dns-tcp-ts-gap: test gap in tcp dns traffic

diff --git a/dns-tcp-ts-gap/README.md b/dns-tcp-ts-gap/README.md
new file mode 100644 (file)
index 0000000..1339170
--- /dev/null
+++ b/dns-tcp-ts-gap/README.md
@@ -0,0 +1,2 @@
+Test TCP DNS application layer handling with a missing packet (gap) in
+the to-server direction.

diff --git a/dns-tcp-ts-gap/check.sh b/dns-tcp-ts-gap/check.sh
new file mode 100755 (executable)
index 0000000..4ba1a63
--- /dev/null
+++ b/dns-tcp-ts-gap/check.sh
@@ -0,0 +1,19 @@
+#! /bin/sh
+
+. ../functions.sh
+
+# As a request was missing, we should have 2 requests, but 26
+# responses, as each request resulted in 12 responses.
+log=./output/eve.json
+
+n=$(cat ${log} | \
+       jq -c 'select(.event_type == "dns") | select(.dns.type == "query")' | \
+       wc -l)
+assert_eq 2 $n
+
+n=$(cat ${log} | \
+       jq -c 'select(.event_type == "dns") | select(.dns.type == "answer")' | \
+       wc -l)
+assert_eq 36 $n
+
+exit 0

diff --git a/dns-tcp-ts-gap/input.pcap b/dns-tcp-ts-gap/input.pcap
new file mode 100644 (file)
index 0000000..88957a9
Binary files /dev/null and b/dns-tcp-ts-gap/input.pcap differ

diff --git a/dns-tcp-ts-gap/original.pcap_ b/dns-tcp-ts-gap/original.pcap_
new file mode 100644 (file)
index 0000000..63219fd
Binary files /dev/null and b/dns-tcp-ts-gap/original.pcap_ differ