From 96df1bac408d150a6269fafa1fbcaf25a60a2839 Mon Sep 17 00:00:00 2001
From: Daniel Thayer <dnthayer@ncsa.illinois.edu>
Date: Tue, 21 Feb 2012 11:18:43 -0600
Subject: [PATCH] Add test case for FTP over IPv4

---
 .../conn.log                                    |  12 ++++++++++++
 .../scripts.base.protocols.ftp.ftp-ipv4/ftp.log |   9 +++++++++
 testing/btest/Traces/ftp-ipv4.trace             | Bin 0 -> 12078 bytes
 .../scripts/base/protocols/ftp/ftp-ipv4.bro     |   6 ++++++
 4 files changed, 27 insertions(+)
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv4/conn.log
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv4/ftp.log
 create mode 100644 testing/btest/Traces/ftp-ipv4.trace
 create mode 100644 testing/btest/scripts/base/protocols/ftp/ftp-ipv4.bro

diff --git a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv4/conn.log b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv4/conn.log
new file mode 100644
index 0000000000..bcb05ef415
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv4/conn.log
@@ -0,0 +1,12 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	conn
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes
+#types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	count	string	count	count	count	count
+1329843175.736107	arKYeMETxOg	141.142.220.235	37604	199.233.217.249	56666	tcp	ftp-data	0.112432	0	342	SF	-	0	ShAdfFa	4	216	4	562
+1329843179.871641	k6kgXLOoSKl	141.142.220.235	59378	199.233.217.249	56667	tcp	ftp-data	0.111218	0	77	SF	-	0	ShAdfFa	4	216	4	297
+1329843194.151526	nQcgTWjvg4c	199.233.217.249	61920	141.142.220.235	33582	tcp	ftp-data	0.056211	342	0	SF	-	0	ShADaFf	5	614	3	164
+1329843197.783443	j4u32Pc5bif	199.233.217.249	61918	141.142.220.235	37835	tcp	ftp-data	0.056005	77	0	SF	-	0	ShADaFf	5	349	3	164
+1329843161.968492	UWkUyAuUGXf	141.142.220.235	50003	199.233.217.249	21	tcp	ftp	38.055625	180	3146	SF	-	0	ShAdDfFa	38	2164	25	4458
diff --git a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv4/ftp.log b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv4/ftp.log
new file mode 100644
index 0000000000..debc093771
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv4/ftp.log
@@ -0,0 +1,9 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ftp
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	user	password	command	arg	mime_type	mime_desc	file_size	reply_code	reply_msg	tags	extraction_file
+#types	time	string	addr	port	addr	port	string	string	string	string	string	string	count	count	string	table[string]	file
+1329843179.926563	UWkUyAuUGXf	141.142.220.235	50003	199.233.217.249	21	anonymous	test	RETR	ftp://199.233.217.249/./robots.txt	text/plain	ASCII text	77	226	Transfer complete.	-	-
+1329843197.727769	UWkUyAuUGXf	141.142.220.235	50003	199.233.217.249	21	anonymous	test	RETR	ftp://199.233.217.249/./robots.txt	text/plain	ASCII text, with CRLF line terminators	77	226	Transfer complete.	-	-
diff --git a/testing/btest/Traces/ftp-ipv4.trace b/testing/btest/Traces/ftp-ipv4.trace
new file mode 100644
index 0000000000000000000000000000000000000000..02cac6f46457d75fec4ef38d4bfc577be97c8721
GIT binary patch
literal 12078
zcmeHNdvp_5dLNlb9D}JL;goIJo=XbY4w5a)wlFRPY-5Up!Njsdh#l})8p{GnBW6a}
z26p3wY#t<#Jxk7R357tjZAecxgavQOCT+7N4evY`0)$rrge1E?3#8dRP6+*dcQj+o
z$Woza|E!L$r5TNW_xpa|^WK@??)l}`EMc%<ysljn1P2a|AFOF`?j0fAiO)2ITkik2
zC$0(Kzj?@8v$KU-L73|O&l$pup<ixTyYA%g_I`T&>pebUbmaU$t)+{%WKGH5Fjf$<
z1`pXaI4e8H(fZ@rblx#&(9jb=K7OAd%)>Da9aG2W$TI|ChTtB0M+>16x-fc=Z~SiQ
zOQ5fNX;hvt0ly|>LUTB>bAaKX83t!L9EAQ2zOTkf8Yyy@dEel2Z?Va}4l{h!n<rd|
zPbD}mb2A|m;)Ys>a6b-c*yPO<mTizp-k<-oP2R6a-rh07%pE;CBB4RfW{=0sI<#2P
zJV~qe%`B3YAe+@RpQ)0vTvAwpe%ggA0?gwsal1=B?n0(WVxXreH;2Tz0CCbNm?xBZ
z_i_cFOjWR>oD|e9nF<C-q?15AQJgC@;(&&YvOHm?cOOUm;ed!^gbSb57>Mg(bivW=
zt8HXrRF3vU<hYufLo+-&Y=ofVOByK@N{6o!g|PxFg&pOfa5GW3^HqHY{PreC>-w>!
zr6ufd<C3beupA6UnY`4=w4Rv6dgQpmqGCj1qRL{Ts&>gr0JM<^zkvuDXxq<~Tx(Nu
z^Z4Bz9You*bEcBFlNhIgxN!7M!dx8CNTF@I_W(zHU_eCBw(oTV@u?RGaekH0$22IF
zn?vARFWn?i)bPmRfoBFuo=_<WJV@@cG1dXbo+ri}t4ziaeowvNDRsMa+(W?4K*K>U
z^y4<6p9c+Lq9Hcj6#CZ?j!Sy=@=d~LLj*qTwjFZv!WSfI<I6Tl!-k}7A*-Yeucl6k
z>2bj3EAkS_ukjG^=^+x9{h}rX7!2Pi1-fK8z-mHTkCW9@Ia#x>DmRBP;34fXmHFjp
z6u%EG#}zn;D`2>X$sKgbz%Qq9+NlH8MKwu@N*eR^sG1Z}S&bZ3Wkn0cBgU2H`-0l~
znufWx<LE?jfpNO9O-C}0Z}h#DwJu(~m>}6I18I`W<zh8)MUkRfxQF@Tu^40mEAzvm
z)*&m96IZw<S?4NtG2pbhiW$o{kXA7!`eh~B;_*65J@+}87!Jw`y~R33yhQ@uGH`;+
zl3oSHt;Gy-;Z$*J5)v*C1;rL;EaoR9#gBiQsDzxXU22!RIk#4%VrWI^ZG>)tf|XS#
z^Gj++2rz!RT?}hZ7C<VD_(c^T?LsxM2AnJ8fc;EiI%#=(i>O4Lkx)z}(VS{$Da7lH
zwUoNu&dF{!4y;nOxfZ!x`E654C<|5mL}$$3kEeFx*P+r1ujx1zsDi~sg^XCoe^#7K
z6^=vgk!Tl`4E4y-5ZDRFqoTJ0*(~w0ATd@1Hz;nS@2o%((ccoG-|4iInts{IA`z)a
z(y?qnZ~=Pd+i)0*ERRUZQ1JV%P&6PZ5RzWNnM%Jb;zw}GV#YnwVz{W(rRpFg3D}8B
z-5OU*?jZJ)a8^yjtD&&4aN4v&)(X?naX(41u!x`&wU8Y3I9V(rf}@xs#hgqPqk)(l
zioy*Hnes^{D3;IKK$J7z;!SEhH$GE?p~QzyQ326v3{KkO^p>T#K$3TvQJ0`mjU!r|
z<U-3yqHeBRw-n{1=-L?{_4n4qp=mY>-|KiKhc9f8R{<-4FCq5$k-?Ntk{Fe~E~#A&
zX{df0>(sPZWpQy=S65P}L7~Q9V23%m0K{5Ct$xDT0*Oj1azL18UQH3BY6rXkbv=Mk
zj6_7LQGb3VV=XzvYss3_S`xmsH_tI@$&%Dsa`8a6P%}v2!(K}Um4EyV)siM#YZ$)O
zs3oJ&Q6^eKs(QbU22|Zqxz2Enm7F#H58+ras~%1Vo9NY%E~>p}enVpuo7d1(S5vFA
ztN))LmPA!zQ5o!No#2<!E!<M2TB3D^RK1BK@=<a$5yi=`^u#ndsED!7kY7hp<qoY&
zRP<{UIUGj9j#GF6LSnVu1j?!ckx(?Gf^(VxH7*!OPUmwK)K)bXqMspA_5btaC`_La
z!Gw>9JxI7LAa_N>vKYWDvchD{p>&0yg~TV~XLS@sa+&84Q!*>S^>`D}Owr6@m;e+>
z4FyndFkc~RPdlnZ9UQ~S>O<{4VxnC7;sH7}51MqcIWn@f6O~g5iG(0VQF}=YD#cMv
z>7hxwKu;$ppt;Cb#5zUvjHI9xX&05C3^9YK@v24b>K;?MP&7!;ag{!(Vkp228l2P*
zq6i@#f{G;3_m~dT>-eaWQV=NwZVsn5E=6{Mp3u_x0``KE{E!>oxDc+O<Mj6<&Lm@!
z7r?^c%E>iP$0Tv0<EU}aVDJKsV0+?=pAN$xKmZ&yrSTR0D3K}|M^i%RbjT;gSS(D-
z1q#xM2eUIZe200EK9(A!@@NF<^k9)0r2CA9PdJp_-<n!ihG<Q_Z*s&32Sgm>n7*^q
zis)PDYtkj%^p7`ZSR{Nhm4d(dQ)?qB)2eejwY(cfTY`U|r=*-U&#SwKHDP5?$?7ZE
z-AG`dr!vu7TGv>*2rH^`GLiKbSM3p-YTL)}mS+)J9cN6{&JtM{L4SpqlZmXiIb!dC
zh#>11egkn6EfR9DNVq$f<KA64OjwRnH0+sD=u~rvtb=20WX%FueSAgrnMu}IN9(2+
zJf6v{mKt61`uSKmg_cWft{jk9LCKUUPETp6(^E3p=_$i!Pl<DiyHJ<n0;I^Wns|q6
z_amEjec)>a@pT{85c*<!)639eEb+DUZ-!;qc6jJVg!ue%1Mw&4Pu;t+?0Z<W>)Q^C
zjwWwAa8$nSK*)=48GZxX4yW$@$$9m~#{EE__R^?cVLEC{>bAqCmucI9&>shS8YTpx
z?4gIb+-GfaPs0ocXkB&9X)>`Fs&K?lfJm!98Y#=mO7FXzTl=b9=N6vx(jP5|W9#cE
z%t+Ga-wzkCC&5RG=PcFEk>~86YV({G@SIo3bAI)hjthYA!*lkQl)G6&Op21@RQYP^
z>R5!_CV;k|Dj{EdA(J85vi#!qP_#I#<|8waAl(oo4P~^E@g7%jwLw{8hv^kK&kpW9
zZKi@pNEkx={PJ+&@34VI!={?xSfiaM)%H0J)e<H?Kql@TlQlf|n5mkBRMTV)g>OoQ
z+f$L76IQyq>Ce?oYfD9zHHOM1Nnt8g{8j2<Rq-Gz@iJ`OxTmn92=cNRl$h%d7K^tR
z>nqyg#@ecxb8CzAdh1G*iQJrk4(=lS(t+^HOKkX(hOWY;bn!o|1|gQ$?S?35+S}Ct
zW99CW@(S;iayCn9XPy$~F0Cwav#{z4H&zt|SD15hohE0R6I)igPSC?X=Rj0Uo@}K;
zk=tcWEz-JCGRaO?VJFk_*3AtBiy)Al?g(1#)Wo=*MrIBF_C>3m2(jc!5~8&xWh49^
z;o<kb;Y*3Mf$(c$2){3`{)_2LNFaLnZOn}LC`UXx0OGjbkwENAMSS)3T;X28)3AAG
zo=_hTaPK@}Xsz#i$~%m}dlK8OiRP99?}*3aWlf2`9FZ1@g(Xc&MAlcB$>i6{21V9y
zd1TouG)2~a9$A&9?AZ0vBkS1%Nr=~Lv2n229ld$5*k)69imao*gT?-^A#I}1!~XIS
zE@O|uZ&LK{??rlh1Urd(>DaoBWNcbEzn0bI<`D8BWw>xRPSQx>dG-!J@%+RY8_)Z}
z^BziYd)rJ|CpcQSZbK~d76Lo88ugEL;FxB~Q`34JaeS1^Z!he7!0{>Kc;QS_et3#7
zfe_~aF+;+Ce?UfbL@=`LDJ!DhDiH3Y^|={Zg&lpIkBE(rQ{V$k3o~DIS@`I?(N>`Z
ztpZ7L98%l~RcYAD8SW=6`vYnBs%+T%;+0b^KdgTnWl=Beb9N;c_N{y9Jlz2x<OLrj
z`DUuOALG2)3+4XtyJI8C68Bs&c{>bHZi%6PJ>o`Mg_es~zRP;z-yyGyT7}?;1GNfU
z_fV@q@{R|3n&?FKTXu;vvE0Ul3p2b%twR25ro8VE354heq7Mf&Y~1Dvwcg{Lfv|y?
zh$Wo?c+T7z7Q_jSwM~tv2K_0Urnq`_gzzZPX`}?zik+v)iPm_mP81snCptk+^qVF6
z6!<L#)jP>uLv`J}s>X#G+J=5n@>u~&OM4GCacLP$a*h6OgzzL_Y1rfvga>w>;c`_P
za-Gsm^%|LqO8&lQOu3Mlw!YJh+b}NF?5I}BZqJz+Qn3Rfcj0r97F=ODwjFBi*00-F
zc({1uAYK|<qb@DG%xxVpER*nh*m`X)x3y$i21^Uw))SHu|MyJH6<(Xm6-MoxILE3m
zQCOdhm>NGPxc96wWK4L^3B=C=9zThO5cH9ZdM3M;QR^#QYttW-v>t)lc_H6i^l(JS
z?;+#c>yz&4U9Z+7pmh<|pNUu?Bx)y_`3xa`4#f1;c-M#IIFH?DIF4S8V+#z2UK2GD
z$)V4rtHv}_0WxzMAD~L{0q1w+0Q}0F-+ng!i}?K-h?@uhS-M<GweuuLR0c#uymuea
zWp}i0e}WKs?Zj=9Z-CtN_j=tNxOQ&LBUYZZhq(+^KB6#xZKKIb6`|W}XBC2$W_bv+
zWMJeJm)~CdKZ3`tCPwbO-;{p?<gX&cZ-KZN2Q*SL;9cI+9I?g5h>i$GLJyjVPZJ{F
z1S}~lah8;Mu;6uL0bK4ZDJ^l9d36Oojyr@lTuH;0b@GJ9jejJX{-N6DJgY&|HKJ)9
z){+T#B$}Qkn)sA_XBC@K*z=)HosM`oLD<CQj!dlqvK(&4FSDt44TNo_W@%Hesoryt
zw@P0N5^WzhWTh)~*}@C~e`v&gh8~yCt}c3a()kB~A-t5;EBxS0f1#t|W`r1hPw2PI
z&r0W}DEWjwV`$N0L+aH<m(M=_%cpl?h6lHds`&A>gUKa-JGDs;D*1%`QQ@F|2ePIE
zq}7Dni*0g02=qQm2hv}f{39J~?<2&Ow+~9Ubj)_F*))lmc;?iAh^QkPLetQm5dVMa
zXe?L%luJjl(_^qxHC%y)Ezr?Cl`kis`s$L+r~2NVbm15Z>gR#C%}Cfo{zQoDk`b@d
zmo6ORzJ!A6f8A<%Li{-p)9<isx}AJ!%NK?(B}&WI$oc1nP<D9sRuhr3!*j{K(hcme
zkRUyi(vpQRDevNBT^xX{<EX=*2i{C2>!&ZLMWkAGmJq)*dsn?zcy0(15$JbJuY1o#
zq+Xk6?!Ou`xZj}HOaF1u|0@b*|1OiPEReN_v<|KxoT0LBuH~WpwT=E`2K_4&djXKI
z8i<F}Rd$-G7c-@CMq=Yb&PLqeH;Ii)oQ+?YY@DFkt^%<tcyqdxNtOL0j%apH7DOa^
zEn*<<97Bl4s+f>-u(h3jRs1gB8(X@_#>yqIl1omxtJUOrwxf0D7<*->RWZ$SSLO}$
zb6kGa#z^k?-OC0OBeQ0h@=t*Lvk7r05ZiD-!xr!;wO+^#k82tb5sU;!n1~bc``H6m
z_A+d3yGwNqHvGk~{`su_i22_80eR1oSFAiO8w{Q%5l?Fp^U+-3X=3KmPWm0kd_G)G
zBSpVj?**=3n@zt-VC*(3?UmRtpu&T>N@>oNwHr<0`|n{lQsqytKiGEeUpq)1s`5j&
zrLXdY-UamZ3wuEz1^TP}`h%BGKRNwu1TzGw%2)nJa+Tj%g-LmpC*=1J56`gXJQ62U
zbZ)en;x?FKDw*QNWjZxLtRs4o^XUJ5%}H{dgIs3VTU}(J?nCD@2(6=(vbKyg<wEzd
zvx*Ssyg5AGDmGhq;0UT(vZj}l5z&2ABiQ@9kDXP2(p4;p*9`GYg{><@6kXpqGVuqs
zhL0vp9EFK@q3E95f;KVXqYY$ULcBK_@p>uT#VJJ5eP)kUVL}}9R$3Wh6yI%J#;F6y
z*oRtoZp*1u8Cw=*+*kUT5WkEWh>2W06_MFVxvaL^L|jNNNHVV2mV|h{TK7R~tOTKT
zf2||OX&}Uf6(cg#x}$H9;{>~HA<}7tNEe=!O*jsP$ij5Bj%HFZQyL$jT6dANVea20
zvC+%fKzd8~040{XYe2m9jS-m^HJ@<A&H?!CrOdZ+y@A*lAjG?x>u`fhI8@W{vlb*m
zoT8DkII9!{;^Yq7qm#>e!AUixjrS5=4}Lq>(b^Zl{Z2eONw_D0n}LB(xxD6HPJ)4I
z_`}1*Kuv`yFA|e5mk?`ERlmaljTA{Qed{1et2WrI_b`|Ad${Ah-LxK;l<q>!r2B4o
zbfg0h&GDOV{Mi&0i%H!1W?gtJwxqmF-$A1XC_Str6qbx<E1LKXuZ+JgbC)JI;OOUN
zG?o5j5b8ge!lRpFbSZzBg6{a~4`tA^Eyg3xAwM2h!R<iH1JL*_u~EJ#Bfp<<e(k*v
u_*H6pM>@jQ^(McH!Ea?n(xcMWc!SR-JYj*AU!?~8)*x@qtkEp|D*prbJfZ0T

literal 0
HcmV?d00001

diff --git a/testing/btest/scripts/base/protocols/ftp/ftp-ipv4.bro b/testing/btest/scripts/base/protocols/ftp/ftp-ipv4.bro
new file mode 100644
index 0000000000..5cb8b808d5
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/ftp/ftp-ipv4.bro
@@ -0,0 +1,6 @@
+# This tests both active and passive FTP over IPv4.
+#
+# @TEST-EXEC: bro -r $TRACES/ftp-ipv4.trace
+# @TEST-EXEC: btest-diff conn.log
+# @TEST-EXEC: btest-diff ftp.log
+