tests: add bug 2736 tests

diff --git a/tests/bug-2736-01/23_6594.pcap b/tests/bug-2736-01/23_6594.pcap
new file mode 100644 (file)
index 0000000..693cb85
Binary files /dev/null and b/tests/bug-2736-01/23_6594.pcap differ

diff --git a/tests/bug-2736-01/test.rules b/tests/bug-2736-01/test.rules
new file mode 100644 (file)
index 0000000..1af4b79
--- /dev/null
+++ b/tests/bug-2736-01/test.rules
@@ -0,0 +1,6 @@
+alert dns any any -> any 53 ( \
+msg:"DNS - Transaction ID problem, DDNS"; \
+content:"|04|ddns|03|net|00|"; \
+classtype:trojan-activity; \
+sid:1; rev:1;)
+

diff --git a/tests/bug-2736-01/test.yaml b/tests/bug-2736-01/test.yaml
new file mode 100644 (file)
index 0000000..63f19ae
--- /dev/null
+++ b/tests/bug-2736-01/test.yaml
@@ -0,0 +1,10 @@
+requires:
+  features:
+    - HAVE_LIBJANSSON
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/bug-2736-02/suricata.0400.pcap b/tests/bug-2736-02/suricata.0400.pcap
new file mode 100644 (file)
index 0000000..57bafe2
Binary files /dev/null and b/tests/bug-2736-02/suricata.0400.pcap differ

diff --git a/tests/bug-2736-02/test.rules b/tests/bug-2736-02/test.rules
new file mode 100644 (file)
index 0000000..b47f3ad
--- /dev/null
+++ b/tests/bug-2736-02/test.rules
@@ -0,0 +1,5 @@
+alert dns any any -> any 53 ( \
+msg:"DNS - Transaction ID problem, suricata"; \
+content:"suricata"; \
+classtype:trojan-activity; \
+sid:2; rev:1;)

diff --git a/tests/bug-2736-02/test.yaml b/tests/bug-2736-02/test.yaml
new file mode 100644 (file)
index 0000000..eb2358d
--- /dev/null
+++ b/tests/bug-2736-02/test.yaml
@@ -0,0 +1,10 @@
+requires:
+  features:
+    - HAVE_LIBJANSSON
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 2