dns: add test for NULL record

Add test case to show that NULL record types are being logged.

diff --git a/tests/dns-udp-null/README.md b/tests/dns-udp-null/README.md
new file mode 100644 (file)
index 0000000..7d14453
--- /dev/null
+++ b/tests/dns-udp-null/README.md
@@ -0,0 +1,4 @@
+Verify the eve output for a DNS response with a NULL record type.
+
+The pcap contains the first two packets of
+https://redmine.openinfosecfoundation.org/attachments/2062.

diff --git a/tests/dns-udp-null/dns-tunnel-iodine.pcap b/tests/dns-udp-null/dns-tunnel-iodine.pcap
new file mode 100644 (file)
index 0000000..0b72526
Binary files /dev/null and b/tests/dns-udp-null/dns-tunnel-iodine.pcap differ

diff --git a/tests/dns-udp-null/suricata.yaml b/tests/dns-udp-null/suricata.yaml
new file mode 100644 (file)
index 0000000..5f7eded
--- /dev/null
+++ b/tests/dns-udp-null/suricata.yaml
@@ -0,0 +1,10 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filename: eve.json
+      types:
+        - dns:
+            version: 1

diff --git a/tests/dns-udp-null/test.yaml b/tests/dns-udp-null/test.yaml
new file mode 100644 (file)
index 0000000..f7ab522
--- /dev/null
+++ b/tests/dns-udp-null/test.yaml
@@ -0,0 +1,19 @@
+requires:
+  script:
+    - grep -q parse_rdata_null rust/src/dns/parser.rs
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: dns
+        dns.type: query
+        dns.rrtype: "NULL"
+  - filter:
+      count: 1
+      match:
+        event_type: dns
+        dns.type: answer
+        dns.rcode: NOERROR
+        dns.rrtype: "NULL"
+        dns.rdata: "VACKD\u0003\\xc5\\xe9\u0001"