add test trace in which DNP3 packets are over UDP; update test scripts and baseline results

testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_udp_en_spon/coverage

@@ -0,0 +1 @@
+4 of 51 events triggered by trace

testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_udp_en_spon/dnp3.log

@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	dnp3
+#open	2015-01-07-21-02-21
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fc_request	fc_reply	iin
+#types	time	string	addr	port	addr	port	string	string	count
+1420058797.673799	CXWv6p3arKYeMETxOg	192.168.80.160	1128	192.168.80.12	20000	ENABLE_UNSOLICITED	RESPONSE	1
+#close	2015-01-07-21-02-21

testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_udp_en_spon/output

@@ -0,0 +1,7 @@
+dnp3_header_block, T, 25605, 17, 196, 1, 100
+dnp3_application_request_header, T, 207, 20
+dnp3_object_header, T, 15362, 6, 0, 65535, 65535
+dnp3_object_header, T, 15363, 6, 0, 65535, 65535
+dnp3_object_header, T, 15364, 6, 0, 65535, 65535
+dnp3_header_block, F, 25605, 10, 68, 100, 1
+dnp3_application_response_header, F, 207, 129, 1

testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_udp_read/coverage

@@ -0,0 +1 @@
+7 of 51 events triggered by trace

testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_udp_read/dnp3.log

@@ -0,0 +1,11 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	dnp3
+#open	2015-01-07-21-02-12
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fc_request	fc_reply	iin
+#types	time	string	addr	port	addr	port	string	string	count
+1420058427.969342	CXWv6p3arKYeMETxOg	192.168.80.160	1128	192.168.80.12	20000	READ	RESPONSE	36864
+1420058427.972303	CXWv6p3arKYeMETxOg	192.168.80.160	1128	192.168.80.12	20000	-	RESPONSE	36864
+#close	2015-01-07-21-02-12

testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_udp_select_operate/coverage

@@ -0,0 +1 @@
+7 of 51 events triggered by trace

testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_udp_select_operate/dnp3.log

@@ -0,0 +1,12 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	dnp3
+#open	2015-01-07-21-02-26
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fc_request	fc_reply	iin
+#types	time	string	addr	port	addr	port	string	string	count
+1420058517.353161	CXWv6p3arKYeMETxOg	192.168.80.160	1128	192.168.80.12	20000	SELECT	RESPONSE	36864
+1420058517.467502	CXWv6p3arKYeMETxOg	192.168.80.160	1128	192.168.80.12	20000	OPERATE	RESPONSE	36864
+1420058517.574061	CXWv6p3arKYeMETxOg	192.168.80.160	1128	192.168.80.12	20000	READ	RESPONSE	36864
+#close	2015-01-07-21-02-26

testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_udp_write/coverage

@@ -0,0 +1 @@
+5 of 51 events triggered by trace

testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_udp_write/dnp3.log

@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	dnp3
+#open	2015-01-07-21-02-34
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fc_request	fc_reply	iin
+#types	time	string	addr	port	addr	port	string	string	count
+1420058753.490949	CXWv6p3arKYeMETxOg	192.168.80.160	1128	192.168.80.12	20000	WRITE	RESPONSE	0
+#close	2015-01-07-21-02-34

testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_udp_write/output

@@ -0,0 +1,6 @@
+dnp3_header_block, T, 25605, 14, 196, 1, 100
+dnp3_application_request_header, T, 206, 2
+dnp3_object_header, T, 20481, 0, 1, 7, 7
+dnp3_object_prefix, T, 0
+dnp3_header_block, F, 25605, 10, 68, 100, 1
+dnp3_application_response_header, F, 206, 129, 0

testing/btest/scripts/base/protocols/dnp3/dnp3_udp_en_spon.bro

@@ -0,0 +1,9 @@
+#
+# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_udp_en_spon.pcap %DIR/events.bro >output
+# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered
+# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif  | grep "^event dnp3_" | wc -l >total
+# @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
+# @TEST-EXEC: btest-diff coverage
+# @TEST-EXEC: btest-diff dnp3.log
+#

testing/btest/scripts/base/protocols/dnp3/dnp3_udp_read.bro

@@ -0,0 +1,9 @@
+#
+# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_udp_read.pcap %DIR/events.bro >output
+# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered
+# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif  | grep "^event dnp3_" | wc -l >total
+# @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
+# @TEST-EXEC: btest-diff coverage
+# @TEST-EXEC: btest-diff dnp3.log
+#

testing/btest/scripts/base/protocols/dnp3/dnp3_udp_select_operate.bro

@@ -0,0 +1,9 @@
+#
+# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_udp_select_operate.pcap %DIR/events.bro >output
+# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered
+# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif  | grep "^event dnp3_" | wc -l >total
+# @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
+# @TEST-EXEC: btest-diff coverage
+# @TEST-EXEC: btest-diff dnp3.log
+#

testing/btest/scripts/base/protocols/dnp3/dnp3_udp_write.bro

@@ -0,0 +1,9 @@
+#
+# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_udp_write.pcap %DIR/events.bro >output
+# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered
+# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif  | grep "^event dnp3_" | wc -l >total
+# @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
+# @TEST-EXEC: btest-diff coverage
+# @TEST-EXEC: btest-diff dnp3.log
+#