From 4c0b6e09840b332ada3521b7ac4e3c69ff4e058a Mon Sep 17 00:00:00 2001
From: Jeffrey Bencteux <jeffrey.bencteux@ssi.gouv.fr>
Date: Thu, 18 Jan 2018 17:46:51 +0100
Subject: [PATCH] add test for smb1_com_transaction2_secondary_request event
 changes

---
 .../.stdout                                      |   1 +
 .../smb/smb1_transaction2_secondary_request.pcap | Bin 0 -> 1789 bytes
 .../smb/smb1-transaction2-secondary-request.test |  12 ++++++++++++
 3 files changed, 13 insertions(+)
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.smb.smb1-transaction2-secondary-request/.stdout
 create mode 100644 testing/btest/Traces/smb/smb1_transaction2_secondary_request.pcap
 create mode 100644 testing/btest/scripts/base/protocols/smb/smb1-transaction2-secondary-request.test

diff --git a/testing/btest/Baseline/scripts.base.protocols.smb.smb1-transaction2-secondary-request/.stdout b/testing/btest/Baseline/scripts.base.protocols.smb.smb1-transaction2-secondary-request/.stdout
new file mode 100644
index 0000000000..7be34af9ea
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.smb.smb1-transaction2-secondary-request/.stdout
@@ -0,0 +1 @@
+smb1_transaction2_secondary_request hdr: [command=51, status=0, flags=0, flags2=0, tid=29550, pid=1, uid=25541, mid=2], args: [total_param_count=11, total_data_count=9, param_count=11, param_offset=54, param_displacement=9, data_count=9, data_offset=68, data_displacement=11, FID=65535], params: some_params, data: some_data
diff --git a/testing/btest/Traces/smb/smb1_transaction2_secondary_request.pcap b/testing/btest/Traces/smb/smb1_transaction2_secondary_request.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..923b9e0bbc191ea370128dd25277070fd54d6e43
GIT binary patch
literal 1789
zcmbVMT}V@57=F*$R<1St>1H?4ffh)_oO2imhF1QpoSoW2uthtyg$8PPH2cTASO#7s
z-gp<*O$~O@kA#5|s3bukC3Kb9O<-LJg)$>Mz3=z!tnHk<sCT>{?>Xl?&v~Ec`Q9x|
zKN%Cj3VLW7fPfdVH__JUodT%Dn)3Cpsg=dlVv5!Rr~@daZ8clguf2Q-0;ZT=5GHjL
zS(ISM21mJ$C{_4?lE2Tf7|K4xK$MBggg{8bWO`x9ZT*Owg=k4K`S~<}Xw}|RKZRfa
zqaOj$mgFJ{29|k0POlx>5uVb->QshRqk$DiaY^uC3||8%(?Y?6-Bh_~$qiCZ1lSH@
zb69E$N?uR7kIA_UKdj4X5~4IAkPsClXRZ)Sh~}4zlF77#w?FT*!#%u7X+jxJhzzCp
zuPCl$avGh(h-cd$wA8RW*@d@X3}Er07S>vNAi$~xVB>o~G)_%CzIykaFryVnP%+>h
zJuox+G>qpV1Yz8GgjFF3&<SCrzx>>mC2dlBvoqu$a@zvTvmi%Vu64k3M5HvKJmQ|E
ze;7RDDCpS-JVO{ah_p(Ti%8}MC+*ZA3T+Nw=7~NOHoV>qvZAUDC+k8;v!%T=*43v<
zevdb=w&Lud^#YUtL?SJLX5Z0BKtALKT$mWo>KxFIdnirbbtf#$yRv-mYysRnF1u25
zt0Ala>a#Qk(UiOpVD_8{7HUI)o!Q<hJ>?KmI?gKC@qUjV!o-3G>aFDbcXP(koDnkT
z)&MuBCFX=a{3NBxoOW)`dX>Q(j)LaAdci1E6RTcU8W+xriA%gT6Sw!g6WZ`yN|U&)
z2`dw~-XQJ>ZeAmC?+>%jda`Zw=Zo8^=80=#o<bZ&JdWo?A8Ql+%})3lia5(eEW~L<
zlw%QqA#8!tgmN<@;vR#D90f(ZRL#0SLEY=em)*%MdiRCS+`FuHvQZ^rZ6qzmRyG}x
zp19f*VZF^?_`}eoY-z&Al<hMpJByG_a&c<z+X`p+sX>I>2v2EZcqPMdZ$3kziRpw4
w8~8K^iD3nGX$YO6-2rxRpdohr9mY!2@E=<3>WH7YsB|kGH2>@>rt~Pk0Ytv_Z~y=R

literal 0
HcmV?d00001

diff --git a/testing/btest/scripts/base/protocols/smb/smb1-transaction2-secondary-request.test b/testing/btest/scripts/base/protocols/smb/smb1-transaction2-secondary-request.test
new file mode 100644
index 0000000000..48c7f8c197
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/smb/smb1-transaction2-secondary-request.test
@@ -0,0 +1,12 @@
+#@TEST-EXEC: bro -b -C -r $TRACES/smb/smb1_transaction2_secondary_request.pcap %INPUT
+#@TEST-EXEC: btest-diff .stdout
+
+@load base/protocols/smb
+@load policy/protocols/smb
+
+# Check that smb1_transaction2_secondary requests are parsed correctly
+
+event smb1_transaction2_secondary_request(c: connection, hdr: SMB1::Header, args: SMB1::Trans2_Sec_Args, parameters: string, data: string)
+{
+	print fmt("smb1_transaction2_secondary_request hdr: %s, args: %s, params: %s, data: %s", hdr, args, parameters, data);
+}