From 7b4b0805a3729ec24eccf0b347a59f0d3e3494ea Mon Sep 17 00:00:00 2001
From: Jason Ish <ish@unx.ca>
Date: Mon, 22 Apr 2019 11:35:00 -0600
Subject: [PATCH] tests: dns midstream reversed tests for tcp and udp

---
 tests/dns-reversed-tcp-1/dns.pcap      | Bin 0 -> 671 bytes
 tests/dns-reversed-tcp-1/suricata.yaml |  10 ++++++++++
 tests/dns-reversed-tcp-1/test.yaml     |  18 ++++++++++++++++++
 tests/dns-reversed-udp-1/input.pcap    | Bin 0 -> 182 bytes
 tests/dns-reversed-udp-1/suricata.yaml |  10 ++++++++++
 tests/dns-reversed-udp-1/test.yaml     |  24 ++++++++++++++++++++++++
 6 files changed, 62 insertions(+)
 create mode 100644 tests/dns-reversed-tcp-1/dns.pcap
 create mode 100644 tests/dns-reversed-tcp-1/suricata.yaml
 create mode 100644 tests/dns-reversed-tcp-1/test.yaml
 create mode 100644 tests/dns-reversed-udp-1/input.pcap
 create mode 100644 tests/dns-reversed-udp-1/suricata.yaml
 create mode 100644 tests/dns-reversed-udp-1/test.yaml

diff --git a/tests/dns-reversed-tcp-1/dns.pcap b/tests/dns-reversed-tcp-1/dns.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..af7d25b6aeacc0fc53c7624f1cba02cf1646b499
GIT binary patch
literal 671
zc-p&ic+)~A1{MYcU}0bcl2(yj5v__W4EjJ02;Vr}^>(2fgQz$!+jkBIR|ZB!y&wh#
zOE&9x4h|L;E&)bv2Ggm=zB638%j&bu8YCF*h5IuwFfwv*i5>S^CF+{M$nZM8qOk#J
zI1kWxM&|PJa<=sR{Pdhu=H&cbpa=uw0Ui(ul;vPxxpDN<7c~9@H2ym@{v|a2Gc^8v
zH2zmK{&O_`Z#4c}H2zIA{tX5OO(tj{f`V@fF!-E+Y!HS793&7y!N*`?%HzP`!1it;
zDCj^zIMtZJ6clv8ApFrF!0@)#91?uMpyLGvA;`p!%6LuW1)DeltBHa@6U{J9JiY^A
zB6<`vnCO28MX}X#v?%@oG}Rnv;=Niqcobg%nF=!T%MQG5<O930AI**CKvRE$ea!-Q
IqXfuQ03w~GI{*Lx

literal 0
Hc-jL100001

diff --git a/tests/dns-reversed-tcp-1/suricata.yaml b/tests/dns-reversed-tcp-1/suricata.yaml
new file mode 100644
index 000000000..703d81e44
--- /dev/null
+++ b/tests/dns-reversed-tcp-1/suricata.yaml
@@ -0,0 +1,10 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      types:
+        - dns:
+            enabled: true
+            version: 2
diff --git a/tests/dns-reversed-tcp-1/test.yaml b/tests/dns-reversed-tcp-1/test.yaml
new file mode 100644
index 000000000..a63d7af33
--- /dev/null
+++ b/tests/dns-reversed-tcp-1/test.yaml
@@ -0,0 +1,18 @@
+requires:
+  min-version: 5.0.0
+
+args:
+  - --set stream.midstream=true
+
+checks:
+  - filter:
+      count: 0
+      match:
+        event_type: dns
+        dns.type: query
+
+  - filter:
+      count: 1
+      match:
+        event_type: dns
+        dns.type: answer
diff --git a/tests/dns-reversed-udp-1/input.pcap b/tests/dns-reversed-udp-1/input.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..95a2b0ccc4768298a644fb6d827da39c3cd74578
GIT binary patch
literal 182
zc-p&ic+)~A1{MYcU}0bcl6<N^BX;X?GxP!3AbjI=*V~0|45H$^Y~MK;Tp1V|QvDnl
z90d1$<`Q6J1Y&Lm)5X3FIlVo-MvV)AMlgfSVlFQ)=P52N%1llyNz~0uDQ3<uN@oDd
iG9KVzU<FykdxJp;Q^f%zkQ$%?Ul>>pF!)KJ@g)J!M=9$7

literal 0
Hc-jL100001

diff --git a/tests/dns-reversed-udp-1/suricata.yaml b/tests/dns-reversed-udp-1/suricata.yaml
new file mode 100644
index 000000000..c7c9cd5dd
--- /dev/null
+++ b/tests/dns-reversed-udp-1/suricata.yaml
@@ -0,0 +1,10 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: true
+      types:
+        - dns:
+            enabled: true
+            version: 2
diff --git a/tests/dns-reversed-udp-1/test.yaml b/tests/dns-reversed-udp-1/test.yaml
new file mode 100644
index 000000000..1e8b827a5
--- /dev/null
+++ b/tests/dns-reversed-udp-1/test.yaml
@@ -0,0 +1,24 @@
+requires:
+  min-version: 5.0.0
+
+args:
+  - --set stream.midstream=true
+
+checks:
+
+  - filter:
+      comment: request
+      count: 0
+      match:
+        event_type: dns
+        dns.type: query
+
+  - filter:
+      comment: response
+      count: 1
+      match:
+        event_type: dns
+        dns.type: answer
+        dns.answers[0].rrtype: CNAME
+        dns.answers[1].rrtype: A
+        dns.answers[2].rrtype: A
-- 
2.47.2