]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8a31c19)
dns-incomplete: dns v2 and v3 tests
authorJason Ish <jason.ish@oisf.net>
Fri, 5 Jul 2024 00:00:32 +0000 (18:00 -0600)
committerVictor Julien <victor@inliniac.net>
Tue, 9 Jul 2024 10:15:24 +0000 (12:15 +0200)
tests/dns/dns-incomplete/README.md [moved from tests/dns-incomplete/README.md with 100% similarity] patch | blob | blame | history
tests/dns/dns-incomplete/input.pcap [moved from tests/dns-incomplete/input.pcap with 100% similarity] patch | blob | blame | history
tests/dns/dns-incomplete/input.txt [moved from tests/dns-incomplete/input.txt with 100% similarity] patch | blob | blame | history
tests/dns/dns-incomplete/test.rules [moved from tests/dns-incomplete/test.rules with 100% similarity] patch | blob | blame | history
tests/dns/dns-incomplete/test.yaml [new file with mode: 0644] patch | blob
tests/dns/dns-incomplete/txt2pcap.py [moved from tests/dns-incomplete/txt2pcap.py with 100% similarity] patch | blob | blame | history
tests/dns/v2/dns-incomplete/README.md [new file with mode: 0644] patch | blob
tests/dns/v2/dns-incomplete/test.rules [new file with mode: 0644] patch | blob
tests/dns/v2/dns-incomplete/test.yaml [moved from tests/dns-incomplete/test.yaml with 82% similarity] patch | blob | blame | history

diff --git a/tests/dns/dns-incomplete/test.yaml b/tests/dns/dns-incomplete/test.yaml
new file mode 100644 (file)
index 0000000..2c3fb67
--- /dev/null
+++ b/tests/dns/dns-incomplete/test.yaml
@@ -0,0 +1,19 @@
+requires:
+  min-version: 8
+
+# disables checksum verification
+args:
+- -k none --set app-layer.protocols.dns.detection-ports.dp=5353
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: dns
+        dns.queries[0].rrname: google.com
+        dns.type: request
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
diff --git a/tests/dns/v2/dns-incomplete/README.md b/tests/dns/v2/dns-incomplete/README.md
new file mode 100644 (file)
index 0000000..babffda
--- /dev/null
+++ b/tests/dns/v2/dns-incomplete/README.md
@@ -0,0 +1,7 @@
+# Description
+
+Test DNS incomplete parsing
+
+# PCAP
+
+The pcap comes from running script txt2pcap.py input.txt
diff --git a/tests/dns/v2/dns-incomplete/test.rules b/tests/dns/v2/dns-incomplete/test.rules
new file mode 100644 (file)
index 0000000..1473e80
--- /dev/null
+++ b/tests/dns/v2/dns-incomplete/test.rules
@@ -0,0 +1 @@
+alert dns any any -> any any (msg:"Test dns_query option"; dns_query; content:"google.com"; nocase; sid:1;)
diff --git a/tests/dns-incomplete/test.yaml b/tests/dns/v2/dns-incomplete/test.yaml
similarity index 82%
rename from tests/dns-incomplete/test.yaml
rename to tests/dns/v2/dns-incomplete/test.yaml
index 85a7438070379464c24b0c00f94357ef4add9c47..357d505a15b97d0a6006b543caf1272977014d1e 100644 (file)
--- a/tests/dns-incomplete/test.yaml
+++ b/tests/dns/v2/dns-incomplete/test.yaml
@@ -1,10 +1,15 @@
 requires:
   min-version: 6.0
 
+pcap: ../../dns-incomplete/input.pcap
+
 # disables checksum verification
 args:
 - -k none --set app-layer.protocols.dns.detection-ports.dp=5353
 
+env:
+  SURICATA_EVE_DNS_VERSION: 2
+
 checks:
   - filter:
       count: 1
Mirror of https://github.com/OISF/suricata-verify.git