53:17+0000 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty) 2012-02-21T16:52:41+0000 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty) bro-aux-0.35/testing/Baseline/bro-cut.time-header/0000775002342100234210000000000012535376153021603 5ustar johannajohannabro-aux-0.35/testing/Baseline/bro-cut.time-header/missing-ts-one-file0000664002342100234210000000106312535376153025317 0ustar johannajohanna#separator \x09 #set_separator , #empty_field (empty) #unset_field - #path conn #open 2014-04-01-23-15-49 #fields ts id.orig_h #types string addr 2012-02-21T08:52:55-0800 141.142.220.235 2012-02-21T08:52:59-0800 141.142.220.235 2012-02-21T08:53:14-0800 199.233.217.249 2012-02-21T08:53:17-0800 199.233.217.249 2012-02-21T08:52:41-0800 141.142.220.235 #close 2014-04-01-23-15-49 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path onecolumn #open 2014-04-01-23-15-59 #fields id.orig_h #types addr 79.26.245.236 #close 2014-04-01-23-15-59 bro-aux-0.35/testing/Baseline/bro-cut.time-header/utc-fmt0000664002342100234210000000144112535376153023105 0ustar johannajohanna#separator \x09 #set_separator , #empty_field (empty) #unset_field - #path test #open 2014-04-01-23-15-51 #fields ts uid id.orig_h id.orig_p id.resp_h #types string string addr port addr 17 43 12 02 15 CjhGID4nQcgTWjvg4c 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49186 2001:470:4867:99::21 17 43 12 02 15 CCvvfg3TEfuqmmG4bh 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49187 2001:470:4867:99::21 17 43 12 02 15 CsRx2w45OKnoww6xl4 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49188 2001:470:4867:99::21 17 43 12 02 15 CRJuHdVW0XPVINV8a 2001:470:4867:99::21 55785 2001:470:1f11:81f:c999:d94:aa7c:2e3e 17 42 12 02 15 CXWv6p3arKYeMETxOg 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49185 2001:470:4867:99::21 17 43 12 02 15 CPbrpk1qSsw6ESzHV4 2001:470:4867:99::21 55647 2001:470:1f11:81f:c999:d94:aa7c:2e3e #close 2014-04-01-23-15-51 bro-aux-0.35/testing/Baseline/bro-cut.time-header/nondefault-separator0000664002342100234210000000062612535376153025667 0ustar johannajohanna#separator , #set_separator,, #empty_field,(empty) #unset_field,- #path,conn #open,2014-06-30-16-10-54 #fields,proto,ts,id.orig_h #types,enum,string,addr tcp,2012-02-21T08:52:55-0800,141.142.220.235 tcp,2012-02-21T08:52:59-0800,141.142.220.235 tcp,2012-02-21T08:53:14-0800,199.233.217.249 tcp,2012-02-21T08:52:41-0800,141.142.220.235 tcp,2012-02-21T08:53:17-0800,199.233.217.249 #close,2014-06-30-16-10-55 bro-aux-0.35/testing/Baseline/bro-cut.time-header/ts-twice0000664002342100234210000000100112535376153023255 0ustar johannajohanna#separator \x09 #set_separator , #empty_field (empty) #unset_field - #path conn #open 2014-04-01-23-15-49 #fields ts id.orig_h ts #types string addr string 2012-02-21T08:52:55-0800 141.142.220.235 2012-02-21T08:52:55-0800 2012-02-21T08:52:59-0800 141.142.220.235 2012-02-21T08:52:59-0800 2012-02-21T08:53:14-0800 199.233.217.249 2012-02-21T08:53:14-0800 2012-02-21T08:53:17-0800 199.233.217.249 2012-02-21T08:53:17-0800 2012-02-21T08:52:41-0800 141.142.220.235 2012-02-21T08:52:41-0800 #close 2014-04-01-23-15-49 bro-aux-0.35/testing/Baseline/bro-cut.time-header/different-field-separator0000664002342100234210000000145712535376153026562 0ustar johannajohanna#separator \x09 #set_separator , #empty_field (empty) #unset_field - #path conn #open 2014-04-01-23-15-49 #fields proto ts id.orig_h #types enum string addr tcp 2012-02-21T08:52:55-0800 141.142.220.235 tcp 2012-02-21T08:52:59-0800 141.142.220.235 tcp 2012-02-21T08:53:14-0800 199.233.217.249 tcp 2012-02-21T08:53:17-0800 199.233.217.249 tcp 2012-02-21T08:52:41-0800 141.142.220.235 #close 2014-04-01-23-15-49 #separator , #set_separator,, #empty_field,(empty) #unset_field,- #path,conn #open,2014-06-30-16-10-54 #fields,proto,ts,id.orig_h #types,enum,string,addr tcp,2012-02-21T08:52:55-0800,141.142.220.235 tcp,2012-02-21T08:52:59-0800,141.142.220.235 tcp,2012-02-21T08:53:14-0800,199.233.217.249 tcp,2012-02-21T08:52:41-0800,141.142.220.235 tcp,2012-02-21T08:53:17-0800,199.233.217.249 #close,2014-06-30-16-10-55 bro-aux-0.35/testing/Baseline/bro-cut.time-header/multiple-times0000664002342100234210000000052712535376153024504 0ustar johannajohanna#separator \x09 #set_separator , #empty_field (empty) #unset_field - #path test #open 2014-04-01-23-16-29 #fields proto ts2 ts1 #types enum string string tcp 2012-02-21T08:53:05-0800 2012-02-21T08:52:55-0800 udp 2012-02-21T08:53:09-0800 2012-02-21T08:52:59-0800 tcp 2012-02-21T08:53:24-0800 2012-02-21T08:53:14-0800 #close 2014-04-01-23-16-29 bro-aux-0.35/testing/Baseline/bro-cut.time-header/different-col-order0000664002342100234210000000147212535376153025364 0ustar johannajohanna#separator \x09 #set_separator , #empty_field (empty) #unset_field - #path conn #open 2014-04-01-23-15-49 #fields proto ts id.orig_h #types enum string addr tcp 2012-02-21T08:52:55-0800 141.142.220.235 tcp 2012-02-21T08:52:59-0800 141.142.220.235 tcp 2012-02-21T08:53:14-0800 199.233.217.249 tcp 2012-02-21T08:53:17-0800 199.233.217.249 tcp 2012-02-21T08:52:41-0800 141.142.220.235 #close 2014-04-01-23-15-49 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path conntimelast #open 2014-04-01-23-15-49 #fields proto ts id.orig_h #types enum string addr tcp 2012-02-21T08:52:55-0800 141.142.220.235 tcp 2012-02-21T08:52:59-0800 141.142.220.235 tcp 2012-02-21T08:53:14-0800 199.233.217.249 tcp 2012-02-21T08:53:17-0800 199.233.217.249 tcp 2012-02-21T08:52:41-0800 141.142.220.235 #close 2014-04-01-23-15-49 bro-aux-0.35/testing/Baseline/bro-cut.no-options/0000775002342100234210000000000012535376152021523 5ustar johannajohannabro-aux-0.35/testing/Baseline/bro-cut.no-options/tsv0000664002342100234210000000000612535376152022256 0ustar johannajohanna bro-aux-0.35/testing/Baseline/bro-cut.no-options/no-opts0000664002342100234210000000131612535376152023046 0ustar johannajohanna1329843175.736107 CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty) 1329843179.871641 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty) 1329843194.151526 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty) 1329843197.783443 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty) 1329843161.968492 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty) bro-aux-0.35/testing/Baseline/bro-cut.ofs/0000775002342100234210000000000012535376152020205 5ustar johannajohannabro-aux-0.35/testing/Baseline/bro-cut.ofs/show-header0000664002342100234210000000221312535376152022334 0ustar johannajohanna#separator \x09 #set_separator , #empty_field (empty) #unset_field - #path conn #open 2014-04-01-23-15-49 #fields.ts.uid.id.orig_h.id.orig_p.id.resp_h.id.resp_p.proto.service.duration.orig_bytes.resp_bytes.conn_state.local_orig.missed_bytes.history.orig_pkts.orig_ip_bytes.resp_pkts.resp_ip_bytes.tunnel_parents #types.time.string.addr.port.addr.port.enum.string.interval.count.count.string.bool.count.string.count.count.count.count.set[string] 1329843175.736107.CjhGID4nQcgTWjvg4c.141.142.220.235.37604.199.233.217.249.56666.tcp.ftp-data.0.112432.0.342.SF.-.0.ShAdfFa.4.216.4.562.(empty) 1329843179.871641.CCvvfg3TEfuqmmG4bh.141.142.220.235.59378.199.233.217.249.56667.tcp.ftp-data.0.111218.0.77.SF.-.0.ShAdfFa.4.216.4.297.(empty) 1329843194.151526.CsRx2w45OKnoww6xl4.199.233.217.249.61920.141.142.220.235.33582.tcp.ftp-data.0.056211.342.0.SF.-.0.ShADaFf.5.614.3.164.(empty) 1329843197.783443.CRJuHdVW0XPVINV8a.199.233.217.249.61918.141.142.220.235.37835.tcp.ftp-data.0.056005.77.0.SF.-.0.ShADaFf.5.349.3.164.(empty) 1329843161.968492.CXWv6p3arKYeMETxOg.141.142.220.235.50003.199.233.217.249.21.tcp.ftp.38.055625.180.3146.SF.-.0.ShAdDfFa.38.2164.25.4458.(empty) bro-aux-0.35/testing/Baseline/bro-cut.ofs/nondefault-separator0000664002342100234210000000034412535376152024266 0ustar johannajohannatcp:CjhGID4nQcgTWjvg4c tcp:CCvvfg3TEfuqmmG4bh tcp:CsRx2w45OKnoww6xl4 tcp:CRJuHdVW0XPVINV8a tcp:CXWv6p3arKYeMETxOg tcp:CNbXUV0IZ29or3MK6 tcp:CJ8woc3c6CfBLdiyp5 tcp:CXlgj54ftP8Yc2GSnb tcp:Czw8Gd1zEVn3Xz5x7i tcp:Cys4aQ15qDqHzsIk3l bro-aux-0.35/testing/Baseline/bro-cut.ofs/some-columns0000664002342100234210000000027012535376152022550 0ustar johannajohannaCjhGID4nQcgTWjvg4c,1329843175.736107 CCvvfg3TEfuqmmG4bh,1329843179.871641 CsRx2w45OKnoww6xl4,1329843194.151526 CRJuHdVW0XPVINV8a,1329843197.783443 CXWv6p3arKYeMETxOg,1329843161.968492 bro-aux-0.35/testing/Baseline/bro-cut.ofs/only-column0000664002342100234210000000001612535376152022401 0ustar johannajohanna79.26.245.236 bro-aux-0.35/testing/Baseline/bro-cut.help/0000775002342100234210000000000012535376152020346 5ustar johannajohannabro-aux-0.35/testing/Baseline/bro-cut.help/show-help0000664002342100234210000000164412535376152022204 0ustar johannajohanna bro-cut [options] [] Extracts the given columns from an ASCII Bro log on standard input. If no columns are given, all are selected. By default, bro-cut does not include format header blocks into the output. Example: cat conn.log | bro-cut -d ts id.orig_h id.orig_p -c Include the first format header block into the output. -C Include all format header blocks into the output. -d Convert time values into human-readable format. -D Like -d, but specify format for time (see strftime(3) for syntax). -F Sets a different output field separator. -n Print all fields *except* those specified. -u Like -d, but print timestamps in UTC instead of local time. -U Like -D, but print timestamps in UTC instead of local time. For time conversion option -d or -u, the format string can be specified by setting an environment variable BRO_CUT_TIMEFMT. bro-aux-0.35/testing/Makefile0000664002342100234210000000050012535376153015756 0ustar johannajohanna DIAG=diag.log BTEST=../../btest/btest all: cleanup btest-verbose # Showing all tests. btest-verbose: @$(BTEST) -j -f $(DIAG) brief: cleanup btest-brief # Brief output showing only failed tests. btest-brief: @$(BTEST) -j -b -f $(DIAG) cleanup: @rm -f $(DIAG) .PHONY: all btest-verbose brief btest-brief cleanup bro-aux-0.35/configure0000775002342100234210000000650612535376152014563 0ustar johannajohanna#!/bin/sh # Convenience wrapper for easily viewing/setting options that # the project's CMake scripts will recognize set -e command="$0 $*" # check for `cmake` command type cmake > /dev/null 2>&1 || { echo "\ This package requires CMake, please install it first, then you may use this configure script to access CMake equivalent functionality.\ " >&2; exit 1; } usage="\ Usage: $0 [OPTION]... [VAR=VALUE]... Build Directory: --builddir=DIR place build files in directory [build] Installation Directories: --prefix=PREFIX installation directory [/usr/local/bro] Optional Features: --enable-debug compile in debugging mode Required Packages in Non-Standard Locations: --with-openssl=PATH path to OpenSSL install root --with-bind=PATH path to BIND install root --with-pcap=PATH path to libpcap install root --with-flex=PATH path to flex executable Influential Environment Variables (only on first invocation per build directory): CC C compiler command CFLAGS C compiler flags CXX C++ compiler command CXXFLAGS C++ compiler flags " sourcedir="$( cd "$( dirname "$0" )" && pwd )" # Function to append a CMake cache entry definition to the # CMakeCacheEntries variable # $1 is the cache entry variable name # $2 is the cache entry variable type # $3 is the cache entry variable value append_cache_entry () { CMakeCacheEntries="$CMakeCacheEntries -D $1:$2=$3" } # set defaults builddir=build CMakeCacheEntries="" append_cache_entry CMAKE_INSTALL_PREFIX PATH /usr/local/bro append_cache_entry ENABLE_DEBUG BOOL false # parse arguments while [ $# -ne 0 ]; do case "$1" in -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; *) optarg= ;; esac case "$1" in --help|-h) echo "${usage}" 1>&2 exit 1 ;; --builddir=*) builddir=$optarg ;; --prefix=*) append_cache_entry CMAKE_INSTALL_PREFIX PATH $optarg ;; --enable-debug) append_cache_entry ENABLE_DEBUG BOOL true ;; --with-openssl=*) append_cache_entry OpenSSL_ROOT_DIR PATH $optarg ;; --with-bind=*) append_cache_entry BIND_ROOT_DIR PATH $optarg ;; --with-pcap=*) append_cache_entry PCAP_ROOT_DIR PATH $optarg ;; --with-flex=*) append_cache_entry FLEX_EXECUTABLE PATH $optarg ;; *) echo "Invalid option '$1'. Try $0 --help to see available options." exit 1 ;; esac shift done if [ -d $builddir ]; then # If build directory exists, check if it has a CMake cache if [ -f $builddir/CMakeCache.txt ]; then # If the CMake cache exists, delete it so that this configuration # is not tainted by a previous one rm -f $builddir/CMakeCache.txt fi else # Create build directory mkdir -p $builddir fi echo "Build Directory : $builddir" echo "Source Directory: $sourcedir" cd $builddir cmake $CMakeCacheEntries $sourcedir echo "# This is the command used to configure this build" > config.status echo $command >> config.status chmod u+x config.status bro-aux-0.35/plugin-support/0000775002342100234210000000000012535376152015655 5ustar johannajohannabro-aux-0.35/plugin-support/init-plugin0000775002342100234210000000427712535376152020054 0ustar johannajohanna#! /usr/bin/env bash function abspath { (cd "$1"; pwd) } function relpath { echo "$1" | sed "s#`pwd`/\{0,1\}##g" } function lower { echo "$1" | tr A-Z a-z } function upper { echo "$1" | tr a-z A-Z } function init-skeleton { for i in `cd ${skeleton} && find * -type d`; do mkdir -p `echo ${plugin_src}/$i` done for i in `cd ${skeleton} && find * -type f -not -name '.*'`; do src=${skeleton}/$i dst=`echo ${plugin_src}/$i` dst=`echo $dst | sed "s#%NS_LOWER#${plugin_ns_lower}#g"` dst=`echo $dst | sed "s#%NAME_LOWER#${plugin_name_lower}#g"` dst=`echo $dst | sed "s#%NS#${plugin_ns}#g"` dst=`echo $dst | sed "s#%NAME#${plugin_name}#g"` dst=`echo $dst | sed "s#@#/#g"` tmp=$dst.$$.tmp mkdir -p `dirname ${dst}` cp -p ${src} ${tmp} # Copy first to preserve permissions. cat ${src} \ | sed "s/@PLUGIN_NAME@/${plugin_name}/g" \ | sed "s/@PLUGIN_NAMESPACE@/${plugin_ns}/g" \ | sed "s/@PLUGIN_NAME_UPPER@/${plugin_name_upper}/g" \ | sed "s/@PLUGIN_NAMESPACE_UPPER@/${plugin_ns_upper}/g" \ | sed "s/@PLUGIN_NAME_LOWER@/${plugin_name_lower}/g" \ | sed "s/@PLUGIN_NAMESPACE_LOWER@/${plugin_ns_lower}/g" \ >${tmp} if [ -e ${dst} ]; then cmp -s ${tmp} ${dst} || echo "`relpath ${dst}` exists, not installing new version" rm -f ${tmp} continue fi echo Installing `relpath ${dst}` ... mv ${tmp} ${dst} done } update=0 if [ "$1" == "-u" ]; then update=1 shift fi if [ $# != 3 ]; then echo "Usage: `basename $0` [-u] " exit 1 fi dstdir=$1 if [ -e "${dstdir}" -a ${update} != 1 ]; then echo "error: ${dstdir} already exists, use -u if you want to update skeleton files in there." exit 1 fi mkdir -p ${dstdir} dstdir=`abspath ${dstdir}` basedir=`dirname $0` skeleton=`abspath ${basedir}`/skeleton plugin_ns=$2 plugin_name=$3 plugin_ns_lower=`lower $2` plugin_name_lower=`lower $3` plugin_ns_upper=`upper $2` plugin_name_upper=`upper $3` plugin_src=${dstdir} plugin_build=${dstdir}/dylib init-skeleton bro-aux-0.35/plugin-support/skeleton/0000775002342100234210000000000012535376153017502 5ustar johannajohannabro-aux-0.35/plugin-support/skeleton/configure.plugin0000664002342100234210000000057412535376152022710 0ustar johannajohanna#!/bin/sh # # Hooks to add custom options to the configure script. # plugin_usage() { : # Do nothing # cat <" >&2 exit 1 fi bro-aux-0.35/plugin-support/skeleton/tests/btest.cfg0000664002342100234210000000131412535376152022444 0ustar johannajohanna[btest] TestDirs = @PLUGIN_NAME_LOWER@ TmpDir = %(testbase)s/.tmp BaselineDir = %(testbase)s/Baseline IgnoreDirs = .svn CVS .tmp IgnoreFiles = *.tmp *.swp #* *.trace .DS_Store [environment] BROBASE=`%(testbase)s/Scripts/get-bro-env brobase` BROPATH=`%(testbase)s/Scripts/get-bro-env bropath` BRO_PLUGIN_PATH=`%(testbase)s/Scripts/get-bro-env bro_plugin_path` BRO_SEED_FILE=`%(testbase)s/Scripts/get-bro-env bro_seed_file` PATH=`%(testbase)s/Scripts/get-bro-env path` TZ=UTC LC_ALL=C TRACES=%(testbase)s/Traces TMPDIR=%(testbase)s/.tmp BRO_TRACES=`%(testbase)s/Scripts/get-bro-env brobase`/testing/btest/Traces TEST_DIFF_CANONIFIER=`%(testbase)s/Scripts/get-bro-env brobase`/testing/scripts/diff-canonifier bro-aux-0.35/plugin-support/skeleton/tests/%NAME_LOWER@show-plugin.bro0000664002342100234210000000014012535376152025374 0ustar johannajohanna# @TEST-EXEC: bro -NN @PLUGIN_NAMESPACE@::@PLUGIN_NAME@ >output # @TEST-EXEC: btest-diff output bro-aux-0.35/plugin-support/skeleton/tests/Makefile0000664002342100234210000000001712535376152022301 0ustar johannajohanna test: @btest bro-aux-0.35/plugin-support/skeleton/README0000664002342100234210000000015212535376152020357 0ustar johannajohanna @PLUGIN_NAMESPACE@::@PLUGIN_NAME@ ================================= bro-aux-0.35/plugin-support/skeleton/COPYING.edit-me0000664002342100234210000000325312535376152022062 0ustar johannajohanna### ### This is a BSD-style license. If you're happy with it, just edit ### the XXX parts below and remove this comment. Otherwise, put in ### your own license instead. ### Copyright (c) 2015 by Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: (1) Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. (2) Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. (3) Neither the name of , nor the names of contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. bro-aux-0.35/plugin-support/skeleton/configure0000775002342100234210000000470212535376152021413 0ustar johannajohanna#!/bin/sh # # Wrapper for viewing/setting options that the plugin's CMake # scripts will recognize. # # Don't edit this. Edit configure.plugin to add plugin-specific options. # set -e command="$0 $*" if [ -e `dirname $0`/configure.plugin ]; then # Include custom additions. . `dirname $0`/configure.plugin fi # Check for `cmake` command. type cmake > /dev/null 2>&1 || { echo "\ This package requires CMake, please install it first, then you may use this configure script to access CMake equivalent functionality.\ " >&2; exit 1; } usage() { cat 1>&2 </dev/null 2>&1; then plugin_usage 1>&2 fi echo exit 1 } # Function to append a CMake cache entry definition to the # CMakeCacheEntries variable # $1 is the cache entry variable name # $2 is the cache entry variable type # $3 is the cache entry variable value append_cache_entry () { CMakeCacheEntries="$CMakeCacheEntries -D $1:$2=$3" } # set defaults builddir=build brodist=`cd ../../.. && pwd` installroot="default" CMakeCacheEntries="" while [ $# -ne 0 ]; do case "$1" in -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; *) optarg= ;; esac case "$1" in --help|-h) usage ;; --bro-dist=*) brodist=`cd $optarg && pwd` ;; --install-root=*) installroot=$optarg ;; *) if type plugin_option >/dev/null 2>&1; then plugin_option $1 && shift && continue; fi echo "Invalid option '$1'. Try $0 --help to see available options." exit 1 ;; esac shift done if [ ! -e "$brodist/bro-path-dev.in" ]; then echo "Cannot determine Bro source directory, use --bro-dist=DIR." exit 1 fi append_cache_entry BRO_DIST PATH $brodist append_cache_entry CMAKE_MODULE_PATH PATH $brodist/cmake if [ "$installroot" != "default" ]; then mkdir -p $installroot append_cache_entry BRO_PLUGIN_INSTALL_ROOT PATH $installroot fi echo "Build Directory : $builddir" echo "Bro Source Directory : $brodist" mkdir -p $builddir cd $builddir cmake $CMakeCacheEntries .. echo "# This is the command used to configure this build" > config.status echo $command >> config.status chmod u+x config.status bro-aux-0.35/plugin-support/skeleton/CMakeLists.txt0000664002342100234210000000041612535376152022242 0ustar johannajohanna cmake_minimum_required(VERSION 2.8) project(Plugin) include(BroPlugin) bro_plugin_begin(@PLUGIN_NAMESPACE@ @PLUGIN_NAME@) bro_plugin_cc(src/Plugin.cc) bro_plugin_bif(src/@PLUGIN_NAME_LOWER@.bif) bro_plugin_dist_files(README CHANGES COPYING VERSION) bro_plugin_end() bro-aux-0.35/plugin-support/skeleton/scripts/0000775002342100234210000000000012535376152021170 5ustar johannajohannabro-aux-0.35/plugin-support/skeleton/scripts/__load__.bro0000664002342100234210000000045212535376152023410 0ustar johannajohanna# # This is loaded unconditionally at Bro startup. Include scripts here that should # always be loaded. # # Normally, that will be only code that initializes built-in elements. Load # your standard scripts in # scripts///__load__.bro instead. # @load ./init.bro bro-aux-0.35/plugin-support/skeleton/scripts/%NS@%NAME@__load__.bro0000664002342100234210000000022712535376152024624 0ustar johannajohanna# # This is loaded when a user activates the plugin. Include scripts here that should be # loaded automatically at that point. # # @load ./bar.bro bro-aux-0.35/plugin-support/skeleton/scripts/init.bro0000664002342100234210000000000012535376152022625 0ustar johannajohannabro-aux-0.35/plugin-support/skeleton/VERSION0000664002342100234210000000000412535376152020543 0ustar johannajohanna0.1 bro-aux-0.35/plugin-support/skeleton/CHANGES0000664002342100234210000000000012535376152020462 0ustar johannajohannabro-aux-0.35/plugin-support/skeleton/src/0000775002342100234210000000000012535376152020270 5ustar johannajohannabro-aux-0.35/plugin-support/skeleton/src/%NAME_LOWER.bif0000664002342100234210000000000112535376152022476 0ustar johannajohanna bro-aux-0.35/plugin-support/skeleton/src/Plugin.h0000664002342100234210000000061212535376152021676 0ustar johannajohanna #ifndef BRO_PLUGIN_@PLUGIN_NAMESPACE_UPPER@_@PLUGIN_NAME_UPPER@ #define BRO_PLUGIN_@PLUGIN_NAMESPACE_UPPER@_@PLUGIN_NAME_UPPER@ #include namespace plugin { namespace @PLUGIN_NAMESPACE@_@PLUGIN_NAME@ { class Plugin : public ::plugin::Plugin { protected: // Overridden from plugin::Plugin. virtual plugin::Configuration Configure(); }; extern Plugin plugin; } } #endif bro-aux-0.35/plugin-support/skeleton/src/Plugin.cc0000664002342100234210000000063412535376152022040 0ustar johannajohanna #include "Plugin.h" namespace plugin { namespace @PLUGIN_NAMESPACE@_@PLUGIN_NAME@ { Plugin plugin; } } using namespace plugin::@PLUGIN_NAMESPACE@_@PLUGIN_NAME@; plugin::Configuration Plugin::Configure() { plugin::Configuration config; config.name = "@PLUGIN_NAMESPACE@::@PLUGIN_NAME@"; config.description = ""; config.version.major = 0; config.version.minor = 1; return config; } bro-aux-0.35/plugin-support/skeleton/Makefile0000664002342100234210000000127712535376152021150 0ustar johannajohanna# # Convenience Makefile providing a few common top-level targets. # cmake_build_dir=build arch=`uname -s | tr A-Z a-z`-`uname -m` all: build-it build-it: @test -e $(cmake_build_dir)/config.status || ./configure -@test -e $(cmake_build_dir)/CMakeCache.txt && \ test $(cmake_build_dir)/CMakeCache.txt -ot `cat $(cmake_build_dir)/CMakeCache.txt | grep BRO_DIST | cut -d '=' -f 2`/build/CMakeCache.txt && \ echo Updating stale CMake cache && \ touch $(cmake_build_dir)/CMakeCache.txt ( cd $(cmake_build_dir) && make ) install: ( cd $(cmake_build_dir) && make install ) clean: ( cd $(cmake_build_dir) && make clean ) distclean: rm -rf $(cmake_build_dir) test: make -C tests bro-aux-0.35/setup.py0000664002342100234210000000000012535376152014345 0ustar johannajohannabro-aux-0.35/config.h.in0000664002342100234210000000133212535376152014667 0ustar johannajohanna/* These autoconf variables are obsolete; it's portable to assume C89 and signal handlers that return void */ #define RETSIGTYPE void #define RETSIGVAL /* Define if you have the `sigaction' function. */ #cmakedefine HAVE_SIGACTION /* Define if you have the `sigset' function. */ #cmakedefine HAVE_SIGSET /* Define if you have the header file. */ #cmakedefine HAVE_MEMORY_H /* Define if you have the `strerror' function. */ #cmakedefine HAVE_STRERROR /* should explicitly declare socket() and friends */ #cmakedefine DO_SOCK_DECL /* Compatibility for Darwin */ #cmakedefine NEED_NAMESER_COMPAT_H /* have os-proto.h */ #cmakedefine HAVE_OS_PROTO_H /* have sin_len field in sockaddr_in */ #cmakedefine SIN_LEN bro-aux-0.35/COPYING0000664002342100234210000000345712535376152013711 0ustar johannajohannaCopyright (c) 1995-2013, The Regents of the University of California through the Lawrence Berkeley National Laboratory and the International Computer Science Institute. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: (1) Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. (2) Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. (3) Neither the name of the University of California, Lawrence Berkeley National Laboratory, U.S. Dept. of Energy, International Computer Science Institute, nor the names of contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Note that some files in the distribution may carry their own copyright notices. bro-aux-0.35/CMakeLists.txt0000664002342100234210000000653212535376152015413 0ustar johannajohannaproject(BroAux C CXX) cmake_minimum_required(VERSION 2.8 FATAL_ERROR) include(cmake/CommonCMakeConfig.cmake) ######################################################################## ## Dependency Configuration include(FindRequiredPackage) FindRequiredPackage(FLEX) FindRequiredPackage(PCAP) FindRequiredPackage(BIND) FindRequiredPackage(OpenSSL) if (MISSING_PREREQS) foreach (prereq ${MISSING_PREREQ_DESCS}) message(SEND_ERROR ${prereq}) endforeach () message(FATAL_ERROR "Configuration aborted due to missing prerequisites") endif () include_directories(BEFORE ${BIND_INCLUDE_DIR} ${PCAP_INCLUDE_DIR} ${OpenSSL_INCLUDE_DIR} ) ######################################################################## ## System Introspection include(CheckHeaders) include(CheckFunctions) include(CheckNameserCompat) include(MiscTests) configure_file(${CMAKE_CURRENT_SOURCE_DIR}/config.h.in ${CMAKE_CURRENT_BINARY_DIR}/config.h) include_directories(BEFORE ${CMAKE_CURRENT_BINARY_DIR}) ######################################################################## ## Recurse on sub-directories # For binary packaging or if this is the main CMake project, go through # the regular install target, else use a custom target so programs # have to be explicitly installed by the user via "make install-aux" macro(AddAuxInstallTarget _target) if (BINARY_PACKAGING_MODE OR "${CMAKE_SOURCE_DIR}" STREQUAL "${PROJECT_SOURCE_DIR}") install(TARGETS ${_target} DESTINATION bin) else () add_custom_target(install-${_target} COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_INSTALL_PREFIX}/bin COMMAND ${CMAKE_COMMAND} -E copy $ ${CMAKE_INSTALL_PREFIX}/bin) add_dependencies(install-${_target} ${_target}) set(AUX_TARGETS install-${_target};${AUX_TARGETS}) set(AUX_TARGETS ${AUX_TARGETS} PARENT_SCOPE) endif () endmacro(AddAuxInstallTarget) if ( NOT BRO_MAN_INSTALL_PATH ) set(BRO_MAN_INSTALL_PATH ${CMAKE_INSTALL_PREFIX}/share/man) endif () add_subdirectory(adtrace) add_subdirectory(bro-cut) add_subdirectory(nftools) add_subdirectory(rst) if (NOT (BINARY_PACKAGING_MODE OR "${CMAKE_SOURCE_DIR}" STREQUAL "${PROJECT_SOURCE_DIR}") ) add_custom_target(install-aux COMMENT "Bro auxiliary tools installed to ${CMAKE_INSTALL_PREFIX}/bin") add_dependencies(install-aux ${AUX_TARGETS}) endif () install(PROGRAMS ${CMAKE_CURRENT_BINARY_DIR}/bro-cut/bro-cut DESTINATION bin) ######################################################################## ## Build Summary if (CMAKE_BUILD_TYPE) string(TOUPPER ${CMAKE_BUILD_TYPE} BuildType) endif () message( "\n==================| Bro-Aux Build Summary |===================" "\n" "\nInstall prefix: ${CMAKE_INSTALL_PREFIX}" "\nDebug mode: ${ENABLE_DEBUG}" "\n" "\nCC: ${CMAKE_C_COMPILER}" "\nCFLAGS: ${CMAKE_C_FLAGS} ${CMAKE_C_FLAGS_${BuildType}}" "\nCXX: ${CMAKE_CXX_COMPILER}" "\nCXXFLAGS: ${CMAKE_CXX_FLAGS} ${CMAKE_CXX_FLAGS_${BuildType}}" "\nCPP: ${CMAKE_CXX_COMPILER}" "\n" "\n================================================================\n" ) include(UserChangedWarning) bro-aux-0.35/cmake/0000775002342100234210000000000012535376153013726 5ustar johannajohannabro-aux-0.35/cmake/FindGooglePerftools.cmake0000664002342100234210000000334312535376153020646 0ustar johannajohanna# - Try to find GooglePerftools headers and libraries # # Usage of this module as follows: # # find_package(GooglePerftools) # # Variables used by this module, they can change the default behaviour and need # to be set before calling find_package: # # GooglePerftools_ROOT_DIR Set this variable to the root installation of # GooglePerftools if the module has problems finding # the proper installation path. # # Variables defined by this module: # # GOOGLEPERFTOOLS_FOUND System has GooglePerftools libs/headers # TCMALLOC_FOUND System has GooglePerftools tcmalloc library # GooglePerftools_LIBRARIES The GooglePerftools libraries # GooglePerftools_LIBRARIES_DEBUG The GooglePerftools libraries for heap checking. # GooglePerftools_INCLUDE_DIR The location of GooglePerftools headers find_path(GooglePerftools_ROOT_DIR NAMES include/google/heap-profiler.h ) find_library(GooglePerftools_LIBRARIES_DEBUG NAMES tcmalloc_and_profiler HINTS ${GooglePerftools_ROOT_DIR}/lib ) find_library(GooglePerftools_LIBRARIES NAMES tcmalloc HINTS ${GooglePerftools_ROOT_DIR}/lib ) find_path(GooglePerftools_INCLUDE_DIR NAMES google/heap-profiler.h HINTS ${GooglePerftools_ROOT_DIR}/include ) include(FindPackageHandleStandardArgs) find_package_handle_standard_args(GooglePerftools DEFAULT_MSG GooglePerftools_LIBRARIES GooglePerftools_LIBRARIES_DEBUG GooglePerftools_INCLUDE_DIR ) find_package_handle_standard_args(tcmalloc DEFAULT_MSG GooglePerftools_LIBRARIES ) mark_as_advanced( GooglePerftools_ROOT_DIR GooglePerftools_LIBRARIES GooglePerftools_LIBRARIES_DEBUG GooglePerftools_INCLUDE_DIR ) bro-aux-0.35/cmake/MiscTests.cmake0000664002342100234210000000201012535376153016637 0ustar johannajohannainclude(CheckCXXSourceCompiles) include(CheckCSourceCompiles) # This autoconf variable is obsolete; it's portable to assume C89 and signal # handlers returning void set(RETSIGTYPE "void") set(RETSIGVAL "") check_c_source_compiles(" #include #include extern int socket(int, int, int); extern int connect(int, const struct sockaddr *, int); extern int send(int, const void *, int, int); extern int recvfrom(int, void *, int, int, struct sockaddr *, int *); int main() { return 0; } " DO_SOCK_DECL) if (DO_SOCK_DECL) message(STATUS "socket() and friends need explicit declaration") endif () check_cxx_source_compiles(" #include #include extern \"C\" { int openlog(const char* ident, int logopt, int facility); int syslog(int priority, const char* message_fmt, ...); int closelog(); } int main() { return 0; } " SYSLOG_INT) if (SYSLOG_INT) message(STATUS "syslog prototypes need declaration") endif () bro-aux-0.35/cmake/ChangeMacInstallNames.cmake0000664002342100234210000000660212535376153021055 0ustar johannajohanna# Calling this macro with the name of a list variable will modify that # list such that any third party libraries that do not come with a # vanilla Mac OS X system will be replaced by an adjusted library that # has an install_name relative to the location of any executable that # links to it. # # Also, it will schedule the modified libraries for installation in a # 'support_libs' subdirectory of the CMAKE_INSTALL_PREFIX. # # The case of third party libraries depending on other third party # libraries is currently not handled by this macro. # # Ex. # # set(libs /usr/lib/libz.dylib # /usr/lib/libssl.dylib # /usr/local/lib/libmagic.dylib # /usr/local/lib/libGeoIP.dylib # /usr/local/lib/somestaticlib.a) # # include(ChangeMacInstallNames) # ChangeMacInstallNames(libs) # # Should result in ${libs} containing: # /usr/lib/libz.dylib # /usr/lib/libssl.dylib # ${CMAKE_BINARY_DIR}/darwin_support_libs/libmagic.dylib # ${CMAKE_BINARY_DIR}/darwin_support_libs/libGeoIP.dylib # /usr/local/lib/somestaticlib.a # # such that we can now do: # # add_executable(some_exe ${srcs}) # target_link_libraries(some_exe ${libs}) # # Any binary packages created from such a build should be self-contained # and provide working installs on vanilla OS X systems. macro(ChangeMacInstallNames libListVar) if (APPLE) find_program(INSTALL_NAME_TOOL install_name_tool) set(MAC_INSTALL_NAME_DEPS) set(SUPPORT_BIN_DIR ${CMAKE_BINARY_DIR}/darwin_support_libs) set(SUPPORT_INSTALL_DIR support_libs) file(MAKE_DIRECTORY ${SUPPORT_BIN_DIR}) foreach (_lib ${${libListVar}}) # only care about install_name for shared libraries that are # not shipped in Apple's vanilla OS X installs string(REGEX MATCH ^/usr/lib/* apple_provided_lib ${_lib}) string(REGEX MATCH dylib$ is_shared_lib ${_lib}) if (NOT apple_provided_lib AND is_shared_lib) get_filename_component(_libname ${_lib} NAME) set(_adjustedLib ${SUPPORT_BIN_DIR}/${_libname}) set(_tmpLib ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/${_libname}) # make a tempory copy so we can adjust permissions configure_file(${_lib} ${_tmpLib} COPYONLY) # copy to build directory with correct write permissions file(COPY ${_tmpLib} DESTINATION ${SUPPORT_BIN_DIR} FILE_PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) # remove the old library from the list provided as macro # argument and add the new library with modified install_name list(REMOVE_ITEM ${libListVar} ${_lib}) list(APPEND ${libListVar} ${_adjustedLib}) # update the install target to install the third party libs # with modified install_name install(FILES ${_adjustedLib} DESTINATION ${SUPPORT_INSTALL_DIR}) # perform the install_name change execute_process(COMMAND install_name_tool -id @executable_path/../${SUPPORT_INSTALL_DIR}/${_libname} ${_adjustedLib}) endif () endforeach () endif () endmacro() bro-aux-0.35/cmake/InstallShellScript.cmake0000664002342100234210000000465212535376153020522 0ustar johannajohanna# Schedules a file to be installed by the 'install' target, but first # transformed by configure_file(... @ONLY) as well as by changing the # shell script's hashbang (#!) line to use the absolute path to the # interpreter in the path of the user running ./configure (or CMake equiv.). # # Hashbangs are not transformed when in binary packaging mode because, # if NMI systems are to be used in creating binary packages, that could # result in picking up a python interpreter in a non-standard location for # a given distro. (NMI tends to install non-essential prerequisite packages # in atypical locations). # # _dstdir: absolute path to the directory in which to install the transformed # source file # _srcfile: path relevant to CMAKE_CURRENT_SOURCE_DIR pointing to the shell # script to install # [_dstfilename]: an optional argument for how to (re)name the file as # it's installed inside _dstdir macro(InstallShellScript _dstdir _srcfile) if (NOT "${ARGN}" STREQUAL "") set(_dstfilename ${ARGN}) else () get_filename_component(_dstfilename ${_srcfile} NAME) endif () set(orig_file ${CMAKE_CURRENT_SOURCE_DIR}/${_srcfile}) set(configed_file ${CMAKE_CURRENT_BINARY_DIR}/${_srcfile}) set(dehashbanged_file ${CMAKE_CURRENT_BINARY_DIR}/${_srcfile}.dehashbanged) configure_file(${orig_file} ${configed_file} @ONLY) file(READ ${configed_file} _srclines) file(WRITE ${dehashbanged_file} "") if (NOT BINARY_PACKAGING_MODE) set(_regex "^#![ ]*/usr/bin/env[ ]+([^\n ]*)") string(REGEX MATCH ${_regex} _match ${_srclines}) if (_match) set(_shell ${CMAKE_MATCH_1}) if (${_shell} STREQUAL "python" AND PYTHON_EXECUTABLE) set(${_shell}_interp ${PYTHON_EXECUTABLE}) else () find_program(${_shell}_interp ${_shell}) endif () if (NOT ${_shell}_interp) message(FATAL_ERROR "Absolute path to interpreter '${_shell}' not found, " "failed to configure shell script: ${orig_file}") endif () string(REGEX REPLACE ${_regex} "#!${${_shell}_interp}" _srclines "${_srclines}") endif () endif () file(WRITE ${dehashbanged_file} "${_srclines}") install(PROGRAMS ${dehashbanged_file} DESTINATION ${_dstdir} RENAME ${_dstfilename}) endmacro(InstallShellScript) bro-aux-0.35/cmake/package_preinstall.sh.in0000775002342100234210000000167212535376153020530 0ustar johannajohanna#!/bin/sh # This script is meant to be used by binary packages pre-installation. # Variables between @ symbols are replaced by CMake at configure time. configFiles="@INSTALLED_CONFIG_FILES@" backupNamesFile=/tmp/bro_install_backups # Checks if a config file exists in a default location and makes a backup # so that a modified version is not clobbered backupFile () { origFile="$1" if [ -e ${origFile} ]; then # choose a file suffix that doesn't already exist ver=1 while [ -e ${origFile}.${ver} ]; do ver=$(( ver + 1 )) done backupFile=${origFile}.${ver} cp -p ${origFile} ${backupFile} # the post upgrade script will check whether the installed # config file actually differs from existing version # and delete unnecessary backups echo "${backupFile}" >> ${backupNamesFile} fi } for file in ${configFiles}; do backupFile "${file}" done bro-aux-0.35/cmake/CheckTypes.cmake0000664002342100234210000000223012535376153016767 0ustar johannajohannainclude(CheckTypeSize) check_type_size("long int" SIZEOF_LONG_INT) check_type_size("long long" SIZEOF_LONG_LONG) check_type_size("void *" SIZEOF_VOID_P) # checks existence of ${_type}, and if it does not, sets CMake variable ${_var} # to alternative type, ${_alt_type} macro(CheckType _type _alt_type _var) # don't perform check if we have a result from a previous CMake run if (NOT HAVE_${_var}) check_type_size(${_type} ${_var}) if (NOT ${_var}) set(${_var} ${_alt_type}) else () unset(${_var}) unset(${_var} CACHE) endif () endif () endmacro(CheckType _type _alt_type _var) set(CMAKE_EXTRA_INCLUDE_FILES sys/types.h) CheckType(int32_t int int32_t) CheckType(u_int32_t u_int u_int32_t) CheckType(u_int16_t u_short u_int16_t) CheckType(u_int8_t u_char u_int8_t) set(CMAKE_EXTRA_INCLUDE_FILES) set(CMAKE_EXTRA_INCLUDE_FILES sys/socket.h) CheckType(socklen_t int socklen_t) set(CMAKE_EXTRA_INCLUDE_FILES) set(CMAKE_EXTRA_INCLUDE_FILES netinet/in.h netinet/ip6.h) check_type_size("struct ip6_opt" IP6_OPT) check_type_size("struct ip6_ext" IP6_EXT) set(CMAKE_EXTRA_INCLUDE_FILES) bro-aux-0.35/cmake/PCAPTests.cmake0000664002342100234210000000353712535376153016506 0ustar johannajohannainclude(CheckFunctionExists) include(CheckSymbolExists) include(CheckCSourceCompiles) include(CheckIncludeFiles) set(CMAKE_REQUIRED_INCLUDES ${PCAP_INCLUDE_DIR}) set(CMAKE_REQUIRED_LIBRARIES ${PCAP_LIBRARY}) check_include_files(pcap-int.h HAVE_PCAP_INT_H) check_function_exists(pcap_freecode HAVE_LIBPCAP_PCAP_FREECODE) if (NOT HAVE_LIBPCAP_PCAP_FREECODE) set(DONT_HAVE_LIBPCAP_PCAP_FREECODE true) message(STATUS "No implementation for pcap_freecode()") endif () check_c_source_compiles(" #include int main () { int snaplen; int linktype; struct bpf_program fp; int optimize; bpf_u_int32 netmask; char str[10]; char error[1024]; snaplen = 50; linktype = DLT_EN10MB; optimize = 1; netmask = 0L; str[0] = 'i'; str[1] = 'p'; str[2] = '\\\\0'; (void)pcap_compile_nopcap( snaplen, linktype, &fp, str, optimize, netmask, &error); return 0; } " LIBPCAP_PCAP_COMPILE_NOPCAP_HAS_ERROR_PARAMETER) if (NOT LIBPCAP_PCAP_COMPILE_NOPCAP_HAS_ERROR_PARAMETER) # double check check_c_source_compiles(" #include int main () { int snaplen; int linktype; struct bpf_program fp; int optimize; bpf_u_int32 netmask; char str[10]; snaplen = 50; linktype = DLT_EN10MB; optimize = 1; netmask = 0L; str[0] = 'i'; str[1] = 'p'; str[2] = '\\\\0'; (void)pcap_compile_nopcap(snaplen, linktype, &fp, str, optimize, netmask); return 0; } " LIBPCAP_PCAP_COMPILE_NOPCAP_NO_ERROR_PARAMETER) if (NOT LIBPCAP_PCAP_COMPILE_NOPCAP_NO_ERROR_PARAMETER) message(FATAL_ERROR "Can't determine if pcap_compile_nopcap takes an error parameter") endif () endif () check_symbol_exists(DLT_PPP_SERIAL pcap.h HAVE_DLT_PPP_SERIAL) if (NOT HAVE_DLT_PPP_SERIAL) set(DLT_PPP_SERIAL 50) endif () set(CMAKE_REQUIRED_INCLUDES) set(CMAKE_REQUIRED_LIBRARIES) bro-aux-0.35/cmake/FindFLEX.cmake0000664002342100234210000001633012535376153016272 0ustar johannajohanna# - Find flex executable and provides a macro to generate custom build rules # # The module defines the following variables: # FLEX_FOUND - true is flex executable is found # FLEX_EXECUTABLE - the path to the flex executable # FLEX_VERSION - the version of flex # FLEX_LIBRARIES - The flex libraries # # The minimum required version of flex can be specified using the # standard syntax, e.g. FIND_PACKAGE(FLEX 2.5.13) # # # If flex is found on the system, the module provides the macro: # FLEX_TARGET(Name FlexInput FlexOutput [COMPILE_FLAGS ]) # which creates a custom command to generate the file from # the file. If COMPILE_FLAGS option is specified, the next # parameter is added to the flex command line. Name is an alias used to # get details of this custom command. Indeed the macro defines the # following variables: # FLEX_${Name}_DEFINED - true is the macro ran successfully # FLEX_${Name}_OUTPUTS - the source file generated by the custom rule, an # alias for FlexOutput # FLEX_${Name}_INPUT - the flex source file, an alias for ${FlexInput} # # Flex scanners oftenly use tokens defined by Bison: the code generated # by Flex depends of the header generated by Bison. This module also # defines a macro: # ADD_FLEX_BISON_DEPENDENCY(FlexTarget BisonTarget) # which adds the required dependency between a scanner and a parser # where and are the first parameters of # respectively FLEX_TARGET and BISON_TARGET macros. # # ==================================================================== # Example: # # find_package(BISON) # find_package(FLEX) # # BISON_TARGET(MyParser parser.y ${CMAKE_CURRENT_BINARY_DIR}/parser.cpp) # FLEX_TARGET(MyScanner lexer.l ${CMAKE_CURRENT_BIANRY_DIR}/lexer.cpp) # ADD_FLEX_BISON_DEPENDENCY(MyScanner MyParser) # # include_directories(${CMAKE_CURRENT_BINARY_DIR}) # add_executable(Foo # Foo.cc # ${BISON_MyParser_OUTPUTS} # ${FLEX_MyScanner_OUTPUTS} # ) # ==================================================================== #============================================================================= # Copyright 2009 Kitware, Inc. # Copyright 2006 Tristan Carel # Modified 2010 by Jon Siwek, backporting for CMake 2.6 compat # # Distributed under the OSI-approved BSD License (the "License"): # CMake - Cross Platform Makefile Generator # Copyright 2000-2009 Kitware, Inc., Insight Software Consortium # All rights reserved. # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # * Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # * Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # * Neither the names of Kitware, Inc., the Insight Software Consortium, # nor the names of their contributors may be used to endorse or promote # products derived from this software without specific prior written # permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # This software is distributed WITHOUT ANY WARRANTY; without even the # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # See the License for more information. #============================================================================= FIND_PROGRAM(FLEX_EXECUTABLE flex DOC "path to the flex executable") MARK_AS_ADVANCED(FLEX_EXECUTABLE) FIND_LIBRARY(FL_LIBRARY NAMES fl DOC "path to the fl library") MARK_AS_ADVANCED(FL_LIBRARY) SET(FLEX_LIBRARIES ${FL_LIBRARY}) IF(FLEX_EXECUTABLE) EXECUTE_PROCESS(COMMAND ${FLEX_EXECUTABLE} --version OUTPUT_VARIABLE FLEX_version_output ERROR_VARIABLE FLEX_version_error RESULT_VARIABLE FLEX_version_result OUTPUT_STRIP_TRAILING_WHITESPACE) IF(NOT ${FLEX_version_result} EQUAL 0) IF(FLEX_FIND_REQUIRED) MESSAGE(SEND_ERROR "Command \"${FLEX_EXECUTABLE} --version\" failed with output:\n${FLEX_version_output}\n${FLEX_version_error}") ELSE() MESSAGE("Command \"${FLEX_EXECUTABLE} --version\" failed with output:\n${FLEX_version_output}\n${FLEX_version_error}\nFLEX_VERSION will not be available") ENDIF() ELSE() STRING(REGEX REPLACE "^flex (.*)$" "\\1" FLEX_VERSION "${FLEX_version_output}") ENDIF() #============================================================ # FLEX_TARGET (public macro) #============================================================ # MACRO(FLEX_TARGET Name Input Output) SET(FLEX_TARGET_usage "FLEX_TARGET( [COMPILE_FLAGS ]") IF(${ARGC} GREATER 3) IF(${ARGC} EQUAL 5) IF("${ARGV3}" STREQUAL "COMPILE_FLAGS") SET(FLEX_EXECUTABLE_opts "${ARGV4}") SEPARATE_ARGUMENTS(FLEX_EXECUTABLE_opts) ELSE() MESSAGE(SEND_ERROR ${FLEX_TARGET_usage}) ENDIF() ELSE() MESSAGE(SEND_ERROR ${FLEX_TARGET_usage}) ENDIF() ENDIF() ADD_CUSTOM_COMMAND(OUTPUT ${Output} COMMAND ${FLEX_EXECUTABLE} ARGS ${FLEX_EXECUTABLE_opts} -o${Output} ${Input} DEPENDS ${Input} COMMENT "[FLEX][${Name}] Building scanner with flex ${FLEX_VERSION}" WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) SET(FLEX_${Name}_DEFINED TRUE) SET(FLEX_${Name}_OUTPUTS ${Output}) SET(FLEX_${Name}_INPUT ${Input}) SET(FLEX_${Name}_COMPILE_FLAGS ${FLEX_EXECUTABLE_opts}) ENDMACRO(FLEX_TARGET) #============================================================ #============================================================ # ADD_FLEX_BISON_DEPENDENCY (public macro) #============================================================ # MACRO(ADD_FLEX_BISON_DEPENDENCY FlexTarget BisonTarget) IF(NOT FLEX_${FlexTarget}_OUTPUTS) MESSAGE(SEND_ERROR "Flex target `${FlexTarget}' does not exists.") ENDIF() IF(NOT BISON_${BisonTarget}_OUTPUT_HEADER) MESSAGE(SEND_ERROR "Bison target `${BisonTarget}' does not exists.") ENDIF() SET_SOURCE_FILES_PROPERTIES(${FLEX_${FlexTarget}_OUTPUTS} PROPERTIES OBJECT_DEPENDS ${BISON_${BisonTarget}_OUTPUT_HEADER}) ENDMACRO(ADD_FLEX_BISON_DEPENDENCY) #============================================================ ENDIF(FLEX_EXECUTABLE) INCLUDE(FindPackageHandleStandardArgs) FIND_PACKAGE_HANDLE_STANDARD_ARGS(FLEX FLEX_EXECUTABLE FLEX_VERSION) # FindFLEX.cmake ends here bro-aux-0.35/cmake/OSSpecific.cmake0000664002342100234210000000344112535376153016721 0ustar johannajohannaif (${CMAKE_SYSTEM_NAME} MATCHES "FreeBSD") set(bro_LINKER_FLAGS "${bro_LINKER_FLAGS} -rdynamic") elseif (${CMAKE_SYSTEM_NAME} MATCHES "OpenBSD") elseif (${CMAKE_SYSTEM_NAME} MATCHES "Darwin") elseif (${CMAKE_SYSTEM_NAME} MATCHES "Linux") set(HAVE_LINUX true) elseif (${CMAKE_SYSTEM_NAME} MATCHES "Solaris") set(SOCKET_LIBS nsl socket) elseif (${CMAKE_SYSTEM_NAME} MATCHES "osf") # Workaround ip_hl vs. ip_vhl problem in netinet/ip.h add_definitions(-D__STDC__=2) elseif (${CMAKE_SYSTEM_NAME} MATCHES "irix") list(APPEND CMAKE_C_FLAGS -xansi -signed -g3) list(APPEND CMAKE_CXX_FLAGS -xansi -signed -g3) elseif (${CMAKE_SYSTEM_NAME} MATCHES "ultrix") list(APPEND CMAKE_C_FLAGS -std1 -g3) list(APPEND CMAKE_CXX_FLAGS -std1 -g3) include(CheckCSourceCompiles) check_c_source_compiles(" #include int main() { void c(const struct a *); return 0; } " have_ultrix_const) if (NOT have_ultrix_const) set(NEED_ULTRIX_CONST_HACK true) endif () elseif (${CMAKE_SYSTEM_NAME} MATCHES "hpux" OR ${CMAKE_SYSTEM_NAME} MATCHES "HP-UX") include(CheckCSourceCompiles) set(CMAKE_REQUIRED_FLAGS -Aa) set(CMAKE_REQUIRED_DEFINITIONS -D_HPUX_SOURCE) check_c_source_compiles(" #include int main() { int frob(int, char *); return 0; } " have_ansi_prototypes) set(CMAKE_REQUIRED_FLAGS) set(CMAKE_REQUIRED_DEFINITIONS) if (have_ansi_prototypes) add_definitions(-D_HPUX_SOURCE) list(APPEND CMAKE_C_FLAGS -Aa) list(APPEND CMAKE_CXX_FLAGS -Aa) endif () if (NOT have_ansi_prototypes) message(FATAL_ERROR "Can't get HPUX compiler to handle ANSI prototypes") endif () endif () bro-aux-0.35/cmake/FindBinPAC.cmake0000664002342100234210000000244012535376153016565 0ustar johannajohanna# - Try to find BinPAC binary and library # # Usage of this module as follows: # # find_package(BinPAC) # # Variables used by this module, they can change the default behaviour and need # to be set before calling find_package: # # BinPAC_ROOT_DIR Set this variable to the root installation of # BinPAC if the module has problems finding the # proper installation path. # # Variables defined by this module: # # BINPAC_FOUND System has BinPAC binary and library # BinPAC_EXE The binpac executable # BinPAC_LIBRARY The libbinpac.a library # BinPAC_INCLUDE_DIR The binpac headers # look for BinPAC in standard locations or user-provided root find_path(BinPAC_ROOT_DIR NAMES include/binpac.h ) find_file(BinPAC_EXE NAMES binpac HINTS ${BinPAC_ROOT_DIR}/bin ) find_library(BinPAC_LIBRARY NAMES libbinpac.a HINTS ${BinPAC_ROOT_DIR}/lib ) find_path(BinPAC_INCLUDE_DIR NAMES binpac.h HINTS ${BinPAC_ROOT_DIR}/include ) include(FindPackageHandleStandardArgs) find_package_handle_standard_args(BinPAC DEFAULT_MSG BinPAC_EXE BinPAC_LIBRARY BinPAC_INCLUDE_DIR ) mark_as_advanced( BinPAC_ROOT_DIR BinPAC_EXE BinPAC_LIBRARY BinPAC_INCLUDE_DIR ) bro-aux-0.35/cmake/BroPluginDynamic.cmake0000664002342100234210000002317112535376153020142 0ustar johannajohanna## A set of functions for defining Bro plugins. ## ## This set is for plugins compiled dynamically for loading at run-time. ## See BroPluginsStatic.cmake for the static version. ## ## Note: This is meant to run as a standalone CMakeLists.txt. It sets ## up all the basic infrastructure to compile a dynamic Bro plugin when ## included from its top-level CMake file. if ( NOT BRO_PLUGIN_INTERNAL_BUILD ) include(${BRO_DIST}/cmake/CommonCMakeConfig.cmake) if ( NOT BRO_DIST ) message(FATAL_ERROR "BRO_DIST not set") endif () if ( NOT EXISTS "${BRO_DIST}/build/CMakeCache.txt" ) message(FATAL_ERROR "${BRO_DIST}/build/CMakeCache.txt; has Bro been built?") endif () load_cache("${BRO_DIST}/build" READ_WITH_PREFIX bro_cache_ CMAKE_INSTALL_PREFIX Bro_BINARY_DIR Bro_SOURCE_DIR ENABLE_DEBUG BRO_PLUGIN_INSTALL_PATH BRO_EXE_PATH CMAKE_CXX_FLAGS CMAKE_C_FLAGS) if ( NOT BRO_PLUGIN_BASE ) set(BRO_PLUGIN_BASE "${CMAKE_CURRENT_SOURCE_DIR}" CACHE INTERNAL "" FORCE) endif () set(BRO_PLUGIN_SCRIPTS "${CMAKE_CURRENT_BINARY_DIR}/scripts" CACHE INTERNAL "" FORCE) set(BRO_PLUGIN_SCRIPTS_SRC "${BRO_PLUGIN_BASE}/scripts" CACHE INTERNAL "" FORCE) set(BRO_PLUGIN_BUILD "${CMAKE_CURRENT_BINARY_DIR}" CACHE INTERNAL "" FORCE) set(BRO_PLUGIN_LIB "${BRO_PLUGIN_BUILD}/lib" CACHE INTERNAL "" FORCE) set(BRO_PLUGIN_BIF "${BRO_PLUGIN_LIB}/bif" CACHE INTERNAL "" FORCE) set(BRO_PLUGIN_MAGIC "${BRO_PLUGIN_BUILD}/__bro_plugin__" CACHE INTERNAL "" FORCE) set(BRO_PLUGIN_README "${BRO_PLUGIN_BASE}/README" CACHE INTERNAL "" FORCE) set(BRO_PLUGIN_BRO_PLUGIN_INSTALL_PATH "${BRO_PLUGIN_INSTALL_ROOT}" CACHE INTERNAL "" FORCE) if ( NOT BRO_PLUGIN_BRO_PLUGIN_INSTALL_PATH ) set(BRO_PLUGIN_BRO_PLUGIN_INSTALL_PATH "${bro_cache_BRO_PLUGIN_INSTALL_PATH}" CACHE INTERNAL "" FORCE) endif () set(BRO_PLUGIN_BRO_INSTALL_PREFIX "${bro_cache_CMAKE_INSTALL_PREFIX}" CACHE INTERNAL "" FORCE) set(BRO_PLUGIN_BRO_SRC "${bro_cache_Bro_SOURCE_DIR}" CACHE INTERNAL "" FORCE) set(BRO_PLUGIN_BRO_BUILD "${bro_cache_Bro_BINARY_DIR}" CACHE INTERNAL "" FORCE) set(BRO_PLUGIN_BRO_EXE_PATH "${bro_cache_BRO_EXE_PATH}" CACHE INTERNAL "" FORCE) set(BRO_PLUGIN_BRO_CXX_FLAGS "${bro_cache_CMAKE_CXX_FLAGS}" CACHE INTERNAL "" FORCE) set(BRO_PLUGIN_BRO_C_FLAGS "${bro_cache_CMAKE_C_FLAGS}" CACHE INTERNAL "" FORCE) set(BRO_PLUGIN_ENABLE_DEBUG "${bro_cache_ENABLE_DEBUG}" CACHE INTERNAL "" FORCE) set(BRO_PLUGIN_INTERNAL_BUILD false CACHE INTERNAL "" FORCE) set(BRO_PLUGIN_BUILD_DYNAMIC true CACHE INTERNAL "" FORCE) message(STATUS "Bro executable : ${BRO_PLUGIN_BRO_EXE_PATH}") message(STATUS "Bro source : ${BRO_PLUGIN_BRO_SRC}") message(STATUS "Bro build : ${BRO_PLUGIN_BRO_BUILD}") message(STATUS "Bro install prefix : ${BRO_PLUGIN_BRO_INSTALL_PREFIX}") message(STATUS "Bro plugin directory: ${BRO_PLUGIN_BRO_PLUGIN_INSTALL_PATH}") message(STATUS "Bro debug mode : ${BRO_PLUGIN_ENABLE_DEBUG}") set(CMAKE_MODULE_PATH ${BRO_PLUGIN_BASE}/cmake ${CMAKE_MODULE_PATH}) set(CMAKE_MODULE_PATH ${BRO_PLUGIN_BRO_SRC}/cmake ${CMAKE_MODULE_PATH}) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${BRO_PLUGIN_BRO_C_FLAGS}") set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${BRO_PLUGIN_BRO_CXX_FLAGS}") if (${CMAKE_SYSTEM_NAME} MATCHES "Darwin") # By default Darwin's linker requires all symbols to be present at link time. set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -undefined dynamic_lookup -Wl,-bind_at_load") endif () include_directories(BEFORE ${BRO_PLUGIN_BRO_SRC}/src ${BRO_PLUGIN_BRO_SRC}/aux/binpac/lib ${BRO_PLUGIN_BRO_BUILD} ${BRO_PLUGIN_BRO_BUILD}/src ${BRO_PLUGIN_BRO_BUILD}/aux/binpac/lib ${CMAKE_CURRENT_BINARY_DIR} ${CMAKE_CURRENT_BINARY_DIR}/src ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR}/src ) set(ENV{PATH} "${BRO_PLUGIN_BRO_BUILD}/build/src:$ENV{PATH}") set(bro_PLUGIN_LIBS CACHE INTERNAL "plugin libraries" FORCE) set(bro_PLUGIN_BIF_SCRIPTS CACHE INTERNAL "Bro script stubs for BIFs in Bro plugins" FORCE) add_definitions(-DBRO_PLUGIN_INTERNAL_BUILD=false) add_custom_target(generate_outputs) if ( BRO_PLUGIN_ENABLE_DEBUG ) set(ENABLE_DEBUG true) set(CMAKE_BUILD_TYPE Debug) endif () include(SetDefaultCompileFlags) else () set(BRO_PLUGIN_BASE "${CMAKE_CURRENT_BINARY_DIR}" CACHE INTERNAL "" FORCE) set(BRO_PLUGIN_LIB "${CMAKE_CURRENT_BINARY_DIR}/lib" CACHE INTERNAL "" FORCE) set(BRO_PLUGIN_BIF "${BRO_PLUGIN_LIB}/bif" CACHE INTERNAL "" FORCE) set(BRO_PLUGIN_MAGIC "${BRO_PLUGIN_BASE}/__bro_plugin__" CACHE INTERNAL "" FORCE) set(BRO_PLUGIN_README "${BRO_PLUGIN_BASE}/README" CACHE INTERNAL "" FORCE) set(BRO_PLUGIN_SCRIPTS "${BRO_PLUGIN_BASE}/scripts" CACHE INTERNAL "" FORCE) set(BRO_PLUGIN_SCRIPTS_SRC "${CMAKE_CURRENT_SOURCE_DIR}/scripts" CACHE INTERNAL "" FORCE) endif () include(GetArchitecture) function(bro_plugin_bif_dynamic) foreach ( bif ${ARGV} ) bif_target(${bif} "plugin" ${_plugin_name} ${_plugin_name_canon} FALSE) list(APPEND _plugin_objs ${BIF_OUTPUT_CC}) list(APPEND _plugin_deps ${BIF_BUILD_TARGET}) set(_plugin_objs "${_plugin_objs}" PARENT_SCOPE) set(_plugin_deps "${_plugin_deps}" PARENT_SCOPE) endforeach () endfunction() function(bro_plugin_link_library_dynamic) foreach ( lib ${ARGV} ) set(_plugin_libs ${_plugin_libs} ${lib} CACHE INTERNAL "dynamic plugin libraries") endforeach () endfunction() function(bro_plugin_end_dynamic) # Create the dynamic library/bundle. add_library(${_plugin_lib} MODULE ${_plugin_objs}) set_target_properties(${_plugin_lib} PROPERTIES LIBRARY_OUTPUT_DIRECTORY "${BRO_PLUGIN_LIB}") set_target_properties(${_plugin_lib} PROPERTIES PREFIX "") # set_target_properties(${_plugin_lib} PROPERTIES ENABLE_EXPORTS TRUE) add_dependencies(${_plugin_lib} generate_outputs) if ( _plugin_deps ) add_dependencies(${_plugin_lib} ${_plugin_deps}) endif() target_link_libraries(${_plugin_lib} ${_plugin_libs}) # Copy bif/*.bro. string(REPLACE "${BRO_PLUGIN_BASE}/" "" msg "Creating ${BRO_PLUGIN_BIF} for ${_plugin_name}") add_custom_target(copy-bif-${_plugin_name_canon} COMMAND "${CMAKE_COMMAND}" -E copy_directory ${CMAKE_CURRENT_BINARY_DIR}/bif ${BRO_PLUGIN_BIF} COMMENT "${msg}") # Create bif/__init__.bro. bro_bif_create_loader(bif-init-${_plugin_name_canon} "${bro_PLUGIN_BIF_SCRIPTS}") # Copy scripts/ if it's not already at the right place inside the # plugin directory. (Actually, we create a symbolic link rather # than copy so that edits to the scripts show up immediately.) if ( NOT "${BRO_PLUGIN_SCRIPTS_SRC}" STREQUAL "${BRO_PLUGIN_SCRIPTS}" ) add_custom_target(copy-scripts-${_plugin_name_canon} # COMMAND "${CMAKE_COMMAND}" -E remove_directory ${BRO_PLUGIN_SCRIPTS} # COMMAND "${CMAKE_COMMAND}" -E copy_directory ${BRO_PLUGIN_SCRIPTS_SRC} ${BRO_PLUGIN_SCRIPTS}) COMMAND test -d ${BRO_PLUGIN_SCRIPTS_SRC} && rm -f ${BRO_PLUGIN_SCRIPTS} && ln -s ${BRO_PLUGIN_SCRIPTS_SRC} ${BRO_PLUGIN_SCRIPTS} || true) add_dependencies(${_plugin_lib} copy-scripts-${_plugin_name_canon}) endif() if ( _plugin_deps ) add_dependencies(bif-init-${_plugin_name_canon} ${_plugin_deps}) add_dependencies(copy-bif-${_plugin_name_canon} ${_plugin_deps}) add_dependencies(bif-init-${_plugin_name_canon} copy-bif-${_plugin_name_canon}) add_dependencies(${_plugin_lib} bif-init-${_plugin_name_canon} copy-bif-${_plugin_name_canon}) endif() # Create __bro_plugin__ # string(REPLACE "${BRO_PLUGIN_BASE}/" "" msg "Creating ${BRO_PLUGIN_MAGIC} for ${_plugin_name}") add_custom_target(bro-plugin-${_plugin_name_canon} COMMAND echo "${_plugin_name}" ">${BRO_PLUGIN_MAGIC}" COMMENT "${msg}") if ( _plugin_deps ) add_dependencies(bro-plugin-${_plugin_name_canon} ${_plugin_deps}) endif() add_dependencies(${_plugin_lib} bro-plugin-${_plugin_name_canon}) # Create binary install package. add_custom_command(TARGET ${_plugin_lib} POST_BUILD COMMAND ${BRO_PLUGIN_BRO_SRC}/cmake/bro-plugin-create-package.sh ${_plugin_name_canon} ${_plugin_dist} WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} DEPENDS ${_plugin_lib} COMMENT "Building binary plugin package") set_directory_properties(PROPERTIES ADDITIONAL_MAKE_CLEAN_FILES ${BRO_PLUGIN_BIF}) set_directory_properties(PROPERTIES ADDITIONAL_MAKE_CLEAN_FILES ${BRO_PLUGIN_LIB}) set_directory_properties(PROPERTIES ADDITIONAL_MAKE_CLEAN_FILES ${BRO_PLUGIN_MAGIC}) ### Plugin installation. set(plugin_install "${BRO_PLUGIN_BRO_PLUGIN_INSTALL_PATH}/${_plugin_name_canon}") INSTALL(CODE "execute_process( COMMAND ${BRO_PLUGIN_BRO_SRC}/cmake/bro-plugin-install-package.sh ${_plugin_name_canon} ${BRO_PLUGIN_BRO_PLUGIN_INSTALL_PATH} WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} )") endfunction() macro(_plugin_target_name_dynamic target ns name) set(${target} "${ns}-${name}.${HOST_ARCHITECTURE}") endmacro() bro-aux-0.35/cmake/cmake_uninstall.cmake.in0000664002342100234210000000221112535376153020502 0ustar johannajohannafunction(uninstall_manifest manifestPath) file(READ "${manifestPath}" files) string(REGEX REPLACE "\n" ";" files "${files}") foreach (file ${files}) set(fileName $ENV{DESTDIR}${file}) if (EXISTS "${fileName}" OR IS_SYMLINK "${fileName}") message(STATUS "Uninstalling: ${fileName}") execute_process( COMMAND "@CMAKE_COMMAND@" -E remove "${fileName}" OUTPUT_VARIABLE rm_out RESULT_VARIABLE rm_retval ) if (NOT ${rm_retval} EQUAL 0) message(FATAL_ERROR "Problem when removing: ${fileName}") endif () else () message(STATUS "Does not exist: ${fileName}") endif () endforeach () endfunction(uninstall_manifest) file(GLOB install_manifests @CMAKE_CURRENT_BINARY_DIR@/install_manifest*.txt) if (install_manifests) foreach (manifest ${install_manifests}) uninstall_manifest(${manifest}) endforeach () else () message(FATAL_ERROR "Cannot find any install manifests in: " "\"@CMAKE_CURRENT_BINARY_DIR@/install_manifest*.txt\"") endif () bro-aux-0.35/cmake/BroPluginCommon.cmake0000664002342100234210000000555412535376153020013 0ustar johannajohanna## A set of functions for defining Bro plugins. ## ## This set is used by both static and dynamic plugins via ## BroPluginsStatic and BroPluginsDynamic, respectively. include(BifCl) include(BinPAC) # Begins a plugin definition, giving its namespace and name as the arguments. function(bro_plugin_begin ns name) _plugin_target_name(target "${ns}" "${name}") set(_plugin_lib "${target}" PARENT_SCOPE) set(_plugin_name "${ns}::${name}" PARENT_SCOPE) set(_plugin_name_canon "${ns}_${name}" PARENT_SCOPE) set(_plugin_ns "${ns}" PARENT_SCOPE) set(_plugin_objs "" PARENT_SCOPE) set(_plugin_deps "" PARENT_SCOPE) set(_plugin_dist "" PARENT_SCOPE) endfunction() # Adds *.cc files to a plugin. function(bro_plugin_cc) list(APPEND _plugin_objs ${ARGV}) set(_plugin_objs "${_plugin_objs}" PARENT_SCOPE) endfunction() # Adds a *.pac file to a plugin. Further *.pac files may given that # it depends on. function(bro_plugin_pac) binpac_target(${ARGV}) list(APPEND _plugin_objs ${BINPAC_OUTPUT_CC}) list(APPEND _plugin_deps ${BINPAC_BUILD_TARGET}) set(_plugin_objs "${_plugin_objs}" PARENT_SCOPE) set(_plugin_deps "${_plugin_deps}" PARENT_SCOPE) endfunction() # Add an additional object file to the plugin's library. function(bro_plugin_obj) foreach ( bif ${ARGV} ) list(APPEND _plugin_objs ${bif}) set(_plugin_objs "${_plugin_objs}" PARENT_SCOPE) endforeach () endfunction() # Add additional files that should be included into the binary plugin distribution. # Ignored for static plugins. macro(bro_plugin_dist_files) foreach ( file ${ARGV} ) list(APPEND _plugin_dist ${file}) # Don't need this here, and generates an error that # there is not parent scope. Not sure why it does that # here but not for other macros doing something similar. # set(_plugin_dist "${_plugin_dist}" PARENT_SCOPE) endforeach () endmacro() # Link an additional library to the plugin's library. function(bro_plugin_link_library) if ( BRO_PLUGIN_BUILD_DYNAMIC ) bro_plugin_link_library_dynamic(${ARGV}) else () bro_plugin_link_library_static(${ARGV}) endif () endfunction() # Adds *.bif files to a plugin. macro(bro_plugin_bif) if ( BRO_PLUGIN_BUILD_DYNAMIC ) bro_plugin_bif_dynamic(${ARGV}) else () bro_plugin_bif_static(${ARGV}) endif () endmacro() # Ends a plugin definition. macro(bro_plugin_end) if ( BRO_PLUGIN_BUILD_DYNAMIC ) bro_plugin_end_dynamic(${ARGV}) else () bro_plugin_end_static(${ARGV}) endif () endmacro() # Internal macro to create a unique target name for a plugin. macro(_plugin_target_name target ns name) if ( BRO_PLUGIN_BUILD_DYNAMIC ) _plugin_target_name_dynamic(${ARGV}) else () _plugin_target_name_static(${ARGV}) endif () endmacro() bro-aux-0.35/cmake/OpenSSLTests.cmake0000664002342100234210000000401112535376153017232 0ustar johannajohannainclude(CheckCSourceCompiles) include(CheckCXXSourceCompiles) set(CMAKE_REQUIRED_LIBRARIES ${OpenSSL_LIBRARIES}) set(CMAKE_REQUIRED_INCLUDES ${OpenSSL_INCLUDE_DIR}) check_c_source_compiles(" #include int main() { return 0; } " including_ssl_h_works) if (NOT including_ssl_h_works) # On Red Hat we may need to include Kerberos header. set(CMAKE_REQUIRED_INCLUDES ${OpenSSL_INCLUDE_DIR} /usr/kerberos/include) check_c_source_compiles(" #include #include int main() { return 0; } " NEED_KRB5_H) set(CMAKE_REQUIRED_INCLUDES ${OpenSSL_INCLUDE_DIR}) if (NOT NEED_KRB5_H) message(FATAL_ERROR "OpenSSL test failure. See CmakeError.log for details.") else () message(STATUS "OpenSSL requires Kerberos header") include_directories("/usr/kerberos/include") endif () endif () # check for OPENSSL_add_all_algorithms_conf function # and thus OpenSSL >= v0.9.7 check_c_source_compiles(" #include int main() { OPENSSL_add_all_algorithms_conf(); return 0; } " openssl_greater_than_0_9_7) if (NOT openssl_greater_than_0_9_7) message(FATAL_ERROR "OpenSSL >= v0.9.7 required") endif () check_cxx_source_compiles(" #include int main() { const unsigned char** cpp = 0; X509** x =0; d2i_X509(x, cpp, 0); return 0; } " OPENSSL_D2I_X509_USES_CONST_CHAR) if (NOT OPENSSL_D2I_X509_USES_CONST_CHAR) # double check that it compiles without const check_cxx_source_compiles(" #include int main() { unsigned char** cpp = 0; X509** x =0; d2i_X509(x, cpp, 0); return 0; } " OPENSSL_D2I_X509_USES_CHAR) if (NOT OPENSSL_D2I_X509_USES_CHAR) message(FATAL_ERROR "Can't determine if openssl_d2i_x509() takes const char parameter") endif () endif () set(CMAKE_REQUIRED_INCLUDES) set(CMAKE_REQUIRED_LIBRARIES) bro-aux-0.35/cmake/MAC_PACKAGE_INTRO0000664002342100234210000000124712535376153016343 0ustar johannajohannaThis package will install @CMAKE_PROJECT_NAME@ into the following location: @CMAKE_INSTALL_PREFIX@ You may choose to update your PATH environment variable: # For Bash export PATH=@CMAKE_INSTALL_PREFIX@/bin:$PATH # For CSH setenv PATH @CMAKE_INSTALL_PREFIX@/bin:$PATH If you have more than one volume, please choose the install destination as the one that contains the root filesystem. If you have existing configuration files that are modified or otherwise different from the version included in the package, this installer will attempt to prevent overwirting them, but its also advisable to make your own backups of important files before proceeding. bro-aux-0.35/cmake/README0000664002342100234210000000021112535376153014600 0ustar johannajohannaThis is a collection of CMake scripts intended to be included as a git submodule in other repositories related to Bro (www.bro-ids.org). bro-aux-0.35/cmake/FindCapstats.cmake0000664002342100234210000000062512535376153017316 0ustar johannajohanna# - Try to find capstats program # # Usage of this module as follows: # # find_package(Capstats) # # Variables defined by this module: # # CAPSTATS_FOUND capstats binary found # Capstats_EXE path to the capstats executable binary find_program(CAPSTATS_EXE capstats) include(FindPackageHandleStandardArgs) find_package_handle_standard_args(Capstats DEFAULT_MSG CAPSTATS_EXE) bro-aux-0.35/cmake/FindJeMalloc.cmake0000664002342100234210000000217412535376153017223 0ustar johannajohanna# - Try to find jemalloc headers and libraries. # # Usage of this module as follows: # # find_package(JeMalloc) # # Variables used by this module, they can change the default behaviour and need # to be set before calling find_package: # # JEMALLOC_ROOT_DIR Set this variable to the root installation of # jemalloc if the module has problems finding # the proper installation path. # # Variables defined by this module: # # JEMALLOC_FOUND System has jemalloc libs/headers # JEMALLOC_LIBRARIES The jemalloc library/libraries # JEMALLOC_INCLUDE_DIR The location of jemalloc headers find_path(JEMALLOC_ROOT_DIR NAMES include/jemalloc/jemalloc.h ) find_library(JEMALLOC_LIBRARIES NAMES jemalloc HINTS ${JEMALLOC_ROOT_DIR}/lib ) find_path(JEMALLOC_INCLUDE_DIR NAMES jemalloc/jemalloc.h HINTS ${JEMALLOC_ROOT_DIR}/include ) include(FindPackageHandleStandardArgs) find_package_handle_standard_args(JeMalloc DEFAULT_MSG JEMALLOC_LIBRARIES JEMALLOC_INCLUDE_DIR ) mark_as_advanced( JEMALLOC_ROOT_DIR JEMALLOC_LIBRARIES JEMALLOC_INCLUDE_DIR ) bro-aux-0.35/cmake/bro-plugin-install-package.sh0000775002342100234210000000075512535376153021407 0ustar johannajohanna#! /bin/sh # # Helper script to install the tarball with a plugin's binary distribution. # # Called from BroPluginDynamic.cmake. Current directory is the plugin # build directory. if [ $# != 2 ]; then echo "usage: `basename $0` " exit 1 fi dst=$2 if [ ! -d "${dst}" ]; then echo "Error: ${dst} does not exist; has Bro been installed?" exit 1 fi name=$1 tgz=`pwd`/$name.tgz ( cd ${dst} && rm -rf "${name}" && tar xzf ${tgz} ) bro-aux-0.35/cmake/CheckFunctions.cmake0000664002342100234210000000067512535376153017646 0ustar johannajohannainclude(CheckFunctionExists) check_function_exists(getopt_long HAVE_GETOPT_LONG) check_function_exists(mallinfo HAVE_MALLINFO) check_function_exists(strcasestr HAVE_STRCASESTR) check_function_exists(strerror HAVE_STRERROR) check_function_exists(strsep HAVE_STRSEP) check_function_exists(sigset HAVE_SIGSET) if (HAVE_SIGSET) set(SIG_FUNC sigset) else () set(SIG_FUNC signal) check_function_exists(sigaction HAVE_SIGACTION) endif () bro-aux-0.35/cmake/FindPCAP.cmake0000664002342100234210000000443612535376153016263 0ustar johannajohanna# - Try to find libpcap include dirs and libraries # # Usage of this module as follows: # # find_package(PCAP) # # Variables used by this module, they can change the default behaviour and need # to be set before calling find_package: # # PCAP_ROOT_DIR Set this variable to the root installation of # libpcap if the module has problems finding the # proper installation path. # # Variables defined by this module: # # PCAP_FOUND System has libpcap, include and library dirs found # PCAP_INCLUDE_DIR The libpcap include directories. # PCAP_LIBRARY The libpcap library (possibly includes a thread # library e.g. required by pf_ring's libpcap) # HAVE_PF_RING If a found version of libpcap supports PF_RING find_path(PCAP_ROOT_DIR NAMES include/pcap.h ) find_path(PCAP_INCLUDE_DIR NAMES pcap.h HINTS ${PCAP_ROOT_DIR}/include ) find_library(PCAP_LIBRARY NAMES pcap HINTS ${PCAP_ROOT_DIR}/lib ) include(FindPackageHandleStandardArgs) find_package_handle_standard_args(PCAP DEFAULT_MSG PCAP_LIBRARY PCAP_INCLUDE_DIR ) include(CheckCSourceCompiles) set(CMAKE_REQUIRED_LIBRARIES ${PCAP_LIBRARY}) check_c_source_compiles("int main() { return 0; }" PCAP_LINKS_SOLO) set(CMAKE_REQUIRED_LIBRARIES) # check if linking against libpcap also needs to link against a thread library if (NOT PCAP_LINKS_SOLO) find_package(Threads) if (THREADS_FOUND) set(CMAKE_REQUIRED_LIBRARIES ${PCAP_LIBRARY} ${CMAKE_THREAD_LIBS_INIT}) check_c_source_compiles("int main() { return 0; }" PCAP_NEEDS_THREADS) set(CMAKE_REQUIRED_LIBRARIES) endif () if (THREADS_FOUND AND PCAP_NEEDS_THREADS) set(_tmp ${PCAP_LIBRARY} ${CMAKE_THREAD_LIBS_INIT}) list(REMOVE_DUPLICATES _tmp) set(PCAP_LIBRARY ${_tmp} CACHE STRING "Libraries needed to link against libpcap" FORCE) else () message(FATAL_ERROR "Couldn't determine how to link against libpcap") endif () endif () include(CheckFunctionExists) set(CMAKE_REQUIRED_LIBRARIES ${PCAP_LIBRARY}) check_function_exists(pcap_get_pfring_id HAVE_PF_RING) set(CMAKE_REQUIRED_LIBRARIES) mark_as_advanced( PCAP_ROOT_DIR PCAP_INCLUDE_DIR PCAP_LIBRARY ) bro-aux-0.35/cmake/FindBISON.cmake0000664002342100234210000002221512535376153016405 0ustar johannajohanna# - Find bison executable and provides macros to generate custom build rules # The module defines the following variables: # # BISON_EXECUTABLE - path to the bison program # BISON_VERSION - version of bison # BISON_FOUND - true if the program was found # # If bison is found, the module defines the macros: # BISON_TARGET( [VERBOSE ] # [COMPILE_FLAGS ] [HEADER ]) # which will create a custom rule to generate a parser. is # the path to a yacc file. is the name of the source file # generated by bison. A header file containing the token list is also # generated according to bison's -d option by default or if the HEADER # option is used, the argument is passed to bison's --defines option to # specify output file. If COMPILE_FLAGS option is specified, the next # parameter is added in the bison command line. if VERBOSE option is # specified, is created and contains verbose descriptions of the # grammar and parser. The macro defines a set of variables: # BISON_${Name}_DEFINED - true is the macro ran successfully # BISON_${Name}_INPUT - The input source file, an alias for # BISON_${Name}_OUTPUT_SOURCE - The source file generated by bison # BISON_${Name}_OUTPUT_HEADER - The header file generated by bison # BISON_${Name}_OUTPUTS - The sources files generated by bison # BISON_${Name}_COMPILE_FLAGS - Options used in the bison command line # # ==================================================================== # Example: # # find_package(BISON) # BISON_TARGET(MyParser parser.y ${CMAKE_CURRENT_BINARY_DIR}/parser.cpp) # add_executable(Foo main.cpp ${BISON_MyParser_OUTPUTS}) # ==================================================================== #============================================================================= # Copyright 2009 Kitware, Inc. # Copyright 2006 Tristan Carel # Modified 2010 by Jon Siwek, adding HEADER option # # Distributed under the OSI-approved BSD License (the "License"): # CMake - Cross Platform Makefile Generator # Copyright 2000-2009 Kitware, Inc., Insight Software Consortium # All rights reserved. # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # * Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # * Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # * Neither the names of Kitware, Inc., the Insight Software Consortium, # nor the names of their contributors may be used to endorse or promote # products derived from this software without specific prior written # permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # This software is distributed WITHOUT ANY WARRANTY; without even the # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # See the License for more information. #============================================================================= FIND_PROGRAM(BISON_EXECUTABLE bison DOC "path to the bison executable") MARK_AS_ADVANCED(BISON_EXECUTABLE) IF(BISON_EXECUTABLE) EXECUTE_PROCESS(COMMAND ${BISON_EXECUTABLE} --version OUTPUT_VARIABLE BISON_version_output ERROR_VARIABLE BISON_version_error RESULT_VARIABLE BISON_version_result OUTPUT_STRIP_TRAILING_WHITESPACE) IF(NOT ${BISON_version_result} EQUAL 0) MESSAGE(SEND_ERROR "Command \"${BISON_EXECUTABLE} --version\" failed with output:\n${BISON_version_error}") ELSE() STRING(REGEX REPLACE "^bison \\(GNU Bison\\) ([^\n]+)\n.*" "\\1" BISON_VERSION "${BISON_version_output}") ENDIF() # internal macro MACRO(BISON_TARGET_option_verbose Name BisonOutput filename) LIST(APPEND BISON_TARGET_cmdopt "--verbose") GET_FILENAME_COMPONENT(BISON_TARGET_output_path "${BisonOutput}" PATH) GET_FILENAME_COMPONENT(BISON_TARGET_output_name "${BisonOutput}" NAME_WE) ADD_CUSTOM_COMMAND(OUTPUT ${filename} COMMAND ${CMAKE_COMMAND} ARGS -E copy "${BISON_TARGET_output_path}/${BISON_TARGET_output_name}.output" "${filename}" DEPENDS "${BISON_TARGET_output_path}/${BISON_TARGET_output_name}.output" COMMENT "[BISON][${Name}] Copying bison verbose table to ${filename}" WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}) SET(BISON_${Name}_VERBOSE_FILE ${filename}) LIST(APPEND BISON_TARGET_extraoutputs "${BISON_TARGET_output_path}/${BISON_TARGET_output_name}.output") ENDMACRO(BISON_TARGET_option_verbose) # internal macro MACRO(BISON_TARGET_option_extraopts Options) SET(BISON_TARGET_extraopts "${Options}") SEPARATE_ARGUMENTS(BISON_TARGET_extraopts) LIST(APPEND BISON_TARGET_cmdopt ${BISON_TARGET_extraopts}) ENDMACRO(BISON_TARGET_option_extraopts) #============================================================ # BISON_TARGET (public macro) #============================================================ # MACRO(BISON_TARGET Name BisonInput BisonOutput) SET(BISON_TARGET_output_header "") #SET(BISON_TARGET_command_opt "") SET(BISON_TARGET_cmdopt "") SET(BISON_TARGET_outputs "${BisonOutput}") IF(NOT ${ARGC} EQUAL 3 AND NOT ${ARGC} EQUAL 5 AND NOT ${ARGC} EQUAL 7 AND NOT ${ARGC} EQUAL 9) MESSAGE(SEND_ERROR "Usage") ELSE() # Parsing parameters IF(${ARGC} GREATER 5 OR ${ARGC} EQUAL 5) IF("${ARGV3}" STREQUAL "VERBOSE") BISON_TARGET_option_verbose(${Name} ${BisonOutput} "${ARGV4}") ENDIF() IF("${ARGV3}" STREQUAL "COMPILE_FLAGS") BISON_TARGET_option_extraopts("${ARGV4}") ENDIF() IF("${ARGV3}" STREQUAL "HEADER") set(BISON_TARGET_output_header "${ARGV4}") ENDIF() ENDIF() IF(${ARGC} GREATER 7 OR ${ARGC} EQUAL 7) IF("${ARGV5}" STREQUAL "VERBOSE") BISON_TARGET_option_verbose(${Name} ${BisonOutput} "${ARGV6}") ENDIF() IF("${ARGV5}" STREQUAL "COMPILE_FLAGS") BISON_TARGET_option_extraopts("${ARGV6}") ENDIF() IF("${ARGV5}" STREQUAL "HEADER") set(BISON_TARGET_output_header "${ARGV6}") ENDIF() ENDIF() IF(${ARGC} EQUAL 9) IF("${ARGV7}" STREQUAL "VERBOSE") BISON_TARGET_option_verbose(${Name} ${BisonOutput} "${ARGV8}") ENDIF() IF("${ARGV7}" STREQUAL "COMPILE_FLAGS") BISON_TARGET_option_extraopts("${ARGV8}") ENDIF() IF("${ARGV7}" STREQUAL "HEADER") set(BISON_TARGET_output_header "${ARGV8}") ENDIF() ENDIF() IF(BISON_TARGET_output_header) # Header's name passed in as argument to be used in --defines option LIST(APPEND BISON_TARGET_cmdopt "--defines=${BISON_TARGET_output_header}") set(BISON_${Name}_OUTPUT_HEADER ${BISON_TARGET_output_header}) ELSE() # Header's name generated by bison (see option -d) LIST(APPEND BISON_TARGET_cmdopt "-d") STRING(REGEX REPLACE "^(.*)(\\.[^.]*)$" "\\2" _fileext "${ARGV2}") STRING(REPLACE "c" "h" _fileext ${_fileext}) STRING(REGEX REPLACE "^(.*)(\\.[^.]*)$" "\\1${_fileext}" BISON_${Name}_OUTPUT_HEADER "${ARGV2}") ENDIF() LIST(APPEND BISON_TARGET_outputs "${BISON_${Name}_OUTPUT_HEADER}") ADD_CUSTOM_COMMAND(OUTPUT ${BISON_TARGET_outputs} ${BISON_TARGET_extraoutputs} COMMAND ${BISON_EXECUTABLE} ARGS ${BISON_TARGET_cmdopt} -o ${ARGV2} ${ARGV1} DEPENDS ${ARGV1} COMMENT "[BISON][${Name}] Building parser with bison ${BISON_VERSION}" WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) # define target variables SET(BISON_${Name}_DEFINED TRUE) SET(BISON_${Name}_INPUT ${ARGV1}) SET(BISON_${Name}_OUTPUTS ${BISON_TARGET_outputs}) SET(BISON_${Name}_COMPILE_FLAGS ${BISON_TARGET_cmdopt}) SET(BISON_${Name}_OUTPUT_SOURCE "${BisonOutput}") ENDIF(NOT ${ARGC} EQUAL 3 AND NOT ${ARGC} EQUAL 5 AND NOT ${ARGC} EQUAL 7 AND NOT ${ARGC} EQUAL 9) ENDMACRO(BISON_TARGET) # #============================================================ ENDIF(BISON_EXECUTABLE) INCLUDE(FindPackageHandleStandardArgs) FIND_PACKAGE_HANDLE_STANDARD_ARGS(BISON DEFAULT_MSG BISON_EXECUTABLE) # FindBISON.cmake ends here bro-aux-0.35/cmake/FindPyBroccoli.cmake0000664002342100234210000000137512535376153017604 0ustar johannajohanna# - Determine if the Broccoli Python bindings are available # # Usage of this module as follows: # # find_package(PythonInterp REQUIRED) # find_package(PyBroccoli) # # Variables defined by this module: # # PYBROCCOLI_FOUND Python successfully imports broccoli bindings if (NOT PYBROCCOLI_FOUND) execute_process(COMMAND "${PYTHON_EXECUTABLE}" -c "import broccoli" RESULT_VARIABLE PYBROCCOLI_IMPORT_RESULT) if (PYBROCCOLI_IMPORT_RESULT) # python returned non-zero exit status set(BROCCOLI_PYTHON_MODULE false) else () set(BROCCOLI_PYTHON_MODULE true) endif () endif () include(FindPackageHandleStandardArgs) find_package_handle_standard_args(PyBroccoli DEFAULT_MSG BROCCOLI_PYTHON_MODULE) bro-aux-0.35/cmake/BroPlugin.cmake0000664002342100234210000000073312535376153016634 0ustar johannajohanna # Wrapper include file that loads the macros for building a Bro # plugin either statically or dynamically, depending on whether # we're building as part of the main Bro source tree, or externally. if ( BRO_PLUGIN_INTERNAL_BUILD ) if ( "${BRO_PLUGIN_BUILD_DYNAMIC}" STREQUAL "" ) set(BRO_PLUGIN_BUILD_DYNAMIC FALSE) endif() else () set(BRO_PLUGIN_BUILD_DYNAMIC TRUE) endif () include(BroPluginCommon) include(BroPluginStatic) include(BroPluginDynamic) bro-aux-0.35/cmake/FindLibGeoIP.cmake0000664002342100234210000000400412535376153017121 0ustar johannajohanna# - Try to find GeoIP headers and libraries # # Usage of this module as follows: # # find_package(LibGeoIP) # # Variables used by this module, they can change the default behaviour and need # to be set before calling find_package: # # LibGeoIP_ROOT_DIR Set this variable to the root installation of # libGeoIP if the module has problems finding the # proper installation path. # # Variables defined by this module: # # LIBGEOIP_FOUND System has GeoIP libraries and headers # LibGeoIP_LIBRARY The GeoIP library # LibGeoIP_INCLUDE_DIR The location of GeoIP headers # HAVE_GEOIP_COUNTRY_EDITION_V6 Whether the API support IPv6 country edition # HAVE_GEOIP_CITY_EDITION_REV0_V6 Whether the API supports IPv6 city edition find_path(LibGeoIP_ROOT_DIR NAMES include/GeoIPCity.h ) if (${CMAKE_SYSTEM_NAME} MATCHES "Darwin") # the static version of the library is preferred on OS X for the # purposes of making packages (libGeoIP doesn't ship w/ OS X) set(libgeoip_names libGeoIp.a GeoIP) else () set(libgeoip_names GeoIP) endif () find_library(LibGeoIP_LIBRARY NAMES ${libgeoip_names} HINTS ${LibGeoIP_ROOT_DIR}/lib ) find_path(LibGeoIP_INCLUDE_DIR NAMES GeoIPCity.h HINTS ${LibGeoIP_ROOT_DIR}/include ) include(FindPackageHandleStandardArgs) find_package_handle_standard_args(LibGeoIP DEFAULT_MSG LibGeoIP_LIBRARY LibGeoIP_INCLUDE_DIR ) if (LIBGEOIP_FOUND) include(CheckCXXSourceCompiles) set(CMAKE_REQUIRED_INCLUDES ${LibGeoIP_INCLUDE_DIR}) check_cxx_source_compiles(" #include int main() { GEOIP_COUNTRY_EDITION_V6; return 0; } " HAVE_GEOIP_COUNTRY_EDITION_V6) check_cxx_source_compiles(" #include int main() { GEOIP_CITY_EDITION_REV0_V6; return 0; } " HAVE_GEOIP_CITY_EDITION_REV0_V6) set(CMAKE_REQUIRED_INCLUDES) endif () mark_as_advanced( LibGeoIP_ROOT_DIR LibGeoIP_LIBRARY LibGeoIP_INCLUDE_DIR ) bro-aux-0.35/cmake/FindOpenSSL.cmake0000664002342100234210000000302712535376153017016 0ustar johannajohanna# - Try to find openssl include dirs and libraries # # Usage of this module as follows: # # find_package(OpenSSL) # # Variables used by this module, they can change the default behaviour and need # to be set before calling find_package: # # OpenSSL_ROOT_DIR Set this variable to the root installation of # openssl if the module has problems finding the # proper installation path. # # Variables defined by this module: # # OPENSSL_FOUND System has openssl, include and library dirs found # OpenSSL_INCLUDE_DIR The openssl include directories. # OpenSSL_LIBRARIES The openssl libraries. # OpenSSL_CYRPTO_LIBRARY The openssl crypto library. # OpenSSL_SSL_LIBRARY The openssl ssl library. find_path(OpenSSL_ROOT_DIR NAMES include/openssl/ssl.h ) find_path(OpenSSL_INCLUDE_DIR NAMES openssl/ssl.h HINTS ${OpenSSL_ROOT_DIR}/include ) find_library(OpenSSL_SSL_LIBRARY NAMES ssl ssleay32 ssleay32MD HINTS ${OpenSSL_ROOT_DIR}/lib ) find_library(OpenSSL_CRYPTO_LIBRARY NAMES crypto HINTS ${OpenSSL_ROOT_DIR}/lib ) set(OpenSSL_LIBRARIES ${OpenSSL_SSL_LIBRARY} ${OpenSSL_CRYPTO_LIBRARY} CACHE STRING "OpenSSL SSL and crypto libraries" FORCE) include(FindPackageHandleStandardArgs) find_package_handle_standard_args(OpenSSL DEFAULT_MSG OpenSSL_LIBRARIES OpenSSL_INCLUDE_DIR ) mark_as_advanced( OpenSSL_ROOT_DIR OpenSSL_INCLUDE_DIR OpenSSL_LIBRARIES OpenSSL_CRYPTO_LIBRARY OpenSSL_SSL_LIBRARY ) bro-aux-0.35/cmake/BinPAC.cmake0000664002342100234210000000414612535376153015771 0ustar johannajohanna # A macro to define a command that uses the BinPac compiler to # produce C++ code that implements a protocol parser/analyzer. # The outputs are returned in BINPAC_OUTPUT_{CC,H}. # Additional dependencies are pulled from BINPAC_AUXSRC. # # The macro also creates a target that can be used to define depencencies on # the generated files. The name of the target includes a normalized path to # the input pac to make it unique. The target is added automatically to # bro_ALL_GENERATED_OUTPUTS. macro(BINPAC_TARGET pacFile) if ( BRO_PLUGIN_INTERNAL_BUILD ) set(binpacDep "${BinPAC_EXE}") else () set(BinPAC_EXE "${BRO_PLUGIN_BRO_BUILD}/aux/binpac/src/binpac") set(BinPAC_addl_args "-I;${BRO_PLUGIN_BRO_SRC}/src") endif () get_filename_component(basename ${pacFile} NAME_WE) add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${basename}_pac.h ${CMAKE_CURRENT_BINARY_DIR}/${basename}_pac.cc COMMAND ${BinPAC_EXE} ARGS -q -d ${CMAKE_CURRENT_BINARY_DIR} -I ${CMAKE_CURRENT_SOURCE_DIR} -I ${CMAKE_SOURCE_DIR}/src ${BinPAC_addl_args} ${CMAKE_CURRENT_SOURCE_DIR}/${pacFile} DEPENDS ${binpacDep} ${pacFile} ${BINPAC_AUXSRC} ${ARGN} COMMENT "[BINPAC] Processing ${pacFile}" ) set(BINPAC_OUTPUT_H ${CMAKE_CURRENT_BINARY_DIR}/${basename}_pac.h) set(BINPAC_OUTPUT_CC ${CMAKE_CURRENT_BINARY_DIR}/${basename}_pac.cc) set(pacOutputs ${BINPAC_OUTPUT_H} ${BINPAC_OUTPUT_CC}) set(target "pac-${CMAKE_CURRENT_BINARY_DIR}/${pacFile}") string(REGEX REPLACE "${CMAKE_BINARY_DIR}/src/" "" target "${target}") string(REGEX REPLACE "/" "-" target "${target}") add_custom_target(${target} DEPENDS ${pacOutputs}) set(BINPAC_BUILD_TARGET ${target}) set(bro_ALL_GENERATED_OUTPUTS ${bro_ALL_GENERATED_OUTPUTS} ${target} CACHE INTERNAL "automatically generated files" FORCE) # Propagate to top-level. endmacro(BINPAC_TARGET) bro-aux-0.35/cmake/AddUninstallTarget.cmake0000664002342100234210000000067412535376153020470 0ustar johannajohannaif (NOT TARGET uninstall) if ( EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/cmake/cmake_uninstall.cmake.in" ) configure_file("${CMAKE_CURRENT_SOURCE_DIR}/cmake/cmake_uninstall.cmake.in" "${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake" @ONLY) add_custom_target(uninstall COMMAND ${CMAKE_COMMAND} -P ${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake) endif () endif () bro-aux-0.35/cmake/FindBroccoli.cmake0000664002342100234210000000222512535376153017266 0ustar johannajohanna# - Try to find libbroccoli include dirs and libraries # # Usage of this module as follows: # # find_package(Broccoli) # # Variables used by this module, they can change the default behaviour and need # to be set before calling find_package: # # Broccoli_ROOT_DIR Set this variable to the root installation of # libbroccoli if the module has problems finding the # proper installation path. # # Variables defined by this module: # # BROCCOLI_FOUND System has libbroccoli, include and lib dirs found # Broccoli_INCLUDE_DIR The libbroccoli include directories. # Broccoli_LIBRARY The libbroccoli library. find_path(Broccoli_ROOT_DIR NAMES include/broccoli.h ) find_path(Broccoli_INCLUDE_DIR NAMES broccoli.h HINTS ${Broccoli_ROOT_DIR}/include ) find_library(Broccoli_LIBRARY NAMES broccoli HINTS ${Broccoli_ROOT_DIR}/lib ) include(FindPackageHandleStandardArgs) find_package_handle_standard_args(Broccoli DEFAULT_MSG Broccoli_LIBRARY Broccoli_INCLUDE_DIR ) mark_as_advanced( Broccoli_ROOT_DIR Broccoli_INCLUDE_DIR Broccoli_LIBRARY ) bro-aux-0.35/cmake/CheckCompilers.cmake0000664002342100234210000000067012535376153017626 0ustar johannajohanna# Aborts the configuration if no C or C++ compiler is found, depending # on whether a previous call to the project() macro was supplied either # language as a requirement. if (NOT CMAKE_C_COMPILER AND DEFINED CMAKE_C_COMPILER) message(FATAL_ERROR "Could not find prerequisite C compiler") endif () if (NOT CMAKE_CXX_COMPILER AND DEFINED CMAKE_CXX_COMPILER) message(FATAL_ERROR "Could not find prerequisite C++ compiler") endif () bro-aux-0.35/cmake/InstallPackageConfigFile.cmake0000664002342100234210000000527312535376153021547 0ustar johannajohannainclude(InstallClobberImmune) # This macro can be used to install configuration files which # users are expected to modify after installation. It will: # # - If binary packaging is enabled: # Install the file in the typical CMake fashion, but append to the # INSTALLED_CONFIG_FILES cache variable for use with the Mac package's # pre/post install scripts # # - If binary packaging is not enabled: # Install the script in a way such that it will check at `make install` # time whether the file does not exist. See InstallClobberImmune.cmake # # - Always create a target "install-example-configs" which installs an # example version of the config file. # # _srcfile: the absolute path to the file to install # _dstdir: absolute path to the directory in which to install the file # _dstfilename: how to (re)name the file inside _dstdir macro(InstallPackageConfigFile _srcfile _dstdir _dstfilename) set(_dstfile ${_dstdir}/${_dstfilename}) if (BINARY_PACKAGING_MODE) # If packaging mode is enabled, always install the distribution's # version of the file. The Mac package's pre/post install scripts # or native functionality of RPMs will take care of not clobbering it. install(FILES ${_srcfile} DESTINATION ${_dstdir} RENAME ${_dstfilename}) # This cache variable is what the Mac package pre/post install scripts # use to avoid clobbering user-modified config files set(INSTALLED_CONFIG_FILES "${INSTALLED_CONFIG_FILES} ${_dstfile}" CACHE STRING "" FORCE) # Additionally, the Mac PackageMaker packages don't have any automatic # handling of configuration file conflicts so install an example file # that the post install script will cleanup in the case it's extraneous if (APPLE) install(FILES ${_srcfile} DESTINATION ${_dstdir} RENAME ${_dstfilename}.example) endif () else () # Have `make install` check at run time whether the file does not exist InstallClobberImmune(${_srcfile} ${_dstfile}) endif () if (NOT TARGET install-example-configs) add_custom_target(install-example-configs COMMENT "Installed example configuration files") endif () # '/' is invalid in target names, so replace w/ '.' string(REGEX REPLACE "/" "." _flatsrc ${_srcfile}) set(_example ${_dstfile}.example) add_custom_target(install-example-config-${_flatsrc} COMMAND "${CMAKE_COMMAND}" -E copy ${_srcfile} \${DESTDIR}${_example} COMMENT "Installing ${_example}") add_dependencies(install-example-configs install-example-config-${_flatsrc}) endmacro(InstallPackageConfigFile) bro-aux-0.35/cmake/BifCl.cmake0000664002342100234210000002221012535376153015704 0ustar johannajohanna # A macro to define a command that uses the BIF compiler to produce C++ # segments and Bro language declarations from a .bif file. The outputs # are returned in BIF_OUTPUT_{CC,H,BRO}. By default, it runs bifcl in # alternative mode (-a; suitable for standalone compilation). If # an additional parameter "standard" is given, it runs it in standard mode # for inclusion in NetVar.*. If an additional parameter "plugin" is given, # it runs it in plugin mode (-p). In the latter case, one more argument # is required with the plugin's name. # # The macro also creates a target that can be used to define depencencies on # the generated files. The name of the target depends on the mode and includes # a normalized path to the input bif to make it unique. The target is added # automatically to bro_ALL_GENERATED_OUTPUTS. macro(bif_target bifInput) set(target "") get_filename_component(bifInputBasename "${bifInput}" NAME) if ( "${ARGV1}" STREQUAL "standard" ) set(bifcl_args "") set(target "bif-std-${CMAKE_CURRENT_BINARY_DIR}/${bifInputBasename}") set(bifOutputs ${CMAKE_CURRENT_BINARY_DIR}/${bifInputBasename}.func_def ${CMAKE_CURRENT_BINARY_DIR}/${bifInputBasename}.func_h ${CMAKE_CURRENT_BINARY_DIR}/${bifInputBasename}.func_init ${CMAKE_CURRENT_BINARY_DIR}/${bifInputBasename}.netvar_def ${CMAKE_CURRENT_BINARY_DIR}/${bifInputBasename}.netvar_h ${CMAKE_CURRENT_BINARY_DIR}/${bifInputBasename}.netvar_init) set(BIF_OUTPUT_CC ${bifInputBasename}.func_def ${bifInputBasename}.func_init ${bifInputBasename}.netvar_def ${bifInputBasename}.netvar_init) set(BIF_OUTPUT_H ${bifInputBasename}.func_h ${bifInputBasename}.netvar_h) set(BIF_OUTPUT_BRO ${CMAKE_BINARY_DIR}/scripts/base/bif/${bifInputBasename}.bro) set(bro_BASE_BIF_SCRIPTS ${bro_BASE_BIF_SCRIPTS} ${BIF_OUTPUT_BRO} CACHE INTERNAL "Bro script stubs for BIFs in base distribution of Bro" FORCE) # Propogate to top-level elseif ( "${ARGV1}" STREQUAL "plugin" ) set(plugin_name ${ARGV2}) set(plugin_name_canon ${ARGV3}) set(plugin_is_static ${ARGV4}) set(target "bif-plugin-${plugin_name_canon}-${bifInputBasename}") set(bifcl_args "-p;${plugin_name}") set(bifOutputs ${bifInputBasename}.h ${bifInputBasename}.cc ${bifInputBasename}.init.cc ${bifInputBasename}.register.cc) if ( plugin_is_static ) set(BIF_OUTPUT_CC ${bifInputBasename}.cc ${bifInputBasename}.init.cc) set(bro_REGISTER_BIFS ${bro_REGISTER_BIFS} ${CMAKE_CURRENT_BINARY_DIR}/${bifInputBasename} CACHE INTERNAL "BIFs for automatic registering" FORCE) # Propagate to top-level. else () set(BIF_OUTPUT_CC ${bifInputBasename}.cc ${bifInputBasename}.init.cc ${bifInputBasename}.register.cc) endif() set(BIF_OUTPUT_H ${bifInputBasename}.h) if ( NOT BRO_PLUGIN_BUILD_DYNAMIC ) set(BIF_OUTPUT_BRO ${CMAKE_BINARY_DIR}/scripts/base/bif/plugins/${plugin_name_canon}.${bifInputBasename}.bro) else () set(BIF_OUTPUT_BRO ${BRO_PLUGIN_BIF}/${bifInputBasename}.bro) endif() set(bro_PLUGIN_BIF_SCRIPTS ${bro_PLUGIN_BIF_SCRIPTS} ${BIF_OUTPUT_BRO} CACHE INTERNAL "Bro script stubs for BIFs in Bro plugins" FORCE) # Propogate to top-level else () # Alternative mode. These will get compiled in automatically. set(bifcl_args "-s") set(target "bif-alt-${CMAKE_CURRENT_BINARY_DIR}/${bifInputBasename}") set(bifOutputs ${bifInputBasename}.h ${bifInputBasename}.cc ${bifInputBasename}.init.cc) set(BIF_OUTPUT_CC ${bifInputBasename}.cc) set(BIF_OUTPUT_H ${bifInputBasename}.h) # In order be able to run bro from the build directory, the # generated bro script needs to be inside a directory tree # named the same way it will be referenced from an @load. set(BIF_OUTPUT_BRO ${CMAKE_BINARY_DIR}/scripts/base/bif/${bifInputBasename}.bro) set(bro_AUTO_BIFS ${bro_AUTO_BIFS} ${CMAKE_CURRENT_BINARY_DIR}/${bifInputBasename} CACHE INTERNAL "BIFs for automatic inclusion" FORCE) # Propagate to top-level. set(bro_BASE_BIF_SCRIPTS ${bro_BASE_BIF_SCRIPTS} ${BIF_OUTPUT_BRO} CACHE INTERNAL "Bro script stubs for BIFs in base distribution of Bro" FORCE) # Propogate to top-level endif () if ( BRO_PLUGIN_INTERNAL_BUILD ) set(bifclDep "bifcl") endif () if ( BRO_PLUGIN_INTERNAL_BUILD ) set(BifCl_EXE "bifcl") else () set(BifCl_EXE "${BRO_PLUGIN_BRO_BUILD}/src/bifcl") endif () add_custom_command(OUTPUT ${bifOutputs} ${BIF_OUTPUT_BRO} COMMAND ${BifCl_EXE} ARGS ${bifcl_args} ${CMAKE_CURRENT_SOURCE_DIR}/${bifInput} || (rm -f ${bifOutputs} && exit 1) COMMAND "${CMAKE_COMMAND}" ARGS -E copy ${bifInputBasename}.bro ${BIF_OUTPUT_BRO} COMMAND "${CMAKE_COMMAND}" ARGS -E remove -f ${bifInputBasename}.bro DEPENDS ${bifInput} DEPENDS ${bifclDep} COMMENT "[BIFCL] Processing ${bifInput}" ) string(REGEX REPLACE "${CMAKE_BINARY_DIR}/src/" "" target "${target}") string(REGEX REPLACE "/" "-" target "${target}") add_custom_target(${target} DEPENDS ${BIF_OUTPUT_H} ${BIF_OUTPUT_CC}) set_source_files_properties(${bifOutputs} PROPERTIES GENERATED 1) set(BIF_BUILD_TARGET ${target}) set(bro_ALL_GENERATED_OUTPUTS ${bro_ALL_GENERATED_OUTPUTS} ${target} CACHE INTERNAL "automatically generated files" FORCE) # Propagate to top-level. endmacro(bif_target) # A macro to create a __load__.bro file for all *.bif.bro files in # a given collection (which should all be in the same directory). # It creates a corresponding target to trigger the generation. function(bro_bif_create_loader target bifinputs) set(_bif_loader_dir "") foreach ( _bro_file ${bifinputs} ) get_filename_component(_bif_loader_dir_tmp ${_bro_file} PATH) get_filename_component(_bro_file_name ${_bro_file} NAME) if ( _bif_loader_dir ) if ( NOT _bif_loader_dir_tmp STREQUAL _bif_loader_dir ) message(FATAL_ERROR "Directory of Bro script BIF stub ${_bro_file} differs from expected: ${_bif_loader_dir}") endif () else () set(_bif_loader_dir ${_bif_loader_dir_tmp}) endif () set(_bif_loader_content "${_bif_loader_content} ${_bro_file_name}") endforeach () if ( NOT _bif_loader_dir ) return () endif () file(MAKE_DIRECTORY ${_bif_loader_dir}) set(_bif_loader_file ${_bif_loader_dir}/__load__.bro) add_custom_target(${target} COMMAND "sh" "-c" "rm -f ${_bif_loader_file}" COMMAND "sh" "-c" "for i in ${_bif_loader_content}; do echo @load ./$i >> ${_bif_loader_file}; done" WORKING_DIRECTORY ${_bif_loader_dir} VERBATIM ) add_dependencies(${target} generate_outputs) endfunction() # A macro to create joint include files for compiling in all the # autogenerated bif code. function(bro_bif_create_includes target dstdir bifinputs) file(MAKE_DIRECTORY ${dstdir}) add_custom_target(${target} COMMAND "sh" "-c" "rm -f ${dstdir}/__all__.bif.cc.tmp" COMMAND "sh" "-c" "rm -f ${dstdir}/__all__.bif.init.cc.tmp" COMMAND for i in ${bifinputs}\; do echo \\\#include \\"\$\$i.cc\\"\; done >> ${dstdir}/__all__.bif.cc.tmp COMMAND for i in ${bifinputs}\; do echo \\\#include \\"\$\$i.init.cc\\"\; done >> ${dstdir}/__all__.bif.init.cc.tmp COMMAND ${CMAKE_COMMAND} -E copy_if_different "${dstdir}/__all__.bif.cc.tmp" "${dstdir}/__all__.bif.cc" COMMAND ${CMAKE_COMMAND} -E copy_if_different "${dstdir}/__all__.bif.init.cc.tmp" "${dstdir}/__all__.bif.init.cc" COMMAND "sh" "-c" "rm -f ${dstdir}/__all__.bif.cc.tmp" COMMAND "sh" "-c" "rm -f ${dstdir}/__all__.bif.init.cc.tmp" WORKING_DIRECTORY ${dstdir} ) set(clean_files ${dstdir}/__all__.bif.cc ${dstdir}/__all__.bif.init.cc) set_directory_properties(PROPERTIES ADDITIONAL_MAKE_CLEAN_FILES "${clean_files}") endfunction() function(bro_bif_create_register target dstdir bifinputs) file(MAKE_DIRECTORY ${dstdir}) add_custom_target(${target} COMMAND "sh" "-c" "rm -f ${dstdir}/__all__.bif.register.cc.tmp" COMMAND for i in ${bifinputs}\; do echo \\\#include \\"\$\$i.register.cc\\"\; done >> ${dstdir}/__all__.bif.register.cc.tmp COMMAND ${CMAKE_COMMAND} -E copy_if_different "${dstdir}/__all__.bif.register.cc.tmp" "${dstdir}/__all__.bif.register.cc" COMMAND "sh" "-c" "rm -f ${dstdir}/__all__.bif.register.cc.tmp" WORKING_DIRECTORY ${dstdir} ) set(clean_files ${dstdir}/__all__.bif.cc ${dstdir}/__all__.bif.register.cc) set_directory_properties(PROPERTIES ADDITIONAL_MAKE_CLEAN_FILES "${clean_files}") endfunction() bro-aux-0.35/cmake/SetupRPATH.cmake0000664002342100234210000000053012535376153016625 0ustar johannajohanna# Keep RPATH upon installing so that user doesn't have to ensure the linker # can find internal/private libraries or libraries external to the build # directory that were explicitly linked against if (NOT BINARY_PACKAGING_MODE) SET(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE) SET(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/lib") endif () bro-aux-0.35/cmake/CommonCMakeConfig.cmake0000664002342100234210000000036212535376153020210 0ustar johannajohannaset(CMAKE_MODULE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/cmake ${CMAKE_MODULE_PATH}) include(CheckCompilers) include(ProhibitInSourceBuild) include(AddUninstallTarget) include(SetupRPATH) include(SetDefaultCompileFlags) include(MacDependencyPaths) bro-aux-0.35/cmake/FindRequiredPackage.cmake0000664002342100234210000000303712535376153020570 0ustar johannajohanna# A wrapper macro around the standard CMake find_package macro that # facilitates displaying better error messages by default, or even # accepting custom error messages on a per package basis. # # If a package is not found, then the MISSING_PREREQS variable gets # set to true and either a default or custom error message appended # to MISSING_PREREQ_DESCS. # # The caller can use these variables to display a list of any missing # packages and abort the build/configuration if there were any. # # Use as follows: # # include(FindRequiredPackage) # FindRequiredPackage(Perl) # FindRequiredPackage(FLEX "You need to install flex (Fast Lexical Analyzer)") # # if (MISSING_PREREQS) # foreach (prereq ${MISSING_PREREQ_DESCS}) # message(SEND_ERROR ${prereq}) # endforeach () # message(FATAL_ERROR "Configuration aborted due to missing prerequisites") # endif () macro(FindRequiredPackage packageName) find_package(${packageName}) string(TOUPPER ${packageName} canonPackageName) if (NOT ${canonPackageName}_FOUND) set(MISSING_PREREQS true) set(customDesc) foreach (descArg ${ARGN}) set(customDesc "${customDesc} ${descArg}") endforeach () if (customDesc) # append the custom error message that was provided as an argument list(APPEND MISSING_PREREQ_DESCS ${customDesc}) else () list(APPEND MISSING_PREREQ_DESCS " Could not find prerequisite package '${packageName}'") endif () endif () endmacro(FindRequiredPackage) bro-aux-0.35/cmake/CheckOptionalBuildSources.cmake0000664002342100234210000000165012535376153022001 0ustar johannajohanna# A macro that checks whether optional sources exist and if they do, they # are added to the build/install process, else a warning is issued # # _dir: the subdir of the current source dir in which the optional # sources are located # _packageName: a string that identifies the package # _varName: name of the variable indicating whether package is scheduled # to be installed macro(CheckOptionalBuildSources _dir _packageName _varName) if (${_varName}) if (EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/${_dir}/CMakeLists.txt) add_subdirectory(${_dir}) else () message(WARNING "${_packageName} source code does not exist in " "${CMAKE_CURRENT_SOURCE_DIR}/${_dir} " "so it will not be built or installed") set(${_varName} false) endif () endif () endmacro(CheckOptionalBuildSources) bro-aux-0.35/cmake/GetArchitecture.cmake0000664002342100234210000000052712535376153020016 0ustar johannajohanna # Determine a tag for the host architecture (e.g., "linux-x86_64"). # We run uname ourselves here as CMAKE by default uses -p rather than # -m. execute_process(COMMAND uname -m OUTPUT_VARIABLE arch OUTPUT_STRIP_TRAILING_WHITESPACE) set(HOST_ARCHITECTURE "${CMAKE_SYSTEM_NAME}-${arch}") string(TOLOWER ${HOST_ARCHITECTURE} HOST_ARCHITECTURE) bro-aux-0.35/cmake/FindLibcaf.cmake0000664002342100234210000000701212535376153016711 0ustar johannajohanna# Try to find libcaf headers and library. # # Use this module as follows: # # find_package(Libcaf) # # Variables used by this module (they can change the default behaviour and need # to be set before calling find_package): # # LIBCAF_ROOT_DIR Set this variable to the root installation of # libcaf if the module has problems finding # the proper installation path. # # Variables defined by this module: # # LIBCAF_FOUND System has libcaf headers and library # LIBCAF_LIBRARIES List of library files for all components # LIBCAF_INCLUDE_DIRS List of include paths for all components # LIBCAF_LIBRARY_$C Library file for component $C # LIBCAF_INCLUDE_DIR_$C Include path for component $C # iterate over user-defined components foreach (comp ${Libcaf_FIND_COMPONENTS}) # we use uppercase letters only for variable names string(TOUPPER "${comp}" UPPERCOMP) if ("${comp}" STREQUAL "core") set(HDRNAME "caf/all.hpp") else () set(HDRNAME "caf/${comp}/all.hpp") endif () # look for headers: give CMake hints where to find non-installed CAF versions # note that we look for the headers of each component individually: this is # necessary to support non-installed versions of CAF, i.e., accessing the # checked out "actor-framework" directory structure directly set(HDRHINT "actor-framework/libcaf_${comp}") find_path(LIBCAF_INCLUDE_DIR_${UPPERCOMP} NAMES ${HDRNAME} HINTS ${LIBCAF_ROOT_DIR}/include /usr/include /usr/local/include /opt/local/include /sw/include ${CMAKE_INSTALL_PREFIX}/include ../${HDRHINT} ../../${HDRHINT} ../../../${HDRHINT}) mark_as_advanced(LIBCAF_INCLUDE_DIR_${UPPERCOMP}) if ("${LIBCAF_INCLUDE_DIR_${UPPERCOMP}}" STREQUAL "LIBCAF_INCLUDE_DIR_${UPPERCOMP}-NOTFOUND") # exit on first error break () else () # add to LIBCAF_INCLUDE_DIRS only if path isn't already set set(duplicate false) foreach (p ${LIBCAF_INCLUDE_DIRS}) if (${p} STREQUAL ${LIBCAF_INCLUDE_DIR_${UPPERCOMP}}) set(duplicate true) endif () endforeach () if (NOT duplicate) set(LIBCAF_INCLUDE_DIRS ${LIBCAF_INCLUDE_DIRS} ${LIBCAF_INCLUDE_DIR_${UPPERCOMP}}) endif() endif () # look for (.dll|.so|.dylib) file, again giving hints for non-installed CAFs find_library(LIBCAF_LIBRARY_${UPPERCOMP} NAMES "caf_${comp}" HINTS ${LIBCAF_ROOT_DIR}/lib /usr/lib /usr/local/lib /opt/local/lib /sw/lib ${CMAKE_INSTALL_PREFIX}/lib ../actor-framework/build/lib ../../actor-framework/build/lib ../../../actor-framework/build/lib) mark_as_advanced(LIBCAF_LIBRARY_${UPPERCOMP}) if ("${LIBCAF_LIBRARY_${UPPERCOMP}}" STREQUAL "LIBCAF_LIBRARY-NOTFOUND") # exit on first error break () else () set(LIBCAF_LIBRARIES ${LIBCAF_LIBRARIES} ${LIBCAF_LIBRARY_${UPPERCOMP}}) endif () endforeach () # final steps to tell CMake we're done include(FindPackageHandleStandardArgs) find_package_handle_standard_args(Libcaf DEFAULT_MSG LIBCAF_LIBRARIES LIBCAF_INCLUDE_DIRS) mark_as_advanced(LIBCAF_ROOT_DIR LIBCAF_LIBRARIES LIBCAF_INCLUDE_DIRS) bro-aux-0.35/cmake/CheckNameserCompat.cmake0000664002342100234210000000136012535376153020424 0ustar johannajohannainclude(CheckCSourceCompiles) # Check whether the namser compatibility header is required # This can be the case on the Darwin platform set(CMAKE_REQUIRED_INCLUDES ${BIND_INCLUDE_DIR}) check_c_source_compiles(" #include int main() { HEADER *hdr; int d = NS_IN6ADDRSZ; return 0; }" have_nameser_header) if (NOT have_nameser_header) check_c_source_compiles(" #include #include int main() { HEADER *hdr; int d = NS_IN6ADDRSZ; return 0; }" NEED_NAMESER_COMPAT_H) if (NOT NEED_NAMESER_COMPAT_H) message(FATAL_ERROR "Asynchronous DNS support compatibility check failed.") endif () endif () set(CMAKE_REQUIRED_INCLUDES) bro-aux-0.35/cmake/RequireCXX11.cmake0000664002342100234210000000412612535376153017074 0ustar johannajohanna# Detect if compiler version is sufficient for supporting C++11. # If it is, CMAKE_CXX_FLAGS are modified appropriately and HAVE_CXX11 # is set to a true value. Else, CMake exits with a fatal error message. # This currently only works for GCC and Clang compilers. # In Cmake 3.1+, CMAKE_CXX_STANDARD_REQUIRED should be able to replace # all the logic below. if ( DEFINED HAVE_CXX11 ) return() endif () set(required_gcc_version 4.8) set(required_clang_version 3.3) # CMAKE_CXX_COMPILER_VERSION may not always be available (e.g. particularly # for CMakes older than 2.8.10, but use it if it exists. if ( DEFINED CMAKE_CXX_COMPILER_VERSION ) if ( CMAKE_CXX_COMPILER_ID STREQUAL "GNU" ) if ( CMAKE_CXX_COMPILER_VERSION VERSION_LESS ${required_gcc_version} ) message(FATAL_ERROR "GCC version must be at least " "${required_gcc_version} for C++11 support, detected: " "${CMAKE_CXX_COMPILER_VERSION}") endif () elseif ( CMAKE_CXX_COMPILER_ID STREQUAL "Clang" ) if ( CMAKE_CXX_COMPILER_VERSION VERSION_LESS ${required_clang_version} ) message(FATAL_ERROR "Clang version must be at least " "${required_clang_version} for C++11 support, detected: " "${CMAKE_CXX_COMPILER_VERSION}") endif () endif () set(HAVE_CXX11 true) set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11") return() endif () # Need to manually retrieve compiler version. if ( CMAKE_CXX_COMPILER_ID STREQUAL "GNU" ) execute_process(COMMAND ${CMAKE_CXX_COMPILER} -dumpversion OUTPUT_VARIABLE gcc_version) if ( ${gcc_version} VERSION_LESS ${required_gcc_version} ) message(FATAL_ERROR "GCC version must be at least " "${required_gcc_version} for C++11 support, manually detected: " "${CMAKE_CXX_COMPILER_VERSION}") endif () elseif ( CMAKE_CXX_COMPILER_ID STREQUAL "Clang" ) # TODO: don't seem to be any great/easy ways to get a clang version string. endif () set(HAVE_CXX11 true) set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11") bro-aux-0.35/cmake/bro-plugin-create-package.sh0000775002342100234210000000172012535376153021175 0ustar johannajohanna#! /bin/sh # # Helper script creating a tarball with a plugin's binary distribution. We'll # also leave a MANIFEST in place with all files part of the tar ball. # # Called from BroPluginDynamic.cmake. Current directory is the plugin # build directory. if [ $# = 0 ]; then echo "usage: `basename $0` []" exit 1 fi name=$1 shift addl=$@ # Copy additional distribution files into build directory. for i in ${addl}; do if [ -e ../$i ]; then dir=`dirname $i` mkdir -p ${dir} cp -p ../$i ${dir} fi done tgz=${name}-`(test -e ../VERSION && cat ../VERSION | head -1) || echo 0.0`.tar.gz rm -f MANIFEST ${name} ${name}.tgz ${tgz} for i in __bro_plugin__ lib scripts ${addl}; do test -e $i && find -L $i -type f | sed "s%^%${name}/%g" >>MANIFEST done ln -s . ${name} mkdir -p dist tar czf dist/${tgz} -T MANIFEST ln -s dist/${tgz} ${name}.tgz rm -f ${name} bro-aux-0.35/cmake/InstallSymlink.cmake0000664002342100234210000000347512535376153017716 0ustar johannajohanna# This macro can be used to install symlinks, which turns out to be # non-trivial due to CMake version differences and limitations on how # files can be installed when building binary packages. # # The rule for binary packaging is that files (including symlinks) must # be installed with the standard CMake install() macro. # # The rule for non-binary packaging is that CMake 2.6 cannot install() # symlinks, but can create the symlink at install-time via scripting. # Though, we assume that CMake 2.6 isn't going to be used to generate # packages because versions later than 2.8.3 are superior for that purpose. # # _filepath: the absolute path to the file to symlink # _sympath: absolute path of the installed symlink macro(InstallSymlink _filepath _sympath) get_filename_component(_symname ${_sympath} NAME) get_filename_component(_installdir ${_sympath} PATH) if (BINARY_PACKAGING_MODE) execute_process(COMMAND "${CMAKE_COMMAND}" -E create_symlink ${_filepath} ${CMAKE_CURRENT_BINARY_DIR}/${_symname}) install(FILES ${CMAKE_CURRENT_BINARY_DIR}/${_symname} DESTINATION ${_installdir}) else () # scripting the symlink installation at install time should work # for CMake 2.6.x and 2.8.x install(CODE " if (\"\$ENV{DESTDIR}\" STREQUAL \"\") execute_process(COMMAND \"${CMAKE_COMMAND}\" -E create_symlink ${_filepath} ${_installdir}/${_symname}) else () execute_process(COMMAND \"${CMAKE_COMMAND}\" -E create_symlink ${_filepath} \$ENV{DESTDIR}/${_installdir}/${_symname}) endif () ") endif () endmacro(InstallSymlink) bro-aux-0.35/cmake/FindRocksDB.cmake0000664002342100234210000000216212535376153017021 0ustar johannajohanna# Try to find RocksDB headers and library. # # Usage of this module as follows: # # find_package(RocksDB) # # Variables used by this module, they can change the default behaviour and need # to be set before calling find_package: # # ROCKSDB_ROOT_DIR Set this variable to the root installation of # RocksDB if the module has problems finding the # proper installation path. # # Variables defined by this module: # # ROCKSDB_FOUND System has RocksDB library/headers. # ROCKSDB_LIBRARIES The RocksDB library. # ROCKSDB_INCLUDE_DIRS The location of RocksDB headers. find_path(ROCKSDB_ROOT_DIR NAMES include/rocksdb/db.h ) find_library(ROCKSDB_LIBRARIES NAMES rocksdb HINTS ${ROCKSDB_ROOT_DIR}/lib ) find_path(ROCKSDB_INCLUDE_DIRS NAMES rocksdb/db.h HINTS ${ROCKSDB_ROOT_DIR}/include ) include(FindPackageHandleStandardArgs) find_package_handle_standard_args(RocksDB DEFAULT_MSG ROCKSDB_LIBRARIES ROCKSDB_INCLUDE_DIRS ) mark_as_advanced( ROCKSDB_ROOT_DIR ROCKSDB_LIBRARIES ROCKSDB_INCLUDE_DIRS ) bro-aux-0.35/cmake/FindBIND.cmake0000664002342100234210000000550012535376153016245 0ustar johannajohanna# - Try to find libpcap include dirs and libraries # # Usage of this module as follows: # # find_package(BIND) # # Variables used by this module, they can change the default behaviour and need # to be set before calling find_package: # # BIND_ROOT_DIR Set this variable to the root installation of BIND # if the module has problems finding the proper # installation path. # # Variables defined by this module: # # BIND_FOUND System has BIND, include and library dirs found # BIND_INCLUDE_DIR The BIND include directories. # BIND_LIBRARY The BIND library (if any) required for # ns_inittab and res_mkquery symbols find_path(BIND_ROOT_DIR NAMES include/bind/resolv.h include/resolv.h ) find_path(BIND_INCLUDE_DIR NAMES resolv.h HINTS ${BIND_ROOT_DIR}/include/bind ${BIND_ROOT_DIR}/include ) if (${CMAKE_SYSTEM_NAME} MATCHES "Linux") # the static resolv library is preferred because # on some systems, the ns_initparse symbol is not # exported in the shared library (strangely) # see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=291609 set(bind_libs none libresolv.a resolv bind) else () set(bind_libs none resolv bind) endif () include(CheckCSourceCompiles) # Find which library has the res_mkquery and ns_initparse symbols set(CMAKE_REQUIRED_INCLUDES ${BIND_INCLUDE_DIR}) foreach (bindlib ${bind_libs}) if (NOT ${bindlib} MATCHES "none") find_library(BIND_LIBRARY NAMES ${bindlib} HINTS ${BIND_ROOT_DIR}/lib ) endif () set(CMAKE_REQUIRED_LIBRARIES ${BIND_LIBRARY}) check_c_source_compiles(" #include int main() { ns_initparse(0, 0, 0); return 0; } " ns_initparse_works_${bindlib}) check_c_source_compiles(" #include #include #include #include #include int main() { int (*p)() = res_mkquery; return 0; } " res_mkquery_works_${bindlib}) set(CMAKE_REQUIRED_LIBRARIES) if (ns_initparse_works_${bindlib} AND res_mkquery_works_${bindlib}) break () else () set(BIND_LIBRARY BIND_LIBRARY-NOTFOUND) endif () endforeach () set(CMAKE_REQUIRED_INCLUDES) include(FindPackageHandleStandardArgs) if (ns_initparse_works_none AND res_mkquery_works_none) # system does not require linking to a BIND library find_package_handle_standard_args(BIND DEFAULT_MSG BIND_INCLUDE_DIR ) else () find_package_handle_standard_args(BIND DEFAULT_MSG BIND_LIBRARY BIND_INCLUDE_DIR ) endif () mark_as_advanced( BIND_ROOT_DIR BIND_LIBRARY BIND_INCLUDE_DIR ) bro-aux-0.35/cmake/MacDependencyPaths.cmake0000664002342100234210000000062212535376153020427 0ustar johannajohanna# As of CMake 2.8.3, Fink and MacPorts search paths are appended to the # default search prefix paths, but the nicer thing would be if they are # prepended to the default, so that is fixed here. if (APPLE AND "${PROJECT_SOURCE_DIR}" STREQUAL "${CMAKE_SOURCE_DIR}") list(INSERT CMAKE_SYSTEM_PREFIX_PATH 0 /opt/local) # MacPorts list(INSERT CMAKE_SYSTEM_PREFIX_PATH 0 /sw) # Fink endif () bro-aux-0.35/cmake/FindBro.cmake0000664002342100234210000000206012535376153016251 0ustar johannajohanna# - Try to find Bro installation # # Usage of this module as follows: # # find_package(Bro) # # Variables used by this module, they can change the default behaviour and need # to be set before calling find_package: # # BRO_ROOT_DIR Set this variable to the root installation of # Bro if the module has problems finding the # proper installation path. # # Variables defined by this module: # # BRO_FOUND Bro NIDS is installed # BRO_EXE path to the 'bro' binary if (BRO_EXE AND BRO_ROOT_DIR) # this implies that we're building from the Bro source tree set(BRO_FOUND true) return() endif () find_program(BRO_EXE bro HINTS ${BRO_ROOT_DIR}/bin /usr/local/bro/bin) if (BRO_EXE) get_filename_component(BRO_ROOT_DIR ${BRO_EXE} PATH) get_filename_component(BRO_ROOT_DIR ${BRO_ROOT_DIR} PATH) endif () include(FindPackageHandleStandardArgs) find_package_handle_standard_args(Bro DEFAULT_MSG BRO_EXE) mark_as_advanced(BRO_ROOT_DIR) bro-aux-0.35/cmake/FindLibMagic.cmake0000664002342100234210000000404712535376153017205 0ustar johannajohanna# - Try to find libmagic header and library # # Usage of this module as follows: # # find_package(LibMagic) # # Variables used by this module, they can change the default behaviour and need # to be set before calling find_package: # # LibMagic_ROOT_DIR Set this variable to the root installation of # libmagic if the module has problems finding the # proper installation path. # # Variables defined by this module: # # LIBMAGIC_FOUND System has libmagic, magic.h, and file # LibMagic_FILE_EXE Path to the 'file' command # LibMagic_VERSION Version of libmagic # LibMagic_LIBRARY The libmagic library # LibMagic_INCLUDE_DIR The location of magic.h find_path(LibMagic_ROOT_DIR NAMES include/magic.h ) if (${CMAKE_SYSTEM_NAME} MATCHES "Darwin") # the static version of the library is preferred on OS X for the # purposes of making packages (libmagic doesn't ship w/ OS X) set(libmagic_names libmagic.a magic) else () set(libmagic_names magic) endif () find_file(LibMagic_FILE_EXE NAMES file HINTS ${LibMagic_ROOT_DIR}/bin ) find_library(LibMagic_LIBRARY NAMES ${libmagic_names} HINTS ${LibMagic_ROOT_DIR}/lib ) find_path(LibMagic_INCLUDE_DIR NAMES magic.h HINTS ${LibMagic_ROOT_DIR}/include ) if (LibMagic_FILE_EXE) execute_process(COMMAND "${LibMagic_FILE_EXE}" --version ERROR_VARIABLE LibMagic_VERSION OUTPUT_VARIABLE LibMagic_VERSION) string(REGEX REPLACE "^file-([0-9.]+).*$" "\\1" LibMagic_VERSION "${LibMagic_VERSION}") message(STATUS "libmagic version: ${LibMagic_VERSION}") else () set(LibMagic_VERSION NOTFOUND) endif () include(FindPackageHandleStandardArgs) find_package_handle_standard_args(LibMagic DEFAULT_MSG LibMagic_LIBRARY LibMagic_INCLUDE_DIR LibMagic_FILE_EXE LibMagic_VERSION ) mark_as_advanced( LibMagic_ROOT_DIR LibMagic_FILE_EXE LibMagic_VERSION LibMagic_LIBRARY LibMagic_INCLUDE_DIR ) bro-aux-0.35/cmake/UserChangedWarning.cmake0000664002342100234210000000137012535376153020447 0ustar johannajohanna# Show warning when installing user is different from the one that configured, # except when the install is root. if ("${PROJECT_SOURCE_DIR}" STREQUAL "${CMAKE_SOURCE_DIR}") install(CODE " if (NOT \"$ENV{USER}\" STREQUAL \"\$ENV{USER}\" AND NOT \"\$ENV{USER}\" STREQUAL root) message(STATUS \"WARNING: Install is being performed by user \" \"'\$ENV{USER}', but the build directory was configured by \" \"user '$ENV{USER}'. This may result in a permissions error \" \"when writing the install manifest, but you can ignore it \" \"and consider the installation as successful if you don't \" \"care about the install manifest.\") endif () ") endif () bro-aux-0.35/cmake/BroPluginStatic.cmake0000664002342100234210000000262612535376153020007 0ustar johannajohanna## A set of functions for defining Bro plugins. ## ## This set is for plugins compiled in statically. ## See BroPluginsDynamic.cmake for the dynamic version. function(bro_plugin_bif_static) foreach ( bif ${ARGV} ) bif_target(${bif} "plugin" ${_plugin_name} ${_plugin_name_canon} TRUE) list(APPEND _plugin_objs ${BIF_OUTPUT_CC}) list(APPEND _plugin_deps ${BIF_BUILD_TARGET}) set(_plugin_objs "${_plugin_objs}" PARENT_SCOPE) set(_plugin_deps "${_plugin_deps}" PARENT_SCOPE) endforeach () endfunction() function(bro_plugin_link_library_static) foreach ( lib ${ARGV} ) set(bro_SUBDIR_LIBS ${bro_SUBDIR_LIBS} "${lib}" CACHE INTERNAL "plugin libraries") endforeach () endfunction() function(bro_plugin_end_static) if ( bro_HAVE_OBJECT_LIBRARIES ) add_library(${_plugin_lib} OBJECT ${_plugin_objs}) set(_target "$") else () add_library(${_plugin_lib} STATIC ${_plugin_objs}) set(_target "${_plugin_lib}") endif () if ( NOT "${_plugin_deps}" STREQUAL "" ) add_dependencies(${_plugin_lib} ${_plugin_deps}) endif () add_dependencies(${_plugin_lib} generate_outputs) set(bro_PLUGIN_LIBS ${bro_PLUGIN_LIBS} "${_target}" CACHE INTERNAL "plugin libraries") endfunction() macro(_plugin_target_name_static target ns name) set(${target} "plugin-${ns}-${name}") endmacro() bro-aux-0.35/cmake/FindPythonDev.cmake0000664002342100234210000000462112535376153017454 0ustar johannajohanna# - Try to find Python include dirs and libraries # # Usage of this module as follows: # # find_package(PythonDev) # # Variables used by this module, they can change the default behaviour and need # to be set before calling find_package: # # PYTHON_EXECUTABLE If this is set to a path to a Python interpreter # then this module attempts to infer the path to # python-config from it # PYTHON_CONFIG Set this variable to the location of python-config # if the module has problems finding the proper # installation path. # # Variables defined by this module: # # PYTHONDEV_FOUND System has Python dev headers/libraries # PYTHON_INCLUDE_DIR The Python include directories. # PYTHON_LIBRARIES The Python libraries and linker flags. include(FindPackageHandleStandardArgs) if (PYTHON_EXECUTABLE AND EXISTS ${PYTHON_EXECUTABLE}-config) set(PYTHON_CONFIG ${PYTHON_EXECUTABLE}-config CACHE PATH "" FORCE) else () find_program(PYTHON_CONFIG NAMES python-config python-config2.7 python-config2.6 python-config2.6 python-config2.4 python-config2.3) endif () # The OpenBSD python packages have python-config's that don't reliably # report linking flags that will work. if (PYTHON_CONFIG AND NOT ${CMAKE_SYSTEM_NAME} STREQUAL "OpenBSD") execute_process(COMMAND "${PYTHON_CONFIG}" --ldflags OUTPUT_VARIABLE PYTHON_LIBRARIES OUTPUT_STRIP_TRAILING_WHITESPACE ERROR_QUIET) execute_process(COMMAND "${PYTHON_CONFIG}" --includes OUTPUT_VARIABLE PYTHON_INCLUDE_DIR OUTPUT_STRIP_TRAILING_WHITESPACE ERROR_QUIET) string(REGEX REPLACE "^[-I]" "" PYTHON_INCLUDE_DIR "${PYTHON_INCLUDE_DIR}") string(REGEX REPLACE "[ ]-I" " " PYTHON_INCLUDE_DIR "${PYTHON_INCLUDE_DIR}") separate_arguments(PYTHON_INCLUDE_DIR) find_package_handle_standard_args(PythonDev DEFAULT_MSG PYTHON_CONFIG PYTHON_INCLUDE_DIR PYTHON_LIBRARIES ) else () find_package(PythonLibs) if (PYTHON_INCLUDE_PATH AND NOT PYTHON_INCLUDE_DIR) set(PYTHON_INCLUDE_DIR "${PYTHON_INCLUDE_PATH}") endif () find_package_handle_standard_args(PythonDev DEFAULT_MSG PYTHON_INCLUDE_DIR PYTHON_LIBRARIES ) endif () bro-aux-0.35/cmake/InstallClobberImmune.cmake0000664002342100234210000000255612535376153021012 0ustar johannajohanna# Determines at `make install` time if a file, typically a configuration # file placed in $PREFIX/etc, shouldn't be installed to prevent overwrite # of an existing file. # # _srcfile: the file to install # _dstfile: the absolute file name after installation macro(InstallClobberImmune _srcfile _dstfile) install(CODE " set(_destfile \"${_dstfile}\") if (NOT \"\$ENV{DESTDIR}\" STREQUAL \"\") # prepend install root prefix with install-time DESTDIR set(_destfile \"\$ENV{DESTDIR}/${_dstfile}\") endif () if (EXISTS \${_destfile}) message(STATUS \"Skipping: \${_destfile} (already exists)\") execute_process(COMMAND \"${CMAKE_COMMAND}\" -E compare_files ${_srcfile} \${_destfile} RESULT_VARIABLE _diff) if (NOT \"\${_diff}\" STREQUAL \"0\") message(STATUS \"Installing: \${_destfile}.example\") configure_file(${_srcfile} \${_destfile}.example COPYONLY) endif () else () message(STATUS \"Installing: \${_destfile}\") # install() is not scriptable within install(), and # configure_file() is the next best thing configure_file(${_srcfile} \${_destfile} COPYONLY) # TODO: create additional install_manifest files? endif () ") endmacro(InstallClobberImmune) bro-aux-0.35/cmake/ProhibitInSourceBuild.cmake0000664002342100234210000000045612535376153021145 0ustar johannajohanna# Prohibit in-source builds. if ("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}") message(FATAL_ERROR "In-source builds are not allowed. Please use " "./configure to choose a build directory and " "initialize the build configuration.") endif () bro-aux-0.35/cmake/FindTraceSummary.cmake0000664002342100234210000000070412535376153020146 0ustar johannajohanna# - Try to find the trace-summary Python program # # Usage of this module as follows: # # find_package(TraceSummary) # # Variables defined by this module: # # TRACESUMMARY_FOUND capstats binary found # TraceSummary_EXE path to the capstats executable binary find_program(TRACE_SUMMARY_EXE trace-summary) include(FindPackageHandleStandardArgs) find_package_handle_standard_args(TraceSummary DEFAULT_MSG TRACE_SUMMARY_EXE) bro-aux-0.35/cmake/BroSubdir.cmake0000664002342100234210000000077112535376153016630 0ustar johannajohanna # Creates a target for a library of objects file in a subdirectory, # and adds to the global bro_SUBDIR_LIBS. function(bro_add_subdir_library name) if ( bro_HAVE_OBJECT_LIBRARIES ) add_library("bro_${name}" OBJECT ${ARGN}) set(_target "$") else () add_library("bro_${name}" STATIC ${ARGN}) set(_target "bro_${name}") endif () set(bro_SUBDIR_LIBS "${_target}" ${bro_SUBDIR_LIBS} CACHE INTERNAL "subdir libraries") endfunction() bro-aux-0.35/cmake/package_postupgrade.sh.in0000775002342100234210000000435712535376153020713 0ustar johannajohanna#!/bin/sh # This script is meant to be used by binary packages post-installation. # Variables between @ symbols are replaced by CMake at configure time. backupNamesFile=/tmp/bro_install_backups version=@VERSION@ sampleFiles="" # check whether it's safe to remove backup configuration files that # the most recent package install created if [ -e ${backupNamesFile} ]; then backupFileList=`cat ${backupNamesFile}` for backupFile in ${backupFileList}; do origFileName=`echo ${backupFile} | sed 's/\(.*\)\..*/\1/'` diff ${origFileName} ${backupFile} > /dev/null 2>&1 if [ $? -eq 0 ]; then # if the installed version and the backup version don't differ # then we can remove the backup version and the example file rm ${backupFile} rm ${origFileName}.example else # The backup file differs from the newly installed version, # since we can't tell if the backup version has been modified # by the user, we should restore it to its original location # and rename the new version appropriately. sampleFiles="${sampleFiles}\n${origFileName}.example" mv ${backupFile} ${origFileName} fi done rm ${backupNamesFile} fi if [ -n "${sampleFiles}" ]; then # Use some apple script to display a message to user /usr/bin/osascript << EOF tell application "System Events" activate display alert "Existing configuration files differ from the ones that would be installed by this package. To avoid overwriting configuration which you may have modified, the following new config files have been installed:\n${sampleFiles}\n\nIf you have previously modified configuration files, please make sure that they are still compatible, else you should update your config files to the new versions." end tell EOF fi # Set up world writeable spool and logs directory for broctl, making sure # to set the sticky bit so that unprivileged users can't rename/remove files. # (CMake/CPack is supposed to install them, but has problems with empty dirs) if [ -n "@EMPTY_WORLD_DIRS@" ]; then for dir in "@EMPTY_WORLD_DIRS@"; do mkdir -p ${dir} chmod 777 ${dir} chmod +t ${dir} done fi bro-aux-0.35/cmake/CheckHeaders.cmake0000664002342100234210000000306712535376153017247 0ustar johannajohannainclude(CheckIncludeFiles) include(CheckStructHasMember) include(CheckSymbolExists) check_include_files(getopt.h HAVE_GETOPT_H) check_include_files(memory.h HAVE_MEMORY_H) check_include_files("sys/socket.h;netinet/in.h;net/if.h;netinet/if_ether.h" HAVE_NETINET_IF_ETHER_H) check_include_files("sys/socket.h;netinet/in.h;net/if.h;netinet/ip6.h" HAVE_NETINET_IP6_H) check_include_files("sys/socket.h;net/if.h;net/ethernet.h" HAVE_NET_ETHERNET_H) check_include_files(sys/ethernet.h HAVE_SYS_ETHERNET_H) check_include_files(net/ethertypes.h HAVE_NET_ETHERTYPES_H) check_include_files(sys/time.h HAVE_SYS_TIME_H) check_include_files("time.h;sys/time.h" TIME_WITH_SYS_TIME) check_include_files(os-proto.h HAVE_OS_PROTO_H) check_struct_has_member(HISTORY_STATE entries "stdio.h;readline/readline.h" HAVE_READLINE_HISTORY_ENTRIES) check_include_files("stdio.h;readline/readline.h" HAVE_READLINE_READLINE_H) check_include_files("stdio.h;readline/history.h" HAVE_READLINE_HISTORY_H) if (HAVE_READLINE_READLINE_H AND HAVE_READLINE_HISTORY_H AND HAVE_READLINE_HISTORY_ENTRIES) set(HAVE_READLINE true) endif () check_struct_has_member("struct sockaddr_in" sin_len "netinet/in.h" SIN_LEN) macro(CheckIPProto _proto) check_symbol_exists(IPPROTO_${_proto} netinet/in.h HAVE_IPPROTO_${_proto}) endmacro(CheckIPProto _proto) CheckIPProto(HOPOPTS) CheckIPProto(IPV6) CheckIPProto(IPV4) CheckIPProto(ROUTING) CheckIPProto(FRAGMENT) CheckIPProto(ESP) CheckIPProto(AH) CheckIPProto(ICMPV6) CheckIPProto(NONE) CheckIPProto(DSTOPTS) bro-aux-0.35/cmake/ConfigurePackaging.cmake0000664002342100234210000002311312535376153020456 0ustar johannajohanna# A collection of macros to assist in configuring CMake/Cpack # source and binary packaging # Sets CPack version variables by splitting the first macro argument # using "." or "-" as a delimiter. If the length of the split list is # greater than 2, all remaining elements are tacked on to the patch # level version. Not that the version set by the macro is internal # to binary packaging, the file name of our package will reflect the # exact version number. macro(SetPackageVersion _version) string(REGEX REPLACE "[.-]" " " version_numbers ${_version}) separate_arguments(version_numbers) list(GET version_numbers 0 CPACK_PACKAGE_VERSION_MAJOR) list(REMOVE_AT version_numbers 0) list(GET version_numbers 0 CPACK_PACKAGE_VERSION_MINOR) list(REMOVE_AT version_numbers 0) list(LENGTH version_numbers version_length) while (version_length GREATER 0) list(GET version_numbers 0 patch_level) if (CPACK_PACKAGE_VERSION_PATCH) set(CPACK_PACKAGE_VERSION_PATCH "${CPACK_PACKAGE_VERSION_PATCH}.${patch_level}") else () set(CPACK_PACKAGE_VERSION_PATCH ${patch_level}) endif () list(REMOVE_AT version_numbers 0) list(LENGTH version_numbers version_length) endwhile () if (APPLE) # Mac PackageMaker package requires only numbers in the versioning string(REGEX REPLACE "[_a-zA-Z-]" "" CPACK_PACKAGE_VERSION_MAJOR ${CPACK_PACKAGE_VERSION_MAJOR}) string(REGEX REPLACE "[_a-zA-Z-]" "" CPACK_PACKAGE_VERSION_MINOR ${CPACK_PACKAGE_VERSION_MINOR}) if (CPACK_PACKAGE_VERSION_PATCH) string(REGEX REPLACE "[_a-zA-Z-]" "" CPACK_PACKAGE_VERSION_PATCH ${CPACK_PACKAGE_VERSION_PATCH}) endif () endif () if (${CMAKE_SYSTEM_NAME} MATCHES "Linux") # RPM version accepts letters, but not dashes. string(REGEX REPLACE "[-]" "." CPACK_PACKAGE_VERSION_MAJOR ${CPACK_PACKAGE_VERSION_MAJOR}) string(REGEX REPLACE "[-]" "." CPACK_PACKAGE_VERSION_MINOR ${CPACK_PACKAGE_VERSION_MINOR}) if (CPACK_PACKAGE_VERSION_PATCH) string(REGEX REPLACE "[-]" "." CPACK_PACKAGE_VERSION_PATCH ${CPACK_PACKAGE_VERSION_PATCH}) endif () endif () # Minimum supported OS X version set(CPACK_OSX_PACKAGE_VERSION 10.5) endmacro(SetPackageVersion) # Sets the list of desired package types to be created by the make # package target. A .tar.gz is only made for source packages, and # binary pacakage format depends on the operating system: # # Darwin - PackageMaker # Linux - RPM if the platform has rpmbuild installed # DEB if the platform has dpkg-shlibdeps installed # # CPACK_GENERATOR is set by this macro # CPACK_SOURCE_GENERATOR is set by this macro macro(SetPackageGenerators) set(CPACK_SOURCE_GENERATOR TGZ) #set(CPACK_GENERATOR TGZ) if (APPLE) list(APPEND CPACK_GENERATOR PackageMaker) elseif (${CMAKE_SYSTEM_NAME} MATCHES "Linux") find_program(RPMBUILD_EXE rpmbuild) find_program(DPKGSHLIB_EXE dpkg-shlibdeps) if (RPMBUILD_EXE) set(CPACK_GENERATOR ${CPACK_GENERATOR} RPM) endif () if (DPKGSHLIB_EXE) set(CPACK_GENERATOR ${CPACK_GENERATOR} DEB) set(CPACK_DEBIAN_PACKAGE_SHLIBDEPS true) endif () endif () endmacro(SetPackageGenerators) # Sets CPACK_PACKAGE_FILE_NAME in the following format: # # --- # # and CPACK_SOURCE_PACKAGE_FILE_NAME as: # # - macro(SetPackageFileName _version) if (PACKAGE_NAME_PREFIX) set(CPACK_PACKAGE_FILE_NAME "${PACKAGE_NAME_PREFIX}-${_version}") set(CPACK_SOURCE_PACKAGE_FILE_NAME "${PACKAGE_NAME_PREFIX}-${_version}") else () set(CPACK_PACKAGE_FILE_NAME "${CMAKE_PROJECT_NAME}-${_version}") set(CPACK_SOURCE_PACKAGE_FILE_NAME "${CMAKE_PROJECT_NAME}-${_version}") endif () set(CPACK_PACKAGE_FILE_NAME "${CPACK_PACKAGE_FILE_NAME}-${CMAKE_SYSTEM_NAME}") if (APPLE) # Only Intel-based Macs are supported. CMAKE_SYSTEM_PROCESSOR may # return the confusing 'i386' if running a 32-bit kernel, but chances # are the binary is x86_64 (or more generally 'Intel') compatible. set(arch "Intel") else () set (arch ${CMAKE_SYSTEM_PROCESSOR}) endif () set(CPACK_PACKAGE_FILE_NAME "${CPACK_PACKAGE_FILE_NAME}-${arch}") endmacro(SetPackageFileName) # Sets up binary package metadata macro(SetPackageMetadata) set(CPACK_PACKAGE_VENDOR "International Computer Science Institute") set(CPACK_PACKAGE_CONTACT "info@bro.org") set(CPACK_PACKAGE_DESCRIPTION_SUMMARY "The Bro Network Intrusion Detection System") # CPack may enforce file name extensions for certain package generators configure_file(${CMAKE_CURRENT_SOURCE_DIR}/README ${CMAKE_CURRENT_BINARY_DIR}/README.txt COPYONLY) configure_file(${CMAKE_CURRENT_SOURCE_DIR}/COPYING ${CMAKE_CURRENT_BINARY_DIR}/COPYING.txt COPYONLY) configure_file(${CMAKE_CURRENT_SOURCE_DIR}/cmake/MAC_PACKAGE_INTRO ${CMAKE_CURRENT_BINARY_DIR}/MAC_PACKAGE_INTRO.txt) set(CPACK_PACKAGE_DESCRIPTION_FILE ${CMAKE_CURRENT_BINARY_DIR}/README.txt) set(CPACK_RESOURCE_FILE_LICENSE ${CMAKE_CURRENT_BINARY_DIR}/COPYING.txt) set(CPACK_RESOURCE_FILE_README ${CMAKE_CURRENT_BINARY_DIR}/README.txt) set(CPACK_RESOURCE_FILE_WELCOME ${CMAKE_CURRENT_BINARY_DIR}/MAC_PACKAGE_INTRO.txt) set(CPACK_RPM_PACKAGE_LICENSE "BSD") set(CPACK_RPM_PACKAGE_GROUP "Applications/System") set(CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION /opt /var /var/opt) endmacro(SetPackageMetadata) # Sets pre and post install scripts for PackageMaker packages. # The main functionality that such scripts offer is a way to make backups # of "configuration" files that a user may have modified. # Note that RPMs already have a robust mechanism for dealing with # user-modified files, so we do not need this additional functionality macro(SetPackageInstallScripts VERSION) if (INSTALLED_CONFIG_FILES) # Remove duplicates from the list of installed config files separate_arguments(INSTALLED_CONFIG_FILES) list(REMOVE_DUPLICATES INSTALLED_CONFIG_FILES) # Space delimit the list again foreach (_file ${INSTALLED_CONFIG_FILES}) set(_tmp "${_tmp} ${_file}") endforeach () set(INSTALLED_CONFIG_FILES "${_tmp}" CACHE STRING "" FORCE) endif () if (${CMAKE_SYSTEM_NAME} MATCHES "Linux") # DEB packages can automatically handle configuration files # if provided in a "conffiles" file in the packaging set(conffiles_file ${CMAKE_CURRENT_BINARY_DIR}/conffiles) if (INSTALLED_CONFIG_FILES) string(REPLACE " " ";" conffiles ${INSTALLED_CONFIG_FILES}) endif () file(WRITE ${conffiles_file} "") foreach (_file ${conffiles}) file(APPEND ${conffiles_file} "${_file}\n") endforeach () list(APPEND CPACK_DEBIAN_PACKAGE_CONTROL_EXTRA ${CMAKE_CURRENT_BINARY_DIR}/conffiles) # RPMs don't need any explicit direction regarding config files. # Leaving the set of installed config files empty will just # bypass the logic in the default pre/post install scripts and let # the RPMs/DEBs do their own thing (regarding backups, etc.) # when upgrading packages. set(INSTALLED_CONFIG_FILES "") endif () if (EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/cmake/package_preinstall.sh.in) configure_file( ${CMAKE_CURRENT_SOURCE_DIR}/cmake/package_preinstall.sh.in ${CMAKE_CURRENT_BINARY_DIR}/package_preinstall.sh @ONLY) configure_file( ${CMAKE_CURRENT_SOURCE_DIR}/cmake/package_preinstall.sh.in ${CMAKE_CURRENT_BINARY_DIR}/preinst @ONLY) set(CPACK_PREFLIGHT_SCRIPT ${CMAKE_CURRENT_BINARY_DIR}/package_preinstall.sh) set(CPACK_RPM_PRE_INSTALL_SCRIPT_FILE ${CMAKE_CURRENT_BINARY_DIR}/package_preinstall.sh) list(APPEND CPACK_DEBIAN_PACKAGE_CONTROL_EXTRA ${CMAKE_CURRENT_BINARY_DIR}/preinst) endif () if (EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/cmake/package_postupgrade.sh.in) configure_file( ${CMAKE_CURRENT_SOURCE_DIR}/cmake/package_postupgrade.sh.in ${CMAKE_CURRENT_BINARY_DIR}/package_postupgrade.sh @ONLY) configure_file( ${CMAKE_CURRENT_SOURCE_DIR}/cmake/package_postupgrade.sh.in ${CMAKE_CURRENT_BINARY_DIR}/postinst @ONLY) set(CPACK_POSTUPGRADE_SCRIPT ${CMAKE_CURRENT_BINARY_DIR}/package_postupgrade.sh) set(CPACK_RPM_POST_INSTALL_SCRIPT_FILE ${CMAKE_CURRENT_BINARY_DIR}/package_postupgrade.sh) list(APPEND CPACK_DEBIAN_PACKAGE_CONTROL_EXTRA ${CMAKE_CURRENT_BINARY_DIR}/postinst) endif () endmacro(SetPackageInstallScripts) # Main macro to configure all the packaging options macro(ConfigurePackaging _version) SetPackageVersion(${_version}) SetPackageGenerators() SetPackageFileName(${_version}) SetPackageMetadata() SetPackageInstallScripts(${_version}) set(CPACK_SET_DESTDIR true) set(CPACK_PACKAGING_INSTALL_PREFIX ${CMAKE_INSTALL_PREFIX}) # add default files/directories to ignore for source package # user may specify others via configure script list(APPEND CPACK_SOURCE_IGNORE_FILES ${CMAKE_BINARY_DIR} ".git") include(CPack) endmacro(ConfigurePackaging) bro-aux-0.35/cmake/SetDefaultCompileFlags.cmake0000664002342100234210000000174612535376153021266 0ustar johannajohanna# Set up the default flags and CMake build type once during the configuration # of the top-level CMake project. if ("${PROJECT_SOURCE_DIR}" STREQUAL "${CMAKE_SOURCE_DIR}") set(EXTRA_COMPILE_FLAGS "-Wall -Wno-unused") if ( NOT CMAKE_BUILD_TYPE ) if ( ENABLE_DEBUG ) set(CMAKE_BUILD_TYPE Debug) else () set(CMAKE_BUILD_TYPE RelWithDebInfo) endif () endif () string(TOUPPER ${CMAKE_BUILD_TYPE} _build_type_upper) if ( "${_build_type_upper}" STREQUAL "DEBUG" ) # manual add of -g works around its omission in FreeBSD's CMake port set(EXTRA_COMPILE_FLAGS "${EXTRA_COMPILE_FLAGS} -g -DDEBUG -DBRO_DEBUG") endif () # Compiler flags may already exist in CMake cache (e.g. when specifying # CFLAGS environment variable before running cmake for the the first time) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_COMPILE_FLAGS}") set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${EXTRA_COMPILE_FLAGS}") endif () bro-aux-0.35/cmake/FindReadline.cmake0000664002342100234210000000274412535376153017263 0ustar johannajohanna# - Try to find readline include dirs and libraries # # Usage of this module as follows: # # find_package(Readline) # # Variables used by this module, they can change the default behaviour and need # to be set before calling find_package: # # Readline_ROOT_DIR Set this variable to the root installation of # readline if the module has problems finding the # proper installation path. # # Variables defined by this module: # # READLINE_FOUND System has readline, include and lib dirs found # Readline_INCLUDE_DIR The readline include directories. # Readline_LIBRARY The readline library. find_path(Readline_ROOT_DIR NAMES include/readline/readline.h ) find_path(Readline_INCLUDE_DIR NAMES readline/readline.h HINTS ${Readline_ROOT_DIR}/include ) find_library(Readline_LIBRARY NAMES readline HINTS ${Readline_ROOT_DIR}/lib ) if(Readline_INCLUDE_DIR AND Readline_LIBRARY AND Ncurses_LIBRARY) set(READLINE_FOUND TRUE) else(Readline_INCLUDE_DIR AND Readline_LIBRARY AND Ncurses_LIBRARY) FIND_LIBRARY(Readline_LIBRARY NAMES readline) include(FindPackageHandleStandardArgs) FIND_PACKAGE_HANDLE_STANDARD_ARGS(Readline DEFAULT_MSG Readline_INCLUDE_DIR Readline_LIBRARY ) MARK_AS_ADVANCED(Readline_INCLUDE_DIR Readline_LIBRARY) endif(Readline_INCLUDE_DIR AND Readline_LIBRARY AND Ncurses_LIBRARY) mark_as_advanced( Readline_ROOT_DIR Readline_INCLUDE_DIR Readline_LIBRARY ) bro-aux-0.35/cmake/FindSubnetTree.cmake0000664002342100234210000000144612535376153017616 0ustar johannajohanna# - Determine if the SubnetTree Python module is available # # Usage of this module as follows: # # find_package(PythonInterp REQUIRED) # find_package(SubnetTree) # # Variables defined by this module: # # SUBNETTREE_FOUND Python successfully imports SubnetTree module if (NOT SUBNETTREE_FOUND) execute_process(COMMAND "${PYTHON_EXECUTABLE}" -c "import SubnetTree" RESULT_VARIABLE SUBNETTREE_IMPORT_RESULT) if (SUBNETTREE_IMPORT_RESULT) # python returned non-zero exit status set(SUBNETTREE_PYTHON_MODULE false) else () set(SUBNETTREE_PYTHON_MODULE true) endif () endif () include(FindPackageHandleStandardArgs) find_package_handle_standard_args(SubnetTree DEFAULT_MSG SUBNETTREE_PYTHON_MODULE) bro-aux-0.35/VERSION0000664002342100234210000000000512535376152013710 0ustar johannajohanna0.35 bro-aux-0.35/nftools/0000775002342100234210000000000012535376152014331 5ustar johannajohannabro-aux-0.35/nftools/nfcommon.h0000664002342100234210000000156612535376152016326 0ustar johannajohanna/* Written by Bernhard Ager (2007). */ /* For now this only works with IPv4. */ /*#include "../../config.h"*/ /* Enough for NFv5 - how about the others? */ #define MAX_PKT_SIZE 8192 /* from FlowSrc.h */ typedef struct { double network_time; int pdu_length; u_int32_t ipaddr; } FlowFileSrcPDUHeader; typedef struct { u_int16_t version; u_int16_t count; u_int32_t sysuptime; u_int32_t unix_secs; u_int32_t unix_nsecs; u_int32_t flow_seq; u_int8_t eng_type; u_int8_t eng_id; u_int16_t sample_int; } NFv5Header; #define V5_RECORD_SIZE 48 #define V5_RECORD_MAXCOUNT 30 typedef struct { char data[V5_RECORD_SIZE]; } NFv5Record; typedef struct { NFv5Header header; NFv5Record records[V5_RECORD_MAXCOUNT]; } NFv5PDU; /* TODO: replace char data[] by NFv5PDU pdu*/ typedef struct { FlowFileSrcPDUHeader header; char data [MAX_PKT_SIZE]; } FlowFilePDU; bro-aux-0.35/nftools/CMakeLists.txt0000664002342100234210000000071012535376152017067 0ustar johannajohanna########### ftwire2bro target ############### set(ftwire2bro_SRCS ftwire2bro.c nfcommon.h ) add_executable(ftwire2bro ${ftwire2bro_SRCS}) target_link_libraries(ftwire2bro ${BIND_LIBRARY}) AddAuxInstallTarget(ftwire2bro) ########### nfcollector target ############### set(nfcollector_SRCS nfcollector.c nfcommon.h ) add_executable(nfcollector ${nfcollector_SRCS}) target_link_libraries(nfcollector) AddAuxInstallTarget(nfcollector) bro-aux-0.35/nftools/nfcollector.c0000664002342100234210000000411112535376152017004 0ustar johannajohanna/* Written by Bernhard Ager (2007). */ #include #include #include #include #include #include #include #include #include #include "nfcommon.h" void pleave (int errlvl, const char *msg) { perror (msg); exit (errlvl); } void usage () { puts ("collects NetFlow data and writes it to a file (or stdout)\n" " such that Bro can read the NetFlow dump file.\n" " Usage: nfcollector [-p ] [-o ]\n" " port defaults to 1234, outputfile defaults to stdout"); } int main (int argc, char** argv) { int opt; int s = -1; char *outfile = NULL; int outfd = 1; // default to stdout struct timeval tv; struct sockaddr_in sa = { .sin_family = AF_INET, .sin_port = htons(1234), .sin_addr = {0} }; struct sockaddr_in from; socklen_t fromlen; FlowFilePDU ffp; while ((opt = getopt (argc, argv, "p:o:h")) >= 0) { switch (opt) { case 'o': outfile = malloc (strlen(optarg) + 1); strcpy (outfile, optarg); break; case 'p': sa.sin_port = htons(atoi(optarg)); break; case 'h': usage(); exit (0); default: fprintf (stderr, "Unknown option: %c\n", optopt); } } if ((s = socket (PF_INET, SOCK_DGRAM, 0)) < 0) pleave(1, "opening socket"); if (bind (s, (struct sockaddr*) &sa, sizeof (sa)) < 0) pleave (1, "bind"); if (outfile && (outfd = open (outfile, O_TRUNC|O_WRONLY|O_CREAT, 0666)) < 0) pleave (1, "open"); while (1) { fromlen = sizeof (from); if ((ffp.header.pdu_length = recvfrom(s, ffp.data, MAX_PKT_SIZE, 0, (struct sockaddr*)&from, &fromlen)) < 0) pleave (1, "recvfrom"); if (gettimeofday(&tv, NULL) == 0) ffp.header.network_time = tv.tv_sec + tv.tv_usec / 1000000.; else { ffp.header.network_time = -1.; perror ("gettimeofday"); } ffp.header.ipaddr = from.sin_addr.s_addr; if (write (outfd, &ffp, ffp.header.pdu_length + sizeof (FlowFileSrcPDUHeader)) == -1) pleave (1, "write"); } return 0; } bro-aux-0.35/nftools/ftwire2bro.c0000664002342100234210000000505212535376152016564 0ustar johannajohanna/* Written by Bernhard Ager (2007). */ /* Works only with NFv5. */ #include #include #include #include #include #include #include #include "nfcommon.h" void leave (int errlvl, const char *msg) { fprintf (stderr, "%s", msg); exit (errlvl); } void usage () { puts ("Converts NetFlow v5 files in 'wire' format to bro format.\n" "A flow-tools file can be converted to 'wire' format with\n" " flow-export -f 4\n" "Note this is a hack: The network time is calculated from the\n" "export time and an optional offset; the exporter is set statically.\n" "Usage: ftwire2bro [-e [-t ]\n" " defaults to 0.0.0.0, defaults to 0.0\n" " data is read from stdin and written to stdout"); } size_t pdusize(NFv5Header hdr) { return sizeof(hdr)+ntohs(hdr.count)*V5_RECORD_SIZE; } int main (int argc, char** argv) { int opt; struct in_addr exporter = {0}; double offset = 0.0; FlowFileSrcPDUHeader ffphdr; NFv5PDU v5pdu; unsigned short count; while ((opt = getopt (argc, argv, "e:t:h")) >= 0) { switch (opt) { case 'e': if (! inet_aton (optarg, &exporter)) { fprintf (stderr, "could not convert exporter_ip: '%s'\n", optarg); exit (1); } break; case 't': offset = atof(optarg); break; case 'h': usage(); exit (0); default: /* fprintf (stderr, "Unknown option: %c\n", optopt); */ exit(1); } } while (1) { if (fread (&(v5pdu.header), sizeof (NFv5Header), 1, stdin) == 0) { if (feof(stdin)) break; leave (1, "Could not read header\n"); } count = ntohs (v5pdu.header.count); if (ntohs(v5pdu.header.version) != 5) leave (1, "Header indicates flow not in version 5 format\n"); if (count > V5_RECORD_MAXCOUNT) { fprintf (stderr, "header indicates too many records: %d\n", count); exit (1); } if (fread (v5pdu.records, sizeof(NFv5Record), count, stdin) < count) leave (1, "Could not read enough records from stdin\n"); ffphdr.network_time = ntohl(v5pdu.header.unix_secs) + ntohl(v5pdu.header.unix_nsecs)/1e9 + offset; ffphdr.pdu_length = pdusize(v5pdu.header); ffphdr.ipaddr = exporter.s_addr; if (fwrite (&ffphdr, sizeof(ffphdr), 1, stdout) == 0) leave (1, "Could not write ffpheader\n"); if (fwrite (&v5pdu, ffphdr.pdu_length, 1, stdout) == 0) leave (1, "Could not write netflow PDU\n"); } return 0; } bro-aux-0.35/.update-changes.cfg0000664002342100234210000000020212535376152016266 0ustar johannajohanna # Automatically adapt version in files. function new_version_hook { version=$1 replace_version_in_rst README $version } bro-aux-0.35/CHANGES0000664002342100234210000002535312535376152013650 0ustar johannajohanna 0.35 | 2015-06-03 09:02:49 -0700 * Release 0.35. 0.34-5 | 2015-06-03 09:02:10 -0700 * Fix replace_version_in_rst function in update-changes script to cope with "beta" in version string. (Daniel Thayer) * Portability fix for plugin configure script. (Daniel Thayer) * Fix minor typo in init-plugin error message. (Daniel Thayer) 0.34 | 2015-05-07 20:30:43 -0700 * Release 0.34. * Change make-release to assume sign-file is in path (Johanna Amann) 0.33-76 | 2015-04-27 08:23:18 -0700 * Fix sed regex for replacing version in header file. (Jon Siwek) 0.33-74 | 2015-04-23 06:58:37 -0700 * Correct a few typos in update-changes script. (Daniel Thayer) * Adding function to update-changes that updates version in a C header file. (Robin Sommer) * Fix plugin configure skeletons to work on more shells. (Jon Siwek) 0.33-68 | 2015-02-23 11:26:14 -0600 * Plugin skeleton updates. (Robin Sommer) - Updating plugin skeleton license. - Removing the plugin MAINTAINER skeleton file. - Adding hooks to configure script so that plugins can add options without modifying the scripts itself. - BIT-1302: Extending plugin skeleton Makefile to reload cached CMake variables when Bro has been reconfigured. (Robin Sommer) - Removing bdist and sdist make targets. The former is superseded by the new build process which always creates a binary distribution tarball. The latter is easy enough to do manually now that all dynamic stuff is in build/ - Added a VERSION file; content goes into name of the binary tarball - Move README.edit-me to README. - Allowing relative paths for --bro-dist * Changing init-plugin to take an additional parameter specifying the directory where to create the plugin skeleton. (Robin Sommer) 0.33-58 | 2015-02-12 12:15:39 -0600 * Fix bro-cut compile warning on FreeBSD (Johanna Amann) 0.33-56 | 2015-01-08 13:06:36 -0600 * Increase minimum required CMake version to 2.8. (Jon Siwek) 0.33-55 | 2014-12-08 13:49:37 -0800 * Add man page for bro-cut. (Raúl Benencia) * Add --install-root to plugin skeleton's configure. (Robin Sommer) * Fix get-bro-env script to use sh equality operator. (Jon Siwek) * Add an option to update-changes that prevents it from adding author names to entries. (Robin Sommer) 0.33-45 | 2014-08-21 15:47:29 -0500 * Various tweaks to the plugin skeleton. (Robin Sommer) 0.33-38 | 2014-08-01 14:03:49 -0700 * bro-cut has been rewritten in C, and is hence much faster. (Daniel Thayer, based on an initial version by Justin Azoff). 0.33-26 | 2014-07-30 15:51:42 -0500 * Remove a superfluous file from plugin skeleton. (Jon Siwek) * init-plugin now creates a Plugin.h as well. (Robin Sommer) * Adding a basic btest setup to the plugin skeleton. (Robin Sommer) * Updating plugin skeleton to new API. (Robin Sommer) * Updates to the init-plugin script/skeleton. (Robin Sommer) * A script to setup a skeleton for a new dynamic plugin. (Robin Sommer) 0.33-11 | 2014-07-08 20:42:32 -0700 * Add more tests of bro-cut. (Daniel Thayer) * Fix bug in bro-cut when duplicate fields are specified. (Daniel Thayer) * Fix bug in bro-cut when log file has missing field. (Daniel Thayer) * Fix bug in bro-cut output of "#types" header line. (Daniel Thayer) * Fix bug in bro-cut when separator is not hexadecimal. (Daniel Thayer) * Adding test target to top-level Makefile. (Robin Sommer) 0.33-4 | 2014-06-26 17:31:25 -0700 * Test-suite for bro-cut. (Daniel Thayer) 0.33-2 | 2014-06-26 17:27:09 -0700 * Change bro-cut UTC options to not always override local time. (Daniel Thayer). * Updated the bro-cut usage message to make it more clear that the BRO_CUT_TIMEFMT environment variable affects only the -u and -d options. (Daniel Thayer). 0.33 | 2014-05-08 16:27:10 -0700 * Release 0.33. 0.32-5 | 2014-05-08 16:25:55 -0700 * Adding git-move-submodules scriptm, which moves all submodules to the head of a given branch and adapts parent modules correspondingly. (Robin Sommer) 0.32-4 | 2014-04-22 21:34:23 -0700 * A git hook script to prevent pushs when the external test suite has new commits pending. (Robin Sommer) 0.32 | 2013-11-01 05:24:56 -0700 * Extending Mozialla cert script to include source URL and copyright in output. (Robin Sommer) 0.31 | 2013-10-14 09:24:54 -0700 * Release. 0.3-5 | 2013-10-07 17:19:14 -0700 * Fix for release script. (Robin Sommer) * Updating copyright notice. (Robin Sommer) 0.3-3 | 2013-09-28 11:17:42 -0700 * Don't show error message in bro-cut when gawk not found, which could appear on some systems. (Daniel Thayer) 0.3-1 | 2013-09-24 13:41:02 -0700 * Fix for setting REPO in Makefile, and some tweaks to release scripts. (Robin Sommer) 0.3 | 2013-09-23 14:42:56 -0500 * Update 'make dist' target. (Jon Siwek) * Change submodules to fixed URL. (Jon Siwek) * make-release nows ignores modules that aren't tagged for release or beta. (Robin Sommer) * Prettyfing check-release output. (Robin Sommer) * Update gen-mozilla-ca-list.rb to retrieve the Mozilla root CA list from a current url. (Bernhard Amann) 0.26-25 | 2013-09-18 14:44:35 -0700 * A set of README updates, including installation instructions and description of bro-cut. (Daniel Thayer) * Switching to relative submodule paths. (Robin Sommer) 0.26-21 | 2013-08-19 11:21:11 -0700 * Fixing git-show-fastpath handling of non-existing fastpath branches. (Robin Sommer) 0.26-19 | 2013-07-31 20:09:52 -0700 * Making git-show-fastpath save against repositories that don't have a fastpath. (Robin Sommer) 0.26-16 | 2013-05-17 07:45:24 -0700 * A negate option -n for bro-cut printing all fields *except* those listed on the command-line. (Robin Sommer) 0.26-14 | 2013-03-22 12:17:54 -0700 * Fixing bro-cut to work with older gawk versions. (Chris Kanich) * s/bro-ids.org/bro.org/g (Robin Sommer) 0.26-5 | 2012-11-01 14:24:25 -0700 * Portability fix: removing interface option on non-Linux. (Robin Sommer) 0.26-4 | 2012-10-31 14:39:03 -0700 * rst learns a new option "-i " to set the interface to use. (Vlad Grigorescu). 0.26 | 2012-08-24 15:10:04 -0700 * Fixing update-changes, which could pick the wrong control file. (Robin Sommer) * Fixing GPG signing script. (Robin Sommer) 0.25 | 2012-08-01 13:55:46 -0500 * Fix configure script to exit with non-zero status on error (Jon Siwek) 0.24 | 2012-07-05 12:50:43 -0700 * Raise minimum required CMake version to 2.6.3 (Jon Siwek) * Adding script to delete old fully-merged branches. (Robin Sommer) 0.23-2 | 2012-01-25 13:24:01 -0800 * Fix a bro-cut error message. (Daniel Thayer) 0.23 | 2012-01-11 12:16:11 -0800 * Tweaks to release scripts, plus a new one for signing files. (Robin Sommer) 0.22 | 2012-01-10 16:45:19 -0800 * Tweaks for OpenBSD support. (Jon Siwek) * bro-cut extensions and fixes. (Robin Sommer) - If no field names are given on the command line, we now pass through all fields. Adresses #657. - Removing some GNUism from awk script. Addresses #653. - Added option for time output in UTC. Addresses #668. - Added output field separator option -F. Addresses #649. - Fixing option -c: only some header lines were passed through rather than all. (Robin Sommer) * Fix parallel make portability. (Jon Siwek) 0.21-9 | 2011-11-07 05:44:14 -0800 * Fixing compiler warnings. Addresses #388. (Jon Siwek) 0.21-2 | 2011-11-02 18:12:13 -0700 * Fix for misnaming temp file in update-changes script. (Robin Sommer) 0.21-1 | 2011-11-02 18:10:39 -0700 * Little fix for make-release script, which could pick out the wrong tag. (Robin Sommer) 0.21 | 2011-10-27 17:40:45 -0700 * Fixing bro-cut's usage message and argument error handling. (Robin Sommer) * Bugfix in update-changes script. (Robin Sommer) * update-changes now ignores commits it did itself. (Robin Sommer) * Fix a bug in the update-changes script. (Robin Sommer) * bro-cut now always installs to $prefix/bin by `make install`. (Jon Siwek) * Options to adjust time format for bro-cut. (Robin Sommer) The default with -d is now ISO format. The new option "-D " specifies a custom strftime()-style format string. Alternatively, the environment variable BRO_CUT_TIMEFMT can set the format as well. * bro-cut now understands the field separator header. (Robin Sommer) * Renaming options -h/-H -> -c/-C, and doing some general cleanup. 0.2 | 2011-10-25 19:53:57 -0700 * Adding support for replacing version string in a setup.py. (Robin Sommer) * Change generated root cert DN indices format for RFC2253 compliance. (Jon Siwek) * New tool devel-tools/check-release to run before making releases. (Robin Sommer) * devel-tools/update-changes gets a new option -a to amend to previous commit if possible. Default is now not to (used to be the opposite). (Robin Sommer) * Change Mozilla trust root generation to index certs by subject DN. (Jon Siwek) * Change distclean to only remove build dir. (Jon Siwek) * Make dist now cleans the copied source (Jon Siwek) * Small tweak to make-release for forced git-clean. (Jon Siwek) * Fix to not let updates scripts loose their executable permissions. (Robin Sommer) * devel-tools/update-changes now looks for a 'release' tag to idenfify the stable version, and 'beta' for the beta versions. (Robin Sommer). * Distribution cleanup. (Robin Sommer) * New script devel-tools/make-release to create source tar balls. (Robin Sommer) * Removing bdcat. With the new log format, this isn't very useful anymore. (Robin Sommer) * Adding script that shows all pending git fastpath commits. (Robin Sommer) * Script to measure CPU time by loading an increasing set of scripts. (Robin Sommer) * extract-conn script now deals wit *.gz files. (Robin Sommer) * Tiny update to output a valid CA list file for SSL cert validation. (Seth Hall) * Adding "install-aux" target. Addresses #622. (Jon Siwek) * Distribution cleanup. (Jon Siwek and Robin Sommer) * FindPCAP now links against thread library when necessary (e.g. PF_RING's libpcap) (Jon Siwek) * Install binaries with an RPATH (Jon Siwek) * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek) * Rewrite of the update-changes script. (Robin Sommer) 0.1-1 | 2011-06-14 21:12:41 -0700 * Add a script for generating Mozilla's CA list for the SSL analyzer. (Seth Hall) 0.1 | 2011-04-01 16:28:22 -0700 * Converting build process to CMake. (Jon Siwek) * Removing cf/hf/ca-* from distribution. The README has a note where to find them now. (Robin Sommer) * General cleanup. (Robin Sommer) * Initial import of bro/aux from SVN r7088. (Jon Siwek) bro-aux-0.35/Makefile0000664002342100234210000000312612535376152014307 0ustar johannajohanna# # A simple static wrapper for a number of standard Makefile targets, # mostly just forwarding to build/Makefile. This is provided only for # convenience and supports only a subset of what CMake's Makefile # to offer. For more, execute that one directly. # BUILD=build REPO=`basename \`git config --get remote.origin.url | sed 's/^[^:]*://g'\`` VERSION_FULL=$(REPO)-`cat VERSION` VERSION_MIN=$(REPO)-`cat VERSION`-minimal HAVE_MODULES=git submodule | grep -v cmake >/dev/null all: configured $(MAKE) -C $(BUILD) $@ install: configured $(MAKE) -C $(BUILD) $@ clean: configured $(MAKE) -C $(BUILD) $@ dist: @rm -rf $(VERSION_FULL) $(VERSION_FULL).tgz @rm -rf $(VERSION_MIN) $(VERSION_MIN).tgz @git clone --recursive . $(VERSION_FULL) >/dev/null 2>&1 @find $(VERSION_FULL) -name .git\* | xargs rm -rf @tar -czf $(VERSION_FULL).tgz $(VERSION_FULL) && echo Package: $(VERSION_FULL).tgz && rm -rf $(VERSION_FULL) @$(HAVE_MODULES) && git clone . $(VERSION_MIN) >/dev/null 2>&1 || exit 0 @$(HAVE_MODULES) && (cd $(VERSION_MIN) && git submodule update --init cmake >/dev/null 2>&1) || exit 0 @$(HAVE_MODULES) && find $(VERSION_MIN) -name .git\* | xargs rm -rf || exit 0 @$(HAVE_MODULES) && tar -czf $(VERSION_MIN).tgz $(VERSION_MIN) && echo Package: $(VERSION_MIN).tgz && rm -rf $(VERSION_MIN) || exit 0 distclean: rm -rf $(BUILD) .PHONY : test test: @make -C testing .PHONY : configured configured: @test -d $(BUILD) || ( echo "Error: No build/ directory found. Did you run configure?" && exit 1 ) @test -e $(BUILD)/Makefile || ( echo "Error: No build/Makefile found. Did you run configure?" && exit 1 )