Merge remote-tracking branch 'origin/topic/timw/ip-proto-btests'

* origin/topic/timw/ip-proto-btests:
  The cisco-fabric-path pcap used in tests doesn't need the -C argument
  Add btests for ip_proto policy files

testing/btest/Baseline/scripts.policy.protocols.conn.ip-proto-name-logging/out

@@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+unknown-ip-proto-500

testing/btest/core/cisco-fabric-path.zeek

@@ -1,2 +1,2 @@
-# @TEST-EXEC: zeek -C -r $TRACES/cisco-fabric-path.pcap
+# @TEST-EXEC: zeek -r $TRACES/cisco-fabric-path.pcap
 # @TEST-EXEC: btest-diff conn.log

testing/btest/scripts/policy/protocols/conn/disable-unknown-ip-proto-support.zeek

@@ -0,0 +1,8 @@
+# @TEST-DOC: Test the policy for removing the unknown IP protocol field and connections from conn.log
+# @TEST-EXEC: zeek -r $TRACES/cisco-fabric-path.pcap %INPUT
+# @TEST-EXEC: test $(head -1 conn.log | jq 'has("ip_proto")') = "false"
+# @TEST-EXEC-FAIL: cat conn.log | jq .proto | sort | uniq | grep unknown_transport
+
+@load policy/protocols/conn/disable-unknown-ip-proto-support
+
+redef LogAscii::use_json = T;

testing/btest/scripts/policy/protocols/conn/ip-proto-name-logging.zeek

@@ -0,0 +1,15 @@
+# @TEST-DOC: Tests the ip-proto-name-logging policy file
+# @TEST-EXEC: zeek -r $TRACES/cisco-fabric-path.pcap %INPUT > out
+
+# @TEST-EXEC-FAIL: cat conn.log | jq 'has("ip_proto_name")' | grep "false"
+# @TEST-EXEC: cat conn.log | jq .ip_proto_name | sort | uniq | grep private-encryption
+# @TEST-EXEC: btest-diff out
+
+@load policy/protocols/conn/ip-proto-name-logging
+
+redef LogAscii::use_json = T;
+
+event zeek_init() {
+	# Test printing out an unknown value from the protocol_names table
+	print IP::protocol_names[500];
+}