dns-reversed-udp-1: test that flow is reversed

author Jason Ish <jason.ish@oisf.net>

Wed, 25 Sep 2024 16:37:54 +0000 (10:37 -0600)

committer Victor Julien <victor@inliniac.net>

Wed, 16 Oct 2024 09:22:58 +0000 (11:22 +0200)
author Jason Ish <jason.ish@oisf.net>
Wed, 25 Sep 2024 16:37:54 +0000 (10:37 -0600)
committer Victor Julien <victor@inliniac.net>
Wed, 16 Oct 2024 09:22:58 +0000 (11:22 +0200)
diff --git a/tests/dns-reversed-udp-1/suricata.yaml b/tests/dns-reversed-udp-1/suricata.yaml

index c7c9cd5ddf64a7a6df3e9169a0326bc3ce455b17..06ffdcab39cba855d474ac4cb5e71be0731ea3f7 100644 (file)
--- a/tests/dns-reversed-udp-1/suricata.yaml
+++ b/tests/dns-reversed-udp-1/suricata.yaml
@@ -8,3 +8,4 @@ outputs:
          - dns:
              enabled: true
              version: 2
+        - flow:
diff --git a/tests/dns-reversed-udp-1/test.yaml b/tests/dns-reversed-udp-1/test.yaml

index 70875fa51e110a88d60fafad388cb226893fff28..02c107b34967a4f4c9b3a1b71dee13e6abd57538 100644 (file)
--- a/tests/dns-reversed-udp-1/test.yaml
+++ b/tests/dns-reversed-udp-1/test.yaml
@@ -30,3 +30,12 @@ checks:
          dns.type: answer
          src_ip: "10.16.1.11"
          dest_ip: "10.16.1.1"
+
+  # This pcap has one packet, 10.16.1.1 -> 10.16.1.11, but Suricata
+  # should reverse that as it detect this as a DNS response.
+  - filter:
+      count: 1
+      match:
+        event_type: flow
+        src_ip: "10.16.1.11"
+        dest_ip: "10.16.1.1"
author	Jason Ish <jason.ish@oisf.net>
	Wed, 25 Sep 2024 16:37:54 +0000 (10:37 -0600)
committer	Victor Julien <victor@inliniac.net>
	Wed, 16 Oct 2024 09:22:58 +0000 (11:22 +0200)
tests/dns-reversed-udp-1/suricata.yaml		patch \| blob \| blame \| history
tests/dns-reversed-udp-1/test.yaml		patch \| blob \| blame \| history