From d38599ecb43e70bd940d2071f13b555c6a32f383 Mon Sep 17 00:00:00 2001
From: Anthony Kasza <ak@corelight.com>
Date: Fri, 3 Apr 2020 11:48:26 -0600
Subject: [PATCH] add: btest for rdpeudp2

---
 .../rdp/rdpeudp2-handshake-success.zeek       | 25 +++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 testing/btest/scripts/base/protocols/rdp/rdpeudp2-handshake-success.zeek

diff --git a/testing/btest/scripts/base/protocols/rdp/rdpeudp2-handshake-success.zeek b/testing/btest/scripts/base/protocols/rdp/rdpeudp2-handshake-success.zeek
new file mode 100644
index 0000000000..05d27c5fef
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/rdp/rdpeudp2-handshake-success.zeek
@@ -0,0 +1,25 @@
+# @TEST-EXEC: zeek -r $TRACES/rdp/rdpeudp2-handshake-success.pcap %INPUT >out
+# @TEST-EXEC: btest-diff conn.log
+# @TEST-EXEC: btest-diff out
+
+@load base/protocols/rdp
+
+event rdpeudp_syn(c: connection)
+	{
+	print "rdpeudp_syn", c$id;
+	}
+
+event rdpeudp_synack(c: connection)
+	{
+	print "rdpeudp_synack", c$id;
+	}
+
+event rdpeudp_established(c: connection, version: count)
+	{
+	print "rdpeudp_established", c$id, version;
+	}
+
+event rdpeudp_data(c: connection, is_orig: bool, version: count, data: string)
+	{
+	print fmt("rdpeudp_data is_orig: %s, version %d, data: %s", is_orig, version, data);
+	}