From 7603567782f5735c815ead75b1ecd6953c555f62 Mon Sep 17 00:00:00 2001
From: Johanna Amann <johanna@icir.org>
Date: Tue, 26 Jul 2016 15:02:11 -0700
Subject: [PATCH] Correct endianness of IP addresses in SNMP.

Addresses BIT-1644
---
 src/analyzer/protocol/snmp/snmp-analyzer.pac  |   2 +-
 .../.stdout                                   |  30 ++++++++++++++++++
 .../scripts.base.protocols.snmp.v1/out4       |   2 +-
 testing/btest/Traces/snmp/snmpwalk-short.pcap | Bin 0 -> 43259 bytes
 .../scripts/base/protocols/snmp/snmp-addr.bro |  15 +++++++++
 5 files changed, 47 insertions(+), 2 deletions(-)
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.snmp.snmp-addr/.stdout
 create mode 100644 testing/btest/Traces/snmp/snmpwalk-short.pcap
 create mode 100644 testing/btest/scripts/base/protocols/snmp/snmp-addr.bro

diff --git a/src/analyzer/protocol/snmp/snmp-analyzer.pac b/src/analyzer/protocol/snmp/snmp-analyzer.pac
index 44dce4dbf5..0394dbda61 100644
--- a/src/analyzer/protocol/snmp/snmp-analyzer.pac
+++ b/src/analyzer/protocol/snmp/snmp-analyzer.pac
@@ -39,7 +39,7 @@ AddrVal* network_address_to_val(const ASN1Encoding* na)
 
 	const u_char* data = reinterpret_cast<const u_char*>(bs.data());
 	uint32 network_order = extract_uint32(data);
-	return new AddrVal(network_order);
+	return new AddrVal(ntohl(network_order));
 	}
 
 Val* asn1_obj_to_val(const ASN1Encoding* obj)
diff --git a/testing/btest/Baseline/scripts.base.protocols.snmp.snmp-addr/.stdout b/testing/btest/Baseline/scripts.base.protocols.snmp.snmp-addr/.stdout
new file mode 100644
index 0000000000..f21633eb91
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.snmp.snmp-addr/.stdout
@@ -0,0 +1,30 @@
+138.68.0.1
+138.68.14.240
+169.254.169.254
+10.46.0.5
+127.0.0.1
+138.68.10.203
+255.255.0.0
+255.0.0.0
+255.255.240.0
+0.0.0.0
+10.46.0.0
+138.68.0.0
+138.68.0.1
+0.0.0.0
+0.0.0.0
+0.0.0.0
+255.255.0.0
+255.255.240.0
+138.68.0.1
+138.68.14.240
+169.254.169.254
+0.0.0.0
+10.46.0.0
+138.68.0.0
+0.0.0.0
+255.255.0.0
+255.255.240.0
+138.68.0.1
+0.0.0.0
+0.0.0.0
diff --git a/testing/btest/Baseline/scripts.base.protocols.snmp.v1/out4 b/testing/btest/Baseline/scripts.base.protocols.snmp.v1/out4
index 0854c7096c..2111edee6f 100644
--- a/testing/btest/Baseline/scripts.base.protocols.snmp.v1/out4
+++ b/testing/btest/Baseline/scripts.base.protocols.snmp.v1/out4
@@ -3,7 +3,7 @@ snmp_trap
   is_orig: T
   [community=public]
     enterprise:    1.3.6.1.4.1.31337.0
-    agent:         1.0.0.127
+    agent:         127.0.0.1
     generic_trap:  0
     specific_trap: 0
     time_stamp:    0
diff --git a/testing/btest/Traces/snmp/snmpwalk-short.pcap b/testing/btest/Traces/snmp/snmpwalk-short.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..90f2a4766477565ced29752bd8b989a5950ce248
GIT binary patch
literal 43259
zcma)_2Y41$_Qt=KkVfwo2-ro!03i?(I!Grl^dd+J5J^D@3Kk$LMT~tF>?Rh96%;jb
zUF)u0x7gd?-g|dl<$vy(d-L5hbH2myI4ttGyx;Gh_n!C8ojV^dJ-)9l7D+_Rj{^rH
zktqDjq4#f}Id*Aw#D!n0D-j*|&A+4Y^LM{SGa{oRk&zed8X6hedgDXeMz;8N+sLeE
zFMTmm7jg17IY-B$(M0;nHH*s27T0x-B{FAC8WoF1;2$U3$xKh{ksggj(@?=ZB|GvE
z{ORiQ{%lVN74B-NQwr{E^`|S9NF8WgQ}?S=bBQHUUvm!8sCHJRXP`zj8c8gjP*%BS
zZSI;yYbvYP^z7HWPsO61tCv>w>FM;&&Ckovb9(me-E&!KW$CK2#koiHbJq8U-^<VI
z-E%trKXRu|oSZwebV=^GHRZXz`{p{m2Ri)+_U)59ecFiJK2Gm~+_eJ=78K;G;VNH|
z9hnXw>Iw|k=nHn^a5a$O>YKOKInH9KI}A}y)Wg-n$w{JkBX(VRc4Pqvs4FmHQyS`V
z#O@;_Ht3~wPG3u;{%9i7$?0H3Vv+PL7`a6B;f#1JOEDc)Au{bjrU$|>jSe!!A|6xc
z%IwH2;89nAX<Wli$n;mjR8Vx4bArv(6`71kYp11QibqDoBj<mkV6F!pp+L7G%>7|t
z#sp#F8s;xm*^%V{qOJhUoQ9hb<~9OzV%9jP*oNtaFh-=C)78KvB8j#WOLL1WN{5!N
zU0AWQyfm+B)w00~uE$Cd?skL&V_1_lh5N<^;Sw6I<*C_`G5}Lo0B&x>EeN-pz>Us3
z)fr^NIS6M&x;wcBE-jL1$IVkkw*iEO(%pe{`@_(U3(}=&x{Fq2M^*!wx&m~i4YwlQ
z^@MK9I~5L?uBqSE4@5d6a)NWbp-Yb>x=byrt}d%wmRnVsTfMwAcVyM#6}eSQ@z=u_
zu2Y=9!AB4{??ldf!*Grda;9s}KdQ4MGk{TD0nRZEJCU=IaOOXKu5-N2c{p+!k(N$#
z!`TcP{TPLE-Wn0*E=0K}49bKcN;8e}?P($kMwAOZ*9wsQr_Se4jEIGj5g8H1n3{dM
zh;lcg><fc3F^H0(Q7&1V9XS~)qOL$y+y;yf_fCQ`c+)B;->%9rSQR7E+3AS=9R7<;
zh}`r{=<Vt8?07V)>Jwj=9hnJQ>H<BQ?qe_5i%@qFsD63doF0~5T^H1wq@h|lEo?on
zxequ)#KHt|@1R&4R&!WJhGNAuR!jI?3hOq|6R`Fn77U}+2UB2`uvjq<tHW6$7G{Zi
zJH<MOt(K9YSaFS&rK`0K^aQMX5DSL!;8>Gcthk4D;Oy+kNni+d1x#4dfGOfLVbPTv
zoZglx>W@TI7?}=EJIfS_^mH^Kmg<`IBGbLd1Y>w`rYS5_!ejbigUE#0;d5Zo@*0lG
z$WW#<WQs+5EBh_mC^GFwCW!xoGr25Nn#XiYjmU&K;j>@S<t&qtp-kzTDWRB#o+C2d
zhfI6IFimBd(mkf7=ZZ`i7%p8o6)k3&j0|OJrkVOErpS3B)BVT<E184WX&TGa%wrm~
zNo*6C9PUoqCQfC$pOK+$B15-{R<RgPsSiL;XcG@0)~+yE(^;$x53BhW5eu`!y_I6E
zUdc6eBSWz=HCFR@G_I<3H|Pmi4TuH9c<^e?V6ieitnBke2V!=(FnZQ%qNp$HKqEsP
zn57*!Pcdx;F@dQOnP3bL&NP!{%JP^l-j*HN4BcE^fsVem0fWO`Pnec`QRB?9JNiWI
z=tgFUGbq{7<IzN~X|R@^ICgmM(yCRt6H8aGUbw6@ck-&L#qdkD+Fe+=BzI)l>Xi$t
z7cYl@&r|T7E)d}#MEG06z|Z2~<9dIgcWrj$764aQ0DgM|CX73uz@K~B@6I|Kz8v9=
z%zS5_1s_XHQt%ZED}lM9w6Z$4tP)0{VqtX|tnrtWE-kApQ@>n|W24smQzyZO!t~Xp
zt9mY4xEl5qrj{;Vv#P9mUGBuHC8gy!HV?sv7L4&%9GjcNjLmFzZ1f5yaZz^UEEpGc
z1;(bbVZV}bH<PiM^WX;#<a+XMX9SLok?H63wZ<l%I7*ET0#8g1(6CkDg6h)6)oWIv
zYY_Qt_$&hQLx_A+7-aA*?lh6LXk4#u&bv4}vJP<76+m9mfI;SNCCD?6y}^O?bP{<e
zA{&`Lj$<Jw65Y*QsHj@9ro0r(u14UrKDpoy@IvWoW&aMBh`fJ8-uf`Sb6H-!@>y`H
zIQKE++%pL8l7?yA+&40G?x!W^zQv2PK~4N=BPQpTsZ9zsGjK{E{44OOgknF8@O5F}
z=dtj5iPZ1%?8rq>XmtgOy|DqK&^?vFm*-7)7TLv~j>R@Iqn%M!vC|X%nPNA=kDZK-
zZ|n$|@5~^)51&pLghy}?ZVWRBC$WQ|*HlGUhz`Kubk~wWSaR=F&H+Y-I-r^CfaxPy
z_!r?*3Gk01{0(8?=d<v7@%7%7*^!M<eRTyKu&MzQ);*iR&p+ft2Uc3i={_1AU}OrN
z{+0tW635LbD?MFz@?ncr;N^~}s;pjBRqplkrumOuZrXMc`!U3Z{iTB^{sI<TFU~4<
zWJj(9WOW6ww>Dt5x=RUm^+%3#ij92|VjGzfXQG9jnHWNi@1<Ll^ReSks;VwqTDBNx
z{Rz1%%h$kvR90RM+w6J;aO_p$U_6e4ab1|fIGG&`y`-zWIy<rn20~qd!8pAE!_+;E
z494Q8J30_)Ne@iG!7ws|onmV+vJ!c8FtFt1Rm+yC4j34U)o6q-;X?`je*)RB4a2^W
zW!Fo;#I@qSI;N@%DPt{X3wE#P_SKDy+E-Uk2w-$F;W2^U9;*c%0q5_Cb4?f=XuiSp
zPUywlj_X7m3{4ku!^YXk;usl<6Vo^yuNQItfjC!(!CB1W==E384I&Q4pbH6L<J`jH
z7#WHa*Est?N2tz|h;vmKoFy!dURyQZDB@tCxzN*XoSRr2BSUc#8mFR8#CZyFc7(wx
zWpVV<X-B<?gAwJ@X8{FuERK<(IB6Qkxk<!%8gaIV!CA`U=*7_5n?;<*l#C1A)~?PC
zERK<(IO!Va7tj&R_6*`&83tz=i=&q{U+xrfFg#pnpf=8RERK<(IL$Q9wp}95vxsv=
z7@XxSj$WwL?G|w`4_s)VHqJFHj*+1_85*bi9uem`#Q94YoH7<iFF@MeCgNZoxX?gt
zoU2$IBSUdAHO}>*Bbe=Z#JM~S4y=8c+|f&j2W}T}Fb`a4pf=8S7RSg?oGgtq`3@21
z1;n{549*G`N3RMd-6=jY!#wa+Cx6!q+#@q1lYC@`y0~NaJ*Wr|GGAnBlj3o7xrRv|
zhJfGj_O|BSEmj7zz=h^%SLV8>xCM?8Nmd3nRHJI0qi)x8_KKDHC&FA3rZN?Q%Ak&i
zbJRW&2eZJ1=4s<x^CX93WGD_u#T3r1pd-wie<9ArVQ?y09KFEVcaMmJS>QtRv~jNb
z2Zv*1C{8@)Z4T$%E8_ecaV`pjQ^n%w1<uL)vm>+NE<#;_JBjfPm<29$8w;oZF*BW>
z_MJp7-bomlHcl(OnpTyGCSv7PsyuIikWilgAkT$icvf;e=Iqti_hm=s0*kr=JQEu*
z3|ug^#Z&mnH%>2`r#tc(nRZSaizk*ylvXcy6w#9VMWUCGs5T7IsVtE;+}sC5BFqC9
zd~Fkb$PyVDN)$&Te9YGfQbLVhMxqPC5UpZ~wC6r<5T_7Ef_o_;D%gG(H-(H0nL=@J
zT_;tbnnn@l6~x&V24^*gW47b3eo(~0Q1Dr<;EG2%93w+<U>c<>oWj3~IIkkk`C)LX
zSsd-R#Se)%7z;kX6<p5Z7#WHK4GwX#{wCtQhB&ZoeeivwH7t%cTgQj9BXgh`s4LJA
zCNy9yxG+nt=`*1AVJFXS2;HzD7@4+C>tsVnL}PI{S*q%@AC!dI^Ev`;2?KN*2V^!3
zo_<8^*cc2xp#J+F;ySjGAsssri^bC3Qaq)Piac*14?Idac!5r5d9>fE9}{^n7+h#N
zR)PB8&GHx-$`dy{KY@@?pEr?bQy8ALERQza=Z}m18e_rtIHs`tBQAlA4C&Wt(cy{6
zjw?5+3T=BrBzg;p&I>~X&jx+B3ea`Z^cGe9-^GrAvEV`<wJKC_@g}ap85z<M(qhBC
z18Il;L&SL-an22ca|Vl}4R`pHA`Zra3w_kaxsb&%G88ASaV`TL!Ef&%&N*Rl&SY`4
z-)?`3$iPW<XmfDx4NseoZNOOY;q<%g@8rZ=y?5e`m4SoP*xkB6O=SEB>;4aEYQoT*
z#nGf|ujM}@9#+6qaADA_;uLMJ=Z-ZQndD&w6{N95x;H#({_F!Wp+fH>)5b7NXR}P&
za8EreGGQ>dFmyK4xh#{Bp-gejgttK>pA(thL#7R3nAWpQ+I0(`7bg*hgA2{nVk)@c
zF|H>V88V5QnVZzlKu0Li`-lSvJq{j18#tV1+ICqlia3}JE_6~G=X@5&$WR=x9^P|r
z1RVkA1H^%ccL&GW$l_?n?fj>RgTdfJC$(|5uxmIYLvdgYhh{tEUn0(jh;vpLoEjEK
zo2}2kMH~zUUsEX9%HkLqf|Fs)wi9%O>U@MaXNJK!hr`LxX1nV@A`S+FuOAd_W^s%R
z#W7|({3Q|RW5j`j5(hWixh#&!)0agYOa>RasBO0M9^qPnk)b%oY<odRsLm&dvn~wI
zc`S}L+w-r8I2Z~pG*BC7(?$-*$Pk=N^L(-BRT1Y?#DPN$2d~a14kuHat?)Gw2lK#p
zQm)`!7RSg?9P@nfanKQ}^BLlt9tLMKi=)l<&Fdl#=7I0@LqQFTV`M0fdA_*n4H4&a
z#DOR52d~Z+7Dt<{_D%8b6!XA$mTAC~UAencBSY>^v!cV|ZSEPX);d?dB?5hcKx@JP
zZRLQnwB2rdTfF<hMDQKWDZKbq?(WCPkh`C(*sw(8<r`ZnqHgbqL|-CNbr_=aSt9MY
zoc|LYhoRsrQNj8et{)f~;<&8%Fz@bX1?UJ9=qtoo9R_C`i=!QP%e&(3Him+)K>ZgF
z<F*fs47uITjt+|z<L=wY_e7qrk!MvHo(njhY;Cx__eCB|1sD2`)vo&&_TqSq4CRRp
zi%lA;>~<>%3HA8~dEn&T!8<}N%cJe~@CTyZFcy3~1!uAi&d3nEWgELq|4_vF7I9XF
z!MTvd(RN$*k%)t_;5(^QaMlKH_81w0lM~gm=Y7x-s`DM<RE5F0h{MUzZhQA*5eH+z
zg)VBjt>6q6$H-8en8um>iHP$(;#7vgxtPV#W^+CjaWE8IXrVUFS{BF1P#j~nCqPH2
z&JT!F5eDZH7Dt=yt<OXpOavENsExCZeWq<>2u^cjwzZ#&I6opzc^I5aIh^L&Z1cYm
zaWD~F=%6;v=`4<sp*Y5DFMy6vou3eAMHrmRSR8G(=f4zjFc5r4mkZXgI7Wuz7_&|K
zO2qjYaZU+?b2*En&34q+A`a$(3k}q+&S__Joz2J)oEFAxJ3vRM&M$~l76#`p98L>u
zw$0y&IG6`6G*BC-n#D0P6vvqDC(sdaenp(+VQ{WsakSa~_*TThJaD0b+BmCN93w+<
zjM+APC*u5uILpG|T*=~Svu*lb#KAmpp@G^stIy)hW@HFXOJlb94<gQg5eH6LAAFIs
zox^FV&GtRW%z_7U>IyuR8`pq&;6eknaZY7%j10vwW?S~7i1Rz*l!n3C!QyDMZT(5a
z!8~xGf!a7#ERK<(IL2&;|19GC4{?@+!MTdX(PlgH7xAVP^T35EYT*pn-<i89H8SL;
zv{mw^^m<Sdn!z6kv^WgV)f`YOZMQdn6@f4jT$rRb(4R9nAR|M8V#DH{m#3+lghjuJ
zKz}08qA)<$ut3^yCI1x-hne83P(k^bTstr_#Bi;Q;r<CaLVXS(&cZM_*RnX;aG(7y
z-os%g_}=a4Kc$Gfhchzd9<FuMJ?TCFlXz+)$a8WSp6fWC*4l6H{vq;UD7eseEWh<{
zIhx}!GL#4INu62BZp;4^d7{X(APmp-ERVL^dj~|jVJi4|3d+vl>}F($-C7&F&4}a(
zcB_pc4!qcU@btNX#nE<K5Y3U&2UEd?Hfoip;FNV7j*%faZA_TH4mzo4Pi-7=P6~r_
zBZt#QyY1_kh=Zx%LKC%dma{lUhT@not&EE}3B;Kf2B(h2(Po>U5OFXQTxg*-&Qcb~
z$WR<(w);Rws7@N<%ngH6&*EsaJ(?!sU?RBCLT#L7YdNzS8G_T+n5}ENh?9;ubHd=<
z#No8nW;?!_h=YmXLI<^RN?9BuLvf7Rc7u*koo0wLI}FavERHr?U513yh=Jfj1GRA$
zvp7bE;uy2F&lGVo5NB2xoLg8NZMMEyA`a$(@0$S%mYmL+&Bzd(cE)UPfR0d|OvITP
z2Ip1|r=2$2r`aM7=79?h)UM7V7RSg?9Amcf91$lAab|?U*~#K)v(0TT;$R-Q&_HdR
zlUW=iLvf7R-Ul6_I@yRbJq*q+7Dt=y*A^lU=79?h)W%u3hBKRyAvo=$!@UP1=e87a
zau8=)7@XZ4PJ3;(3tNdem<KL2P#b3fi(_OcPE6xOT8lW%5oc-`oINa#Hrs$UA`a$(
z?@LGvPGWJ448@6SoIRi;n5_lkxM6T^V{x?EcC{68Fb`a4pmufU-_4oL$Pk<k(R9yj
zN467jS|ZMrFgUk!I32Xv`nMNxFb`a4pf=7t7RSg?oS4RG1RbF|tq^B&7@Rv;9BsBI
zJBT=#2QD;F8)puSV`L~!T;q)DDB`q6oRTm&cd|IzY&$#UMCQZRl)3`jQ<EDp4_uJ3
zaEi~|<Mgr5j30$(#*Iuzr+s=We8oH-RWD%GWQ~l#|KK62zMXUIZ>OUtD@$tIAk-KF
zRg`xLIr3QNeLLM<8cH1x45)c;V;z4;j_^&pjhGGYM1nTxhaTKF?HV!lO}nirT8kQZ
zc?Q|;0y%3WDcj`Qw#arOVJptNl#FDZH<EX2HZ_t#IS=mILvtbvp=Rm|)NN`bCWSkW
zzzylK!0Bh#?O3dvQ9H!xl-|~cJFaGZ4P2&lhvh_01~GMc$4Wg}JbUZbwnMxT1aENO
z<>VW~>b!5a+^g}_H->S79^fH|=R_8RmbwCf(;G26+|dMZ*tPK8&Nkrj2x#;Ua}G&b
z1rCm(F%#*^`_ZS=7Q+i5c@oH}D}Y#1+a3`|5yTYk+{d}oNP2uvcgcw?0U>n-_+~U>
zn7ANjO}ycIx;q1Gz8=VD#13~3P1?m119#$qSvV=J02g!>E!u&pVG4`h!&$UR(<5A;
zn-f_Ibm|Ha&T7PbafcJaksp^h18u^dNNCi$I)^76qtvuT6X|U>Z*b~HC`PB7=+lnK
zIFuAIg-`G0d}^tBl-;|F6A@#_g=ufqamW#`a}&|%sfpOs(%?iO`gCYw8?;dccn1gy
zF71SXFs#<jQ3{vt=Ui$8J-S^-<U|%h{nQnx;j~6fA$KI98`|PCr@*e^aacnmcBs=i
z=~7P&T&nO|e5>$|I8yXzXQqBBJbEAJ(I!QY@5rOXS%`t;4kLWSYo~Iv(5R_d*wodO
zn)c|>#O^<L|EUNYLGxr7Pjv;_j9YsM5)L8-OySV`Ifq)B9^<jc<Otsu-H5^DP9lu?
zb6(`$7dLvz_r(+HT^fwPTR>$x5UDFbHM;gtq=J5J*)qlZ;ty!5<on{F;-Tz4Rz$%N
z@<n?7>`OQlBVwV%00oafop_vxau}k}Bu|0T5JWNGnLpupvcB`Z%hHHp<Blg)>G$)I
z+`BABM15nP_xC0w;*nvo<@1%<UIrPVEQcct&9oFOjX@UkmHDsq5X*wO;$z95c`;WO
zBVv^$5itjaP7qPLAPV%NgFEcOAd2~d{PLb63dV<TU6ns$8;4><ER-}r!7t=}7gU6*
zbVU@pm`YKVzXnmvx8Z-2C!%0bxMPXK@~2<Op%@VhCEZk|vX_XGizqaXQlLB(L@{4@
zzr_(zFce(4Z?Hl(e_AbvVni&IW(MVdpdwVI8=^oM9Nb`k3!<1Wy#J-Qh=SeUx30~f
zdI5)GL@bmHgEF;`h|(QV=qe~hRUQtam@m8^-&bs5*z$c#*nU5C;aZpxv07NBYGJcg
z3;P$y2xU0}S%!ou%OgRSOr0zZ`63JUeBVN+-?&_k#fVreS-`Rszg6Y%ej>|}$TBz#
z%cDV-EX~rnK(rY4d>>2x<gJ{=jEH5iY-6#FpdyszC`6&lm=qR!EQpe=Q7Zb2DA@B|
zXq5KEFWJJO7!eC4$Dni=Afg<ND8*r_@^}y>N2AOu6j89}`)-HwC+*}=jEIHO9M&#f
z)MR-ZRD`M=gD6E|P@V{)G}kDf4ir(a=lfR8`4cyBC`QCWX<@3ezDPtl7EuO<LHT<S
zrG-XWUo4_v&v&6w+6J3&9*1H?ER>c8<$F*Os&X8n6ox_hM-Zi@MtN_Lh=M)eg+6Jc
zjA#E=7$ah#v@$5m2a71jBg%j<C{G4aT4|K=Lqrs8`7X3c8)e)%Tvd#Sh0@xf{0u5W
zReB&w|1c;|1yNdSl-GueDA@5`Xp=U|*cuMSh*&6X49bRKBFYJfQV<5^=^#oQjq>Ag
z5d}NG3vJRy8MBc?F(MX9TZ2+QLPY6_DE-2qJQGA|t5Ld)BD)Oq?rU-*c6_%lK`DNv
zm~7V8dz-aJL~YhK$L-TZyJ$2kFOoJip?+3Pc@L<~f%{^01@4U})aD^lFM>26??Q4Y
zug?2omS;7RI+RD%yc^`VP87MY{kwfA*B3W%Tt<m<ZGgXAaA-pPthkns7P)#MS6&#d
z=U6VK<8fU+hU}Tpdby351ul%BWxc^^J<0BKy|?>pl+^BX%cgq49$Qw;c(n_a^{gUm
zH8v+Q52~fEK*c82I!M-okPXbc*l}XXZyl~X0{6Y1*JSOTwgEklZQZyW;d{IqF&une
zEbM+J_a33qQtuHqxg(}rs5faM<HdsYMywMERth7&z!eOoJg8GAh)@_4J|h<1aXSZP
zlqi(41`M{URhx+-R3D~RDWG0tp^`4#J&A0+QWusqVqo}OSoGFt^7u;s<w{0LJ-%vk
zVa#)(uGR4+q6PaR*0H2kDJ=L;&VpLZtJd?A#kPU*;r1lctN4uyu5B1C(l+8=J5+x)
zsVdm)DPqC$k?c4^mZD();tGap9@o>Z$c0(rg5RySQCxaG$7Pf#m$Jst1YjZ8_^BdS
zKc-?Sxc<#@C5?FFG_f6GptvxC7T4gL3%Pb^lt?>_n|65Mz_&;?YP#sf0wg<%R4j!T
z|HFAv>v=W1d4||IFjRbAEbOw5>l{XlbPfz<_z=p7V`hp4>yKDR6RZ>kdx<L;N_kLQ
zXNgdlCq5$<?%Kma86^s(tf8S=&K98tFtthn^)d^Ubm5>mVmrh%@wu?*)lpnKG)kl$
zCQLiTE}xhyTCfnYx|3R^u;42iizKoZ^Qtv>p4c`pQQTw5^eTR*j%yo6%W50#qfzJ=
zk)a9ovvT1ZpeC#i2O`-Kge*nDUJVvZt9e{6og{K$q`2UBt8ElNJ&NNpN|X!QJaDO>
z6_-0-<SJq+mV)awmP_e)T*oaCPkLaWxJMGML0K<wCq0akI_c5ETOGm(f)N!MJb^{9
zI*^+S#Zy;caX7KI7{PK$!3y&(B9pn!`{LEtHJF;rJ~@x<g_DUCU2#lo#7OZuu`u@z
zB2^!h(rd%^(U|g}UT-W~D3)swLzSXjZ*b*8DG%!LMIscYiO+_G?Kf~xM#*Z10Hutf
zp(ZaDp#~#VS5m4JP;atONe?bsLi!V})TBnt5}yYL&bpS|G1Pl^3`R-yrzTUV<ysTf
zZ=fX@a0pTzPN-5C@GZ`Oo|aduzDtP|#hTcNY2w2w?82_&ZK);$#ytai2OB_2=z~KU
zsuZ<)o2wN{c~Gw{6QM9mT<Ew~A1rLQo-?3PA_i0oP%t3&ibcyss9^|o7%5c>sCQVX
zqycx7i3Y?Nak~+yfzz+!3}}>y0o59<iR#Ex$N<u_ZWC*VBh?{<Dun_6k29dB<<)BF
z3Nf=VMcgg~t9bkjF0+gj$*g9|fXTx(&w!fX!4V8tigLZnl?&B8uFe%A7lw!nbJ+4=
z@iXi#mr<fz${5Kt#!gTZxJDvZXHu{fT<@`5NgF;_DP}Roh<hmE8g!z|WwB8rS=>x#
zu_~KdWQ?p5oj3}?IufuHPJEwpq9^B7?822q%HIkxOMFf&Y`>H18n#qZE6h+x@Fnt!
zs_Us@xlUxLQk3fhu3RYPL5*G|LSdBnY*?7h-fbBr(h4)YR*26&9|0-BgQF3u11VJs
zs1I4Fqz8|$7F!`EiO+)rORnHrp;02OFhjROq}mHwLKcrfs&<4bg#ka}4CrZjwR&p}
zk@6c5v&4s0*zQ)&fVNbV0W&=V;%Tl0r-`*1%TT4L)yG_|P|Abae7XoVTq(H_B~~9S
z%v{Ss86{%COwWJ_)qbrAH4dTLl2WCB`h<l_8nDwk(SR5uZYKgYZ~|*UqeKjtX)gx%
zf|g*w@krI0P^B>7r<?&jEw5G&o*`xyrij~~U==^Noy%e)MKUW}88Dey^UoB^HGu(3
zQLfLpa-o{Xwf8KM3q!<(Ic#~b_|Y<s%P3JUWenIRJm5vvz_UfJiOAK86f6bT=PXy!
zhV#~oS&T8_wjo@Disy4#Y?MeAXX`9ByM)JV5S=&)!CDZo6i)ntbD}5bRm|B)r2MTA
zv&84b!kl`pYuHjvt+2UrqJ9x)7f1=QRl-oEDA$)<xlqc3+Fv6=VU+l6SQxG5po|h}
zh0T>QG*tdMBGhDrYEDX(0_rOkD(S&x=ZdWmlf>u2fhW=@Y5Km{D3Mm!96hM1egG|@
z6;45_Y(ka7fM0V4^t8NM_1YxvePWilFo~^}QS|e>+}@{=vi3eZz<X1Q3$}DIxb6ip
z;c29cT$zL`#op&PnoEtLe(uyH=7GJnS?q-vCoW843#|CGIb1I^TB;X%?=vK{R`R8(
zd0WUZ(i_Q=+Nns^jF6>xnc-VamV6=1QuEL@Zxx@KV4%2Q4-0MZtygeQO^ld&YSPBr
zCPXy)%G3eSTL6tjU4ebVDYerO4t5o-^Q43FE+g%??r407{GEnV?U&KhmfR-3tAV-V
zW)Qrgo8sKN8b(gNtI_0=m}g1*g{i%uDEM+Z0;Utd6u$hP^QBhw=<d2ed>;(M#RV;^
zc*9n-<=zJ~TFLjpz$vKZdtIuqRy5}frhX~R`2%N8BkA#tx-chF3Pw>En1v?V%tnkE
zH%|CQT;V!})`^4q6VNP1tc!D4(kvjxye#zuhzbs!iG)#7z!VPsk#lHL)MI?*B5?v@
z>bNl5tr`yQb|E(bjhyw^vO_fPIW)PObIQe{KW8BxjHxvNQ~2{I&YxP(W7~9z_#PN$
zkDEr=hV(jvdk@TLCEo)Bf1(z7Q7ZRR(VerI+NE&k&zw7rpmyhF;_Sl&a$|&U*p>g~
zW}gvLv#+U@fmq-*smDQ5@a7!Fx8YAxycFL2h4W@o(j$EHax$EB{*^Rh68XGY^yS-J
zpc^?7=m`_(xM{HbFQPH$V(lV?Erl_E<&3GtJg_xah=GnN<TGY*1-pT2v`C<%76v+!
zeG6(QK?_q?AoEIU=P^}F;mY4QR~j`BEwWwgCzwAzR}Q}JQm&sEF%sw?))eRncMs?Z
zmOKgJekWy1Vafk;mQ3n-c(3jd&s$>t_|_}=9na#<TN*j*yk$po-g4Dd;(5#Y=ta6p
zNpX(<cMWB|xYtoXq1}FUPNWPhp{_u>&27Y>neq$iAEOTxID_nTb1>bENOvbUy_2`}
z>Xh&vsl%TgiQu|9xrs338WO8?fjP5w0ha6sQnC?wJ4me7d9nIGO{ZctrLb4H4cF#G
zPJz#&t^n=4M$DZlKM~q76Nfm1ZQ9;QYebK5x}|qc(yH65nhiA@6fpcqK6B5#j=XbC
zac9+@jJV$s+>v=#k$0}^ymzku(75WI>(t5~Z|U_pk#hJP>I(4AZ^S5?@;%`lxA1po
zsLk6Kd5!8(&JpQ{CVBBDPXX7gRJ@AVJdDq{At$mNen(w_hBK#jArgO0h)>MB#woV6
z>w2N~pPIOv(^b^=m~(Fw9gXoc<wwFi`ghjRMwdDopO-6CzoV}PVQZmCOFXl75dwcp
zfKxd70PAR<ut)n`o#<!`EMJAkOs(J?ZA7V~@tHkwwAn2iTQ53#F;idO(IxP3Mg8MY
zNBfmM-W4~Aj>Z_9@(ro(xL*e|j&4$=j>gphPT{1Z%{JP*pe;Ch2@-!n3d}pYL>&oJ
z#MIG2ZI3zo7BbRw1vIM>)6M7Tk@5AUchqC=Xwp?9ooto(06ytx_+aW$*A`F}>|Bbp
zUlCf~&LuHTOB=LL)kEEXYffYtd=zyB8rJMa%sii+M_swjDYBYIeV%F>O`^F@7pqO;
z2>{E^n)R@qWQ6I|omIP(scZ@_$2BYUvR~GN9kNU8R2YFiFOTjqfyv$yqpCVpvO9ZE
z>+SBWabEyo!N|)H_ft~Z6h=;HTx#T?um}9yZV?zma0*0%b(=XF&YlMs8zn}Uw&nzy
zSpB3I8<0hKf@SI+(aXyb_;UiB!pm@AA7?K0vQOBft+-8W%@}}Fz9h6`#&fN?#E8<?
zjOY0*FDKVlUxD&c7zK3&qIXtp8B^aBc1~yQ>{s@9f4p66&5M-kl+Ot7xOazet=Xv3
z)~rr~LS@Nf0|2pE?YcvB^eIUE5h-vAM>k^~9n|)iufLOww7)fD2>Kj7^7k{j)@*cX
zYfe*u_yZlSx1BrRCE9rf(tbi{Q`k9!wX;vvLp|<pu{C4*`RqKZmTk>Ol(yzH-`ZKT
zJ_oXbm&=*Trtoqm>t(;J2m9Gxu~T9A`Mf;38{3+VDs9ba0WWLZQ}&5Qu0Y)PNoi9U
zIg2%NP}l?Bat|41zmYKkr@-3AYRw~mS;raK=u#u68y|bESs$l~+$$Qn5@|mqv?+|7
z%^KOK>Y;YqFB%!s&sW<~TUa9-QEKG$fRS;J;xUjFj9kT3HieOMSR?yoJ=o{(6OD|?
WH|1ke*U^WuMmDO{$mxuc<NptxMr)-2

literal 0
HcmV?d00001

diff --git a/testing/btest/scripts/base/protocols/snmp/snmp-addr.bro b/testing/btest/scripts/base/protocols/snmp/snmp-addr.bro
new file mode 100644
index 0000000000..5c21cf7be3
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/snmp/snmp-addr.bro
@@ -0,0 +1,15 @@
+# @TEST-EXEC: bro -C -b -r $TRACES/snmp/snmpwalk-short.pcap %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+@load base/protocols/snmp
+
+event snmp_response(c: connection, is_orig: bool, header: SNMP::Header, pdu: SNMP::PDU) {
+
+	for (i in pdu$bindings) {
+		local binding = pdu$bindings[i];
+
+		if (binding$value?$address)
+			print binding$value$address;
+	}
+
+}