]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8822ffc)
tests: dns midstream reversed tests for tcp and udp 125/head
authorJason Ish <ish@unx.ca>
Mon, 22 Apr 2019 17:35:00 +0000 (11:35 -0600)
committerVictor Julien <victor@inliniac.net>
Mon, 16 Sep 2019 18:22:53 +0000 (20:22 +0200)
tests/dns-reversed-tcp-1/dns.pcap [new file with mode: 0644] patch | blob
tests/dns-reversed-tcp-1/suricata.yaml [new file with mode: 0644] patch | blob
tests/dns-reversed-tcp-1/test.yaml [new file with mode: 0644] patch | blob
tests/dns-reversed-udp-1/input.pcap [new file with mode: 0644] patch | blob
tests/dns-reversed-udp-1/suricata.yaml [new file with mode: 0644] patch | blob
tests/dns-reversed-udp-1/test.yaml [new file with mode: 0644] patch | blob

diff --git a/tests/dns-reversed-tcp-1/dns.pcap b/tests/dns-reversed-tcp-1/dns.pcap
new file mode 100644 (file)
index 0000000..af7d25b
Binary files /dev/null and b/tests/dns-reversed-tcp-1/dns.pcap differ
diff --git a/tests/dns-reversed-tcp-1/suricata.yaml b/tests/dns-reversed-tcp-1/suricata.yaml
new file mode 100644 (file)
index 0000000..703d81e
--- /dev/null
+++ b/tests/dns-reversed-tcp-1/suricata.yaml
@@ -0,0 +1,10 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      types:
+        - dns:
+            enabled: true
+            version: 2
diff --git a/tests/dns-reversed-tcp-1/test.yaml b/tests/dns-reversed-tcp-1/test.yaml
new file mode 100644 (file)
index 0000000..a63d7af
--- /dev/null
+++ b/tests/dns-reversed-tcp-1/test.yaml
@@ -0,0 +1,18 @@
+requires:
+  min-version: 5.0.0
+
+args:
+  - --set stream.midstream=true
+
+checks:
+  - filter:
+      count: 0
+      match:
+        event_type: dns
+        dns.type: query
+
+  - filter:
+      count: 1
+      match:
+        event_type: dns
+        dns.type: answer
diff --git a/tests/dns-reversed-udp-1/input.pcap b/tests/dns-reversed-udp-1/input.pcap
new file mode 100644 (file)
index 0000000..95a2b0c
Binary files /dev/null and b/tests/dns-reversed-udp-1/input.pcap differ
diff --git a/tests/dns-reversed-udp-1/suricata.yaml b/tests/dns-reversed-udp-1/suricata.yaml
new file mode 100644 (file)
index 0000000..c7c9cd5
--- /dev/null
+++ b/tests/dns-reversed-udp-1/suricata.yaml
@@ -0,0 +1,10 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: true
+      types:
+        - dns:
+            enabled: true
+            version: 2
diff --git a/tests/dns-reversed-udp-1/test.yaml b/tests/dns-reversed-udp-1/test.yaml
new file mode 100644 (file)
index 0000000..1e8b827
--- /dev/null
+++ b/tests/dns-reversed-udp-1/test.yaml
@@ -0,0 +1,24 @@
+requires:
+  min-version: 5.0.0
+
+args:
+  - --set stream.midstream=true
+
+checks:
+
+  - filter:
+      comment: request
+      count: 0
+      match:
+        event_type: dns
+        dns.type: query
+
+  - filter:
+      comment: response
+      count: 1
+      match:
+        event_type: dns
+        dns.type: answer
+        dns.answers[0].rrtype: CNAME
+        dns.answers[1].rrtype: A
+        dns.answers[2].rrtype: A
Mirror of https://github.com/OISF/suricata-verify.git