]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7fd86e8)
dns: adds test for dns over http2
authorPhilippe Antoine <pantoine@oisf.net>
Tue, 5 Dec 2023 13:10:42 +0000 (14:10 +0100)
committerPhilippe Antoine <pantoine@oisf.net>
Fri, 19 Jul 2024 14:36:18 +0000 (16:36 +0200)
Ticket: 5773

tests/dns-over-http2/README.md [new file with mode: 0644] patch | blob
tests/dns-over-http2/dns_over_https.pcap [new file with mode: 0644] patch | blob
tests/dns-over-http2/test.rules [new file with mode: 0644] patch | blob
tests/dns-over-http2/test.yaml [new file with mode: 0644] patch | blob

diff --git a/tests/dns-over-http2/README.md b/tests/dns-over-http2/README.md
new file mode 100644 (file)
index 0000000..f9fb01d
--- /dev/null
+++ b/tests/dns-over-http2/README.md
@@ -0,0 +1,9 @@
+# Description
+
+Test DNS over HTTP2
+https://redmine.openinfosecfoundation.org/issues/5773
+
+# PCAP
+
+The pcap comes from https://redmine.openinfosecfoundation.org/issues/5773
+
diff --git a/tests/dns-over-http2/dns_over_https.pcap b/tests/dns-over-http2/dns_over_https.pcap
new file mode 100644 (file)
index 0000000..afc2809
Binary files /dev/null and b/tests/dns-over-http2/dns_over_https.pcap differ
diff --git a/tests/dns-over-http2/test.rules b/tests/dns-over-http2/test.rules
new file mode 100644 (file)
index 0000000..450a62a
--- /dev/null
+++ b/tests/dns-over-http2/test.rules
@@ -0,0 +1,7 @@
+alert http2 any any -> any any (http.uri; content: "/dns"; sid:10; )
+alert doh2 any any -> any any (http.uri; content: "/dns"; sid:11; )
+alert dns any any -> any any (dns.query; content: "www.gstatic.com"; sid:20; )
+alert doh2 any any -> any any (dns.query; content: "www.gstatic.com"; sid:21; )
+alert http2 any any -> any any (http2.frametype:6; sid:30; )
+alert doh2 any any -> any any (http2.frametype:6; sid:31; )
+alert doh2 any any -> any any (dns.opcode: 0; http.host; content: "dns.google"; sid:40; )
diff --git a/tests/dns-over-http2/test.yaml b/tests/dns-over-http2/test.yaml
new file mode 100644 (file)
index 0000000..433e26d
--- /dev/null
+++ b/tests/dns-over-http2/test.yaml
@@ -0,0 +1,61 @@
+requires:
+  min-version: 8.0.0
+
+# disables checksum verification
+args:
+  - -k none
+
+checks:
+  - filter:
+      count: 4
+      match:
+        event_type: alert
+        alert.signature_id: 10
+  - filter:
+      count: 4
+      match:
+        event_type: alert
+        alert.signature_id: 11
+  - filter:
+      count: 2
+      match:
+        event_type: alert
+        alert.signature_id: 20
+  - filter:
+      count: 2
+      match:
+        event_type: alert
+        alert.signature_id: 21
+  - filter:
+      count: 4
+      match:
+        event_type: alert
+        alert.signature_id: 30
+  - filter:
+      count: 4
+      match:
+        event_type: alert
+        alert.signature_id: 31
+  - filter:
+      count: 2
+      match:
+        event_type: alert
+        alert.signature_id: 40
+        http.version: "2"
+        dns.queries[0].rrname : "nav-edge.smartscreen.microsoft.com"
+  - filter:
+      count: 2
+      match:
+        event_type: dns
+        dns.queries[0].rrname: www.gstatic.com
+  - filter:
+      count: 2
+      match:
+        event_type: dns
+        dns.queries[0].rrname: nav-edge.smartscreen.microsoft.com
+  - filter:
+      count: 1
+      match:
+        event_type: flow
+        app_proto: doh2
+        app_proto_orig: http2
Mirror of https://github.com/OISF/suricata-verify.git