From 5ef70c4df1b494d7a5685612841dc9bc6c1cb754 Mon Sep 17 00:00:00 2001
From: Stu H <>
Date: Thu, 24 Jan 2019 14:05:13 +0000
Subject: [PATCH] Added ERSPAN III testing

---
 testing/btest/Baseline/core.erspanIII/conn.log   |  10 ++++++++++
 testing/btest/Baseline/core.erspanIII/tunnel.log |  10 ++++++++++
 testing/btest/Traces/erspanIII.pcap              | Bin 0 -> 360 bytes
 testing/btest/core/erspanIII.bro                 |   6 ++++++
 4 files changed, 26 insertions(+)
 create mode 100644 testing/btest/Baseline/core.erspanIII/conn.log
 create mode 100644 testing/btest/Baseline/core.erspanIII/tunnel.log
 create mode 100644 testing/btest/Traces/erspanIII.pcap
 create mode 100644 testing/btest/core/erspanIII.bro

diff --git a/testing/btest/Baseline/core.erspanIII/conn.log b/testing/btest/Baseline/core.erspanIII/conn.log
new file mode 100644
index 0000000000..8940995194
--- /dev/null
+++ b/testing/btest/Baseline/core.erspanIII/conn.log
@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	conn
+#open	2019-01-24-13-51-56
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
+#types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
+1547208014.232092	ClEkJM2Vm5giqnMf4h	192.168.15.47	8	1.1.1.1	0	icmp	-	0.004305	56	56	OTH	-	-	0	-	1	84	1	84	CHhAvVGS1DHFjwGM9
+#close	2019-01-24-13-51-56
diff --git a/testing/btest/Baseline/core.erspanIII/tunnel.log b/testing/btest/Baseline/core.erspanIII/tunnel.log
new file mode 100644
index 0000000000..e66567e3df
--- /dev/null
+++ b/testing/btest/Baseline/core.erspanIII/tunnel.log
@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	tunnel
+#open	2019-01-24-13-51-56
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	tunnel_type	action
+#types	time	string	addr	port	addr	port	enum	enum
+1547208014.232092	CHhAvVGS1DHFjwGM9	10.0.0.1	0	10.0.0.2	0	Tunnel::GRE	Tunnel::DISCOVER
+#close	2019-01-24-13-51-56
diff --git a/testing/btest/Traces/erspanIII.pcap b/testing/btest/Traces/erspanIII.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..787ec64473e5e0800ba67648d7a229a5c55c3a26
GIT binary patch
literal 360
zcmca|c+)~A1{MYw`2U}Qff2~@Yqf}()5Xj%1IPwphJdiwtzQ^Sr9RJf;b3rOVCed5
z&cI-=pT*4u)Bwax0t`y8nK!?UQ4j$s7l~kCXfR+32n%xw0_xp&H5RNZ<l!EmF2)nW
z2UhUwGXenz17|IxB?Ci@MXL`3kHR(%PA+a9UOs*SK_OugQ894|NhxU=Svh$HMI~hw
zRW)@DO)YI5T|IpRLnC7oQ!{grJ9B5_b*B~Bog8THjD@<h8R$+6hzlXEg}5{8Ap?U2
Rqw9N+8$oVmU=XCpod73_N(uk~

literal 0
HcmV?d00001

diff --git a/testing/btest/core/erspanIII.bro b/testing/btest/core/erspanIII.bro
new file mode 100644
index 0000000000..3215f4b9da
--- /dev/null
+++ b/testing/btest/core/erspanIII.bro
@@ -0,0 +1,6 @@
+# @TEST-EXEC: bro -C -b -r $TRACES/erspanIII.pcap %INPUT
+# @TEST-EXEC: btest-diff tunnel.log
+# @TEST-EXEC: btest-diff conn.log
+
+@load base/frameworks/tunnels
+@load base/protocols/conn