Skip to content

Commit

Permalink
Zeek 7.1 compatibility changes
Browse files Browse the repository at this point in the history 
Zeek 7.1 introduced the 'ip_proto' field in the conn.log.
To maintain consistent baselines across Zeek 7 versions,
cut the ip_proto field in affected btests.
  • Loading branch information
@pbcullen
pbcullen committed Jan 24, 2025
1 parent dc3addf commit d127c74
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion tests/analyzer/tailscale.zeek
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# @TEST-EXEC: zeek -C -r ${TRACES}/tailscale_linux.pcap %INPUT
# @TEST-EXEC: cat conn.log | zeek-cut -m -n local_orig local_resp >conn.log.filtered
# @TEST-EXEC: zeek-cut -m -n local_orig local_resp ip_proto < conn.log > conn.log.filtered
# @TEST-EXEC: btest-diff conn.log.filtered
# @TEST-EXEC: btest-diff .stdout
#
Expand Down
2 changes: 1 addition & 1 deletion tests/analyzer/wireguard.zeek
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# @TEST-EXEC: zeek -C -r ${TRACES}/wireguard.pcap %INPUT
# @TEST-EXEC: cat conn.log | zeek-cut -m -n local_orig local_resp >conn.log.filtered
# @TEST-EXEC: zeek-cut -m -n local_orig local_resp ip_proto < conn.log > conn.log.filtered
# @TEST-EXEC: btest-diff conn.log.filtered
# @TEST-EXEC: btest-diff wireguard.log
# @TEST-EXEC: btest-diff .stdout
Expand Down

0 comments on commit d127c74

Please sign in to comment.