From 5d9fb1631c1a3eb48193cbf9009cf09390c6f2f6 Mon Sep 17 00:00:00 2001
From: Bernhard Amann <bernhard@icsi.berkeley.edu>
Date: Thu, 10 Apr 2014 14:33:14 -0700
Subject: [PATCH] test for new ssl/tls dpd signature

---
 .../scripts.base.protocols.ssl.dpd/.stdout    |   8 ++++++++
 testing/btest/Traces/tls/ssl-v2.trace         | Bin 0 -> 3908 bytes
 .../btest/scripts/base/protocols/ssl/dpd.test |  19 ++++++++++++++++++
 3 files changed, 27 insertions(+)
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.ssl.dpd/.stdout
 create mode 100644 testing/btest/Traces/tls/ssl-v2.trace
 create mode 100644 testing/btest/scripts/base/protocols/ssl/dpd.test

diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.dpd/.stdout b/testing/btest/Baseline/scripts.base.protocols.ssl.dpd/.stdout
new file mode 100644
index 0000000000..b59ed28b18
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.dpd/.stdout
@@ -0,0 +1,8 @@
+Start test run
+Client hello, 192.168.4.149, 91.227.4.92, 2
+Start test run
+Client hello, 192.150.187.164, 194.127.84.106, 2
+Client hello, 192.150.187.164, 194.127.84.106, 769
+Client hello, 192.150.187.164, 194.127.84.106, 769
+Start test run
+Client hello, 10.0.0.80, 68.233.76.12, 771
diff --git a/testing/btest/Traces/tls/ssl-v2.trace b/testing/btest/Traces/tls/ssl-v2.trace
new file mode 100644
index 0000000000000000000000000000000000000000..a97ea3fa153f35b0d423f0579e128b4f2d74b984
GIT binary patch
literal 3908
zcmd6qc{r47AII-!R@+Qt=8%*uogtMBCPfS9bVAvVAyQP9XlyY>(PB&tlC)ULDO(*m
zsqDlcEtYgLozh81hiPB5sKhC$_r9kWr{VSYJJ)qz*WAy{_4$3j-{1ZGo|*PbrMWmj
z0K=~@UjV@1<{ZV^xr{{s4)8r%KsVt@a!i4ipG~Wi99RZ`WzRZGU`Ya?p@5LK<^jRu
zaU~`)bFA5ezFds^@`YIh0FFQ`$MARphRG?=g{jf#GXm}_{kD({R=_=4U%6jvNa>4U
z0l*}&ED;%1z(kKL{cl{{1S=%v&{cCHU>!s!;N%n}V$vf-hn2`kcV0Xh{0OONjnT~(
z#*V8y3DQIPG_Bdp<1hiK-ZXbaMntznGT=cNT4RX5ui_>kszKt-Z;AZ57{CD)h@z1}
z0}=4?fR6z_30M*U9|!o;Socc|?Fbx~h`0QPsCub_$A2q~cp8%yyRjIh6_6p5RwztM
z#HWF|)epWZkci0*bYYr1^3?uN0sMmp(j`m8KW{8SL_f*6L^Uuszifnf0TFkX6X3bQ
z;o|`v&{zWeZk7NSh$A>uzU8tgB>7oF8{q&2!-zz{iitB)WXY58D+we9Zl$x4GHVjr
z$T8$xxjcVv2-nMq#-gH2WCq!0124pPQ-~3rMMGB<81g@R@w|e9HUw=pqOz3GHAM#T
z=b#On1Bdr`1~F8+*I-Q@sVtAFQn?|1n=GXt&Gp$7%$h!#Vgz3-Q)3o;zRCR6aBB>=
z^ZvX2ztJhcbp9P7Mg({PHVLo<m;z3KVc>XfoAuF>@||1riM^brr+r)f*%C{NXY|3l
zDLz|2^L%eV^18F+7%zZvNYlZ4;b2&7_LRSBwD+o~>K#d$qSyU<lAe`j_=XJP&6iZW
zDckPQjFa-`{rJ=|c*_%CkKTIc$(Z3f?$t#t8U5$mC_>xffQA_E^QtuW?*q=&<@Bsz
zaOhjq{UR^73*MI9|MNq+=8*0Q+r%?J9Pda|1U`7h!2W<7&)!ebQ?6Wg)0lNSB3^!m
zkI9KD%fEuIoeZM~ro^-d9jCZ>-@xgSiqC3x+&-n(lHPK~V=&J*JoR@uZo#|tuQnU!
zX?NNOSm+nlsfvBn(*|_9aVv`YL^}&I^D3^q!QnB0{W~Fe$Y4SkSkT?<zrQEfHKOLB
zQ~0cCLp`?s&Kc7_RCLb1lrYCz{na~1qBf>iSgF30zLm|1t~;YrTJ08>YMA|@#N5Bv
z?3WbvLc)RtE%&r*)dx3r&5I@{q)o5rI1-e3GE-&YM~@o8_W|c=PgedKuu$7O<YR1~
zYMM2NI`#c}of3~XSMZTKN^J$f;q`AL8F8~t-_oG^-~6G2dX!KvK1Pa+@y9D~;oc27
zVlg{u9#J8px+cnxu%pYz{H%3P&T-o+dR=KoEvHBE-P$GBjJ?`srnK|znfAPAT8sLu
zsV}ttIe7K;BJLkcgHQR(hjX^8s+la%plF$WvD^8BO4c;9Ijf39&K5&(xX4VFV)ZGx
z^PU`PtG~t}+>taLL31GS(dc9uGuzm5!f|Jt$p1!@E}y2^J31}X*>JjCKt$e41>g!F
zB527HF`M4@35aT1K(}gmTBe&KVhkMzjlgRF$Q`~NVjm-<=_E#L8CxVSZ_VLZ8ReF?
z3)aM~=6z1Sck|_I_bS~_l#5fl^3O-KU-5BO3fml)JhLNd>37OX&jLfY*&E46_4OCw
zl~wpW!{v3h`#u>m&8|A=rFz?*_$}Czd0_uxldFPSzf`fY+w;Srgs}L4(}g>k)egd2
zTIcbL670-_o*BoRZ^+ud+I#A%J-ZE_>gKXLe<r;g>Rdlt>GwSRd&j+xqn5KDY7E@>
zY!yYA2<{4Alz<m)Ygb)#&C)#iNPD1PFQnjr>nRfz=Ixx&wYQEv?Ku73$|LI>R}`B|
zWTx0PPfO)+tT`58WonIw?iWzfFND`xZb{v%HFdF`@x5!o&YQLkp_IedP(d&Z7%kcP
z4c0Z5N}mV;-_GwQT{B0Kn6Cy*n|+7px7@FEVY(@pNmhUIPiFkpf<dn$H8+>8OJ^^+
z?5nA%$V^+D*=5?O?smQ?>MW(it93FeZs0LmT(-qv-HwanwOAyEhsKGora8oH8*Xui
zibO2;D=faG`#_6j+|tB)!w;R}{mUYv2A+txH!ypZ*NyvKPbI{1I{l4{9F4ivu()d+
zZX)MpQs-P5=T6Z1N8~)#eAu~s99@{90*m*^W3z5<yNfYbpZ9gxN?!V`Z?8hJem^G=
zx2o>>iKwSux6fV=>m?mU#r1`_kq7Y@=j_YV$94V@I^O|rm!Z+yC8JLwmXAY3$3z_P
zgiS<i4AIfEU;-k%U6}PFSxSjOjXd|d$BOVjS}QDKQblzxmU|eVW1ULgb3USCK9Qsm
z`D0EEyRlrF-65Imc9=QVs=(h7rbYDO>=Y7Uc6~LFxbdXo1oEpdjVHfWMH<LA^0N#j
zVub{thF5heiZ5b!Y<F*S(f(X*@#?1;D~a8{t4vU__(AGK@++kB4~`?Bh2-bu56h=z
z(S=!th`9I@bprWkMB~b5jg_A*ClS-KVEPN&AIu;osS`22d6j&ifoK2rYZ<?!-qIJr
zVm8G9?1h62E!p(3U5%AUKG%9&`S9eb(MII|jpWDJM8>Q*5<;7ryXm+5%&l)KP5&5p
z>B!0CO?t0!Z|Gcv<is7*T`pbT3qCn#hBckMRBk`L{Q6~5=bsl1>>?N2BwDq3FX2x%
zzejyORB)(j2Bt*L(RkHxYnm<dW+9>C)vd=n<}ACbf6`IM=Etm;4DZ?sbu-ay9cu6F
z^uHb!F3CHwnm>hJwB8FpIJi8iGnJZYVr6Y$7@`$av477wZ|9&Ew>?4wgR)9;jxD#L
zeS6d5B9r?XA*PFR1!v6kvuW`ala2e?5yY_Estdh6UGuke`jxe;DP*Ph*KDkH6EP><
zZ%p6?1vg}+b%$14o)v!3ne#Zgc_7O>ShA*l7nPcX?<Zs`yT52#_Ss`@_glh^xC;X-
zHEa|_+mvQ)NO-qi)&07T)B5n<UaS6YMqXQbb;bPB*2zF3dQ;k&^e%th#*kfahLjI_
zc|WpuM!j){y&3-3Aln<jZmg0Xt^MEjrnw2;87#gsFwLFzZEq0Kp=6Xe=Ei2b8I60i
zZ2fOEH^EWSGde1=t>Dr68xdP6_=z;0lWI(n(bx<%+M?s1ojj~jc^h4rEr*EL6_q9;
zR!fQdWQfSMEpmMfH%w$SLZTHS#wv{x$GSE&{hzLz;lD31>N;<xM9gSJ#I=-(h-Rb-
oh{|J$wU8L4Iog?VdR-%Roh;)T<!Fa;Jo3}9>+f>t!n~RP0igkuLjV8(

literal 0
HcmV?d00001

diff --git a/testing/btest/scripts/base/protocols/ssl/dpd.test b/testing/btest/scripts/base/protocols/ssl/dpd.test
new file mode 100644
index 0000000000..ff1f6385ec
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/ssl/dpd.test
@@ -0,0 +1,19 @@
+# @TEST-EXEC: bro -C -b -r $TRACES/tls/ssl-v2.trace %INPUT
+# @TEST-EXEC: bro -b -r $TRACES/tls/ssl.v3.trace %INPUT
+# @TEST-EXEC: bro -b -r $TRACES/tls/tls1.2.trace %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+@load base/frameworks/dpd
+@load base/frameworks/signatures
+@load-sigs base/protocols/ssl/dpd.sig
+
+event bro_init()
+  {
+	print "Start test run";
+	}
+
+event ssl_client_hello(c: connection, version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec) &priority=5
+	{
+	print "Client hello", c$id$orig_h, c$id$resp_h, version;
+	}
+