ldap: add tests for udp and frames

diff --git a/tests/ldap-frames/README.md b/tests/ldap-frames/README.md
new file mode 100644 (file)
index 0000000..479850a
--- /dev/null
+++ b/tests/ldap-frames/README.md
@@ -0,0 +1,7 @@
+# Test Purpose
+
+Test that LDAP over UDP is parsed correctly.
+
+## PCAP
+
+PCAP downloaded from cloudshark.

diff --git a/tests/ldap-frames/suricata.yaml b/tests/ldap-frames/suricata.yaml
new file mode 100644 (file)
index 0000000..5542399
--- /dev/null
+++ b/tests/ldap-frames/suricata.yaml
@@ -0,0 +1,8 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      types:
+        - frame

diff --git a/tests/ldap-frames/test.yaml b/tests/ldap-frames/test.yaml
new file mode 100644 (file)
index 0000000..5335095
--- /dev/null
+++ b/tests/ldap-frames/test.yaml
@@ -0,0 +1,34 @@
+requires:
+  min-version: 8
+
+args:
+  - -k none
+
+pcap: ../ldap-udp/cldap.pcap
+
+checks:
+  - filter:
+      count: 1
+      match:
+        pcap_cnt: 1
+        event_type: frame
+        frame.direction: toserver
+        frame.length: 137
+        frame.complete: true
+  - filter:
+      count: 1
+      match:
+        pcap_cnt: 2
+        event_type: frame
+        frame.direction: toclient
+        frame.length: 137
+        frame.complete: true
+  - filter:
+      count: 1
+      match:
+        pcap_cnt: 2
+        event_type: frame
+        frame.direction: toclient
+        frame.length: 14
+        frame.complete: true
+        frame.tx_id: 1

diff --git a/tests/ldap-udp/README.md b/tests/ldap-udp/README.md
new file mode 100644 (file)
index 0000000..479850a
--- /dev/null
+++ b/tests/ldap-udp/README.md
@@ -0,0 +1,7 @@
+# Test Purpose
+
+Test that LDAP over UDP is parsed correctly.
+
+## PCAP
+
+PCAP downloaded from cloudshark.

diff --git a/tests/ldap-udp/cldap.pcap b/tests/ldap-udp/cldap.pcap
new file mode 100644 (file)
index 0000000..3aeb6bb
Binary files /dev/null and b/tests/ldap-udp/cldap.pcap differ

diff --git a/tests/ldap-udp/test.yaml b/tests/ldap-udp/test.yaml
new file mode 100644 (file)
index 0000000..3dfa289
--- /dev/null
+++ b/tests/ldap-udp/test.yaml
@@ -0,0 +1,29 @@
+requires:
+  min-version: 8
+
+args:
+  - -k none
+
+pcap: cldap.pcap
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: ldap
+        ldap.request.message_id: 1
+        ldap.request.operation: search_request
+        ldap.request.search_request.base_object: ""
+        ldap.request.search_request.scope: 0
+        ldap.request.search_request.deref_alias: 0
+        ldap.request.search_request.size_limit: 0
+        ldap.request.search_request.time_limit: 0
+        ldap.request.search_request.types_only: false
+        ldap.request.search_request.attributes[0]: Netlogon
+        ldap.responses[0].operation: search_result_entry
+        ldap.responses[0].search_result_entry.base_object: ""
+        ldap.responses[0].search_result_entry.attributes[0].type: netlogon
+        ldap.responses[1].operation: search_result_done
+        ldap.responses[1].search_result_done.result_code: success
+        ldap.responses[1].search_result_done.matched_dn: ""
+        ldap.responses[1].search_result_done.message: ""