From: Jason Ish Date: Mon, 22 Apr 2019 17:35:00 +0000 (-0600) Subject: tests: dns midstream reversed tests for tcp and udp X-Git-Tag: suricata-6.0.4~391 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F125%2Fhead;p=thirdparty%2Fsuricata-verify.git tests: dns midstream reversed tests for tcp and udp --- diff --git a/tests/dns-reversed-tcp-1/dns.pcap b/tests/dns-reversed-tcp-1/dns.pcap new file mode 100644 index 000000000..af7d25b6a Binary files /dev/null and b/tests/dns-reversed-tcp-1/dns.pcap differ diff --git a/tests/dns-reversed-tcp-1/suricata.yaml b/tests/dns-reversed-tcp-1/suricata.yaml new file mode 100644 index 000000000..703d81e44 --- /dev/null +++ b/tests/dns-reversed-tcp-1/suricata.yaml @@ -0,0 +1,10 @@ +%YAML 1.1 +--- + +outputs: + - eve-log: + enabled: yes + types: + - dns: + enabled: true + version: 2 diff --git a/tests/dns-reversed-tcp-1/test.yaml b/tests/dns-reversed-tcp-1/test.yaml new file mode 100644 index 000000000..a63d7af33 --- /dev/null +++ b/tests/dns-reversed-tcp-1/test.yaml @@ -0,0 +1,18 @@ +requires: + min-version: 5.0.0 + +args: + - --set stream.midstream=true + +checks: + - filter: + count: 0 + match: + event_type: dns + dns.type: query + + - filter: + count: 1 + match: + event_type: dns + dns.type: answer diff --git a/tests/dns-reversed-udp-1/input.pcap b/tests/dns-reversed-udp-1/input.pcap new file mode 100644 index 000000000..95a2b0ccc Binary files /dev/null and b/tests/dns-reversed-udp-1/input.pcap differ diff --git a/tests/dns-reversed-udp-1/suricata.yaml b/tests/dns-reversed-udp-1/suricata.yaml new file mode 100644 index 000000000..c7c9cd5dd --- /dev/null +++ b/tests/dns-reversed-udp-1/suricata.yaml @@ -0,0 +1,10 @@ +%YAML 1.1 +--- + +outputs: + - eve-log: + enabled: true + types: + - dns: + enabled: true + version: 2 diff --git a/tests/dns-reversed-udp-1/test.yaml b/tests/dns-reversed-udp-1/test.yaml new file mode 100644 index 000000000..1e8b827a5 --- /dev/null +++ b/tests/dns-reversed-udp-1/test.yaml @@ -0,0 +1,24 @@ +requires: + min-version: 5.0.0 + +args: + - --set stream.midstream=true + +checks: + + - filter: + comment: request + count: 0 + match: + event_type: dns + dns.type: query + + - filter: + comment: response + count: 1 + match: + event_type: dns + dns.type: answer + dns.answers[0].rrtype: CNAME + dns.answers[1].rrtype: A + dns.answers[2].rrtype: A