tests: update dns checks for v3 format in alerts

diff --git a/tests/dns-z-bit/test.yaml b/tests/dns-z-bit/test.yaml
index bb5c377dd65066178f88f761bd031f958b35fe14..5037e0497a59647f5b7bd0f086d0b07b9cdc6437 100644 (file)
--- a/tests/dns-z-bit/test.yaml
+++ b/tests/dns-z-bit/test.yaml
@@ -9,11 +9,21 @@ checks:
       dns.type: query
       dns.z: true
 - filter:
+    requires:
+      lt-version: 8
     count: 1
     match:
       event_type: alert
       alert.signature_id: 2240006
       dns.query[0].z: true
+- filter:
+    requires:
+      min-version: 8
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 2240006
+      dns.z: true
 - filter:
     count: 1
     match:

diff --git a/tests/dns/dns-invalid-opcode/test.yaml b/tests/dns/dns-invalid-opcode/test.yaml
index de64bae65baffe84dcc873a8c553a2283e0e14ba..fc5575f53163357a51df4f887b68ceeee1318a76 100644 (file)
--- a/tests/dns/dns-invalid-opcode/test.yaml
+++ b/tests/dns/dns-invalid-opcode/test.yaml
@@ -37,6 +37,44 @@ checks:
 # Generated checks below.
       
 - filter:
+    min-version: 8
+    count: 1
+    match:
+      alert.action: allowed
+      alert.category: Generic Protocol Command Decode
+      alert.gid: 1
+      alert.rev: 1
+      alert.severity: 3
+      alert.signature: SURICATA DNS Invalid opcode
+      alert.signature_id: 2240007
+      app_proto: dns
+      dest_ip: 2.2.2.2
+      dest_port: 53
+      direction: to_server
+      dns.id: 1
+      dns.opcode: 9
+      dns.queries[0].rrname: suricata.io
+      dns.queries[0].rrtype: A
+      dns.tx_id: 0
+      dns.type: request
+      event_type: alert
+      flow.bytes_toclient: 0
+      flow.bytes_toserver: 71
+      flow.dest_ip: 2.2.2.2
+      flow.dest_port: 53
+      flow.pkts_toclient: 0
+      flow.pkts_toserver: 1
+      flow.src_ip: 1.1.1.1
+      flow.src_port: 5333
+      pcap_cnt: 1
+      pkt_src: wire/pcap
+      proto: UDP
+      src_ip: 1.1.1.1
+      src_port: 5333
+      tx_id: 0
+
+- filter:
+    lt-version: 8
     count: 1
     match:
       alert.action: allowed
@@ -105,6 +143,48 @@ checks:
       src_ip: 1.1.1.1
       src_port: 5333
 - filter:
+    requires:
+      min-version: 8
+    count: 1
+    match:
+      alert.action: allowed
+      alert.category: Generic Protocol Command Decode
+      alert.gid: 1
+      alert.rev: 1
+      alert.severity: 3
+      alert.signature: SURICATA DNS Invalid opcode
+      alert.signature_id: 2240007
+      app_proto: dns
+      dest_ip: 1.1.1.1
+      dest_port: 5333
+      direction: to_client
+      dns.flags: c800
+      dns.id: 1
+      dns.opcode: 9
+      dns.qr: true
+      dns.rcode: NOERROR
+      dns.answers[0].rrname: suricata.io
+      dns.answers[0].rrtype: A
+      dns.type: response
+      dns.version: 3
+      event_type: alert
+      flow.bytes_toclient: 98
+      flow.bytes_toserver: 71
+      flow.dest_ip: 2.2.2.2
+      flow.dest_port: 53
+      flow.pkts_toclient: 1
+      flow.pkts_toserver: 1
+      flow.src_ip: 1.1.1.1
+      flow.src_port: 5333
+      pcap_cnt: 2
+      pkt_src: wire/pcap
+      proto: UDP
+      src_ip: 2.2.2.2
+      src_port: 53
+      tx_id: 1
+- filter:
+    requires:
+      lt-version: 8
     count: 1
     match:
       alert.action: allowed

diff --git a/tests/dns/dns-rcode/test.yaml b/tests/dns/dns-rcode/test.yaml
index 412f042e3c3fa2dfc6add61cc83394f905d7f439..c07a83661b4ca7b7b0ffd9ffd07f8c3922cc3caf 100644 (file)
--- a/tests/dns/dns-rcode/test.yaml
+++ b/tests/dns/dns-rcode/test.yaml
@@ -11,7 +11,7 @@ checks:
         direction: to_client
         app_proto: dns
         event_type: alert
-        dns.answer.rcode: NXDOMAIN
+        dns.rcode: NXDOMAIN
         src_ip: 8.8.4.4
         src_port: 53
   - filter:
@@ -23,7 +23,7 @@ checks:
         direction: to_client
         app_proto: dns
         event_type: alert
-        dns.answer.rcode: NXDOMAIN
+        dns.rcode: NXDOMAIN
         src_ip: 8.8.4.4
         src_port: 53
   - filter:

diff --git a/tests/dns/dns-rrtype/README.md b/tests/dns/dns-rrtype/README.md
index 24b8c574f3e9dde2dfea5985aefeb1556da32940..4bb5647fc4b34d2af7b7f53a0c0ffc1d0c8586fd 100644 (file)
--- a/tests/dns/dns-rrtype/README.md
+++ b/tests/dns/dns-rrtype/README.md
@@ -2,4 +2,4 @@ Test the `dns.rrtype` value.
 
 The PCAP here was reused from ./tests/dns/dns-eve-empty-format/input.pcap
 
-Redmine ticket: https://redmine.openinfosecfoundation.org/issues/6666
\ No newline at end of file
+Redmine ticket: https://redmine.openinfosecfoundation.org/issues/6666

diff --git a/tests/dns/dns-rrtype/test.yaml b/tests/dns/dns-rrtype/test.yaml
index ca8b156f0d11cb7b0b0bb0967bd49555d3445e2f..d706bfcd62ec51829828a22e12b779d435c8eb40 100644 (file)
--- a/tests/dns/dns-rrtype/test.yaml
+++ b/tests/dns/dns-rrtype/test.yaml
@@ -5,6 +5,22 @@ pcap: ../dns-eve-empty-format/input.pcap
 
 checks:
   - filter:
+      requires:
+        min-version: 8
+      count: 1
+      match:
+        alert.signature_id: 1
+        dest_ip: 10.16.1.1
+        dest_port: 53
+        direction: to_server
+        app_proto: dns
+        event_type: alert
+        dns.queries[0].rrtype: A
+        src_ip: 10.16.1.11
+        src_port: 57634
+  - filter:
+      requires:
+        lt-version: 8
       count: 1
       match:
         alert.signature_id: 1
@@ -25,7 +41,7 @@ checks:
         direction: to_client
         app_proto: dns
         event_type: alert
-        dns.answer.rrtype: A
+        dns.answers[0].rrtype: A
         src_ip: 10.16.1.1
         src_port: 53
   - filter:
@@ -37,6 +53,6 @@ checks:
         direction: to_client
         app_proto: dns
         event_type: alert
-        dns.answer.rrtype: A
+        dns.answers[0].rrtype: A
         src_ip: 10.16.1.1
         src_port: 53