From f6cf4a41ff66aec11abfa5f8ecbc54910d803dbd Mon Sep 17 00:00:00 2001
From: Devin Trejo <trejo@sig.com>
Date: Thu, 11 Jan 2018 17:00:15 -0500
Subject: [PATCH] Add unit tests for new MOUNT events -- mount_proc_mnt,
 mount_proc_umnt, mount_proc_umnt_all, mount_proc_not_implemented.

---
 .../.stdout                                   |   2 ++
 testing/btest/Traces/mount/mount_base.pcap    | Bin 0 -> 18266 bytes
 .../scripts/base/protocols/mount/basic.test   |  31 ++++++++++++++++++
 3 files changed, 33 insertions(+)
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.mount.basic/.stdout
 create mode 100644 testing/btest/Traces/mount/mount_base.pcap
 create mode 100644 testing/btest/scripts/base/protocols/mount/basic.test

diff --git a/testing/btest/Baseline/scripts.base.protocols.mount.basic/.stdout b/testing/btest/Baseline/scripts.base.protocols.mount.basic/.stdout
new file mode 100644
index 0000000000..b3e377595b
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.mount.basic/.stdout
@@ -0,0 +1,2 @@
+mount_proc_mnt: [id=[orig_h=10.111.131.18, orig_p=765/udp, resp_h=10.111.131.132, resp_p=20048/udp], orig=[size=144, state=1, num_pkts=2, num_bytes_ip=200, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=84, state=1, num_pkts=1, num_bytes_ip=52, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.621984, duration=0.000553, service={\x0a\x0a}, history=Dd, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, mnt_stat=MOUNT3::MNT3_OK, req_start=1514568131.62212, req_dur=0.0, req_len=96, rep_start=1514568131.622537, rep_dur=0.0, rep_len=52, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09[dirname=/pddevbal801]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, auth_flavors=[MOUNT3::AUTH_UNIX]]\x0a
+mount_proc_umnt: [id=[orig_h=10.111.131.18, orig_p=1016/udp, resp_h=10.111.131.132, resp_p=20048/udp], orig=[size=92, state=1, num_pkts=1, num_bytes_ip=120, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=24, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.665918, duration=0.000266, service={\x0a\x0a}, history=Dd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, mnt_stat=MOUNT3::MNT3_OK, req_start=1514568131.665918, req_dur=0.0, req_len=84, rep_start=1514568131.666184, rep_dur=0.0, rep_len=16, rpc_uid=0, rpc_gid=0, rpc_stamp=1514568131, rpc_machine_name=pddevbal802, rpc_auxgids=[0]]\x0a\x09[dirname=/pddevbal801]\x0a
diff --git a/testing/btest/Traces/mount/mount_base.pcap b/testing/btest/Traces/mount/mount_base.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..0d7187842424a5ae5a7254b71ec528a5e452c222
GIT binary patch
literal 18266
zcmd5^33L=i8tzE~WI}*&DLT<a@rV}*0vV1Ff*@WoL{Q{#UnC(Y8bS<_px_#mbzNs4
z;EB&gQ9<#!h$|qjIxZ+GC?3e5ct=G9!E<+?+{1qV-&K>Y>Y4@~6Wn^Qrf0f){`$Y~
z`|Gdj>YmxSdg)_HR*KbBQY;@ntiEZ;=**k_Rw3R~wMs`UojQSDOCqV(`IePeabl5G
z)H2*FZPM)>P-lKpmg?JIIjxaSu1TuR2+Xytq?8uReaXpwvNlVzRuZvo!dkYKXIW$|
zt0!3^i>ba(%I<#ho*Q8CtC|kA8TGHJ*8T=-`Dlr%%eS10EcUHH^X)5GtS!y3`UYm(
z2%m$Mau}fMvT}JvHd|?Dw9*AuUbd_T%gUMF;n`|3fRbeS?pT0rGJn!uh=rVKeyafc
zsoHEhSjZ{<np)g2T4SMhf93Ra^1E|iX_9P>gsoxNLDgkzaPc>6tH03}yq_?Qz3(Et
zC()HcEsQ}69xR{4{Pb1%nVt@oXE|A}^0sm^Tj^u8(!NQnpS_ve%xFhyXlH@BHl?uA
zIa7ioT>tU*s4IKaTl1(5aLsn&x^243|5RuH7~CNZR@%2YOIq2UTT*J}1y+n6dfB(a
z7mAiA@IG#|Shx7C^Kb%HO<~LGnROSnaNs40xukS^u9baYrf9*a=%cXcj2X@6*6j0{
z(&wc8w$BSsf9MKw0p*}RcmAWN&ms2t#U`JV_FLJPSBn;mKIg#VJ!qP$-CJxfI1kP2
zkWLoUzgK*&3H<hi*=K5jYM!ra<{Q|yt{FG3a!UEws@{3$;$y7Hl-L4$(onm^j#yTD
zZqt{#Q#`$OtKS-r6R5g$8kzN1#(bZGdGNit!b2Bk(NZU$)zaF2_RAMPvh$+*pU5AP
z^WLXdKaOLJfLdKM!z(}M??kIDw_O$EWqqnI8tBFe)0CgDx=poqu>72~J`yS)4U0j_
z&wr^`^K%uf#m^l1yV$o1&9@*dj&b&|n_#6Jkg2+qzdV08Tgf+CapdRUvi|%z89+H`
ze%^}~<LBq_T57R;vQ#qF$1IEi3l-$|X+PV|*rUstx2t_kVRUf#Ew(knXbaxwJa6Y`
z;k_$LC<4w#3mz=*VSdJH{8WJDdMC?eu<|q<r|M#PUjAOPvh@d}75JHn?A3rFf2Wz{
zj<9*8{ms}D2>-|M{4O*=RqJ=z*7We(%<u^s!}U;WQz<;3GKxJf6`s2oCZk+3@Jf|l
zobU1B)&q9ILHYdvdG?Dpr~8=G9U7;bpv*e*Ome!*%xNdl+L7e2xSU=)({I(H0je%e
z$A#B1r;d3V_keZLK<*{vdDjz|)84{!$qCug%K_}5N=2UMBkpd22OjabpSjzva+iBa
zBvjGL$=z-<chnNqX5sD^&2y#4&kMgpo{!zD#$!b*aJP~?pZ}rVlZ5Az6XM5Nk}PWw
z@z&0{Qv@h>aiH>{;2GzXmj8JCP;p*^*jl59+%&K2utojkmN*~yCr{3!%z4uo%VSCI
zN^m~S$@v~L=gpb}R={(Q9Plp3>+u@r)1raA9^`q=ZaW7E&*O2f_WMK30qeXuJ;0o9
zQ{y<V2RMD-$?0A*r_CD2!|qU{L5t(}IF5H~oW2iE7m?@lPPOA$cpi__W{Km*2mIC&
z1UgmMSoUbpV$L^foG*%m#tmZ5Te0VL`^=ovoRHAO$sOsvaBMBAoI9rBJ<S_wpDf0_
zi-TFz3vZq4x0d1qRafp^7=E95|3&3}+@NTndlq^Bke|JuD!h-!JMB+6_pr$bo&<so
z_(0Xg|LZ{?^ZzfE|L$4fpEF?QS&ZPp{bv4wui5x-RbD&koa*tD$!{>^`;p%0g*4g-
znlHu~RCSGf1>yCq(UqD;E1}WL(5N6Exv;_VWe9|1!&GR0Hs=2`^!fkJ#sx+6h2wiw
z)5Qjz2Q3GZx7fxa5Fc^zpcUtMP_&?NC-VR5Q-?h9ioV6ygkKr1u|gb^@zXTea9i@D
z+*+2iO`Ouer{P6!lbC(uVZZefj!|{R&f;Ja$IgdZ?7SQaRYr)}OlH<<h?-+35q<Yi
z6yaVl<`K_+`~k<vPil-*Mxudp2LMUo_O^CE7D$8^M2b?HOM6Bz1qfb4b5vbgEDt8L
z7VoH9oI4;A8b6e^2rz;>516%}^$zm>Nb=~RXpvf1Ik|59gsMu4uKx4YkwF>L9u03`
zO@38189x-7(2Trj+Zl|gP9QRAf<D2huuW`#B=3j8`)|+yRhJ$cgDI@X-!(nfL60@8
zM?d!dDJ$D}C7dceKWcgq2o$jBTWG&kUkP#9<DPjo!g^h<>9r;r=ur>E=ZzXfh<zCX
zu}LrCfjQ6a7J0T~Q=Wy58RRXtN}g3+$0ujbL!RBO=Q{b>wq<`^?vq<_EM6>iw!hW%
zs<jz6w-d9|!K}v^-GXC@Ruy?&KZ)o1J?bN&Yd!<Bg>sDcnPUkab1z7EENO}~LAT$L
z!mKhOT)fb4y^S4I^)cEChc|NUMAX>1=Cf#^XGb6$Tv@`sWsX3|R>_c7V*90La*OkX
zH;IiGLbhm;-}(p*P<7>jwZWFG-Set;Jv&B1*G>YmqRd=IHZSS-)eh|VRuKSGA(RDA
zd+PTg>$gGG@7hVwZy8Vy83oxJENhNH8PiE?Ew*3kCbu|G>bJ^%pMd^;`;w)E%(ui-
zzgDc@a!tQwk<f%>AUjX$m;C$dCs%GXQtg$`tN-Dt-$$(92daJ(lB0oM!-4X`lCHLX
z0%c4mt*O|4sT*&>v#l9vID@>zHgWoOTc#pY?w^E%sjS~hRli=tq2F8}8=NVSrI__Q
zTJxd|IWIbA@=X(~CRATfk@+T&Ij@|x`OzlUj8=ig{aIS~n=lueZ3VK6KVQt6)d^%V
zZ5*1(k)c_}w7u}YEn20j=S80t^s_EEYr1TWgsyAHx?IEFZ){=KB~3(B!pAi2YR;vL
z-L5ZQUppxm7p%^EQMuwGHdhJ^1Eg)?3eUOJ$E@v8Rom;@MFaVCRbCuDhS>3C2zE@`
zq8-ke*`{mOJ?^;_?y5az>YFE#A!pI%HG5<q*SGji%r7M$;QCe^ix+oiJKLl8TAS)z
z3i(C0P0Y@J(Qkc<?@-m_&Uz=9#&P$I8h80vH@&_qm>rVYgX8YemgcyVJtpCCXP8TY
zJ<gKEBE`E>2<e?+HS;O?AsqgMW9U6KhOX}#4FoHIw50G-Mmk3zjcKJc6HmkVIo;){
zw5Mrko`bJ?AwtMLSm~)@Yu0eFs$md!(XM|1$S#x`w)+3l(7EQwq!7|?U-i`RQ`YcZ
zO~V(Wf!=gy<+AR-*%}I@ho>R9h8y%9)C7*pLc`bJ@Vur;XAPIB8uo4#302WutBd6|
zO{!VLqctvfk!f3w%iU@#tH(~P97o!Xf75e({*1Mwy9ti*x#|*Vw*Ux-ulgrzS0@mf
zw3FGUS@Pt=@IDQ#Qg!9YeZe-Yk2XH{UI2YovpyB<{d&JyAFP*gWF<UL9>VyXZ5r{k
z?|JIl@hv=e0amCIGtRu~%L{+bx@zmmRjZ?cKD5qp#q4}y#+M?PAseO=+b_p1xy8wJ
zES}~)bz@pyRmaBtuhKom)u&=B?DE%TTXHLoCA>}QC41KStrcj1sw>W(3by4qqYUR*
z+vtO}jfu3%SDe|7<7|4GInIbFstJ!X=M0HZ%z4N2{@WKE6LbgM(bp&99(<pjKyl@O
zrx`_!KoQfPC~=g;&cUELdA=B)d+^_m`PbHs`|ON_s%hmr#(!%w|M2+e@L&9{dX?_%
zlh)esm(2ewD*x33qJh5DCr3TDk@=q|P{iY(_9t8e*gWK`f`02g$IJ}Y>RGj~^hIB(
zZUo8_IcBDtwMuU;tqv!*PK$WXcN$s8wVIBN(Lg_12OJZCLJe3)5(vF?1XyuT%bf$`
z<+;OK!*$rDeir;lMW(Gov}f&BsM__zI^d+qKz5m2hiGHg?r6<-+QjBNv<LwP3E3(j
z^H_)YiZ!D<_>SB+X)-jUXAk}``(D<pP9QUB20c8-yd%=(Yk2<?8ldVLf4&NKU|sIk
zbiwlnlXkE!7qIus+nRO3=+r#<PrDw>K7=`qQM>a$@mnW@bE>YnOsDYItX;LH-HvFW
zpbY5CCfa#(n?P^Uj##DrsC*3pEsuO{@3g*euMu|1zI|`n(ci?ec>Nf62G!y<N20c9
z9z<J;_W56Uj+Y%dUMNF3<|_qdkx<PhFg9GySK685MKG24`HC|K6N)pw^qjAJ!@6%#
zb+6e3-DxBlTR)PczDA&kr+c&Te<?hF5AsoU_19IwPRzeH1{O3%LO0NL<M7PW+4K7{
z%>1{9O+u6K`J$75a$GHx;4(OuZUee=k<F><{W1BJ@Mc0+Mo)-4a_J4YX6#S%n2Kjs
z61t>a0$n^^Xn(@BaUkM$>3J3G^L1-FkV2nPo1<;An|%mbkbT3s4dh3+Cg<qc8{r#2
ztJ(BG3=T9squI3EnKN)g1D!>MubCXr=wKJwjrSB8`$PAfaZc>%2fU{upPs@w&5}Ef
zd}$+#(?8b;V!KJv%NT!8KiLP$Y!`jwInV0M`C+M=pZjBuTz3I_&<HutYH!XDM{ADk
zVw#W@Z&8sc*Er$uw}fo$YBe|1T@Vcvwg$4w?`k<n=Llr1tF52%8rv_&Jh>Gb$LqU?
zH3!qj)ZO2!$h5ifF|65hs%C|)p&32jFiL9H!K~TQnj6RN1v%FM@7(S=H{QaUeW_`N
z=Nby<1KG9J53pu+0$EHOhho(EXn(Wl@;tovSQ|K&b$MOWWqu@dBi$7qCFeRF&AO1+
zR1-edIx`sco4g&KbDi&4gRfN$ZX6yB49EhC>xMnW8q^3BCJg|BkR)!6T+TH|!1FyY
zPSrKn`61Ya`M*`=e?S)aU&H(lXU|u4GV|Zo_B!$WYjYjvsFr;QBeby}&H2%D&2=kl
zSgdJ?XUhg`1`}1w!o-9xMKIx^ArWnl;m#a|UG$xJeGI>#QHyhKpg*^JTK&fUoKvyI
zw_?7?JS(^2Si;++9`WEWp8fhbj;q(SxY`^EO`+d8TqXN;XLDQ;BC5^aue<%~*{`>8
zOf;%7F$KSQD5CqD)q}g+{aT=i=>X521^W}&uc0~dKOCOFgjT4!`t{=A@ytK1RywXB
zi*Wz4eh~BDkv(rX#>{^TY&JXpXyY70(&FEq&rN^N8hoT`P><g~6m12Pnt}Fjd8P^^
z9vTp$#OfdsoCpMO;{#Qf7U5ukwb1S*7vVXS`jxCjSJq<Av1Tof)_l>JGjI5>icFg?
zZf9+@HSv1<?qMMPLacV_Dg~LBHpCoX_ZV_py!>@ozjbihrKl_1>6yPWSu^dKu7T4c
zp{X=4DU<oDi&?Wa0CS}MC*IXw>^Ccf;)UIw`s`qR!fM}{ih0Svy+Bd-z|Xcm0>we}
z;opTQza0@Mq0bTjHgWZ7%fGmv$1Q9LSw&8o*MAn!HCX#L*)qRv*dqRCp|}P8Du&8I
z|Fa<Fj5M$RS(rsF9H7;7UMDFj-LS>VE`MvZ-GYlNjwx8Y15HzP<$<Xk=o+MbdhGYV
z$-Ch5xWM+&#VNPZ7f_r&%WIBPh!q@*_n!s2C$9e~xbRF*oU<7xJv}UNChxMcdz>u1
z(yj9f)52M49=|{jo&bw2w-ril>}Sab?nU3(ieI3Y%l~0HZi%Or6WL0Cqm}keR_4P>
z0qCJhoGTeBC;S6hDc7EIo4OS}U?2V=q;B6V`Wh9|Z?U&WS?p2l|78TOeZaL%;`$%o
C?n-+A

literal 0
HcmV?d00001

diff --git a/testing/btest/scripts/base/protocols/mount/basic.test b/testing/btest/scripts/base/protocols/mount/basic.test
new file mode 100644
index 0000000000..8576874ce3
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/mount/basic.test
@@ -0,0 +1,31 @@
+# @TEST-EXEC: bro -b -r $TRACES/mount/mount_base.pcap %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+global mount_ports: set[port] = { 635/tcp, 635/udp, 20048/tcp, 20048/udp } &redef;
+redef ignore_checksums = T;
+
+event bro_init()
+	{
+	Analyzer::register_for_ports(Analyzer::ANALYZER_MOUNT, mount_ports);
+	Analyzer::enable_analyzer(Analyzer::ANALYZER_MOUNT);
+	}
+
+event mount_proc_mnt(c: connection, info: MOUNT3::info_t, req: MOUNT3::dirmntargs_t, rep: MOUNT3::mnt_reply_t)
+	{
+	print(fmt("mount_proc_mnt: %s\n\t%s\n\t%s\n\t%s\n", c, info, req, rep));
+	}
+
+event mount_proc_umnt(c: connection, info: MOUNT3::info_t, req: MOUNT3::dirmntargs_t)
+	{
+	print(fmt("mount_proc_umnt: %s\n\t%s\n\t%s\n", c, info, req));
+	}
+
+event mount_proc_umnt_all(c: connection, info: MOUNT3::info_t, req: MOUNT3::dirmntargs_t)
+	{
+	print(fmt("mount_proc_umnt_all: %s\n\t%s\n\t%s\n", c, info, req));
+	}
+
+event mount_proc_not_implemented(c: connection, info: MOUNT3::info_t, proc: MOUNT3::proc_t)
+	{
+	print(fmt("mount_proc_not_implemented: %s\n\t%s\n\t%s\n", c, info, proc));
+	}