From: Juliana Fajardini <jufajardini@oisf.net>
Date: Tue, 30 Sep 2025 21:21:59 +0000 (-0300)
Subject: tests: add tests for bug 7964
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F2671%2Fhead;p=thirdparty%2Fsuricata-verify.git

tests: add tests for bug 7964

Related to
Bug #7964
---

diff --git a/tests/bug-7964-01/README.md b/tests/bug-7964-01/README.md
new file mode 100644
index 000000000..5aa3adfd9
--- /dev/null
+++ b/tests/bug-7964-01/README.md
@@ -0,0 +1,12 @@
+Test that the engine correctly issues a wrong ip version event and flags packet
+as invalid when decoding an IPv4-in-IPv6 packet with wrong/ invalid IP version.
+
+PCAP
+----
+
+Created by using bug-4571-06 pcap and replacing IPv4 version with invalid value.
+
+Ticket
+------
+
+https://redmine.openinfosecfoundation.org/issues/7964
diff --git a/tests/bug-7964-01/editable-ipv4-in-ipv6.txt b/tests/bug-7964-01/editable-ipv4-in-ipv6.txt
new file mode 100644
index 000000000..62d4876fa
--- /dev/null
+++ b/tests/bug-7964-01/editable-ipv4-in-ipv6.txt
@@ -0,0 +1,7 @@
+0000  0a 00 27 00 00 01 0a 00 27 00 00 00 86 dd 60 00   ..'.....'.....`.
+0010  00 00 00 34 04 7f 20 01 0d b8 85 a3 00 00 00 00   ...4.. .........
+0020  8a 2e 03 70 73 34 20 01 0d b8 85 a3 00 00 00 00   ...ps4 .........
+0030  8a 2e 03 70 73 35 56 80 00 34 04 d2 00 00 7f 06   ...ps5E..4......
+0040  22 6e 0a 01 00 01 0a 01 00 02 00 50 00 50 00 01   "n.........P.P..
+0050  f7 fa 00 00 00 00 50 00 04 00 5e ec 00 00 68 65   ......P...^...he
+0060  6c 6c 6f 2c 20 77 6f 72 6c 64                     llo, world
diff --git a/tests/bug-7964-01/test.rules b/tests/bug-7964-01/test.rules
new file mode 100644
index 000000000..3e2bdbcc9
--- /dev/null
+++ b/tests/bug-7964-01/test.rules
@@ -0,0 +1 @@
+alert pkthdr any any -> any any (msg:"SURICATA IPv4-in-IPv6 invalid protocol"; decode-event:ipv6.ipv4_in_ipv6_wrong_version; classtype:protocol-command-decode; sid:2200083; rev:2;)
diff --git a/tests/bug-7964-01/test.yaml b/tests/bug-7964-01/test.yaml
new file mode 100644
index 000000000..378eef4d0
--- /dev/null
+++ b/tests/bug-7964-01/test.yaml
@@ -0,0 +1,23 @@
+requires:
+  min-version: 9
+
+args:
+- -k none
+- --set stream.midstream=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 2200083
+        proto: IP-in-IP
+        ip_v: 6
+  - filter:
+      count: 1
+      match:
+        event_type: stats
+        stats.decoder.pkts: 1
+        stats.decoder.invalid: 1
+        stats.decoder.ipv6: 1
+        stats.decoder.event.ipv6.ipv4_in_ipv6_wrong_version: 1
diff --git a/tests/bug-7964-01/wrong-version-ipv4-ipv6.pcap b/tests/bug-7964-01/wrong-version-ipv4-ipv6.pcap
new file mode 100644
index 000000000..03cc7555e
Binary files /dev/null and b/tests/bug-7964-01/wrong-version-ipv4-ipv6.pcap differ
diff --git a/tests/bug-7964-02/README.md b/tests/bug-7964-02/README.md
new file mode 100644
index 000000000..70e6b37e9
--- /dev/null
+++ b/tests/bug-7964-02/README.md
@@ -0,0 +1,12 @@
+Test that the engine correctly issues a wrong ip version event and flags packet
+as invalid when decoding an IPv6-in-IPv6 packet with wrong/ invalid IP version.
+
+PCAP
+----
+
+Created by using bug-4571-03 pcap and replacing IPv6 version with invalid value.
+
+Ticket
+------
+
+https://redmine.openinfosecfoundation.org/issues/7964
diff --git a/tests/bug-7964-02/editable-ip6-in-ip6.txt b/tests/bug-7964-02/editable-ip6-in-ip6.txt
new file mode 100644
index 000000000..6eecb2d1d
--- /dev/null
+++ b/tests/bug-7964-02/editable-ip6-in-ip6.txt
@@ -0,0 +1,8 @@
+0000  0a 00 27 00 00 01 0a 00 27 00 00 00 86 dd 60 00   ..'.....'.....`.
+0010  00 00 00 48 29 7f 20 01 0d b8 85 a3 00 00 00 00   ...H). .........
+0020  8a 2e 03 70 73 34 20 01 0d b8 85 a3 00 00 00 00   ...ps4 .........
+0030  8a 2e 03 70 73 35 45 00 00 00 00 20 06 7f 20 01   ...ps5`.... .. .
+0040  0d b8 85 a3 00 00 00 00 8a 2e 03 70 83 34 20 01   ...........p.4 .
+0050  0d b8 85 a3 00 00 00 00 8a 2e 03 70 83 35 00 50   ...........p.5.P
+0060  00 50 00 01 f7 fa 00 00 00 00 50 00 04 00 ea 90   .P........P.....
+0070  00 00 68 65 6c 6c 6f 2c 20 77 6f 72 6c 64         ..hello, world
diff --git a/tests/bug-7964-02/test.rules b/tests/bug-7964-02/test.rules
new file mode 100644
index 000000000..592e8d00b
--- /dev/null
+++ b/tests/bug-7964-02/test.rules
@@ -0,0 +1 @@
+alert pkthdr any any -> any any (msg:"SURICATA IPv6-in-IPv6 invalid protocol"; decode-event:ipv6.ipv6_in_ipv6_wrong_version; classtype:protocol-command-decode; sid:2200085; rev:2;)
diff --git a/tests/bug-7964-02/test.yaml b/tests/bug-7964-02/test.yaml
new file mode 100644
index 000000000..4fe2c4c83
--- /dev/null
+++ b/tests/bug-7964-02/test.yaml
@@ -0,0 +1,23 @@
+requires:
+  min-version: 9
+
+args:
+- -k none
+- --set stream.midstream=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 2200085
+        proto: IPv6
+        ip_v: 6
+  - filter:
+      count: 1
+      match:
+        event_type: stats
+        stats.decoder.pkts: 1
+        stats.decoder.invalid: 1
+        stats.decoder.ipv6: 1
+        stats.decoder.event.ipv6.ipv6_in_ipv6_wrong_version: 1
diff --git a/tests/bug-7964-02/wrong-version-ipv6-ipv6.pcap b/tests/bug-7964-02/wrong-version-ipv6-ipv6.pcap
new file mode 100644
index 000000000..17953c177
Binary files /dev/null and b/tests/bug-7964-02/wrong-version-ipv6-ipv6.pcap differ