tests: add rule to check for tcp_mss

Related to
Issue: #6355

diff --git a/tests/rules/tcp-mss/test.rules b/tests/rules/tcp-mss/test.rules
new file mode 100644 (file)
index 0000000..075f6c4
--- /dev/null
+++ b/tests/rules/tcp-mss/test.rules
@@ -0,0 +1,10 @@
+alert tcp any any -> any any (msg:"Testing mss"; tcp.mss:50; sid:1;)
+alert tcp any any -> any any (msg:"Testing mss"; tcp.mss:>123; sid:2;)
+alert tcp any any -> any any (msg:"Testing mss"; tcp.mss:<536; sid:3;)
+alert tcp any any -> any any (msg:"Testing mss"; tcp.mss:123-456; sid:4;)
+alert tcp any any -> any any (msg:"Testing mss"; tcp.mss:>=439; sid:5;)
+alert tcp any any -> any any (msg:"Testing mss"; tcp.mss:<=70; sid:6;)
+alert tcp any any -> any any (msg:"Testing mss"; tcp.mss:!1000; sid:7;)
+alert tcp any any -> any any (msg:"Testing mss"; tcp.mss:!=953; sid:8;)
+alert tcp any any -> any any (msg:"Testing mss"; tcp.mss:!123-456; sid:9;)
+alert tcp any any -> any any (msg:"Testing mss"; tcp.mss:&0xF=4; sid:10;)

diff --git a/tests/rules/tcp-mss/test.yaml b/tests/rules/tcp-mss/test.yaml
new file mode 100644 (file)
index 0000000..b1d1b0b
--- /dev/null
+++ b/tests/rules/tcp-mss/test.yaml
@@ -0,0 +1,81 @@
+requires:
+    min-version: 8
+    pcap: false
+
+args:
+    - --engine-analysis
+
+checks:
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 1
+      lists.packet.matches[0].name: "tcp.mss"
+      lists.packet.matches[0].tcp_mss.equal: 50
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 2
+      lists.packet.matches[0].name: "tcp.mss"
+      lists.packet.matches[0].tcp_mss.gt: 123
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 3
+      lists.packet.matches[0].name: "tcp.mss"
+      lists.packet.matches[0].tcp_mss.lt: 536
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 4
+      lists.packet.matches[0].name: "tcp.mss"
+      lists.packet.matches[0].tcp_mss.range.min: 123
+      lists.packet.matches[0].tcp_mss.range.max: 456
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 5
+      lists.packet.matches[0].name: "tcp.mss"
+      lists.packet.matches[0].tcp_mss.gte: 439
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 6
+      lists.packet.matches[0].name: "tcp.mss"
+      lists.packet.matches[0].tcp_mss.lte: 70
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 7
+      lists.packet.matches[0].name: "tcp.mss"
+      lists.packet.matches[0].tcp_mss.diff: 1000
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 8
+      lists.packet.matches[0].name: "tcp.mss"
+      lists.packet.matches[0].tcp_mss.diff: 953
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 9
+      lists.packet.matches[0].name: "tcp.mss"
+      lists.packet.matches[0].tcp_mss.negated_range.min: 123
+      lists.packet.matches[0].tcp_mss.negated_range.max: 456
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 10
+      lists.packet.matches[0].name: "tcp.mss"
+      lists.packet.matches[0].tcp_mss.bitmask.mask: 15
+      lists.packet.matches[0].tcp_mss.bitmask.value: 4