]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a7db996)
tests/quic: add sni test
authorVictor Julien <victor@inliniac.net>
Sat, 15 Jan 2022 18:37:27 +0000 (19:37 +0100)
committerJuliana Fajardini <jufajardini@gmail.com>
Thu, 20 Jan 2022 15:47:35 +0000 (15:47 +0000)
tests/quic-alerts/test.rules patch | blob | blame | history
tests/quic-alerts/test.yaml patch | blob | blame | history

diff --git a/tests/quic-alerts/test.rules b/tests/quic-alerts/test.rules
index f089c67fd002460191bb02d4522a212e858e52ae..cf17c102096d53b4fec1ea6c1405290fbd72cd10 100644 (file)
--- a/tests/quic-alerts/test.rules
+++ b/tests/quic-alerts/test.rules
@@ -1,3 +1,4 @@
 alert quic any any -> any any (msg:"QUIC CYU HASH"; quic.cyu.hash; content:"7b3ceb1adc974ad360cfa634e8d0a730"; sid:1;)
 alert quic any any -> any any (msg:"QUIC CYU STRING"; quic.cyu.string; content:"46,PAD-SNI-VER-CCS-UAID-TCID-PDMD-SMHL-ICSL-NONP-MIDS-SCLS-CSCT-COPT-IRTT-CFCW-SFCW"; sid:2;)
 alert quic any any -> any any (msg:"QUIC VERSION"; quic.version; content:"Q046"; sid:3;)
+alert quic any any -> any any (msg:"QUIC SNI"; quic.sni; content:"clients1.google.com"; sid:4;)
diff --git a/tests/quic-alerts/test.yaml b/tests/quic-alerts/test.yaml
index a23c80466457a7529e4019b83959bb25c463e93b..b5c32246b7b6c76abf97e728034d77a8e3d737fd 100644 (file)
--- a/tests/quic-alerts/test.yaml
+++ b/tests/quic-alerts/test.yaml
@@ -37,3 +37,9 @@ checks:
       match:
         event_type: alert
         alert.signature: QUIC VERSION
+
+  - filter:
+      count: 2
+      match:
+        event_type: alert
+        alert.signature: QUIC SNI
Mirror of https://github.com/OISF/suricata-verify.git