From 314e992284eaf2b506869b7a16533399f7b7dd9d Mon Sep 17 00:00:00 2001
From: Jeffrey Bencteux <jeffrey.bencteux@ssi.gouv.fr>
Date: Thu, 18 Jan 2018 11:54:08 +0100
Subject: [PATCH] add test for smb1_com_transaction_secondary_request event
 changes

---
 .../.stdout                                      |   1 +
 .../smb/smb1_transaction_secondary_request.pcap  | Bin 0 -> 1740 bytes
 .../smb/smb1-transaction-secondary-request.test  |  12 ++++++++++++
 3 files changed, 13 insertions(+)
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.smb.smb1-transaction-secondary-request/.stdout
 create mode 100644 testing/btest/Traces/smb/smb1_transaction_secondary_request.pcap
 create mode 100644 testing/btest/scripts/base/protocols/smb/smb1-transaction-secondary-request.test

diff --git a/testing/btest/Baseline/scripts.base.protocols.smb.smb1-transaction-secondary-request/.stdout b/testing/btest/Baseline/scripts.base.protocols.smb.smb1-transaction-secondary-request/.stdout
new file mode 100644
index 0000000000..10cad0c702
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.smb.smb1-transaction-secondary-request/.stdout
@@ -0,0 +1 @@
+smb1_transaction_secondary_request hdr: [command=38, status=0, flags=0, flags2=0, tid=45374, pid=1, uid=57674, mid=2], args: [total_param_count=11, total_data_count=9, param_count=11, param_offset=52, param_displacement=9, data_count=9, data_offset=66, data_displacement=11], params: some_params, data: some_data
diff --git a/testing/btest/Traces/smb/smb1_transaction_secondary_request.pcap b/testing/btest/Traces/smb/smb1_transaction_secondary_request.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..4236b140d5d5504d03137fa20b3c01cbb25e8a05
GIT binary patch
literal 1740
zcmbVMUr1AN6#nkrjLkVy8#IDwU`;VubB#$tVVaeiGTcJaMO$hpWy)5~h`=5kKGuWu
z(1Sz;HP}OiL=TH71BpUGBZBY`^cp<`l7X#re!p$GU3{<$=Wy=t&$sV<-?>|O`|Q37
zJu*)!1t|3LU?|x2Zp;7=)g15ty!x@2SWIv>pb4ntWA)qCZoGaBg+h%bm1G9RtJ)B=
zNR+RHQb!vc^1j3pDAj~PC@)7CfsvGCEIFH4zD9?YU|BqV$PcLc)Mw^1_vJtMD1;XE
zme}xVN%EQBZ^Qt>b7;EiPIq;ZxiF`6R}#f)!|GkS1{_HF+8V-KSvhTdSUnXeg4*u4
zoocf=9W^c?=Mw#JMox_om6lQ#;?c!CA)<ul_Ljust%S)U9CH{kNsAmBlslF(fg-4H
zkW->q<MG02x(4)R>5uE`#Y#3w`lW!*MOx^O@`i%5w7mXv6z%tPa}BrWmFbkh2DP^6
z<MrqE3x1jhAIK=Qh{}g%o)AH|;(KAXX^q;O&5)ZsTNa)*N|Z^L2`>ndLxb`}diLvg
zo@Ww;JaaNN;3hX6;mXQQZhU0Z<`jbHH@VU~nUA7?-pk<)MIt9oH~9#wbKr9CP&8t5
zJDfSSp1vKjUO^cU2y`~LyIKRy-p0M4B*ggUF=3R>aA>>>TXqQV_T){#G98}sS`#yG
zK2QZ5&$cnH6AS;6f|eB(I;Npucb1#SQ3GFS@O+3E*E-zra~C{IyGqPkH)m=#u~Nn6
zER0BVcAhbV2aH2w&VV#$tuD_Ti9+T~92EQyb5~bInV)1=LR{`^GjVTqo6%2qIW*#S
zSu8?aPp-HtRdjfj#hsMmI<hoIbHzRKG)LS5;i(XDynOrCMO-Bj142Zau7_lWr-H;J
zG8`HaC(<Go=ZPp$NW}FRU8BD=X1`CAxhccG*aTzl4ov8vwIIzc?5UKU2G`r{Z3<k9
zgu=r;KxAmJ@7!=G92(>=N4)ihu7sHKj8VlHEplimN7Iz6b15r5qH&_!;S@w#nX+A!
WxhX^0z?4mJQ#PW3D*D6Sgw$VP-|jj9

literal 0
HcmV?d00001

diff --git a/testing/btest/scripts/base/protocols/smb/smb1-transaction-secondary-request.test b/testing/btest/scripts/base/protocols/smb/smb1-transaction-secondary-request.test
new file mode 100644
index 0000000000..03bddf7bf5
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/smb/smb1-transaction-secondary-request.test
@@ -0,0 +1,12 @@
+#@TEST-EXEC: bro -b -C -r $TRACES/smb/smb1_transaction_secondary_request.pcap %INPUT
+#@TEST-EXEC: btest-diff .stdout
+
+@load base/protocols/smb
+@load policy/protocols/smb
+
+# Check that smb1_transaction_secondary requests are parsed correctly
+
+event smb1_transaction_secondary_request(c: connection, hdr: SMB1::Header, args: SMB1::Trans_Sec_Args, parameters: string, data: string)
+{
+	print fmt("smb1_transaction_secondary_request hdr: %s, args: %s, params: %s, data: %s", hdr, args, parameters, data);
+}