]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4dcc8ff)
tests: add test for bug 7264 2059/head
authorVictor Julien <victor@inliniac.net>
Fri, 20 Sep 2024 14:04:57 +0000 (16:04 +0200)
committerVictor Julien <victor@inliniac.net>
Tue, 24 Sep 2024 14:01:28 +0000 (16:01 +0200)
tests/bug-7264-tcp-3whs-ack-data-tls-01/README.md [new file with mode: 0644] patch | blob
tests/bug-7264-tcp-3whs-ack-data-tls-01/input.pcap [new file with mode: 0644] patch | blob
tests/bug-7264-tcp-3whs-ack-data-tls-01/test.rules [new file with mode: 0644] patch | blob
tests/bug-7264-tcp-3whs-ack-data-tls-01/test.yaml [new file with mode: 0644] patch | blob

diff --git a/tests/bug-7264-tcp-3whs-ack-data-tls-01/README.md b/tests/bug-7264-tcp-3whs-ack-data-tls-01/README.md
new file mode 100644 (file)
index 0000000..e8e1512
--- /dev/null
+++ b/tests/bug-7264-tcp-3whs-ack-data-tls-01/README.md
@@ -0,0 +1,4 @@
+Pcap
+====
+
+Pcap from bug-2646-01, with 3whs ACK removed so 3whs is now closed by ACK with TLS data.
diff --git a/tests/bug-7264-tcp-3whs-ack-data-tls-01/input.pcap b/tests/bug-7264-tcp-3whs-ack-data-tls-01/input.pcap
new file mode 100644 (file)
index 0000000..072c568
Binary files /dev/null and b/tests/bug-7264-tcp-3whs-ack-data-tls-01/input.pcap differ
diff --git a/tests/bug-7264-tcp-3whs-ack-data-tls-01/test.rules b/tests/bug-7264-tcp-3whs-ack-data-tls-01/test.rules
new file mode 100644 (file)
index 0000000..f07f2d9
--- /dev/null
+++ b/tests/bug-7264-tcp-3whs-ack-data-tls-01/test.rules
@@ -0,0 +1,2 @@
+pass tls any any -> any any (tls.sni; dotprefix; content:".githubusercontent.com"; nocase; endswith; alert; msg:"Allowed TLS traffic"; flow:established,to_server; sid:188; rev:1;)
+drop tls any any -> any any (msg:"Reject non allowed TLS traffic"; flow:to_server; sid:6001;)
diff --git a/tests/bug-7264-tcp-3whs-ack-data-tls-01/test.yaml b/tests/bug-7264-tcp-3whs-ack-data-tls-01/test.yaml
new file mode 100644 (file)
index 0000000..85aad26
--- /dev/null
+++ b/tests/bug-7264-tcp-3whs-ack-data-tls-01/test.yaml
@@ -0,0 +1,25 @@
+requires:
+  min-version: 8
+
+args:
+  - --simulate-ips
+  - -k none
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: tls
+        tls.sni: raw.githubusercontent.com
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 188
+  - filter:
+      count: 0
+      match:
+        event_type: alert
+        alert.signature_id: 6001
+
+
Mirror of https://github.com/OISF/suricata-verify.git