]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 57d26c7)
Adds quic ietf v1 test 931/head
authorPhilippe Antoine <contact@catenacyber.fr>
Tue, 22 Feb 2022 08:20:26 +0000 (09:20 +0100)
committerVictor Julien <victor@inliniac.net>
Tue, 13 Sep 2022 10:03:41 +0000 (12:03 +0200)
tests/quic-ietf/README.md [new file with mode: 0644] patch | blob
tests/quic-ietf/input.pcap [new file with mode: 0644] patch | blob
tests/quic-ietf/test.rules [new file with mode: 0644] patch | blob
tests/quic-ietf/test.yaml [new file with mode: 0644] patch | blob

diff --git a/tests/quic-ietf/README.md b/tests/quic-ietf/README.md
new file mode 100644 (file)
index 0000000..95cb154
--- /dev/null
+++ b/tests/quic-ietf/README.md
@@ -0,0 +1,7 @@
+# Description
+
+Test quic ietf v1 parsing
+
+# PCAP
+
+The pcap comes from https://www.bortzmeyer.org/quic.html
diff --git a/tests/quic-ietf/input.pcap b/tests/quic-ietf/input.pcap
new file mode 100644 (file)
index 0000000..266ba94
Binary files /dev/null and b/tests/quic-ietf/input.pcap differ
diff --git a/tests/quic-ietf/test.rules b/tests/quic-ietf/test.rules
new file mode 100644 (file)
index 0000000..25d1489
--- /dev/null
+++ b/tests/quic-ietf/test.rules
@@ -0,0 +1,2 @@
+alert quic any any -> any any (msg:"QUIC SNI"; quic.sni; content:"msquic.net"; sid:4;)
+alert quic any any -> any any (msg:"QUIC JA3"; ja3.string; content:"771,4866,43-51-41"; sid:3;)
diff --git a/tests/quic-ietf/test.yaml b/tests/quic-ietf/test.yaml
new file mode 100644 (file)
index 0000000..17d8411
--- /dev/null
+++ b/tests/quic-ietf/test.yaml
@@ -0,0 +1,22 @@
+requires:
+  min-version: 7.0.0
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: quic
+        quic.extensions[1].name: "server_name"
+        quic.extensions[1].values[0]: "msquic.net"
+        quic.extensions[2].name: "alpn"
+        quic.extensions[2].values[0]: "h3-29"
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 4
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 3
Mirror of https://github.com/OISF/suricata-verify.git