From 13e7365b0a5824d48d9f6046dc2880362424506f Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Tue, 9 Sep 2025 22:47:58 +0200
Subject: [PATCH] nfs: adds test for nfs_procedure keyword

Ticket: 6723
---
 tests/nfs3-procedure/README.md  |   7 +++++
 tests/nfs3-procedure/input.pcap | Bin 0 -> 43318 bytes
 tests/nfs3-procedure/test.rules |  10 ++++++++
 tests/nfs3-procedure/test.yaml  |  44 ++++++++++++++++++++++++++++++++
 4 files changed, 61 insertions(+)
 create mode 100644 tests/nfs3-procedure/README.md
 create mode 100644 tests/nfs3-procedure/input.pcap
 create mode 100644 tests/nfs3-procedure/test.rules
 create mode 100644 tests/nfs3-procedure/test.yaml

diff --git a/tests/nfs3-procedure/README.md b/tests/nfs3-procedure/README.md
new file mode 100644
index 000000000..5abe73c19
--- /dev/null
+++ b/tests/nfs3-procedure/README.md
@@ -0,0 +1,7 @@
+# Test Purpose
+
+Match on NFS nfs_procedure keyword with string
+
+## PCAP
+
+reused
diff --git a/tests/nfs3-procedure/input.pcap b/tests/nfs3-procedure/input.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..b259374cb0da8d7251fd3883a690c702b5d4cb9e
GIT binary patch
literal 43318
zc-rk<3wTq-w%$8QOPiK7X-g^PVMIWrrL?uwfJZE#fT)0=h&;<9JS4QWl!A||r3Vpt
zoyz-ddDnoIgNTR-6}iI4@c<XmgI+yUtjMWU5qVjqy=x}3clPW|CJ9MXyyxWm!rpC@
zHEaF<KWk>zp1nEs(a!Z6K_@t0Izfbg+ZOb;ls~8wo`!Su7Rr}ifAmxMx1!npFyTQ#
z7;gQOAY__O?w!{xP6O}pk!OS)p-*RnrDy+1#FR!5XP3ZHOWyQLoV{84+q7}H@~@?q
zhr;<#N6XNrqkY`+Bb7<0<w0MfR#EFh4zz6<-HNm<3a+o{)VsSRr*%$FOG{2oNlQ*o
zPD^*Rbi$?+2EqphvSNI|dLNGQf8-b|bn!w;!P}Oe1y3nr+{}zmaJJ9`&U>(8Nw4gL
zWBEynMHe4gA((Ic7imFsXK@{zuVeXKZ0&}9o+bILIS4+#@ZL4c15BSq@=mw(E{K3*
z_;hPt-ju0hCt4Lu!8=6ZjfQ;Jq;M>@)5M%9)=m>9<=G~Uo!H4bBR3~6A9;ImuTIE=
z59G1pA6Iz~j{jX}{F;NpfCV#&w=6Ev%Pbg;FM|``3wre9P9&7OsB;n-@<2Gt)$#op
zuXkmRzd<@)|EQ(sw|9A|<Bjfgj9TXC_+A|Q-xNCjMz9<$CM~mKH_<w_B&U*=jNu_X
z9cSVgkI6Bf4HJcwQF=?yxy=+YZsh40wZPFa^prZ&k_su7FfsD1VE*nTX@RNZ!h}%4
z4(E23&ugsRk;Ry4lF!;&@OjSkS4Oss_=@3kpmgj}S(4|g;D=Q#Eaq1Z!dT=vvC!5E
zGoBhxJa?yQ@TPk;@k&s9E{pkT?4`pih&VE~=M9ae_q3{%iq7)U3ygbUjPq3(=YywT
zGcb+`CdS3xLxp4T!!Z`d<&}?PjPIi`-hS#U;<-DF#rnWm5DEpy8`)Bx>x7r;94|#%
z&86r#y!6DpOl9!$PX;g1!RF;8{BV-R%c07_n3sDfUUsDaNIVZRFM`mm(DA8e1u2f>
zL*y6Qa&lZhLV5Ipn+GsAc`9z6fe6nqxQPumH@o47-7IcOE1$&N45YYOa{4afd62nz
z3H6CORl9h+uFy3ScA{^y@ZV(Zh4G(A;a?n=3sF=s@Ye<lfAsy)L_sKmzHr``#lxQ}
zt(b=$6c6ot>qrD5du(u8=3vtsV>3a8O%7Q8<`06+c#O?kDr~eQ0*~07h4Zs4Y))DG
zU~DodY|3M^!17rJHetcW#%WXBq_8O}-Yzq!i;0bduJ9N1R%0n9RZc<?FW#rbQjA~N
zfke#f?<%i1UVwiLtogMd%v5{p{w3#yjTZpbw#_F;i0Y#<w=nW~fN~LTOOTEdlAN6X
z5Z2BVI_J+02PD4@-dxm`1<7;HT=Z$&pN7$M(bwK0o^v!1SY9Ph6*D>-<8o_XjBy_d
z<L&JxgQt}Yj5Wc+n3Zu*o2_aW$;e32?S=EbEFQL3PR2ZRrFdA;DTYMH>x=m1rl0u3
z6OI7cYoT3VC>`;tbr5%qc^LCFmL6l8+<-{FYv3_PGkOYHcMsx@F*%rvE%X@EtByp#
z9b-IT^9aUfj0&6I!ScC32sXJGo6Rb0YDonCVDl)(X0&Q<G6^hyf2+(*jL$U^62Mvl
zYdnptd<KuFrzmW$*Y+k6cv-8em$8)Dm+N!9L`ZSC?uWU~QuTuxK<fOh(hpDsoPLmp
z`@u$4Klq(Q!0iXfGFt5ZlZDL*Yk!Q*-4r(ax_%9o|HZ(@&;avLpK(lvmXle1##}j#
zF$ayT{gg!OY23?FYcG(RZkc|pP&zh5n+QGgdTu`&fVDDG)sIjmv8thS<`|-O6agn^
zzKHohOy|u0mq`TP*7s3urh^YTGs1BwbjQgEw5CYf)fBjR=FsiG78T+(M(=eq8<6YA
zFxMk!uDi4bq<-*;>zpap0CTM!W6PGg=H$$maL!z&%9+2C2)H@Z12zLOHp6Lbwp;<r
z7aF)9c#BOT#%8Gso9iS3E;cDg8VR4n`R6Qbj#%;4hM0ROY<3+mg5_!kHc|DY8&(hX
z2|pBNG_)Aa$|JhU*^E4Lv3eMZk~fY>IYQ%qjwoo`%KF<(^;p3eM*@;Rpe?CQoIf&u
z;`R}IMI>gZs*k(`2>sZ=eMAQwPn9Cz^pQEZk1SC2k*g#EZXfZ0%@Y`#r&QRy2$p~P
zgJ3fcV>4HU%@q=XM{GFrQGCTFCW)Sp_DBHB7a7>-gN+TTiPkY{qEt_p<|6~*!i3iF
z*Ve2&5?i?t=Mk#DEDGPeMxynlCR*)g9S4!GuVc(fL=Wq@YTVar7m4a)V6Veqn}T#i
zh-KXu#_K!ys!`07bl-Vs6d?9<L(f5z3FjyR&Kz_R=KO7X4tgkqMBwiplYnzl-&~i$
zr^;Admsp1|#*q2bt$@@e2G_b^axHnk0e;xP%8^Sd7vmh+f#SLF;9rRM^?ZHPl|#v6
z&UJ;S7<2wP)6uoeUmALk3-X+EU115vI+ebzaIl1UUXOcR*qYuCpW4sDc!zZ;<GR9{
zsTT0`G6Q2{5H+oO>EvhzgXO`jT-K*@Db8j2)cBQNUQD8?FO9b~cRC=bu~+3QDKeau
zT}SGjXg{AOIav{|^KT=h5uChQIRA$0rMTKeUhP%i!z&2sGKu1Q)ruK}GEUKpF>e^w
z%pg_Wr5aGaa;wxYJ&bwFT<1B$^$TB<2yUrbHLROv)|W=T;CeXbdZ21;@B<)q^;W4Z
z<c{NVy&Q90MsvOG8i^oKHMT&npX-HdgcN7I9l=-!&UyJFAa#wwbx1v3W3Fah$48!T
zfgiT8#@iK@EAV)GJH_!Vdkf+@FYo)c9x)$zqL8s3kyl&AJGp&p6vn$h-M3<ffY;X>
zdhIYy5dml2U4n6+rdoGjAQ5oa-N-VhZkL6z=|I=*Oz~j(R|YoW!N!KHyQ_KYZYfI6
z9;D4UHx<%*kS^ttD1BLPe~)Kp0b74<{2u8U@=}rdsIKpE)@E9Nau>8UQ#v9fOTOUt
zrO{X~kJ5dq<yk<oCU|{`&B8>Y1r!0NFO}lHG)2{ysz?OfzJx4u_V$gz*tDSc_BBUW
z8Gj4j-ahx(+|1rS6fvh?y@C7H3v|C~QB5NDp<iuz9PLRD+#GMq<4Du37c~>rM|Hnq
z^tpiaWoS!~juMibIl)-QTz}4=p9ds=58fKwl?BOj&Klf~`%`mz4c`Af;(37g_POU(
z^7Lc))W<B0_gKd<_TFx~|4H!l1_R?p!NOSa*-&CDbmC~6El2O@gF9f@Jqo`(%EEtN
z<(s$<o~Q6H9WsGL<<*`(M*ncfPbh!B?ZS`T2c+mMy`NqqWfv3~rw(Xkj5YKBJO(1G
z4PG6P$ycQ0J*N)%7VZ}Yx(;}JDe>N$YlVTtUiO%igYd5Rm;tIBGy^=YYv>$=Jm=(~
z9T@8-bPhWHSK_&^Iq0Tw#&-?h$<_1(jPb*&+V-H4EhB{>*0!0eY{`3$rvHj@j-)j`
zqaX1;=-0m`k2#v2i1F^Hs%?)1kHsL?wq5X+Jm+Y7C&oI4*7S@~#B)!Y4j9gor;0ne
zXpBp(_zsVl?i9vL?#TpCH4KbHgQ#ip$`lw;sP9XA2altd>HE^Ud_tnACv6wBz2l=^
z0z=yo#7;#1M5}p>dHf`sRWC=Oxbu<b;*b^JX%W+g;$la;Z4ia_7MbIih%J+2j-!l^
zJXxS0cfPY5^K^!u@BCItBJ?!h31y6pyfN40%UIyx(s7g`RnB)Rrg6sxe0N4nZ+dKa
z`3yv+3*OkkUO!6SbH;{!IA4kM*wFrY;(a|_6LP=aQhLl88*CWwzN$KG6?hyH#QUjS
z@RmI1j13=Pti$NBq5XW~d4R8b^4GP<Q_gkIDH!9<^mWgfJHgY?;9d7*YMOc76Gfu|
z%Nj<#L%3YIALpLeDcmbwjUv(1o5tH*o+_xZSLH7$N_W>ihq}M+iL<q`LPTAoytpQu
zR}aj_{AQ}^foRlh#NaowA?krB0?s{gA7V}`>3iayeV#<%)x7}>J_5pb+Xdl;($Nbp
z@Ev6__p7dRbc0C37+f@Ni0d34xcHbcwy${X8i~LwE|m4`Kwjem4vM5BzR&CsmkWFc
zTTD0Awfiq1lJHyQ+C7SZb3ONOn2YD=>$w+8Nd*6|uidM;HvYin8sCu@bDxUq(}0xz
zR^b{&z~TB6%=NP>uD6m1{=>DCYkWsu%%4<T9|NQ!f;ZlI=9-gZ|BksnP3PDO8;QWH
z9IM1EkX*FepHV0sz2IUh=Hgz}o|(@elE_<S&y0tDcN}w3K=-?jD@X(lxM#*~U83H&
zHb?7uT<2r1yQ;W81xPi%W$wL#2sm7yz+6vLalM>G@E@+7T;scSW4frgJ_<+~8aT&N
zTyt{lNzC=9bdG)EOA>)sIaY~TAi216@ZaSlzT>S6mx}_-g+;{$s-H*QD)%g*2sr)j
z6z1X?y5Ajsg+$=(+@@acvvIett%10n&bWuOc*_Vt%J>K2`g6>6j*9EqB!YiCt~s^O
z8I1MmoR>cbq)ZLH2NikF*@Jo-bNmgx2X)Dp#PfRFgL>yrV`uXApnB+A&ob(u#Z6Fc
zCc2^bpeiHa^sO&2?l!t_wfUJu(16cSaGk$EAE?*9m6^rm`Z>&Xx+;%821vy;@chMj
zpKlg-{_-{E`UpLL`CE4qfmibvC1!!-qWvp1@)6%@`wEwf=NZqraje&4Z<X2%ih#3U
z^(?;DbGK^0>Io77f4^$q2;MWtU%=1feolTK_qXVo<Cb46k39UW0-F+n|LlC^fy*<;
zQOlfXj$gsg95*SRIsUC+v5KT+pPrq+<CzHFbLd~hF+LzahyEmb4*kBjERRfmRS}~c
zhfvSYp-0|wo?m_)<I+y?9Qu=jSwDz)>w-(Sw?7=-V~5tMp2)lY74uj4ci@&M9qLK^
zSEi5|x*)N<R7imLecIeG(QXRsjy_zX$urJ`8IwjAvP-84(>Hnkj#3<;R@(?!p7S<k
z8EiW2J1nDJ6`7&$#UiW7I_NT2Z(H&+Snp91T~~MJjKeZm3q#fy@7gy7wSX+Y4VGmT
z)IO&tR$-shR6h3r>z4|R!gn)|fsZ2g_YGtfS&ZMM70~^6*({4$i9cYAAxw+$V6ld_
z2%}B=S3f;<rz%6}SZNBizVtn<FcQv3%1F(Bxj1t7b=>*@f|Q^_>JoU6T^KKloq9Q1
zCkVX(t;dtrnT+p$kBi;~9BYay)@;3PsX>L_HVM7Y_G*O;XbZj77RC07)yU%fdzlsi
zy`qD(MezUPTsC^5y!*R%7}^CHo^8z^otxV+ErVMUmcQ3w_}taCk>MlJEf7r~nUp<k
zhPhv_K?Ui_sb-}mQ8|myPqyY|TW!fXc@yyO9&~)~Zpb6aDIL3Xz9-pgyC->uC1X@Z
zy7`V&^Pooum>-`w&D?)%zB%2TmeMud(zSD{`H9DS!Vjqyv*VKtURr*j6;M#MEEQaI
zs9;YPt%9WnyD5AOQo*j{lnS;1ihJg|QGp7X4(OyJ7L{T(C-Lt>9bZ{-@5WaDc*BIA
z6=#&r_eElc7o*?JnzuMw^*gKp2bRfWa~$`(w&`ch@1C1$9%!{$M^Cky2j}FB%gM<b
zojt*tH)>Ru<c#DLL1@?b_%J0JV*w5MNjhpx=@Ng$ni@%KDtrteauhUGU9?Wt)OMn&
zPv+H+rV=USq;bxuixrI8IfBr59JyB`Q!zCmZ#n;qg7X8|F43r4Ul2mS?x*@OonO;Q
z)@Y&9%Tc>YpH^rTMSTUOm+i=6|8lLc5R5HkDX@?z@C4H$DDdF>v_<$rpOEsbrBa-k
zuB#@qr#O}I4g>EXRp7Uace{vpYiRG5#Yx^hxZTCO7v_1_KN3j*Cml@V?GGA?Z809+
zC_YW0w``+`3d*^e_$Qo+JJK50r$JQ9AQN9vWa8~oCO%zGjU=?i0f`r}MI+N<JXoxf
zExt*5O*~<cIg&&i(mL;#P`9=x@n_sex2js}C$&~I(51D)`GN1F2=UHt*i*i`N>N!q
z);ec|YMm7mot3L}whSUWiFEb>-LKw+sD{k<tTW=JTb-fT{p3w~YX@)T=TWOUC{MhE
zIasIS;3Rl_33D)1=AevlFlPaugEk&G5Z&;gb;E;3_1Sm<XD>%|JC69C<Cek9C}Jea
zaba^QF3OO_veQ~TyoHJkcCQn5hcGPyyHjnl#p%c*;8niBGrL+2yBY?&@#H8?6GF(o
z=kN}*`^>%;EowBhZFhguaQ-GLGtuy$w8EEg{v}IApCtZ*RrDIIqKJ`t+w$F@qS~VI
zvWoT~WB`>V3+qQkIyWlPGE{`t%i*|vqnIG<*w7V4`tvVZp#UruF!)DXzEGs^o~QX=
zz8j*wiuiwIIK}^-LP1Pf=$U^Vhkq@He`)`RSrnDK(FI{%S=CE*Ki4SBTH&%DaI_^|
z$<M{8(YVVUV&DI-Go{WENf1=uC#LZ;%8=fo@^W(WGwG=u>vyufVJFtMNxwW|hvU3-
z;Ju_h<vD5tvC!u-HP@x}b}{iX)|*YGx2t;FiYj0sv}mrZx4lGfd;SvKtfgMd#rePz
z*ff)ZKp5_QE3Rn;^dQ+P)`;^J$w~RNCRbG1O_4j1CYy#+n%oP`ZTgFUIZ4ORWSoo6
z6j8tn{ntd=n%V<(SvTqc>9D4%JcDaM8l;srnQ2nqxp0lEgDY4ElW849?$p~>E`rDn
z3LU&J>7Y2cItcMc2S>oQOvm0z4MO8ujaEPpiTshJg9@U9Tv`V!7uijXaUGy;Dy4(>
zp}Epx|8x-IjSiGikTI(jq>5|5RF`nBlW5P&tcVURbo`C0g{xQ#Pt#gxoUOO5>ITs_
zWohBH;A$Z>kU3#xt?xNuRX4lI&;e;7Iz`sPOrnKNulc8i&|u{RJCMZD!8NRdNwf|O
z9U%I15czEi9ejYIM><#(TpctDWKQ^Rt<LA1u<9Hjg3u6aR#H0n0Of>5{^_7mFmuB1
z5IuVQ(^Zxh&L>{STF6yt;hf&K8jTO_(GwYn7WNY@>{uLJErj`@1u=#6h=ZXzpDQ1$
zVO)q>g*0#_j?%z>RQXu!p9aFb(Lf4qFN|CZszVWtZ^Z56zhYh|(7Z;i(%aTVLqsWx
zK7K&z<4c0eYj_}YeOJBC=Ul%g+HNuqM*K$HMe%z8<@zQ5@f#kjT;DrVC!ojX)Ub4L
zA+d%v<{Jk?^m`$4OVMmu2jxTuyOsu52YNqrK&?xMMd^gT@V&mQbt$=8wnuffY|UP~
z$z(tpsP0E;pd8kvx~2YUK<||X{s3!Di&5viCr_=h%Za~Xjg6)?W-{n)YYzgl-HR5=
z8vBrFY~Qlr);1z;Qe%kS+hnbwszQpR*J)yO0(zM6C04$vBwDl4T3dS%P&tOQ_G}TQ
zwGW}m?aTbDfkbe$Ce=r7Q$!>E9!Er8?OD2GX#*j!CQc{l!CO5`6Tc_^jx{kvrHNyD
z+qyhJ;Gv>rvL-$vnmDw)el!u{MiY@YsR^`aRacN>OLbQt`z%2xya;w)WaXh;QXi|J
zwXrVGZi-%pv{98!Y2zcvLzd;9wGqP6MkGfYQJ(5#pS*rzm~hF5I@$G3pZ)K<wH9d`
z4t`y7o4fSB<t~T4VHNw&H~ZoIb;tREC!3S@l;`jogV-3;oU79tSf@|YI*neYx4m8l
zY&@pW=^;s{D}t-j#`UGsi?{i%)7Q)FrWjnu|9&E+(?dw7EBw=G<9}zJ=CtO{=WDS}
z$Iv>B8L79GpnC35#eDu_X+FO)xbrxJH#&90lFNL4XItOr^CeYwQ)~j#=8XbboAVGN
zXg<Hvzqy<tSo8U+wp<<5vF2K_33}Ulv|b;h(!o5WgH^%RL6ko_P}go|xA(nvvmVy%
zv7aLye0SDG2c@h0(?L`)Yd3q_^J+IqIQsb$Ra*F5Z`*+Cxsw&Oo5Ms4J5~o*3r0V*
zAlGi}iN4ovHgvO_n#@HSs2D|Q;4rG)toBa>Mt^HJ8A-f8o+M&kN71}CnF~?vhlr*s
z`uGv4kFN<XuckoedTl4)bNz<>c2it0#P8K-D1MKiT))OYeoev3_33H6+D(#%HRi|l
z(%UwUhsd8-)NYOv9qd{gTpdLFp#y3zdNtkm+ReuCfJQCSz&i#?14mKqX03l3h`#CC
z%`G;soPAu!*&&yt#rxTssWeurw{6NUG>WqnJLE1QbTh%?+EfFl8kD4Ct^A3_cyX4q
z8kBq&QSH8U9#tDIx~dk9m(rN2J?}#`DCQ<r%d7?=M3!e5e69v<%C?)DqI@nMmv?=B
z{3AjIRfE>~R}G2@NHvI|WR}_x0*3(sj><x?%9_%eXu4l-+uRCNHs7hT<PHc0Wbpxu
zLCA*qvst^BvywuQ#d%dsi}B+8q8i#FWQ6vw*N@6V-KZ>9^*L`<7OlL8NU<|IJ}1|j
zZJsm^Wt&b8t9>HNR)>VC?u0RtqoTeg?vflsPkAI+2l3re9+OcfOWA;I8xi^oCmV!z
zV5ObLRneMwQX8<)ir(DHZi+{%QL%HDtmt161Au<T>z)-I%29MIN72zT%0;mi!-P3s
zkj*!uq+mFnxxKVQAHuj+fs(wVScAX&>K8iCqoLb6#H>6)xMNFsG$U^a1ntHy<3|b}
zKafBBh|iL*&X>#hkvEI5idv7Fl9M-DJ$^8LC%>TQz96;X=3M!I5=1!%GWRc}nt#|p
zHSmpgtUeo`)Ci9ZsdS%>uhQGLYCtthigwC<)`FA+Ay<^tPoH%+pK0Q0WN^c9nrgSS
z<BAP=DXZzU%8VGbo;d~~4ZfMin)|dNqel|m*S2cxre^qB!l@6bzGeZpE|mB;_i4iE
zYiUX(wRE2m8Ieo7uZLh132J6`??S&x5w(1@)pihq<$&NhI6uc4eNHEZvGzDLI|e9T
z0tD9<<;lA1LUdQMzJ7G)ZYO=5>a(3((85)LZf0rBK~X=HXK?<%Lh4z^5u%$pD&1VN
zn-b6!7_l~v(oGj=s(8JByX@l_y6L2dK1p!>KTovzWAS~f#?&rp$*CEZ<do!$)MQI?
zs+3dSpT^B8;h5V_G`9(PdRysih;p+cr*xHa%7)<Pl%|Y%fX^z2S3B4IL9r5&Z=IU2
zC#V$^8JthrR%@e_Xrq+YM(J$3sX5*cky9gS<FE!H2X5qU@Gqw{<>ZuhifaQJ<#=NJ
zGk2w-$J`I3xo<ugBB{aLJ69UrP$X!ju`#&Z$9tLsx*1P&tQieL<jgBK!E24()FKY?
zI;D!@wHxAfqkp`{b9mKBV}W{}u=0*5-fAHNuNF)+uPx&Awl~n4bhBc$Fabr<11z@4
zHt;Gbk*qZ-v51r+S5h*<h*EZK@~jkX04piY0#QjpNVJ1d!PiR48?Y8_foBt2<(d1j
zBM1#tN!jF|LYnzeNm0y%gHlOh&Wceb1tHr%kGsZgj8z+@(iqG#>;<6OGN)=Y!V$X2
z;+e$;!2q}#SYw-zWWcKJ!L%4JmKCj%Ek+}Y0L+oiH>KK}uB0T~WPYP6D5Qi+t-ugE
zM^+hpt_#}>?537@&t`M^KBHq_A%sv}c(Z?1l?3nV!Y);mGp)O}ELMzhSY6WZ6z8~*
zjQj9vgU}khY|YX|Y*G}~h3c->maFu(ZK(FKyQoaoMJ$RQBL8Yj{piA7Hfw&9y0}|q
zo3)})uR1Vd?bjNd&)QOJWew5FE?O(wTG>slo<mw0yn@n7EVwjoi+@?KIY%o}l-TnH
zc7yYOq)=y-k|ZPMx`gJs)pOweY|M36nd^AM^~9|n?*QhGT&z)x%--oJk@sJ`X%O;I
zJ%WY%ID-2H749(4Y=!sM9|)yzj|cCQwt9C*d6I<R&@zMbS!HVcRwS8NcTl%F2VU&P
z_@&ACH6!?CmDUe_U8Gtb^7_(SH-X!3yXm&R_zvlD6mHEBZl&Jg)<weY_MP0(EE<ny
zdK$Oe`hpkd3Qgi}#b}m*yg(LDy>0OMPUCIo!0N;3PUF3Qr(#M#7N@^+(-uu&@e@~z
gbKl`b-SIH4DnFr$`eCs8J@~kLZ=4);b7b}Z0I7pRo&W#<

literal 0
Hc-jL100001

diff --git a/tests/nfs3-procedure/test.rules b/tests/nfs3-procedure/test.rules
new file mode 100644
index 000000000..b5916f3f7
--- /dev/null
+++ b/tests/nfs3-procedure/test.rules
@@ -0,0 +1,10 @@
+# 2 matches for generic write
+alert nfs any any -> any any (flow:to_server; nfs_procedure:WRITE; sid:1;)
+# 1 for write v4
+alert nfs any any -> any any (flow:to_server; nfs_procedure:WRITE; nfs_version:3; sid:2;)
+# 1 for write v3
+alert nfs any any -> any any (flow:to_server; nfs_procedure:WRITE; nfs_version:4; sid:3;)
+# numeric value for write v3
+alert nfs any any -> any any (flow:to_server; nfs_procedure:7; nfs_version:3; sid:4;)
+# numeric value for write v4
+alert nfs any any -> any any (flow:to_server; nfs_procedure:38; nfs_version:4; sid:5;)
diff --git a/tests/nfs3-procedure/test.yaml b/tests/nfs3-procedure/test.yaml
new file mode 100644
index 000000000..fb617996c
--- /dev/null
+++ b/tests/nfs3-procedure/test.yaml
@@ -0,0 +1,44 @@
+requires:
+  min-version: 9
+
+args:
+- -k none
+- --set stream.midstream=true
+- --set app-layer.protocols.nfs.enabled=yes
+
+checks:
+  - filter:
+      count: 2
+      match:
+        event_type: alert
+        app_proto: nfs
+        alert.signature_id: 1
+        nfs.procedure: WRITE
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        app_proto: nfs
+        alert.signature_id: 2
+        nfs.procedure: WRITE
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        app_proto: nfs
+        alert.signature_id: 3
+        nfs.procedure: WRITE
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        app_proto: nfs
+        alert.signature_id: 4
+        nfs.procedure: WRITE
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        app_proto: nfs
+        alert.signature_id: 5
+        nfs.procedure: WRITE
-- 
2.47.3