From: Philippe Antoine <contact@catenacyber.fr>
Date: Tue, 27 Apr 2021 07:15:24 +0000 (+0200)
Subject: Adds test about ftp epsv response parsing
X-Git-Tag: suricata-6.0.4~84
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F491%2Fhead;p=thirdparty%2Fsuricata-verify.git

Adds test about ftp epsv response parsing
---

diff --git a/tests/ftp-epsv/README.md b/tests/ftp-epsv/README.md
new file mode 100644
index 000000000..df9a30638
--- /dev/null
+++ b/tests/ftp-epsv/README.md
@@ -0,0 +1,8 @@
+# Description
+
+Test FTP EPSV response parsing
+
+# PCAP
+
+The pcap comes from https://www.cloudshark.org/captures/abdc8742488f
+(first answer for `ftp epsv pcap`)
diff --git a/tests/ftp-epsv/input.pcap b/tests/ftp-epsv/input.pcap
new file mode 100644
index 000000000..bf22acc10
Binary files /dev/null and b/tests/ftp-epsv/input.pcap differ
diff --git a/tests/ftp-epsv/test.yaml b/tests/ftp-epsv/test.yaml
new file mode 100644
index 000000000..69848da45
--- /dev/null
+++ b/tests/ftp-epsv/test.yaml
@@ -0,0 +1,13 @@
+requires:
+  features:
+    - HAVE_LIBJANSSON
+  min-version: 6.0.0
+
+checks:
+
+  - filter:
+      count: 1
+      match:
+        event_type: ftp
+        ftp.command: "EPSV"
+        ftp.dynamic_port: 58612