From 1805afe5d989565e61640038e9ceb9aaf93015e0 Mon Sep 17 00:00:00 2001
From: Jan Grashoefer <jan.grashoefer@corelight.com>
Date: Tue, 10 Dec 2024 14:54:19 +0100
Subject: [PATCH] Add btest for unknown_protocols.log

---
 .../core.unknown-protocol-log/unknown_protocols.log   | 11 +++++++++++
 testing/btest/core/unknown-protocol-log.zeek          |  6 ++++++
 2 files changed, 17 insertions(+)
 create mode 100644 testing/btest/Baseline/core.unknown-protocol-log/unknown_protocols.log
 create mode 100644 testing/btest/core/unknown-protocol-log.zeek

diff --git a/testing/btest/Baseline/core.unknown-protocol-log/unknown_protocols.log b/testing/btest/Baseline/core.unknown-protocol-log/unknown_protocols.log
new file mode 100644
index 0000000000..fd78878bea
--- /dev/null
+++ b/testing/btest/Baseline/core.unknown-protocol-log/unknown_protocols.log
@@ -0,0 +1,11 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	unknown_protocols
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	analyzer	protocol_id	protocol_id_num	first_bytes	analyzer_history
+#types	time	string	string	count	string	vector[string]
+XXXXXXXXXX.XXXXXX	ETHERNET	0x88cc	35020	02070400222d81db1004	ETHERNET
+#close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/core/unknown-protocol-log.zeek b/testing/btest/core/unknown-protocol-log.zeek
new file mode 100644
index 0000000000..c059e1314c
--- /dev/null
+++ b/testing/btest/core/unknown-protocol-log.zeek
@@ -0,0 +1,6 @@
+# @TEST-EXEC: zeek -b -r $TRACES/lldp.pcap %INPUT
+# @TEST-EXEC: btest-diff unknown_protocols.log
+
+@load misc/unknown-protocols
+
+redef record UnknownProtocol::Info$protocol_id_num += { &log };