tests: community id tests for ipv4 and ipv6

The IPv6 uses values confirmed with Zeek.

Issue: #6276

diff --git a/tests/community-id-ipv4/README.md b/tests/community-id-ipv4/README.md
new file mode 100644 (file)
index 0000000..ca3b658
--- /dev/null
+++ b/tests/community-id-ipv4/README.md
@@ -0,0 +1,3 @@
+# Test Description
+
+Community ID for IPv4 test.

diff --git a/tests/community-id-ipv4/input.pcap b/tests/community-id-ipv4/input.pcap
new file mode 100644 (file)
index 0000000..b3a6b63
Binary files /dev/null and b/tests/community-id-ipv4/input.pcap differ

diff --git a/tests/community-id-ipv4/suricata.yaml b/tests/community-id-ipv4/suricata.yaml
new file mode 100644 (file)
index 0000000..6cef79d
--- /dev/null
+++ b/tests/community-id-ipv4/suricata.yaml
@@ -0,0 +1,12 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      community-id: true
+      community-id-seed: 7
+      types:
+        - tls:
+            extended: yes
+        - flow

diff --git a/tests/community-id-ipv4/test.yaml b/tests/community-id-ipv4/test.yaml
new file mode 100644 (file)
index 0000000..436478f
--- /dev/null
+++ b/tests/community-id-ipv4/test.yaml
@@ -0,0 +1,28 @@
+args:
+- -k none
+
+checks:
+- filter:
+    count: 1
+    match:
+      community_id: 1:IwiTNfuO7aCaamMijl+7/X9uLx0=
+      dest_ip: 172.217.14.206
+      dest_port: 443
+      event_type: tls
+      pcap_cnt: 7
+      proto: TCP
+      src_ip: 172.26.0.39
+      src_port: 35958
+      tls.sni: ipv4.google.com
+      tls.version: TLS 1.3
+- filter:
+    count: 1
+    match:
+      app_proto: tls
+      community_id: 1:IwiTNfuO7aCaamMijl+7/X9uLx0=
+      dest_ip: 172.217.14.206
+      dest_port: 443
+      event_type: flow
+      proto: TCP
+      src_ip: 172.26.0.39
+      src_port: 35958

diff --git a/tests/community-id-ipv6/README.md b/tests/community-id-ipv6/README.md
new file mode 100644 (file)
index 0000000..9549382
--- /dev/null
+++ b/tests/community-id-ipv6/README.md
@@ -0,0 +1,7 @@
+# Test Description
+
+Community ID test with IPv6.
+
+## Related Issue
+
+https://redmine.openinfosecfoundation.org/issues/6276

diff --git a/tests/community-id-ipv6/input.pcap b/tests/community-id-ipv6/input.pcap
new file mode 100644 (file)
index 0000000..21fa683
Binary files /dev/null and b/tests/community-id-ipv6/input.pcap differ

diff --git a/tests/community-id-ipv6/suricata.yaml b/tests/community-id-ipv6/suricata.yaml
new file mode 100644 (file)
index 0000000..6cef79d
--- /dev/null
+++ b/tests/community-id-ipv6/suricata.yaml
@@ -0,0 +1,12 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      community-id: true
+      community-id-seed: 7
+      types:
+        - tls:
+            extended: yes
+        - flow

diff --git a/tests/community-id-ipv6/test.yaml b/tests/community-id-ipv6/test.yaml
new file mode 100644 (file)
index 0000000..daf3622
--- /dev/null
+++ b/tests/community-id-ipv6/test.yaml
@@ -0,0 +1,83 @@
+args:
+- -k none
+
+checks:
+- filter:
+    count: 1
+    match:
+      community_id: 1:ptJhMvufAbB5nLDNW77cB800wFM=
+      dest_ip: 2607:f8b0:400a:0800:0000:0000:0000:200e
+      dest_port: 443
+      event_type: tls
+      pcap_cnt: 41
+      proto: TCP
+      src_ip: 2600:1f13:00f8:d400:03a6:303c:e011:18eb
+      src_port: 60202
+      tls.sni: ipv6.google.com
+      tls.version: TLS 1.3
+- filter:
+    count: 1
+    match:
+      community_id: 1:PGf+a0eBbs1OhuPtJmsF0Sm51v4=
+      dest_ip: 2001:4860:4860:0000:0000:0000:0000:8888
+      dest_port: 443
+      event_type: tls
+      pcap_cnt: 7
+      proto: TCP
+      src_ip: 2600:1f13:00f8:d400:03a6:303c:e011:18eb
+      src_port: 33892
+      tls.sni: dns.google
+      tls.version: TLS 1.3
+- filter:
+    count: 1
+    match:
+      app_proto: tls
+      community_id: 1:PGf+a0eBbs1OhuPtJmsF0Sm51v4=
+      dest_ip: 2001:4860:4860:0000:0000:0000:0000:8888
+      dest_port: 443
+      event_type: flow
+      flow.age: 0
+      flow.alerted: false
+      flow.bytes_toclient: 7122
+      flow.bytes_toserver: 2303
+      flow.pkts_toclient: 17
+      flow.pkts_toserver: 17
+      flow.reason: shutdown
+      flow.state: established
+      proto: TCP
+      src_ip: 2600:1f13:00f8:d400:03a6:303c:e011:18eb
+      src_port: 33892
+      tcp.ack: true
+      tcp.psh: true
+      tcp.state: established
+      tcp.syn: true
+      tcp.tcp_flags: 1a
+      tcp.tcp_flags_tc: 1a
+      tcp.tcp_flags_ts: 1a
+- filter:
+    count: 1
+    match:
+      app_proto: tls
+      community_id: 1:ptJhMvufAbB5nLDNW77cB800wFM=
+      dest_ip: 2607:f8b0:400a:0800:0000:0000:0000:200e
+      dest_port: 443
+      event_type: flow
+      flow.age: 0
+      flow.alerted: false
+      flow.bytes_toclient: 28862
+      flow.bytes_toserver: 2439
+      flow.pkts_toclient: 18
+      flow.pkts_toserver: 18
+      flow.reason: shutdown
+      flow.state: closed
+      proto: TCP
+      src_ip: 2600:1f13:00f8:d400:03a6:303c:e011:18eb
+      src_port: 60202
+      tcp.ack: true
+      tcp.fin: true
+      tcp.psh: true
+      tcp.state: closed
+      tcp.syn: true
+      tcp.tcp_flags: 1b
+      tcp.tcp_flags_tc: 1b
+      tcp.tcp_flags_ts: 1b