dns-udp-eve-txt: v2 and v3 tests

author Jason Ish <jason.ish@oisf.net>

Thu, 4 Jul 2024 21:24:59 +0000 (15:24 -0600)

committer Victor Julien <victor@inliniac.net>

Tue, 9 Jul 2024 10:15:24 +0000 (12:15 +0200)
author Jason Ish <jason.ish@oisf.net>
Thu, 4 Jul 2024 21:24:59 +0000 (15:24 -0600)
committer Victor Julien <victor@inliniac.net>
Tue, 9 Jul 2024 10:15:24 +0000 (12:15 +0200)
diff --git a/tests/dns-udp-eve-v1-txt/test.yaml b/tests/dns-udp-eve-v1-txt/test.yaml

index 1861dbd4a5c03b4c622dcf22c0dac3473498ee28..5a4ec6d66150e3b578904e4e27059ccd932069d5 100644 (file)
--- a/tests/dns-udp-eve-v1-txt/test.yaml
+++ b/tests/dns-udp-eve-v1-txt/test.yaml
@@ -1,7 +1,7 @@
  requires:
    lt-version: 7
  
-pcap: ../dns-udp-eve-v2-txt/input.pcap
+pcap: ../dns/dns-udp-eve-txt/input.pcap
  
  checks:
  - filter:
diff --git a/tests/dns-udp-eve-v2-txt/input.pcap b/tests/dns/dns-udp-eve-txt/input.pcap

similarity index 100%

rename from tests/dns-udp-eve-v2-txt/input.pcap

rename to tests/dns/dns-udp-eve-txt/input.pcap
diff --git a/tests/dns/dns-udp-eve-txt/test.yaml b/tests/dns/dns-udp-eve-txt/test.yaml

new file mode 100644 (file)

index 0000000..1a9caa3
--- /dev/null
+++ b/tests/dns/dns-udp-eve-txt/test.yaml
@@ -0,0 +1,124 @@
+requires:
+  min-version: 8
+
+checks:
+- filter:
+    count: 1
+    match:
+      dest_ip: 10.16.1.1
+      dest_port: 53
+      dns.id: 39372
+      dns.queries[0].rrname: textsecure-service-ca.whispersystems.org
+      dns.queries[0].rrtype: A
+      dns.tx_id: 0
+      dns.type: request
+      event_type: dns
+      pcap_cnt: 3
+      proto: UDP
+      src_ip: 10.16.1.11
+      src_port: 60922
+- filter:
+    count: 1
+    match:
+      dest_ip: 10.16.1.1
+      dest_port: 53
+      dns.id: 28243
+      dns.queries[0].rrname: google.com
+      dns.queries[0].rrtype: TXT
+      dns.tx_id: 0
+      dns.type: request
+      event_type: dns
+      pcap_cnt: 1
+      proto: UDP
+      src_ip: 10.16.1.11
+      src_port: 52345
+- filter:
+    count: 1
+    match:
+      dest_ip: 10.16.1.1
+      dest_port: 53
+      dns.answers[0].rdata: 34.197.178.240
+      dns.answers[0].rrname: textsecure-service-ca.whispersystems.org
+      dns.answers[0].rrtype: A
+      dns.answers[0].ttl: 5
+      dns.flags: '8180'
+      dns.grouped.A[0]: 34.197.178.240
+      dns.id: 39372
+      dns.qr: true
+      dns.ra: true
+      dns.rcode: NOERROR
+      dns.rd: true
+      dns.queries[0].rrname: textsecure-service-ca.whispersystems.org
+      dns.queries[0].rrtype: A
+      dns.type: response
+      dns.version: 3
+      event_type: dns
+      pcap_cnt: 4
+      proto: UDP
+      src_ip: 10.16.1.11
+      src_port: 60922
+- filter:
+    count: 1
+    match:
+      dest_ip: 10.16.1.1
+      dest_port: 53
+      dns.answers[0].rdata: v=spf1 include:_spf.google.com ~all
+      dns.answers[0].rrname: google.com
+      dns.answers[0].rrtype: TXT
+      dns.answers[0].ttl: 3217
+      dns.flags: '8180'
+      dns.grouped.TXT[0]: v=spf1 include:_spf.google.com ~all
+      dns.id: 28243
+      dns.qr: true
+      dns.ra: true
+      dns.rcode: NOERROR
+      dns.rd: true
+      dns.queries[0].rrname: google.com
+      dns.queries[0].rrtype: TXT
+      dns.type: response
+      dns.version: 3
+      event_type: dns
+      pcap_cnt: 2
+      proto: UDP
+      src_ip: 10.16.1.11
+      src_port: 52345
+- filter:
+    count: 1
+    match:
+      app_proto: dns
+      dest_ip: 10.16.1.1
+      dest_port: 53
+      event_type: flow
+      flow.age: 0
+      flow.alerted: false
+      flow.bytes_toclient: 116
+      flow.bytes_toserver: 100
+      flow.end: 2017-06-08T15:45:58.525601+0000
+      flow.pkts_toclient: 1
+      flow.pkts_toserver: 1
+      flow.reason: shutdown
+      flow.start: 2017-06-08T15:45:58.520996+0000
+      flow.state: established
+      proto: UDP
+      src_ip: 10.16.1.11
+      src_port: 60922
+- filter:
+    count: 1
+    match:
+      app_proto: dns
+      dest_ip: 10.16.1.1
+      dest_port: 53
+      event_type: flow
+      flow.age: 0
+      flow.alerted: false
+      flow.bytes_toclient: 129
+      flow.bytes_toserver: 81
+      flow.end: 2017-06-08T15:45:57.833020+0000
+      flow.pkts_toclient: 1
+      flow.pkts_toserver: 1
+      flow.reason: shutdown
+      flow.start: 2017-06-08T15:45:57.828730+0000
+      flow.state: established
+      proto: UDP
+      src_ip: 10.16.1.11
+      src_port: 52345
diff --git a/tests/dns/v2/dns-udp-eve-txt/input.pcap b/tests/dns/v2/dns-udp-eve-txt/input.pcap

new file mode 100644 (file)

index 0000000..edb238e

Binary files /dev/null and b/tests/dns/v2/dns-udp-eve-txt/input.pcap differ
diff --git a/tests/dns-udp-eve-v2-txt/test.yaml b/tests/dns/v2/dns-udp-eve-txt/test.yaml

similarity index 98%

rename from tests/dns-udp-eve-v2-txt/test.yaml

rename to tests/dns/v2/dns-udp-eve-txt/test.yaml

index 5f7461fc7b5da12ab31094e623d5f3372a6657ac..faf5afed501db5f10002225277bf3776a9f498da 100644 (file)
--- a/tests/dns-udp-eve-v2-txt/test.yaml
+++ b/tests/dns/v2/dns-udp-eve-txt/test.yaml
@@ -1,4 +1,5 @@
-# *** Add configuration here ***
+env:
+  SURICATA_EVE_DNS_VERSION: 2
  
  checks:
  - filter:
author	Jason Ish <jason.ish@oisf.net>
	Thu, 4 Jul 2024 21:24:59 +0000 (15:24 -0600)
committer	Victor Julien <victor@inliniac.net>
	Tue, 9 Jul 2024 10:15:24 +0000 (12:15 +0200)
tests/dns-udp-eve-v1-txt/test.yaml		patch \| blob \| blame \| history
tests/dns/dns-udp-eve-txt/input.pcap	[moved from tests/dns-udp-eve-v2-txt/input.pcap with 100% similarity]	patch \| blob \| blame \| history
tests/dns/dns-udp-eve-txt/test.yaml	[new file with mode: 0644]	patch \| blob
tests/dns/v2/dns-udp-eve-txt/input.pcap	[new file with mode: 0644]	patch \| blob
tests/dns/v2/dns-udp-eve-txt/test.yaml	[moved from tests/dns-udp-eve-v2-txt/test.yaml with 98% similarity]	patch \| blob \| blame \| history