Merge remote-tracking branch 'origin/topic/robin/gh1822-bittorrent-re'

* origin/topic/robin/gh1822-bittorrent-re:
  Switch BitTorrent analyzer to Zeek's regex engine
  Adding test for BitTorrent tracker.

testing/btest/Baseline/scripts.base.protocols.bittorrent.tracker/output

@@ -0,0 +1,4 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+[orig_h=10.0.0.201, orig_p=49842/tcp, resp_h=91.189.95.21, resp_p=6969/tcp], /announce?info_hash=%e4%be%9eM%b8v%e3%e3%17%97x%b0%3e%90b%97%be%5c%8d%be&peer_id=-DE13F0-VnpZRF8ZP9iv&port=63448&uploaded=0&downloaded=0&left=1921843200&corrupt=0&key=764CA003&event=started&numwant=200&compact=1&no_peer_id=1&supportcrypto=1&redundant=0, {
+
+}

testing/btest/scripts/base/protocols/bittorrent/tracker.zeek

@@ -0,0 +1,45 @@
+# @TEST-DOC: Basic functionality test for Bittorrent Tracker analyzer.
+
+# @TEST-EXEC: zeek -C -b -r $TRACES/bittorrent/tracker.pcap -s bittorrent.sig %INPUT >output
+# @TEST-EXEC: btest-diff output
+
+# Zeek doesn't ship with scripts or DPD sigs for Bittorrent, so we need to provide what
+# we need ourselves.
+
+event bt_tracker_request(c: connection, uri: string, headers: bt_tracker_headers) {
+    print c$id, uri, headers;
+}
+
+@TEST-START-FILE bittorrent.sig
+
+# Reusing the old Bro 1.5 signatures here.
+
+signature dpd_bittorrenttracker_client {
+  ip-proto == tcp
+  payload /^.*\/announce\?.*info_hash/
+  tcp-state originator
+}
+
+signature dpd_bittorrenttracker_server {
+  ip-proto == tcp
+  payload /^HTTP\/[0-9]/
+  tcp-state responder
+  requires-reverse-signature dpd_bittorrenttracker_client
+  enable "bittorrenttracker"
+}
+
+signature dpd_bittorrent_peer1 {
+  ip-proto == tcp
+  payload /^\x13BitTorrent protocol/
+  tcp-state originator
+}
+
+signature dpd_bittorrent_peer2 {
+  ip-proto == tcp
+  payload /^\x13BitTorrent protocol/
+  tcp-state responder
+  requires-reverse-signature dpd_bittorrent_peer1
+  enable "bittorrent"
+}
+
+@TEST-END-FILE