From: Victor Julien <victor@inliniac.net>
Date: Tue, 2 Sep 2025 07:50:01 +0000 (+0200)
Subject: tests: add test for issue 4702
X-Git-Tag: suricata-7.0.12~8
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9a15b466616bc61a40eece935db0c21424f94bcc;p=thirdparty%2Fsuricata-verify.git

tests: add test for issue 4702
---

diff --git a/tests/bug-4702-01/input.pcap b/tests/bug-4702-01/input.pcap
new file mode 100644
index 000000000..5f4a9bedb
Binary files /dev/null and b/tests/bug-4702-01/input.pcap differ
diff --git a/tests/bug-4702-01/test.yaml b/tests/bug-4702-01/test.yaml
new file mode 100644
index 000000000..ca7c5108d
--- /dev/null
+++ b/tests/bug-4702-01/test.yaml
@@ -0,0 +1,14 @@
+requires:
+  min-version: 8
+
+checks:
+- filter:
+    count: 1
+    match:
+      event_type: http
+      http.url: /
+- filter:
+    count: 1
+    match:
+      event_type: flow
+      tcp.state: closed
diff --git a/tests/bug-4702-01/writepcap.py b/tests/bug-4702-01/writepcap.py
new file mode 100755
index 000000000..270441b66
--- /dev/null
+++ b/tests/bug-4702-01/writepcap.py
@@ -0,0 +1,14 @@
+#!/usr/bin/env python
+from scapy.all import *
+
+pkts = []
+
+pkts += Ether(dst='05:04:03:02:01:00', src='00:01:02:03:04:05')/Dot1Q(vlan=6)/IP(src='1.1.1.1', dst='2.2.2.2')/TCP(dport=8080,sport=12345,flags='S',seq=3333,options=[('WScale', 5)])
+pkts += Ether(src='05:04:03:02:01:00', dst='00:01:02:03:04:05')/Dot1Q(vlan=6)/IP(dst='1.1.1.1', src='2.2.2.2')/TCP(sport=8080,dport=12345,flags='SA',seq=4444,ack=3334,options=[('Timestamp', (1000,9000))])
+pkts += Ether(dst='05:04:03:02:01:00', src='00:01:02:03:04:05')/Dot1Q(vlan=6)/IP(src='1.1.1.1', dst='2.2.2.2')/TCP(dport=8080,sport=12345,flags='A',seq=3334,ack=4445,options=[('Timestamp', (9000,1001))])
+pkts += Ether(dst='05:04:03:02:01:00', src='00:01:02:03:04:05')/Dot1Q(vlan=6)/IP(src='1.1.1.1', dst='2.2.2.2')/TCP(dport=8080,sport=12345,flags='A',seq=3334,ack=4445,options=[('Timestamp', (9000,1001))])/"GET /"
+pkts += Ether(src='05:04:03:02:01:00', dst='00:01:02:03:04:05')/Dot1Q(vlan=6)/IP(dst='1.1.1.1', src='2.2.2.2')/TCP(sport=8080,dport=12345,flags='A',seq=4445,ack=3339,options=[('Timestamp', (1001,9000))])/"<html>hi</html>"
+pkts += Ether(dst='05:04:03:02:01:00', src='00:01:02:03:04:05')/Dot1Q(vlan=6)/IP(src='1.1.1.1', dst='2.2.2.2')/TCP(dport=8080,sport=12345,flags='R',seq=3339)
+
+wrpcap('input.pcap', pkts)
+