]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d084a35)
tests: add tests for bug 5633 1017/head
authorVictor Julien <victor@inliniac.net>
Fri, 25 Nov 2022 16:31:43 +0000 (17:31 +0100)
committerVictor Julien <victor@inliniac.net>
Sat, 26 Nov 2022 05:57:30 +0000 (06:57 +0100)
tests/bug-5633-gre-01/gre-udp.pcap [new file with mode: 0644] patch | blob
tests/bug-5633-gre-01/gre-udp.py [new file with mode: 0755] patch | blob
tests/bug-5633-gre-01/test.rules [new file with mode: 0644] patch | blob
tests/bug-5633-gre-01/test.yaml [new file with mode: 0644] patch | blob
tests/bug-5633-gre-02/README.md [new file with mode: 0644] patch | blob
tests/bug-5633-gre-02/gre-sample.pcap [new file with mode: 0644] patch | blob
tests/bug-5633-gre-02/test.rules [new file with mode: 0644] patch | blob
tests/bug-5633-gre-02/test.yaml [new file with mode: 0644] patch | blob

diff --git a/tests/bug-5633-gre-01/gre-udp.pcap b/tests/bug-5633-gre-01/gre-udp.pcap
new file mode 100644 (file)
index 0000000..e62163b
Binary files /dev/null and b/tests/bug-5633-gre-01/gre-udp.pcap differ
diff --git a/tests/bug-5633-gre-01/gre-udp.py b/tests/bug-5633-gre-01/gre-udp.py
new file mode 100755 (executable)
index 0000000..ed97409
--- /dev/null
+++ b/tests/bug-5633-gre-01/gre-udp.py
@@ -0,0 +1,15 @@
+#!/usr/bin/env python
+from scapy.all import *
+
+pkts = []
+
+pkt1 = Ether(dst='ff:ff:ff:ff:ff:ff', src='00:01:02:03:04:05')/Dot1Q(vlan=6)/IP(dst='1.1.1.1', src='1.1.1.2')/GRE()/IP(dst='2.2.2.2', src='2.2.2.3')/UDP(dport=514,sport=12345)/"EVIL"
+pkt2 = Ether(dst='ff:ff:ff:ff:ff:ff', src='00:01:02:03:04:05')/Dot1Q(vlan=6)/IP(dst='1.1.1.1', src='1.1.1.2')/GRE()/IP(dst='2.2.2.2', src='2.2.2.3')/UDP(dport=514,sport=12345)/"GOOD"
+pkt3 = Ether(dst='ff:ff:ff:ff:ff:ff', src='00:01:02:03:04:05')/Dot1Q(vlan=6)/IP(dst='1.1.1.1', src='1.1.1.2')/GRE()/IP(dst='2.2.2.2', src='2.2.2.3')/UDP(dport=514,sport=12345)/"EVIL"
+
+# VLAN tagged packet
+pkts += pkt1
+pkts += pkt2
+pkts += pkt3
+
+wrpcap('gre-udp.pcap', pkts)
diff --git a/tests/bug-5633-gre-01/test.rules b/tests/bug-5633-gre-01/test.rules
new file mode 100644 (file)
index 0000000..f754b96
--- /dev/null
+++ b/tests/bug-5633-gre-01/test.rules
@@ -0,0 +1,2 @@
+pass ip any any <> 2.2.2.2 any (msg:"GRE Tunnel Pass Test"; classtype:misc-activity; sid:60000000; rev:1;)
+alert udp any any -> any any (content:"EVIL"; sid:1;)
diff --git a/tests/bug-5633-gre-01/test.yaml b/tests/bug-5633-gre-01/test.yaml
new file mode 100644 (file)
index 0000000..cd4d10b
--- /dev/null
+++ b/tests/bug-5633-gre-01/test.yaml
@@ -0,0 +1,8 @@
+args:
+- -k none
+
+checks:
+  - filter:
+      count: 0
+      match:
+        event_type: alert
diff --git a/tests/bug-5633-gre-02/README.md b/tests/bug-5633-gre-02/README.md
new file mode 100644 (file)
index 0000000..2a9e913
--- /dev/null
+++ b/tests/bug-5633-gre-02/README.md
@@ -0,0 +1 @@
+Pcap from https://redmine.openinfosecfoundation.org/issues/5633
diff --git a/tests/bug-5633-gre-02/gre-sample.pcap b/tests/bug-5633-gre-02/gre-sample.pcap
new file mode 100644 (file)
index 0000000..31c08b6
Binary files /dev/null and b/tests/bug-5633-gre-02/gre-sample.pcap differ
diff --git a/tests/bug-5633-gre-02/test.rules b/tests/bug-5633-gre-02/test.rules
new file mode 100644 (file)
index 0000000..694db17
--- /dev/null
+++ b/tests/bug-5633-gre-02/test.rules
@@ -0,0 +1,2 @@
+pass ip any any <> 172.28.2.3 any (msg:"GRE Tunnel Pass Test"; classtype:misc-activity; sid:60000000; rev:1;)
+alert icmp any any -> any any (itype:8; sid:1;)
diff --git a/tests/bug-5633-gre-02/test.yaml b/tests/bug-5633-gre-02/test.yaml
new file mode 100644 (file)
index 0000000..bc67faa
--- /dev/null
+++ b/tests/bug-5633-gre-02/test.yaml
@@ -0,0 +1,16 @@
+args:
+- -k none
+
+checks:
+  - filter:
+      count: 0
+      match:
+        event_type: alert
+  - filter:
+      count: 1
+      match:
+        event_type: ssh
+        ssh.client.proto_version: "2.0"
+        ssh.client.software_version: "OpenSSH_3.6.1p1"
+        ssh.server.proto_version: "1.99"
+        ssh.server.software_version: "OpenSSH_3.1p1"
Mirror of https://github.com/OISF/suricata-verify.git