From 54e283b3c34ba90a29af5e495bf90f60eb0a4184 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Fri, 26 Sep 2025 12:44:46 +0200 Subject: [PATCH] http2: adds test for http2.errorcode keyword Ticket: 7889 --- tests/http2-errorcode/README.md | 11 +++++++++++ tests/http2-errorcode/input.pcap | Bin 0 -> 4969 bytes tests/http2-errorcode/test.rules | 6 ++++++ tests/http2-errorcode/test.yaml | 25 +++++++++++++++++++++++++ 4 files changed, 42 insertions(+) create mode 100644 tests/http2-errorcode/README.md create mode 100644 tests/http2-errorcode/input.pcap create mode 100644 tests/http2-errorcode/test.rules create mode 100644 tests/http2-errorcode/test.yaml diff --git a/tests/http2-errorcode/README.md b/tests/http2-errorcode/README.md new file mode 100644 index 000000000..e5b39cb5f --- /dev/null +++ b/tests/http2-errorcode/README.md @@ -0,0 +1,11 @@ +# Description + +Test http2.errorcode keyword + +# Ticket + +https://redmine.openinfosecfoundation.org/issues/7889 + +# PCAP + +The pcap comes from https://github.com/grpc/grpc-node/issues/2744 diff --git a/tests/http2-errorcode/input.pcap b/tests/http2-errorcode/input.pcap new file mode 100644 index 0000000000000000000000000000000000000000..1bc3c77acdabbfdb3151e67d0a0cff46bd7cfbfc GIT binary patch literal 4969 zc-qyMYfMvj7{>pnTuwc`2so39+bqNp!_5}CNFA}r7?*-{NP^`e2v)>3&_H#YL=Y7w z8XaGjB^cxUvW#s6#4J;X*@u~F{6O4dj9bifWN|9Xl9^0dw%EOI&*`~zJ@7x@w!&#n z+MXZJ`##V6o^tE!>2o>~OQZ*X-m|)B_cY6r*Werv9UP^EIPupRPsjiv3?2)f)Qhv8 zFYED|DP1u5JQqG2yZH_i6BExcdhXRj2{j?Aj%WTv!A!ll;Bnl#R0!PdQ%V138t46$ z$PF_e0COX-HcHG~6`k9G>o}BPnSZ_xUKI2p4>`Y5a0G1*WXU;UO~|q7Suz6Gk4T)M zMfF&K^NvzaNzK-+r6qM%drm>N4Swv7{G1INtmSoe?)CO;yNN6B?hQC1-ZpV1-CbSY z_CRNMm&5v|*Xz&P>FeC@HE|{mg>BMnDsUVMd>pO7UOh!H8Z4g4=J?Olf^l_!TE09O z=O~yK&q71*nv?^;oro5UrrC$PkQ-)xOi{0(a{{=1azl}WJmgGKa0G3A$dYrynvioJ zI2CYxg~TacwEq_9f1%ia7xq7#0BerTX037Y#y$YB3xF;OT&4nciQr92FhnQd?FwX7 zdAm9SdmL69kA4K`Vn7y4=%Phy$1vN)+P#9$(pGs4KnI*VBw)UZ)*YhObfs2a+V6Vm zxgW>MBj(?>k^h} z64oi-A97(AIF>wt>z_!R-xlSdusJ2iU0Y#I=l5YwwhcGjwrYG91ryT8;2BeVTz{s? zFzCPQuexv~cC4-E+v2}pzOlAtuceBluR#a8( z-R0B;yu;N;^5V{~A;cI`!r&9j#l6+t;|pz+A35qx+&Sx+X@^e!BHP4hjXN{~G@X=3 z4ySWY8M*&=C!calhn&ySOuLvRyE02*FoQs1pkDSzC!5(0u;!s`+2g`1Kn`orWU)`p z;*|!90z($F9iqi{rNxQ@*J>-!uU6pO2I@Nl&#?eUd1olVj4|Q$a@s( z1Lyaq{G7LKKp32zAKWYYs*?F5clmdR$(Vb6ldpbNXH`Q%kdPJ9q?kElx!33G&a{dH zbIm}z#Akfap&qp*ep8cMsY$?j6wR&s6wMXf>Jil-Cbee}eoCW(o2MJ6tpi9@Z@B zzz;_3{%VAWZtpY#<=)5yf;WZy?vEmnG1J}yQu6>l7;z8iKsa*j=A{KHI5L4@j$EL) zayQcpd_4qCj4rU)Or7pQWJRPKJJ^AoN^P7nHBPOW_Fq6D88{_{%49@sSff^fiO~hN znW<;%Ac)M6M^~7MYUKFo4J-pqht(4HXM#pOiP80NiPR&R0jz$tk<0^5CS0E>an`Bm N=|`6P1>n3$$UmP2nL7Xg literal 0 Hc-jL100001 diff --git a/tests/http2-errorcode/test.rules b/tests/http2-errorcode/test.rules new file mode 100644 index 000000000..d3f6de011 --- /dev/null +++ b/tests/http2-errorcode/test.rules @@ -0,0 +1,6 @@ +alert http2 any any -> any any (http2.errorcode:INTERNAL_ERROR; sid:1;) +alert http2 any any -> any any (http2.errorcode:!NO_ERROR; sid:2;) +# no match +alert http2 any any -> any any (http2.errorcode:HTTP_1_1_REQUIRED; sid:3;) +# new format +alert http2 any any -> any any (http2.errorcode:HTTP11_REQUIRED; sid:4;) diff --git a/tests/http2-errorcode/test.yaml b/tests/http2-errorcode/test.yaml new file mode 100644 index 000000000..0d9683109 --- /dev/null +++ b/tests/http2-errorcode/test.yaml @@ -0,0 +1,25 @@ +requires: + min-version: 9 + +# disables checksum verification +args: + - -k none + +checks: + - filter: + count: 2 + match: + event_type: alert + alert.signature_id: 1 + http.http2.request.error_code: INTERNALERROR + - filter: + count: 2 + match: + event_type: alert + alert.signature_id: 2 + http.http2.request.error_code: INTERNALERROR + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 3 -- 2.47.3