dns: adds test against incomplete TCP payload

diff --git a/tests/dns-incomplete/README.md b/tests/dns-incomplete/README.md
new file mode 100644 (file)
index 0000000..babffda
--- /dev/null
+++ b/tests/dns-incomplete/README.md
@@ -0,0 +1,7 @@
+# Description
+
+Test DNS incomplete parsing
+
+# PCAP
+
+The pcap comes from running script txt2pcap.py input.txt

diff --git a/tests/dns-incomplete/input.pcap b/tests/dns-incomplete/input.pcap
new file mode 100644 (file)
index 0000000..c9a12ac
Binary files /dev/null and b/tests/dns-incomplete/input.pcap differ

diff --git a/tests/dns-incomplete/input.txt b/tests/dns-incomplete/input.txt
new file mode 100644 (file)
index 0000000..3739f28
--- /dev/null
+++ b/tests/dns-incomplete/input.txt
@@ -0,0 +1,8 @@
+# First a complete request to get protocol detection
+c2s 001c11330100000100000000000006676F6F676C65036E65740000100001
+s2c 002c10328180000100010000000006676F6F676C6503636F6D0000010001c00c00010001000140ef000401020304
+# Then an incomplete request split in 2 packets, to be tested
+c2s 001c103201000001000000000000
+c2s 06676F6F676C6503636F6D0000100001
+# And its answer
+s2c 002c10328180000100010000000006676F6F676C6503636F6D0000010001c00c00010001000140ef000401020304
\ No newline at end of file

diff --git a/tests/dns-incomplete/test.rules b/tests/dns-incomplete/test.rules
new file mode 100644 (file)
index 0000000..1473e80
--- /dev/null
+++ b/tests/dns-incomplete/test.rules
@@ -0,0 +1 @@
+alert dns any any -> any any (msg:"Test dns_query option"; dns_query; content:"google.com"; nocase; sid:1;)

diff --git a/tests/dns-incomplete/test.yaml b/tests/dns-incomplete/test.yaml
new file mode 100644 (file)
index 0000000..85a7438
--- /dev/null
+++ b/tests/dns-incomplete/test.yaml
@@ -0,0 +1,19 @@
+requires:
+  min-version: 6.0
+
+# disables checksum verification
+args:
+- -k none --set app-layer.protocols.dns.detection-ports.dp=5353
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: dns
+        dns.rrname: google.com
+        dns.type: query
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/dns-incomplete/txt2pcap.py b/tests/dns-incomplete/txt2pcap.py
new file mode 100644 (file)
index 0000000..40d7e56
--- /dev/null
+++ b/tests/dns-incomplete/txt2pcap.py
@@ -0,0 +1,88 @@
+import sys
+import binascii
+from threading import Thread
+import time
+import socket
+
+# Create a pcap from a htp test file
+# Launches a server on port 8080
+# Launches a client in another thread that connects to it
+# Both client and server read the htp test file
+# And they send and receive data as described (without analysing it)
+# So, you need to capture traffic on port 8080 while running the script
+
+def removeOneEOL(s):
+    r = s
+    if r[-1] == '\n':
+        r = r[:-1]
+        if r[-1] == '\r':
+            r = r[:-1]
+    return r
+
+PCAP_TCP_PORT = 5353
+
+class ServerThread(Thread):
+
+    def __init__(self, filename):
+        Thread.__init__(self)
+        self.filename = filename
+
+    def run(self):
+        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        s.bind(("127.0.0.1", PCAP_TCP_PORT))
+        s.listen(1)
+        conn, addr = s.accept()
+        f = open(self.filename)
+        sending = ""
+        receiving = ""
+
+        for l in f.readlines():
+            data = binascii.unhexlify(l.split()[1])
+            if l.split()[0] == "s2c":
+                conn.send(data)
+                print "server sent", len(data)
+            else:
+                data = conn.recv(len(data))
+                print "server recvd", len(data)
+
+        conn.close()
+        s.close()
+        f.close()
+
+
+class ClientThread(Thread):
+
+    def __init__(self, filename):
+        Thread.__init__(self)
+        self.filename = filename
+
+    def run(self):
+        time.sleep(1)
+        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        s.connect(("127.0.0.1", PCAP_TCP_PORT))
+        f = open(self.filename)
+        sending = ""
+        receiving = ""
+
+        for l in f.readlines():
+            data = binascii.unhexlify(l.split()[1])
+            if l.split()[0] != "s2c":
+                s.send(data)
+                print "client sent", len(data)
+            else:
+                data = s.recv(len(data))
+                print "client recvd", len(data)
+
+        s.close()
+        f.close()
+
+t1 = ServerThread(sys.argv[1])
+t2 = ClientThread(sys.argv[1])
+
+# Launch threads
+t1.start()
+t2.start()
+
+# Wait for threads to finish
+t1.join()
+t2.join()