tests: ICMPv4 header tests

diff --git a/tests/icmp-hdr-01/input.pcap b/tests/icmp-hdr-01/input.pcap
new file mode 100644 (file)
index 0000000..170b5e8
Binary files /dev/null and b/tests/icmp-hdr-01/input.pcap differ

diff --git a/tests/icmp-hdr-01/input.rules b/tests/icmp-hdr-01/input.rules
new file mode 100644 (file)
index 0000000..1b5c895
--- /dev/null
+++ b/tests/icmp-hdr-01/input.rules
@@ -0,0 +1 @@
+alert icmp any any -> any any (msg:"icmp hdr test"; icmpv4.hdr; content:"|0a 0e 50 54 42|"; sid:1; rev:1;)

diff --git a/tests/icmp-hdr-01/test.yaml b/tests/icmp-hdr-01/test.yaml
new file mode 100644 (file)
index 0000000..15983c6
--- /dev/null
+++ b/tests/icmp-hdr-01/test.yaml
@@ -0,0 +1,11 @@
+requires:
+  min-version: 6
+
+checks:
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      proto: "ICMP"
+      icmp_code: 0
+      icmp_type: 9

diff --git a/tests/icmp-hdr-02/input.pcap b/tests/icmp-hdr-02/input.pcap
new file mode 100644 (file)
index 0000000..bf5c4e5
Binary files /dev/null and b/tests/icmp-hdr-02/input.pcap differ

diff --git a/tests/icmp-hdr-02/input.rules b/tests/icmp-hdr-02/input.rules
new file mode 100644 (file)
index 0000000..b8c187d
--- /dev/null
+++ b/tests/icmp-hdr-02/input.rules
@@ -0,0 +1 @@
+alert icmp any any -> any any (msg:"icmp hdr test"; icmpv4.hdr; content: "|be 0a 7b 00 03|"; sid:1; rev:1;)

diff --git a/tests/icmp-hdr-02/test.yaml b/tests/icmp-hdr-02/test.yaml
new file mode 100644 (file)
index 0000000..8b5f98f
--- /dev/null
+++ b/tests/icmp-hdr-02/test.yaml
@@ -0,0 +1,11 @@
+requires:
+  min-version: 6
+
+checks:
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      proto: "ICMP"
+      icmp_code: 1
+      icmp_type: 5