tests: add test for tcp.mss keyword

diff --git a/tests/tcp-mss-keyword/input.pcap b/tests/tcp-mss-keyword/input.pcap
new file mode 100644 (file)
index 0000000..2745f6f
Binary files /dev/null and b/tests/tcp-mss-keyword/input.pcap differ

diff --git a/tests/tcp-mss-keyword/test.rules b/tests/tcp-mss-keyword/test.rules
new file mode 100644 (file)
index 0000000..a1aa40a
--- /dev/null
+++ b/tests/tcp-mss-keyword/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (tcp.mss:<536; sid:1234; rev:5;)

diff --git a/tests/tcp-mss-keyword/test.yaml b/tests/tcp-mss-keyword/test.yaml
new file mode 100644 (file)
index 0000000..b658eca
--- /dev/null
+++ b/tests/tcp-mss-keyword/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 5.0.0
+  features:
+    - HAVE_LIBJANSSON
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1234 
+

diff --git a/tests/tcp-mss-keyword/writepcap.py b/tests/tcp-mss-keyword/writepcap.py
new file mode 100755 (executable)
index 0000000..672bdef
--- /dev/null
+++ b/tests/tcp-mss-keyword/writepcap.py
@@ -0,0 +1,10 @@
+#!/usr/bin/env python
+from scapy.all import *
+
+pkts = []
+
+pkts += Ether(dst='ff:ff:ff:ff:ff:ff', src='00:01:02:03:04:05')/ \
+    Dot1Q(vlan=6)/ \
+    IP(dst='255.255.255.255', src='192.168.0.1')/TCP(dport=80,flags="S",options=[("MSS", 8)])
+
+wrpcap('input.pcap', pkts)