tests: add tests for bug 7964

Related to
Bug #7964

diff --git a/tests/bug-7964-01/README.md b/tests/bug-7964-01/README.md
new file mode 100644 (file)
index 0000000..5aa3adf
--- /dev/null
+++ b/tests/bug-7964-01/README.md
@@ -0,0 +1,12 @@
+Test that the engine correctly issues a wrong ip version event and flags packet
+as invalid when decoding an IPv4-in-IPv6 packet with wrong/ invalid IP version.
+
+PCAP
+----
+
+Created by using bug-4571-06 pcap and replacing IPv4 version with invalid value.
+
+Ticket
+------
+
+https://redmine.openinfosecfoundation.org/issues/7964

diff --git a/tests/bug-7964-01/editable-ipv4-in-ipv6.txt b/tests/bug-7964-01/editable-ipv4-in-ipv6.txt
new file mode 100644 (file)
index 0000000..62d4876
--- /dev/null
+++ b/tests/bug-7964-01/editable-ipv4-in-ipv6.txt
@@ -0,0 +1,7 @@
+0000  0a 00 27 00 00 01 0a 00 27 00 00 00 86 dd 60 00   ..'.....'.....`.
+0010  00 00 00 34 04 7f 20 01 0d b8 85 a3 00 00 00 00   ...4.. .........
+0020  8a 2e 03 70 73 34 20 01 0d b8 85 a3 00 00 00 00   ...ps4 .........
+0030  8a 2e 03 70 73 35 56 80 00 34 04 d2 00 00 7f 06   ...ps5E..4......
+0040  22 6e 0a 01 00 01 0a 01 00 02 00 50 00 50 00 01   "n.........P.P..
+0050  f7 fa 00 00 00 00 50 00 04 00 5e ec 00 00 68 65   ......P...^...he
+0060  6c 6c 6f 2c 20 77 6f 72 6c 64                     llo, world

diff --git a/tests/bug-7964-01/test.rules b/tests/bug-7964-01/test.rules
new file mode 100644 (file)
index 0000000..3e2bdbc
--- /dev/null
+++ b/tests/bug-7964-01/test.rules
@@ -0,0 +1 @@
+alert pkthdr any any -> any any (msg:"SURICATA IPv4-in-IPv6 invalid protocol"; decode-event:ipv6.ipv4_in_ipv6_wrong_version; classtype:protocol-command-decode; sid:2200083; rev:2;)

diff --git a/tests/bug-7964-01/test.yaml b/tests/bug-7964-01/test.yaml
new file mode 100644 (file)
index 0000000..378eef4
--- /dev/null
+++ b/tests/bug-7964-01/test.yaml
@@ -0,0 +1,23 @@
+requires:
+  min-version: 9
+
+args:
+- -k none
+- --set stream.midstream=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 2200083
+        proto: IP-in-IP
+        ip_v: 6
+  - filter:
+      count: 1
+      match:
+        event_type: stats
+        stats.decoder.pkts: 1
+        stats.decoder.invalid: 1
+        stats.decoder.ipv6: 1
+        stats.decoder.event.ipv6.ipv4_in_ipv6_wrong_version: 1

diff --git a/tests/bug-7964-01/wrong-version-ipv4-ipv6.pcap b/tests/bug-7964-01/wrong-version-ipv4-ipv6.pcap
new file mode 100644 (file)
index 0000000..03cc755
Binary files /dev/null and b/tests/bug-7964-01/wrong-version-ipv4-ipv6.pcap differ

diff --git a/tests/bug-7964-02/README.md b/tests/bug-7964-02/README.md
new file mode 100644 (file)
index 0000000..70e6b37
--- /dev/null
+++ b/tests/bug-7964-02/README.md
@@ -0,0 +1,12 @@
+Test that the engine correctly issues a wrong ip version event and flags packet
+as invalid when decoding an IPv6-in-IPv6 packet with wrong/ invalid IP version.
+
+PCAP
+----
+
+Created by using bug-4571-03 pcap and replacing IPv6 version with invalid value.
+
+Ticket
+------
+
+https://redmine.openinfosecfoundation.org/issues/7964

diff --git a/tests/bug-7964-02/editable-ip6-in-ip6.txt b/tests/bug-7964-02/editable-ip6-in-ip6.txt
new file mode 100644 (file)
index 0000000..6eecb2d
--- /dev/null
+++ b/tests/bug-7964-02/editable-ip6-in-ip6.txt
@@ -0,0 +1,8 @@
+0000  0a 00 27 00 00 01 0a 00 27 00 00 00 86 dd 60 00   ..'.....'.....`.
+0010  00 00 00 48 29 7f 20 01 0d b8 85 a3 00 00 00 00   ...H). .........
+0020  8a 2e 03 70 73 34 20 01 0d b8 85 a3 00 00 00 00   ...ps4 .........
+0030  8a 2e 03 70 73 35 45 00 00 00 00 20 06 7f 20 01   ...ps5`.... .. .
+0040  0d b8 85 a3 00 00 00 00 8a 2e 03 70 83 34 20 01   ...........p.4 .
+0050  0d b8 85 a3 00 00 00 00 8a 2e 03 70 83 35 00 50   ...........p.5.P
+0060  00 50 00 01 f7 fa 00 00 00 00 50 00 04 00 ea 90   .P........P.....
+0070  00 00 68 65 6c 6c 6f 2c 20 77 6f 72 6c 64         ..hello, world

diff --git a/tests/bug-7964-02/test.rules b/tests/bug-7964-02/test.rules
new file mode 100644 (file)
index 0000000..592e8d0
--- /dev/null
+++ b/tests/bug-7964-02/test.rules
@@ -0,0 +1 @@
+alert pkthdr any any -> any any (msg:"SURICATA IPv6-in-IPv6 invalid protocol"; decode-event:ipv6.ipv6_in_ipv6_wrong_version; classtype:protocol-command-decode; sid:2200085; rev:2;)

diff --git a/tests/bug-7964-02/test.yaml b/tests/bug-7964-02/test.yaml
new file mode 100644 (file)
index 0000000..4fe2c4c
--- /dev/null
+++ b/tests/bug-7964-02/test.yaml
@@ -0,0 +1,23 @@
+requires:
+  min-version: 9
+
+args:
+- -k none
+- --set stream.midstream=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 2200085
+        proto: IPv6
+        ip_v: 6
+  - filter:
+      count: 1
+      match:
+        event_type: stats
+        stats.decoder.pkts: 1
+        stats.decoder.invalid: 1
+        stats.decoder.ipv6: 1
+        stats.decoder.event.ipv6.ipv6_in_ipv6_wrong_version: 1

diff --git a/tests/bug-7964-02/wrong-version-ipv6-ipv6.pcap b/tests/bug-7964-02/wrong-version-ipv6-ipv6.pcap
new file mode 100644 (file)
index 0000000..17953c1
Binary files /dev/null and b/tests/bug-7964-02/wrong-version-ipv6-ipv6.pcap differ