From b4fdce8d5b069ef4a827c9e3625cfecfbcd73b95 Mon Sep 17 00:00:00 2001
From: Arne Welzel <arne.welzel@corelight.com>
Date: Wed, 18 Sep 2024 14:05:43 +0200
Subject: [PATCH] btest/pop3: Add somewhat more elaborate testing

PCAP taken from here: https://tranalyzer.com/tutorial/pop and reference
added to Traces/README.
---
 .../conn.log                                  |  21 ++++++++
 .../scripts.base.protocols.pop3.basic/out     |  48 ++++++++++++++++++
 testing/btest/Traces/README                   |   3 ++
 testing/btest/Traces/pop3/pop3.pcap           | Bin 0 -> 29993 bytes
 .../scripts/base/protocols/pop3/basic.zeek    |  20 ++++++++
 5 files changed, 92 insertions(+)
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.pop3.basic/conn.log
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.pop3.basic/out
 create mode 100644 testing/btest/Traces/pop3/pop3.pcap
 create mode 100644 testing/btest/scripts/base/protocols/pop3/basic.zeek

diff --git a/testing/btest/Baseline/scripts.base.protocols.pop3.basic/conn.log b/testing/btest/Baseline/scripts.base.protocols.pop3.basic/conn.log
new file mode 100644
index 0000000000..d123788c75
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.pop3.basic/conn.log
@@ -0,0 +1,21 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	conn
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
+#types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.0.4	26242	212.227.15.188	110	tcp	-	0.050692	0	0	REJ	T	F	0	Sr	1	52	1	40	-
+XXXXXXXXXX.XXXXXX	ClEkJM2Vm5giqnMf4h	192.168.0.4	26242	212.227.15.188	110	tcp	-	0.060847	0	0	REJ	T	F	0	Sr	1	52	1	40	-
+XXXXXXXXXX.XXXXXX	C4J4Th3PJpwUYZZ6gc	192.168.0.4	26245	212.227.15.171	110	tcp	-	0.050705	0	0	REJ	T	F	0	Sr	1	52	1	40	-
+XXXXXXXXXX.XXXXXX	CtPZjS20MLrsMUOJi2	192.168.0.4	26245	212.227.15.171	110	tcp	-	0.050062	0	0	REJ	T	F	0	Sr	1	52	1	40	-
+XXXXXXXXXX.XXXXXX	CUM0KZ3MLUfNB0cl11	192.168.0.4	26242	212.227.15.188	110	tcp	-	0.050967	0	0	REJ	T	F	0	Sr	1	48	1	40	-
+XXXXXXXXXX.XXXXXX	CmES5u32sYpV7JYN	192.168.0.4	26245	212.227.15.171	110	tcp	-	0.047718	0	0	REJ	T	F	0	Sr	1	48	1	40	-
+XXXXXXXXXX.XXXXXX	CP5puj4I8PtEU4qzYg	192.168.0.4	26272	212.227.15.166	110	tcp	pop3	0.163506	12	175	SF	T	F	0	ShAdDafF	6	264	6	427	-
+XXXXXXXXXX.XXXXXX	C37jN32gN3y3AZzyf6	192.168.0.4	26284	212.227.15.166	110	tcp	pop3	3.469839	86	205	SF	T	F	0	ShAdDafF	9	470	9	577	-
+XXXXXXXXXX.XXXXXX	C3eiCBGOLw3VtHfOj	192.168.0.4	26304	212.227.15.166	110	tcp	pop3	0.206558	12	175	SF	T	F	0	ShAdDafF	6	264	6	427	-
+XXXXXXXXXX.XXXXXX	CwjjYJ2WqgTbAqiHl6	192.168.0.4	26308	212.227.15.166	110	tcp	pop3	0.537230	96	297	SF	T	F	0	ShAdDafF	9	468	10	709	-
+XXXXXXXXXX.XXXXXX	C0LAHyvtKSQHyJxIl	192.168.0.4	26383	212.227.15.166	110	tcp	pop3	1.213485	138	19651	SF	T	F	0	ShAdDafF	22	1030	30	20863	-
+#close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/Baseline/scripts.base.protocols.pop3.basic/out b/testing/btest/Baseline/scripts.base.protocols.pop3.basic/out
new file mode 100644
index 0000000000..199ebac41b
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.pop3.basic/out
@@ -0,0 +1,48 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+CP5puj4I8PtEU4qzYg, pop3_reply, F, OK, POP server ready H mimap4 0MHoUr-1VDxRD3Ui5-003eq2
+CP5puj4I8PtEU4qzYg, pop3_request, T, CAPA, 
+CP5puj4I8PtEU4qzYg, pop3_reply, F, OK, Capability list follows
+CP5puj4I8PtEU4qzYg, pop3_request, T, QUIT, 
+CP5puj4I8PtEU4qzYg, pop3_reply, F, OK, POP server signing off
+C37jN32gN3y3AZzyf6, pop3_reply, F, OK, POP server ready H mimap8 0MHXFQ-1VDgSF1308-003NYq
+C37jN32gN3y3AZzyf6, pop3_request, T, AUTH, 
+C37jN32gN3y3AZzyf6, pop3_reply, F, ERR, 1 argument required
+C37jN32gN3y3AZzyf6, pop3_request, T, CAPA, 
+C37jN32gN3y3AZzyf6, pop3_reply, F, OK, Capability list follows
+C37jN32gN3y3AZzyf6, pop3_request, T, AUTH, PLAIN
+C37jN32gN3y3AZzyf6, pop3_reply, F, ERR, authentication failed
+C3eiCBGOLw3VtHfOj, pop3_reply, F, OK, POP server ready H mimap9 0MK0or-1VBlin3ixZ-001RVN
+C3eiCBGOLw3VtHfOj, pop3_request, T, CAPA, 
+C3eiCBGOLw3VtHfOj, pop3_reply, F, OK, Capability list follows
+C3eiCBGOLw3VtHfOj, pop3_request, T, QUIT, 
+C3eiCBGOLw3VtHfOj, pop3_reply, F, OK, POP server signing off
+CwjjYJ2WqgTbAqiHl6, pop3_reply, F, OK, POP server ready H mimap13 0MW5rZ-1VayeZ2jFp-00XVZd
+CwjjYJ2WqgTbAqiHl6, pop3_request, T, AUTH, 
+CwjjYJ2WqgTbAqiHl6, pop3_reply, F, ERR, 1 argument required
+CwjjYJ2WqgTbAqiHl6, pop3_request, T, CAPA, 
+CwjjYJ2WqgTbAqiHl6, pop3_reply, F, OK, Capability list follows
+CwjjYJ2WqgTbAqiHl6, pop3_request, T, AUTH, PLAIN
+CwjjYJ2WqgTbAqiHl6, pop3_reply, F, OK, mailbox "digitalinvestigator@networksims.com" has 3 messages (19191 octets) H mimap13
+CwjjYJ2WqgTbAqiHl6, pop3_request, T, QUIT, 
+CwjjYJ2WqgTbAqiHl6, pop3_reply, F, OK, POP server signing off
+C0LAHyvtKSQHyJxIl, pop3_reply, F, OK, POP server ready H mimap15 0LfD5x-1VsVU4327M-00pHSn
+C0LAHyvtKSQHyJxIl, pop3_request, T, AUTH, 
+C0LAHyvtKSQHyJxIl, pop3_reply, F, ERR, 1 argument required
+C0LAHyvtKSQHyJxIl, pop3_request, T, CAPA, 
+C0LAHyvtKSQHyJxIl, pop3_reply, F, OK, Capability list follows
+C0LAHyvtKSQHyJxIl, pop3_request, T, AUTH, PLAIN
+C0LAHyvtKSQHyJxIl, pop3_reply, F, OK, mailbox "digitalinvestigator@networksims.com" has 3 messages (19191 octets) H mimap15
+C0LAHyvtKSQHyJxIl, pop3_request, T, STAT, 
+C0LAHyvtKSQHyJxIl, pop3_reply, F, OK, 3 19191
+C0LAHyvtKSQHyJxIl, pop3_request, T, LIST, 
+C0LAHyvtKSQHyJxIl, pop3_reply, F, OK, 
+C0LAHyvtKSQHyJxIl, pop3_request, T, UIDL, 
+C0LAHyvtKSQHyJxIl, pop3_reply, F, OK, 
+C0LAHyvtKSQHyJxIl, pop3_request, T, RETR, 1
+C0LAHyvtKSQHyJxIl, pop3_reply, F, OK, 
+C0LAHyvtKSQHyJxIl, pop3_request, T, RETR, 2
+C0LAHyvtKSQHyJxIl, pop3_reply, F, OK, 
+C0LAHyvtKSQHyJxIl, pop3_request, T, RETR, 3
+C0LAHyvtKSQHyJxIl, pop3_reply, F, OK, 
+C0LAHyvtKSQHyJxIl, pop3_request, T, QUIT, 
+C0LAHyvtKSQHyJxIl, pop3_reply, F, OK, POP server signing off
diff --git a/testing/btest/Traces/README b/testing/btest/Traces/README
index 0b2ccd1db1..41c796d0df 100644
--- a/testing/btest/Traces/README
+++ b/testing/btest/Traces/README
@@ -29,3 +29,6 @@ Trace Index/Sources:
 - dns/dynamic-update.pcap: : Harvested from CTU-SME-11
   (Experiment-VM-Microsoft-Windows7AD-1) dataset, filtering on tcp port 53.
   https://zenodo.org/records/7958259 (DOI 10.5281/zenodo.7958258).
+- pop3/POP3.pcap: Picked up from POP tutorial on tranalyzer.com
+  https://tranalyzer.com/tutorial/pop
+  https://tranalyzer.com/download/data/pop3.pcap
diff --git a/testing/btest/Traces/pop3/pop3.pcap b/testing/btest/Traces/pop3/pop3.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..856c498950b1c7d2bc0e4cdfc25d173aa0e9a64b
GIT binary patch
literal 29993
zcmeHw3z!^bnQn!IONN;MtD>N1_h$%ULZ&a(_wJbqnfr9+n(4V^BE;(M>h8*PS9Q9o
zXQq=?5%97ci4u;tU3_FkSp{50S9BFwL~+qwQD;RH6=4w-0S~U{pd#my^L~GI_4I8z
z69~`4K97^9d#1apzW@8a|NFno|GicD{?|VH_ooS)1ncL87X)DgKKy6q{K@gpoh9_(
zZ+eZq_Nn;!;Rk;29=_Utme4N<p03~S60SPqwePt16T+tN|LmN*6IToBmkS@gk0@Pr
z8WSG>uppea>GXfvuyNyQ8#Zh@jVMM6n*|?^)61k~(&ZG}1YwsDJmaQoi5gKARM5l^
zsD5qY)q>DJD+rH)%I)9X(15R<3!JZ(_3}j&=kGb~6!6vlrY2!0_@!5kzMMOsBfieR
zrXF8e=<5%+7WD;P5l_9Bo_z{<`c2!}4Rm#RGw12eMV@X?yj@VQd0^H~TBkWo{#WH3
z5?>phSqES5!yMjToWr*hHBfcX96oTHAp8teJ~q0k5nq>azV@$|FQVu=@AMPv>x6u5
z`)qTAIlR1`^Ci{ei{|j~A6Ms)czSob<t6g;0;oKiX>Opa(T@>NXFgfv>DI)}g8GGD
z{LNX`9B%ko<s1^l=hc=H#hP{KDXzmKn8RC(b9nO$f4JptP~CjhU!4ElB$hv4*|1cs
z?#)DTL|c`##`fDrZ{s}vri#bSp!$`GbI*Ijr@k!+L}jLJi=cvWde!jtrXyFAe`tBM
zim$H_UlXqrn!oU{AnX_)W)tHROqX+ua*pL>DPCYhETd$ktcN*AhqUROO`Pdlp6qi^
zD_)z^>6Q<=TAFC|?`+>9bYf(B)yQBU{bw%2kL$?r?8NKN+tRXG5PG{Ox=mVFUe=J-
zmpH8-Rna;J`rx!q|A`>%nGR2xv_AOrEy56ZqF0Sp+Kya9TG{g2Dy=*Vt(-G)uF!nX
zM+8Bfe0=%!Ee~z`!K?PY>mR@S{8NKIlJ~|Zw+J_YCcSFtUUTGHuI(?^r3-C8KVfRS
zSISCJC9N0*mR59wCA4%}Thd#arp6~)nx-TDlXwsJjkGjHrbZ%o?~aVHiIMK`SW8oQ
zbYi4`w0~@>dn!CW#*Cbzf=)}5-4y&!U~m%5(W{2Rz9Vnv3_e%M;KwE)_-iIE5Sk^a
z#vF7dsVZucX^Dh6LiDLEr3G3u<!z())}5x;yzqyQWhTx&_cx#FGR^kr(+#P7l~Xxh
zHQ6SW^FW2{O+A0|SkerP4TIy~R!N(IwCD3_W`fWRDm^!BE-mdEi9C^iBwjW=TH@sn
zLA~d;d#?ls+~I%i?n-BI4k&JVTSJOp;1qv&G8E70Ybx<rGq3gB&mFfPxqdJB+)wW3
z#-}UY5AhfUMJutWk-9DNWzORxRXpwo)p>G1KQaV?Q`vZS1NXE0mt=2y4wuaU@ik9;
zk^Av}r^enY+)seq&)mQsazDw)farDx$o-7%J=oGjqd$1$>;~>9ayOUZSREOTlKb($
zPY}ANr-n>g{{H3$E@Sr-T$0aLNpcjD$Ye`T4G6-ozWCFpF2D0pS$OWWk8k|K;yvx3
zCLVtnZWgfa`KxB;dUpSc)BQkQy3o)ke=G>L{>e!uGAWnLXJplYhd!8Ba&p|{`{MhW
z8|i?r#|_`F(t(UwxC1&kGx!0^1rx6a3oQ-Y+wLbhuhUh$-T@sf&}?3M>}7Rt#Nflv
ztw!M*qxD4Y=M(<TDq$CHKXT;EiPxR`o41Xa6K?rZqPXXC4I)MR?x(oOw^xdM<V=XX
zL?VCoZy+*jY3jM{tZkou;S+Z~{^^gr_L>aQ-5oebz#8GN8cq|DZ*WfEU&ZMXI6WJj
zK6B?U!Rg>+cHWhC?wwuEM%DRr%uSyMoKg4g?r3Jl8FvK>l6x#0og2;Xbp?&?L2oKH
zm`=x%U0p3r=Yod^e`5xM`oUoL(_FTrRkEE8**;IQU7!_BPs$r9*qsuS3`J8}LQ>LX
zd^CdcY$FG}``3JgPgRX@DIeiHq4~)-2?9~MrHo3AuG%91#&z|bDqVdZx@tp6dE)rB
zCY3#hHZ*c*|IVpASeMFqpmL2#MYwz&bxnClfkQje28r$>H}K?sL1=|U{f}-ex$7E<
zJabq`SDo?yZYl9{ub|%bi$A;v=E6hDjUAOCg(zNr(`xo#<3{QQfP0TU@tOY#s_&%$
z@E4C%1^}Y?aZp@40L(qhdHh%vkM9N5cT)h^i_l9{re;rX5C9%|fh^$eXqg2NU+*Tq
z$i~j3_0u5#3?cvwJ2lEbd(w*PR+i@x0K~}|WI{ChC%$re1Lrq~(V^%6RY!)eQvmql
zM=j?^w4QHBYp=j*-B?BI{g8&!x-)O(pG2$w17|b{CXa#^wDO@Ut$ZC?c|TdvfgplO
zXU8*3?|<L5_pTUQ|5_M0Hug=Td)|l7XyBk9-N5N~)ujt<-}>as>Y$0iqhN6D{PWS%
zID_T+0L<aezk=X5QU2Nde2qC&<exOcpD@DOX1n(+K20}NP18*nrIYf{xgVNld-0iP
zHlotZsa#)|3i8jnADC3$^OaR9HH)&XSQM5!3zD`I(tenxS^1J6Y=uOh`=>J-IE(o=
z5HHUkEb;PnL4Bruf+`#CEH=Ve$~TRO;u}!Q_TV_ZYWS+>EWV!J^1TG8hRInxh@7Lm
zSS5-QD6Xyb`L?<|hCww+&f+z3Q_}YgZWa(#_^XC5N%fO;*e@$HU*aoCe37$g#@sb>
z7NQ&8V%D3RhqsUl^1SQ7Ko;I&Ze||Qii9|N>*faDVqWAzM5`1{Lfi~*(UL=)G1En&
zbz#1#!3tLcT$FOZN21&eQO0TNw|NDj?N3JYMHhZjz4!6Ue!8;tYl-83MRa|jyLP&$
z207iqDixV@p`ypX*(hBk`j<Y|)JO;2TnCd?Iv5A<U!ru;z|NFeu@kK$cbwh88>u1A
z>*-azehE65rs<4+<7M?m#Nb13XtWJ9Kf;CWt`c@Sy=CP!lrG*Ks!SJ&;zf@&s1n-M
z4leS(N|9Gy1Cb>X`PWMj8R_EdXI_2NJ2zeTf8G;`e&`)tM0e|zEy6NZ2EA$$h6D36
zoYM_eoJ!#I0!kP6{`4iJiwF7(qf3-B5+6V4Xtcqhc5?YPR>^k(<hzCBYyS^(N;60i
zquMfSjVnpTkPx{SW!+GclA+~xsj{)8<rZ`$quXOzrj?~6ow->?)^#Z<>#R)-;vdsu
zhHU8Dt(_>*Z8G@14>#H+non^>?Wj`JEl`vJMIB4O)r!)WK-eqAM)|SY#f9yz64rpQ
zpCn-)xU9w<RRk*<;Wmt5xy>4f*QV~|BfPO{g!l3hkRNY-QV@vBLuFKIjH7Kn%VpkP
zCG#gC^9=}j-+T2XCY22zU*)9^l>(>2>QXrmRJNK_9*D1I*|ieY33>2)D>p!*+sN;2
z{gogrL88ssMtkgs|DJd`{<OtQ@*F{Jdi0-Lur_$edkb={@{mUqr|hdsy@szkAuoB(
zzV>66f$A0tc~h9A@{mUq?*m0^?rQaQ_@kW1-&gUt1ypxX$ot!SOiAy3uDL<TTbU&b
z_}1oC3*db1Ail`P7E!@940&GW97*(fml5*xnQ4#P<sU`J%ML}<mL?M77l&IKxckHZ
zP*>3;M4Uq2@5!(59TK8-NNi9lx2?=^QOcGJ7bOl+UQJVfJIb4DzI)~qfA_wlKmYbs
z@4DfPxAxxofmx#aNAH#fA#Y_br@O66MJ8RS=l~3J?Hv-L|ChgO<T4K5!FBM<s)>9x
zbnq4mdC#GAGDF@nXw4MN&ENVPz$^2_>o*^-;`J@i!G$!PPcU;jU#1OUV(^Sh8+G~)
ze~JrR+RQAjtP3IRaSD0e@2d=XMA3L`!`hin`^r8(J)tU*k3-~bByw&AA|vDtB)09m
zW^%gF|L!|JKKyH<y9Zs=wL{+F&vH&bUNtS-!0E#j@*WACijYTq?0Emi23gF?8~Kzz
zRwduVkS|5@ea2=^>B|xFye&<{;MK3+)MyRg#TE5%m7-Gn+K&e)<o*6ff)GKsz@+tt
zW1H5VOz+ASd@>!C!X6JmSe1m0VfUWgk(==t-O}`<>u$QBjd+|t+Ncme{AJE#X(zU5
zb}D%62agXu{SdOAaHPm%%kUY(3|u|EYFzoy%9WhQ*H`h_4;~TXh33SEIFBt&BJ+BE
zP@#(jJR<s4Zsv7~9^NS-j(b|pY^2qDImiD|rBwqQ%i#Fizx@|MFk3W4>wnyLrf?M8
z(yNB!YghJj6Z&Zt$1*rRL>xOmQ{vb;8W`7-aOQ<sU)a^-_rRGijt!zi=7OV_($YAN
zEgAC%-F@A&IJS^KlqAWVqazc^ZXD}%P3GO60}_ro4~(Zv(vH6EtOiZm!}oD%OIvKk
z`8fn>zY1yZy8m({O8ryVg*L6|{#~2bwj$fgoA?ZQs^tAD<h`2Y-M+6V?=RnVeS7vN
z@0fmM$CZI7=}{iqEIfI-z+csRJpCst64CuSfgOrXR*EpkzrpDu!rc6q;8Hg7In_2H
z8L1HKRJEL(O&4}WwY(aW?Rm7y<hY_5at=u-C7(N6n)>9lg1%?L)+ZTqh)t#P?abw3
z-T5SQIZ;x&#E|F-c|2@~)8%xwG)>Ae85hJuERoYPEECPA7wn>>#zi8?+N!_U=Mr6Z
zm&<P#T|WGFU9r8TX>+u|GRyXbyc(BPv+rt;%dAb+;&NAJS<XARvn9nyvHr;D)C6lA
zlaU=OI$f#6G1>Kv1bxIDTSvy-abh9+hQp(_2wHy<)CsLDc8MKK>dNVoO;1TKudjo}
zx^i+_T9)GuWb)ax+`-~qmKyB&g%0qlcO}zWR7&Goqf2!A{bDc>2zWY}(xvCKSuJPm
zD!+n7Q(a5R`FOt+3G@z*4#>M@15|u_$6US<CD1#s1@`)Sg1K4m{KWX;f_GT&>R_p^
z(eP-$ZAQ-N*qjaxU`|4jeDr`EGeT2Z2-mY-4KuD9wy8o^4vm^+hAkWq(S&!fXxD-M
z*`b5Gz24yR+;qYr7Ut#NSiuqA6CD~J+#Q`fD9wS2`@lp%>DjU1LKAA*NFDM{Mx~MX
z+;ZPoZe&>;3QSIV$23_PbPYRw&Y{_vrJ=&ou&*~cG$MO@r~1O#J`Gg*Qgh<ovEAc?
z(^I3fjv3dG(><aUoWX_JLwhI2quqVuV~*(T(C(O;k4;M+-<TNI_3mDIYACFX&1VlB
z@&-U<M(RenR%M7<MyD9W+H?awv<$Z@w>@LnWkuD=(C~|lY@g_N*~Oq82I+K{jIr8^
zO-rP2U5!oA<rNDyan?JgWStYqW%wOqXgs$L6RVguCfc#I_~bEho5;e&HOfYexSe&@
zu@<acYnoZNRXmzYvYY^V>RM<$i=w4z&Q`LGz7PvKVdbI|%JRBAqA%dN7zJpBC9zCC
zZ75kOXE>xZxfHZV7RjLCY~oU`(A8QxVSm{P_JBX&4!E2?Uu#QKX+*e_PUmQSW$vnS
zDde=)=d0#y6FF^BO6s;SM4EBBLc`8b*5#O*)P@f(E%gONUo5IR_V#%e1AXbe^M`iC
z4)r+_iOGVb$EVZtEltdIuvbp$qcbB~ZXy<$SlH1$liB0b2YbD~>HO&6(xlQqKdA53
zXOrSWVKz2AiNb?r-J{)oBS~*`IyP~@h#ZQIC1QoK-rWV=>rBt|2b~#hY{3}yj;7MR
zQ#yJ6kHGUcD7OBU$ETI5Xngg)_D2p;v32x$?3{qgkER;Nk0_5H*Hp%jM-Ex>Lq(KZ
z*z4_s0P{{cxMw*&7mLLu{gAI`GMrD%ER3gO!QI*Xj_}f+!9-3<&gRm61Nxo=eKWm_
zxTr@AADkO;h@xwBI+7Y)QX^tdbk9g%>VQk}9vquVD^7Jd=RKgNvKf75Y&-&sVgutd
z-3Rm~U5{n717pdcBOa7S#q7|`(DINg?Cu_!Thy1wjNxf<+>sqo#{Cj5axA;176+zg
z=Cc04l>eZVbd2g#G0izP>gbR8W(NG(zWMMWS2Q^49rE`Kdy;S$46lCd!=$yWY+LuD
zXlb(9PGH8>%fgVC4M#RDDJp_QO3LZ7(Umt6Hh8Ym`pHSEo{)34el?~cASXlYU|vIP
zwq=25F{Ef(ZfR<18j^vFVF;~kNlqiU%FNJMLCfcuDlakF#{HcXi($bT7tsY%DM?+R
zGk7S>>jYdW_XgHA<Q$b4_L?YSa)On_?9f%03m$1!zBCSu&H^9Vkmz?x(V51B7o`&g
zV#xrXd{hZ*-(V6;$UJW1WXWKP&Pge1ES-<bai*x8r{ahfD|UVojTjvzH|`>bXj}ck
zk(3fkSrWw33PAy+oXiL2qF&CzI#ci^<VwrS3be?TCrdhKGq2;b$qXr_IMU@@ak+x^
z83M(nf}QP!7Gsi1crXlGM@go$mDB=@=73(3b6f&GTS#3<5r{b0{KM{F5_}Yxt|g2m
zaBPWcW8E=Kf?k@{qDpvPRYup&MzkcU&6@q<lrstG0b?n{$m$`7Lnd=5WnxG{pudt(
zm^8>jsb4ZDr5Sl`K$_}K1hOL;Y9-aG8kdPNDIQm-`Hf2xa?x%~^RniP<VKqu7hxz>
zD+x<XV+F8$76>gH8<yoPKwDC5frjT=m0(O@jG!I5nf39nV^UhCIMUA0f7fg|S<h;S
z;yIeqB3D^S*RhovXBkPw)+q;v#DNTn8R-IplAv2|1Z3rW7D+?cmo+EA#t<A5bPkt`
z1VA3FBZ|Rp(h`_3*b=w7CHc}tnMEZX)(Zdt+2<TqwwjdNE&VVo&kPns5hFmvVnDTF
zLF7!-fUc$UCVT+QL`ioTS=ONx#%YXc41Oag6_te*E@QE*njtI+Q&y>SC6hrqFYyX&
zx}oQfanFBsrRV>--SYg$vCW1>T;NV*4P!Hhu2={0IA(<mD{jtYX+9(aiKk_kOLDZ@
zGP%Uacc6-toX%E>g=8A4W{ZlB#Z2CApnFe|9?U!;9V|C;hb~LGSjv&q?AcWIa-+-L
zr+R`xr@uHxzj{E!>QBi<pJ2icVSA=LWsZRShK!X96XR0C6=#sf6g>_nXDvMNjpb-9
ziqg7FYcSeM4`r?O9_;_al_aHHTyH0jGbtwleZ+c+V;Qqve6J)D?a0+LSz7vPJ`)8a
z?x5H0^9LBSv6=2E1|u2lVSca6>qdU&Z)xg2n3wcCK$L7qgL`XdqSGdNSP#lSHmOPR
zb{0u%`DCh{^~h*Bq_8;f)riR4k?wXj&Feun3<nk0;PNxX*o%vIDI=49so}1Zh#<M^
zjB4=$exGFc>x||c{A&KIekhbO*^aX8x+(@yIOOwOVdZ9gwZoO3C>FLfts@x1a>@fC
z=ZFtl#f)h=l|ot0mIp_EXf;6Eil?49Oaer^jyQ?fU~0>Xlbp#)ex_b**fdwuYUt!X
zgev|MhRsR_I`iCM(#p<L5K22GmdeQqc#u}hch$ty)}3n}>U2muI~`yJ7L0dmuGWma
zrgp1my*Bz<Zl+G`CC}dj&)=YOcz{<9->a=0o_vfdhj-p+Rt}%v*d+XTlfYlqJ5QUw
zy%MMRasPWO<HwVaSvy*%8-h^G+b9^EAP*>0(kV&@irH!@{+w(+z&SGQ8#8yR(gNv4
zCk2*<9Hx1jj_oC62*uc5xprQ3oac%v>6*v-O3HN>Qk^7Vbt%<3NQ<eC!#TN(fpb;G
z%t>SrCWGb$h>rGkr5$T9e!?`Q!q={mig1M#9mb1IMJi{iA}#66=43dpS8Q(5=`b0z
z@`FxCF=1Fo(qglfS^@tmHoE8T@He@`e4y50KJ(6r*PZj*&!CsiTLI{(ko*0{(+zM?
zwiTHi=eMdFO3%C#j`KQd1-$C|Vk_XnhhO*WfAHm=IQW&=^?f{{|6Nm~RzQL$^lz<n
z$j`i+(?u)b>C>uP0X_DfJk>0cx=WR^ik!1cG1Q2d@AWhQ0wHg(x&dH|ObmojNumO1
zqdj{s_8B!~`YKg+<zuioHt%UG9fhMy^x56me+@YC@{pZp<y=NFu=jz=hw8iS%&hHg
zO17)=><%Vd`!`e~cda23_QbKt(-qT1BollyGOKB6J30u!*C5rkXOvh@qhg#I7TBk+
z+DKmKg{%!HVrx)~%0T3<MV_JkQ7&<5!?{uS!`pDnd5t#MOYDBsn_;WPgL>EPvq4<j
zq&=!66N;WPdp)Al?((?p{(v33#M@aE_hGT#aj}0WGTzhg#L;?Z`+Ro4yC~tPH5H6E
zdLrg6cna`}O!U}A^ozWB)!9uKgCP+t`(Tv#shLA6I8ByW8?VYz8tSioBHB<+{1dO(
z&RbBWvnmC{=xr0YAfYT*%mjK*;(#w8c4NW^{F_lN;LOf-bewjcPy*IAJ=Kf;)|?F?
zPKJ4-U(=0y4)m;)u}#X<D+;mR@C15sKD+4m**$hw$1py(srhtzd&l(ZpW%s_(AY@0
zV<<G*KWXcq>m730%a>!vWM4?tRJo&nV5X1Gq){UnClbTZAqH*E*?N@Z0Hzt6<`WTT
z+aa$n7*8FF1-yyWp+jQA<4U=lfmlkEWnW5+%TBzBfs~ktOE}<nr$m?2g`<8tDoS{B
z;VlvK(baLk+l_PmZkG>V24X%sA2fo#RKVr;M)`Z({K}s?<VvJmQXmy@2UBsEH<fVW
zB3A$eT#^@WQJm@a<2#Q>#9JI6y-p9_+<tnC;w=vLd@daDxp9i$i)#Zi{t9})UN8zO
z!I+#9rFbwUMu~hBV~SDwE)gZ(oRBo`!pFE92jVeY8&A;31U||lC?{l+J^@mq*PFsT
zT0W)1NtVoQO;1Ul-wn^-AfbPd$ESa*ici<=YkzhZCG>9w9)qY{)i{16dHi@wW&C({
zmlZ!gf0H1TdF?WzJCVySJN4xJb$w%H9p$FWYQ1&cm2T&2z8H<lS3O)5HVZA^K<m8N
zfr_B`jHR|STH?G>8x-9hug~QR`uDrtUhmoqm>T2U1zAhjn);&mH2vY|Py`LNN`IJF
z7gTLYg<C3fqi9LOHG#8LHY=}M!!h}L`vaa{5AF^eI5m!`DAyWNtub3|Wz$~~59-NZ
z6dUotZAHBL@t_TN0n^k#D-;z7M&P%**D)nkQ(-YJR`^5KwhznK844wWZeJ)Sd7`0c
zAnFRa+%Zgs8Pu#RD?MrH%9tk>l3^yHs2C4~f_``G648rmIfenZkt-$Uo!Gi@ivhdS
z2^c^v*22l7nhPc+QdBb=!mU>3hFv@*oo;2FYh*r1=BTl?F4QsF=<AAHWo_mu!Z54A
z+e~4bM2e${mQ`Xvj8uIcMi#dmLT|&Dhz{<ZGm;S%K%LZ{%;0b`83{{s-tj#gZ@oqn
zw;0+<34C3Zdc<hqcJ>Se2D*C#Zr4Dc=odZyU~jibuYvw<<O&`nTYWC4yI<U8%~<7J
zLqoJtlr?N4*uKxBX%IqEX&dZmr(e^!*W7B+RUD@SXpcv1Ly~UmHVkxxup!OAnHuXK
zu=Q#=0)qhEjjxw&S`M&pYKN;yWU(PE@KVqg-B+xR!2ua-w9zp?tBv&iP{jWAh)$mW
zQrwc<07R7Hp8w62p8t>k*Yf<w&;%w0LVuJxh^G6M_EWRI9B5)97AoLIYgi>IYP_fs
zEjOM+v$Nc%)8T>fiGEw}_}Ex~@6`BYh=t>qIJfqxmt3}WavXnQ`Qv?HPv6)jTc^@G
z4!qb_?z$COPX*NzSFh3An%8ZT9#a(P%QB^@b#{BTrBXlB&@|0XKU9u~nUrA(G>rJC
zzA!`SN&ouMIgaLY$rKyo6&>y8QwNK>vUpqp{=!~!JP$lf0e>J{MYjlBQh9Ww(P-nH
zEfhde5T@QZwMewAp=9zIw7Sv~0Ap0h;cE@o)3#m~Z9Cir%X`6e3wD;Fml)6Ux(?Kt
zo;TZ>3aC-D5^dB=b=m{V$_BcJXrY;KD0V=LBE01mfI(wHm)(5{4MdHeReIEYL?uZ#
zN`M*z^+Z0$do#L`$MZSJv*Ng}EVB%9<rI3-35LGWA{BUS7Dt%|T`<w#j<v(+BHmw2
zfEvNp%!8tn^r7M*60+WoCOg-Eu}{kJEW9&VrdCn|u_mQ;4f>#_Ngn&18jDhAoZ5yt
z+`?h7>0vs$s8GKWjHQ$$wUy*}zStiG>q8pa!ozsuvpPj>b+bg}9aQSn!jHyzRY#Pu
z3rx*6S#HBUA)1;-ia^Zh*fCGX(Qq}01#-*n5DE1?I+X;5(_?9k+LmAuZ6##=OirV>
zhRT@7CZbH@L5`x~(ATsHPe*uZ&ikW9ODLA;b{3|#zS$--8?$J%nw>QaB!e0tS5Oo0
z|8vBEB^p;C_WdR9M9rQrDO5+RT`h{csN~Sg!i++9V1s51TL=lXb#*&gYGccfYq*s3
zfgLh9dY~7qXN{1JQg00!A>u7faVdicP+STbsQ~?<nTF?)kcDuz`TjpKLf5VG+)iH+
zIXRcpu*}dlA|uTxTv_Od=Fq#Ou73g@K7u4HVWR`v8?g6&%InM?IatJ(F;W!uaq}7L
zC|4k^BofvPnbU*yq!-XO%n$|Lg!$3j<}~vBK6w5HmBV*<<?yYV%E2alf+~lD_nVbN
zv~m1Uc>MV5iueHvR{XdTw<Dm@4MW4aR1gul9$={ng+OA^6Mca+yi%~@#5SH<YNb#U
z)oPrgU^P%8r&^i_X9Kr~rDXP1i%s`p7d6uB6a#KQ;70V%W;^v!ptAk>5`qBlfwJXH
zTGc~~)QJL`H>Af>Fht!}+PK1AOeVCLK`LmTsnt6Zs^+^~{A9!fc<zw-%eri--eon{
z5W=FB)}1+4#_Eq@W4y>%<&K)e9K->%u*V^~8~{dGjFv71HHTwqY019iwrja00C|qd
z{$3lY(c^4Ime!eqE2G~T*+5$k5EmPT9Ild5Tm_!B72b}cTZuFe$dyy!?kfdkj9DV6
zN*S517?f2RwxZ=K=&V*DvxF`Yy{yf&UN|UorEcdu>P8_g@9eyYHkTcju>o+x`ea0E
zj+N2bWsa7nT?yLCNk}mux;7s!e#j{4La4P@%0zRD1U!k6Y9+idI{$FiHZkO49_Gbe
z244L3;Ws{aytxsrUfg2{T2(~AxEI&bKhG)^a2g@TYgo<NM|EusX@Zn)hubXw6jv5k
zKawB_-$-#o&KPZ=ZZ<#JqF9bFOcXaxF>BBPF0ZZ}l0za8u4UgPBufXJ@z(ZM9gsL1
zP*h5S>ms9T&>8}oZrG5Fn7MlY7;<#dgcJg*YN4HBdrT$9hF}Ug`ik?0OZn6gnhp-g
zD1?GR;s%HuWat+=y*_uZNMDe_*y1wwy*NlGL@;3@Bb#Gz1d5D^S~JW5e_|Cq1q7-%
z!EiyZXTa||;c$Em9v%4Xh(LFg(>4ga4Iy<(NoYxDVJamRpHQ8q=u5~4wI!081hkXp
zdQ(}Ltdyttk#Fqz4{*<4_V5DSeqcM}jh5$k#sncvfb}wsaIWQL+P<_=(z1Sr8_)l)
zECp^_oe`u30C3^PjLnC+q4{vT0W6LAky#cku4t^lee(l#evvxJ#;YmPFro4<=|r0i
zeg4(8zfVc9q=9&clrVV3&Q7>V@-tcpcM4<y;(~J1K(;N0pmy>(2=zuQOiGDoq-FX-
zbh>=4jAK_EbaCfJ`;hx7i7RLzIG4r)6p?C`<V^->glzS|amkSQsMe50Mol`9teOSL
z;;_6iA#;%As!5`N)i~JG3QwUf(8uDsYGsS1Z%otYz7pC+V+YM5I<;J*{AhOd7;Mt?
zL9IK7sw$#w7YAH!XNTPm<z~UD`JN?V>l5JTZBwIqwqqS<uhv;F4}GfKYAHLQ8ImBH
zgARaYgMNS+-O0=d*yRKqyOSFmqs2tp<6$nQ>#aMPogWd|VPvB`%y6&Dx)D|Y$9i+|
zxXU`OQ)vcg%z}JrlumHt1k*#Xi{ZTSLl;{{Zt`H-fcZC+Pwr}U(o8m5>wfKO-MMz9
z3Vu$ySf$Ldex(X(Cta+rU8#Z^FgGVxtn$L3ZlwxpCta+rU8#cFNf)bYRI23p-`cox
z_%5#;O3xK5-X3?|K3ns-R5>KBFe`^wed=uCC_qH?ssRyQyRty><NlS(%AxsO9zW0v
ze;f~AMAb}lxX!|vEEHx)-q`$=-TC6|v$)FYnDn-^(NSsY*h@h2B+^2xZ}0Bbosi+=
z3wp-6I7LN0r&YFbv97WnKFCyH<MRHbYI~>x^(|+oL5*Kl;IHi~3cwc>YkN>NwRM6T
zpRK>d2T5M#n{-Rt6SbxON!IzG%XcG+I;dOk)7@StQ|$8sn;7QI)-AN_SJ|Z*F8$F+
z-D}m`{I(V<w^>ECZB0s5)m>VhRg2VGwESx>2xS^Y>~9&i=OtI{W!Rs49z46zZNT5-
ze(v7d9g=g?xDEL9_qdDLAM7NM*L?P!4IYMLTS=3@`&L_}zdJV#e}~6!3eCU$ND=#U
z^PUUt^7LM(j{p0!&wh~Te&L4ZMmzW!o`)}2(LKoN0{e5}1E&`I6AZaT^kOP*{;g<h
zFGr=UxMoYctc_d&g$bOflU#ZB$u*PLiQz#xQq>|{=Y<vEAMZNBKY?|Ce@K-Tn3J~Z
zd!Osy=+1W|*MUT-*L1`U-u33V4E+O8!wKL&o?u10m&1Rm+TE+|UVq?Jz<&q<Wc3KE
zW|8(-i##{L|G<BiomdG0Vrv0_yaRsUfIr|Ay9YWpmo;!fjNdL#-OE+ZtnT?M0M=te
z*QgTLV{=)+9yCtF0MPiuFCE+i91nqe{P6@pI7N()3GNY54aTCWnBVD%7m+?3_EU-R
z33@zbI3E|FJ7r)W2?(84#E&}){LZO{{nSPLyhyN5(FE7y8qpyp&;Jv6{suevKjiW0
zzN+|ibf4|~ODGS=qgpujCv>!7{7`xPSgMR4=U-yQkI#Qn5G;t<iG1{GV;dm7lR;-%
z?fEJ|#d^>_wF~=%aG&BOSfdT_K3=ak;0uc4ez(tu`nPOtSFCKW<#VjHUFCaL@jmV<
z{9`@5kGlfzQ{;19fS*9G+t=+wsqS@GI3mt0BrQ6kBD-rayT&v$gz;31wd&VB)?+(X
zH_*#rohJq3fe$SqtEx0?F<lAmD1mWa889C3{}N$5*e+TpLZ`PEpr57v2lhuTh<8de
zD6|nu7jU7q4q@A=^bCo~{#qo@2>?EOhQ?Lb@??BAJ~*K+Mf}d$slA?=p;&Gtyy(rO
zGO6g&nonvdS|=rz_$hl3#QH%#1J1QUK9gt{=VU+_bYO<?*dw3M-4C3yGwAd<#p)+8
zLJeV+K(^@ue=xv$E_lVEh_ES$`0>z(8hU<>d;Y~r&;NRQR@qT{MBM@&M^^jnf*0M*
z{BMsJ;`fl64@sasM-B$yXbrQGOt(%LSY<juUv$qH;ZAV3KfpSxfW3)SUppJ<>5bq$
z+&_g|e|!7YB!GO87;6IrMBk2keu2`^cqz@{CSg1^AeWD!DT%YYP1r|q1OPw)Isl-g
z7yTdF1OTOQxG(I8#8SA&q4G$>UV6I;qyPY>SHpI_f!o^6`-MyU0RSTm;jp)F3Y%GS
zI%HljT3};%_5^Nj1WS7X6v;<r{566efE*92_;U(dP1w%BUpw&7s5a+z(JeBM7mY|i
z?jgY*fq7>*y2rT58{h}*BLJ}^ldCEn!Tq;Hn7(rWR{~_6i5M%LK&@lyGRS~H@v{`Q
z{)q&00XKChnIceU8LU{26L+HFRQ~LQN!h%!9Cx@7O0b-98eLK1N(GG65p!f^4fn1W
ze<^W?KL`iAfL;5Rrb;O+`{8%*7O`<@W&s`PTMPS%Ah3@-xuJ#DQQci(vKax=BvgEe
z7vNvT=Xepe6w?EM=&E@Vo)jht6z5toqAWy|fS%T^*}$i<)M}50KS_fq7S~A0l>UrQ
zdwKC`<oSOE&)=YOIL0f7uhv!$7hO-4!^APOa`>;^EyCfA0)JKS;BU;VWGQ}pqw?{d
zwu`Q}cC<eCR{XC-B?#i5v2uha_%l}Sm4}skW#iM}J!wJz?4u2zTzs4_=r7eS=&dW*
zs@{F;E!Km+iB_kyMVQ31Iq6lstcAXngS4!_)m)htZe78${vd5sZ}=+Ts4o9c@+uzm
zO(X1=SN}h=ni1Moa(skKt48?Wd;~n``^u|K_w)8LDs>(?{bMfkJykM)aG!1KGkDN<
z?^xKR^1C}%d8tF?KRJ~z)}?YDsNjE=C_thw<3=jWq1H-N`=D<E!)$#95`BnL=_}z1
F|36F^^%4L8

literal 0
HcmV?d00001

diff --git a/testing/btest/scripts/base/protocols/pop3/basic.zeek b/testing/btest/scripts/base/protocols/pop3/basic.zeek
new file mode 100644
index 0000000000..d9094622d8
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/pop3/basic.zeek
@@ -0,0 +1,20 @@
+# @TEST-DOC: Ensure basic POP3 functionality.
+# @TEST-EXEC: zeek -C -b -r $TRACES/pop3/pop3.pcap %INPUT >out
+# @TEST-EXEC: btest-diff conn.log
+# @TEST-EXEC: btest-diff out
+# @TEST-EXEC: test ! -f weird.log
+# @TEST-EXEC: test ! -f analyzer.log
+
+@load base/frameworks/notice/weird
+@load base/protocols/conn
+@load base/protocols/pop3
+
+event pop3_request(c: connection, is_orig: bool, cmd: string, arg: string)
+	{
+	print c$uid, "pop3_request", is_orig, cmd, arg;
+	}
+
+event pop3_reply(c: connection, is_orig: bool, cmd: string, arg: string)
+	{
+	print c$uid, "pop3_reply", is_orig, cmd, arg;
+	}