dns: add some checks on source and destination addresses

author Jason Ish <jason.ish@oisf.net>

Mon, 18 Nov 2019 18:51:40 +0000 (12:51 -0600)

committer Jason Ish <jason.ish@oisf.net>

Fri, 20 Mar 2020 22:04:21 +0000 (16:04 -0600)
author Jason Ish <jason.ish@oisf.net>
Mon, 18 Nov 2019 18:51:40 +0000 (12:51 -0600)
committer Jason Ish <jason.ish@oisf.net>
Fri, 20 Mar 2020 22:04:21 +0000 (16:04 -0600)
diff --git a/tests/dns-eve-type-filtering/test.yaml b/tests/dns-eve-type-filtering/test.yaml

index 610a4907037d3a6cecf93069ebea2e563caa1c53..24dc33066d3f63c0f0f02a973a224a91293eb148 100644 (file)
--- a/tests/dns-eve-type-filtering/test.yaml
+++ b/tests/dns-eve-type-filtering/test.yaml
@@ -22,6 +22,29 @@ checks:
          event_type: "dns"
          dns.rrtype: "A"
  
+  # Also check that the source and destination addresses and ports are
+  # as expected.
+  - filter:
+      filename: only-a.json
+      count: 1
+      match:
+        pcap_cnt: 1
+        src_ip: "10.16.1.11"
+        src_port: 54888
+        dest_ip: "8.8.8.8"
+        dest_port: 53
+        dns.type: "query"
+  - filter:
+      filename: only-a.json
+      count: 1
+      match:
+        pcap_cnt: 2
+        src_ip: "10.16.1.11"
+        src_port: 54888
+        dest_ip: "8.8.8.8"
+        dest_port: 53
+        dns.type: "answer"
+
    # Check that we only have A and AAAA requests.
    - filter:
        filename: a-and-aaaa-requests-only.json
diff --git a/tests/dns-reversed-tcp-1/test.yaml b/tests/dns-reversed-tcp-1/test.yaml

index a63d7af3366dcaaa357e10b0ca097894c6042def..025ebfcc0eef3cdce577d75eb1492b8d897a2640 100644 (file)
--- a/tests/dns-reversed-tcp-1/test.yaml
+++ b/tests/dns-reversed-tcp-1/test.yaml
@@ -16,3 +16,11 @@ checks:
        match:
          event_type: dns
          dns.type: answer
+
+  - filter:
+      count: 1
+      match:
+        event_type: dns
+        dns.type: answer
+        src_ip: "10.16.1.11"
+        dest_ip: "8.8.4.4"
diff --git a/tests/dns-reversed-udp-1/test.yaml b/tests/dns-reversed-udp-1/test.yaml

index 1e8b827a57d351e04fa5502bcfd4676647fe206c..70875fa51e110a88d60fafad388cb226893fff28 100644 (file)
--- a/tests/dns-reversed-udp-1/test.yaml
+++ b/tests/dns-reversed-udp-1/test.yaml
@@ -22,3 +22,11 @@ checks:
          dns.answers[0].rrtype: CNAME
          dns.answers[1].rrtype: A
          dns.answers[2].rrtype: A
+
+  - filter:
+      count: 1
+      match:
+        event_type: dns
+        dns.type: answer
+        src_ip: "10.16.1.11"
+        dest_ip: "10.16.1.1"
diff --git a/tests/dns-tcp-www-google-com/test.yaml b/tests/dns-tcp-www-google-com/test.yaml

index 6abaebc5b2129b3467f1646eae289108bb2d6224..db2676a7777a17e4373ff99cee9a81274abce252 100644 (file)
--- a/tests/dns-tcp-www-google-com/test.yaml
+++ b/tests/dns-tcp-www-google-com/test.yaml
@@ -6,10 +6,14 @@ checks:
    - filter:
        count: 1
        match:
+        src_ip: "10.16.1.11"
+        dest_ip: "8.8.4.4"
          event_type: dns
          dns.type: query
    - filter:
        count: 12
        match:
+        src_ip: "10.16.1.11"
+        dest_ip: "8.8.4.4"
          event_type: dns
          dns.type: answer
author	Jason Ish <jason.ish@oisf.net>
	Mon, 18 Nov 2019 18:51:40 +0000 (12:51 -0600)
committer	Jason Ish <jason.ish@oisf.net>
	Fri, 20 Mar 2020 22:04:21 +0000 (16:04 -0600)
tests/dns-eve-type-filtering/test.yaml		patch \| blob \| blame \| history
tests/dns-reversed-tcp-1/test.yaml		patch \| blob \| blame \| history
tests/dns-reversed-udp-1/test.yaml		patch \| blob \| blame \| history
tests/dns-tcp-www-google-com/test.yaml		patch \| blob \| blame \| history