Adds test for http async parsing

diff --git a/tests/http-async-cli/README.md b/tests/http-async-cli/README.md
new file mode 100644 (file)
index 0000000..6957869
--- /dev/null
+++ b/tests/http-async-cli/README.md
@@ -0,0 +1,9 @@
+# Description
+
+Test http async parsing
+
+This test case contains direction client to server
+
+# PCAP
+
+The pcap comes from test http-async with filter `tcp.dstport == 8080`

diff --git a/tests/http-async-cli/input.pcap b/tests/http-async-cli/input.pcap
new file mode 100644 (file)
index 0000000..bbc365c
Binary files /dev/null and b/tests/http-async-cli/input.pcap differ

diff --git a/tests/http-async-cli/test.yaml b/tests/http-async-cli/test.yaml
new file mode 100644 (file)
index 0000000..0090c6b
--- /dev/null
+++ b/tests/http-async-cli/test.yaml
@@ -0,0 +1,23 @@
+requires:
+  features:
+    - HAVE_LIBJANSSON
+  min-version: 5.0.0
+
+# disables checksum verification
+args:
+  - -k none
+  - --set stream.async-oneside=true
+
+checks:
+
+  # Check that there is one file event with content range.
+  - filter:
+      count: 1
+      match:
+        event_type: http
+        http.url: "/1"
+  - filter:
+      count: 1
+      match:
+        event_type: http
+        http.url: "/2"

diff --git a/tests/http-async-srv/README.md b/tests/http-async-srv/README.md
new file mode 100644 (file)
index 0000000..e06b28c
--- /dev/null
+++ b/tests/http-async-srv/README.md
@@ -0,0 +1,9 @@
+# Description
+
+Test http async parsing
+
+This test case contains direction server to client
+
+# PCAP
+
+The pcap comes from test http-async with filter `tcp.srcport == 8080`

diff --git a/tests/http-async-srv/input.pcap b/tests/http-async-srv/input.pcap
new file mode 100644 (file)
index 0000000..cf105f4
Binary files /dev/null and b/tests/http-async-srv/input.pcap differ

diff --git a/tests/http-async-srv/test.rules b/tests/http-async-srv/test.rules
new file mode 100644 (file)
index 0000000..604a118
--- /dev/null
+++ b/tests/http-async-srv/test.rules
@@ -0,0 +1,2 @@
+alert http any any -> any any (msg:"World"; file_data; content:"World"; sid:1;)
+alert http any any -> any any (msg:"People"; file_data; content:"People"; sid:2;)

diff --git a/tests/http-async-srv/test.yaml b/tests/http-async-srv/test.yaml
new file mode 100644 (file)
index 0000000..cd135ff
--- /dev/null
+++ b/tests/http-async-srv/test.yaml
@@ -0,0 +1,28 @@
+requires:
+  features:
+    - HAVE_LIBJANSSON
+  min-version: 5.0.0
+
+# disables checksum verification
+args:
+  - -k none
+  - --set stream.async-oneside=true
+
+checks:
+
+  # Check that there is one file event with content range.
+  - filter:
+      count: 2
+      match:
+        event_type: http
+        http.status: 200
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 2

diff --git a/tests/http-async/README.md b/tests/http-async/README.md
new file mode 100644 (file)
index 0000000..9c06878
--- /dev/null
+++ b/tests/http-async/README.md
@@ -0,0 +1,11 @@
+# Description
+
+Test http async parsing
+
+This test case contains both directions
+
+# PCAP
+
+The pcap comes from running 
+`python test/htptopcap.py async.txt`
+With the attached async.txt

diff --git a/tests/http-async/async.txt b/tests/http-async/async.txt
new file mode 100644 (file)
index 0000000..007beea
--- /dev/null
+++ b/tests/http-async/async.txt
@@ -0,0 +1,28 @@
+>>>\r
+GET /1 HTTP/1.0\r
+User-Agent: Mozilla\r
+\r
+\r
+<<<\r
+HTTP/1.0 200 OK\r
+Date: Mon, 31 Aug 2009 20:25:50 GMT\r
+Server: Apache\r
+Connection: close\r
+Content-Type: text/html\r
+Content-Length: 12\r
+\r
+Hello World!
+
+>>>\r
+GET /2 HTTP/1.0\r
+User-Agent: Mozilla\r
+\r
+\r
+<<<\r
+HTTP/1.0 200 OK\r
+Server: Apache\r
+Connection: close\r
+Content-Type: text/html\r
+Content-Length: 12\r
+\r
+Hello People
\ No newline at end of file

diff --git a/tests/http-async/input.pcap b/tests/http-async/input.pcap
new file mode 100644 (file)
index 0000000..ecc6da0
Binary files /dev/null and b/tests/http-async/input.pcap differ

diff --git a/tests/http-async/test.rules b/tests/http-async/test.rules
new file mode 100644 (file)
index 0000000..604a118
--- /dev/null
+++ b/tests/http-async/test.rules
@@ -0,0 +1,2 @@
+alert http any any -> any any (msg:"World"; file_data; content:"World"; sid:1;)
+alert http any any -> any any (msg:"People"; file_data; content:"People"; sid:2;)

diff --git a/tests/http-async/test.yaml b/tests/http-async/test.yaml
new file mode 100644 (file)
index 0000000..00b6602
--- /dev/null
+++ b/tests/http-async/test.yaml
@@ -0,0 +1,34 @@
+requires:
+  features:
+    - HAVE_LIBJANSSON
+  min-version: 5.0.0
+
+# disables checksum verification
+args:
+  - -k none
+
+checks:
+
+  # Check that there is one file event with content range.
+  - filter:
+      count: 1
+      match:
+        event_type: http
+        http.url: "/1"
+        http.status: 200
+  - filter:
+      count: 1
+      match:
+        event_type: http
+        http.url: "/2"
+        http.status: 200
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 2