tests: add ipv4.hdr and ipv6.hdr tests

author Victor Julien <victor@inliniac.net>

Mon, 1 Jul 2019 12:47:00 +0000 (14:47 +0200)

committer Victor Julien <victor@inliniac.net>

Mon, 1 Jul 2019 12:47:00 +0000 (14:47 +0200)
author Victor Julien <victor@inliniac.net>
Mon, 1 Jul 2019 12:47:00 +0000 (14:47 +0200)
committer Victor Julien <victor@inliniac.net>
Mon, 1 Jul 2019 12:47:00 +0000 (14:47 +0200)
diff --git a/tests/ipv4-hdr-keyword/input.pcap b/tests/ipv4-hdr-keyword/input.pcap

new file mode 100644 (file)

index 0000000..b42bb8b

Binary files /dev/null and b/tests/ipv4-hdr-keyword/input.pcap differ
diff --git a/tests/ipv4-hdr-keyword/test.rules b/tests/ipv4-hdr-keyword/test.rules

new file mode 100644 (file)

index 0000000..10d00fc
--- /dev/null
+++ b/tests/ipv4-hdr-keyword/test.rules
@@ -0,0 +1 @@
+alert ip any any -> any any (ipv4.hdr; content:"|00 00|"; offset:4; depth:2; sid:1234;)
diff --git a/tests/ipv4-hdr-keyword/test.yaml b/tests/ipv4-hdr-keyword/test.yaml

new file mode 100644 (file)

index 0000000..b658eca
--- /dev/null
+++ b/tests/ipv4-hdr-keyword/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 5.0.0
+  features:
+    - HAVE_LIBJANSSON
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1234 
+
diff --git a/tests/ipv4-hdr-keyword/writepcap.py b/tests/ipv4-hdr-keyword/writepcap.py

new file mode 100755 (executable)

index 0000000..96b3fc6
--- /dev/null
+++ b/tests/ipv4-hdr-keyword/writepcap.py
@@ -0,0 +1,10 @@
+#!/usr/bin/env python
+from scapy.all import *
+
+pkts = []
+
+pkts += Ether(dst='ff:ff:ff:ff:ff:ff', src='00:01:02:03:04:05')/ \
+    Dot1Q(vlan=6)/ \
+    IP(dst='255.255.255.255', src='192.168.0.1', id=0)/UDP(dport=80)
+
+wrpcap('input.pcap', pkts)
diff --git a/tests/ipv6-hdr-keyword-01/input.pcap b/tests/ipv6-hdr-keyword-01/input.pcap

new file mode 100644 (file)

index 0000000..f836869

Binary files /dev/null and b/tests/ipv6-hdr-keyword-01/input.pcap differ
diff --git a/tests/ipv6-hdr-keyword-01/test.rules b/tests/ipv6-hdr-keyword-01/test.rules

new file mode 100644 (file)

index 0000000..17d7bcc
--- /dev/null
+++ b/tests/ipv6-hdr-keyword-01/test.rules
@@ -0,0 +1 @@
+alert ip any any -> any any (ipv6.hdr; content:"|40|"; offset:7; depth:1; sid:1234;)
diff --git a/tests/ipv6-hdr-keyword-01/test.yaml b/tests/ipv6-hdr-keyword-01/test.yaml

new file mode 100644 (file)

index 0000000..b658eca
--- /dev/null
+++ b/tests/ipv6-hdr-keyword-01/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 5.0.0
+  features:
+    - HAVE_LIBJANSSON
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1234 
+
diff --git a/tests/ipv6-hdr-keyword-01/writepcap.py b/tests/ipv6-hdr-keyword-01/writepcap.py

new file mode 100755 (executable)

index 0000000..a871541
--- /dev/null
+++ b/tests/ipv6-hdr-keyword-01/writepcap.py
@@ -0,0 +1,10 @@
+#!/usr/bin/env python
+from scapy.all import *
+
+pkts = []
+
+pkts += Ether(dst='ff:ff:ff:ff:ff:ff', src='00:01:02:03:04:05')/ \
+    Dot1Q(vlan=6)/ \
+    IPv6()/UDP(dport=80)
+
+wrpcap('input.pcap', pkts)
diff --git a/tests/ipv6-hdr-keyword-02/input.pcap b/tests/ipv6-hdr-keyword-02/input.pcap

new file mode 100644 (file)

index 0000000..e872c8e

Binary files /dev/null and b/tests/ipv6-hdr-keyword-02/input.pcap differ
diff --git a/tests/ipv6-hdr-keyword-02/test.rules b/tests/ipv6-hdr-keyword-02/test.rules

new file mode 100644 (file)

index 0000000..4186008
--- /dev/null
+++ b/tests/ipv6-hdr-keyword-02/test.rules
@@ -0,0 +1 @@
+alert ip any any -> any any (ipv6.hdr; content:"|11 00 00 00 00 00 00 00|"; offset:40; endswith; sid:1234;)
diff --git a/tests/ipv6-hdr-keyword-02/test.yaml b/tests/ipv6-hdr-keyword-02/test.yaml

new file mode 100644 (file)

index 0000000..b658eca
--- /dev/null
+++ b/tests/ipv6-hdr-keyword-02/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 5.0.0
+  features:
+    - HAVE_LIBJANSSON
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1234 
+
diff --git a/tests/ipv6-hdr-keyword-02/writepcap.py b/tests/ipv6-hdr-keyword-02/writepcap.py

new file mode 100755 (executable)

index 0000000..dc40cb1
--- /dev/null
+++ b/tests/ipv6-hdr-keyword-02/writepcap.py
@@ -0,0 +1,10 @@
+#!/usr/bin/env python
+from scapy.all import *
+
+pkts = []
+
+pkts += Ether(dst='ff:ff:ff:ff:ff:ff', src='00:01:02:03:04:05')/ \
+    Dot1Q(vlan=6)/ \
+    IPv6()/IPv6ExtHdrHopByHop()/IPv6ExtHdrDestOpt()/IPv6ExtHdrRouting()/UDP(dport=80)
+
+wrpcap('input.pcap', pkts)
author	Victor Julien <victor@inliniac.net>
	Mon, 1 Jul 2019 12:47:00 +0000 (14:47 +0200)
committer	Victor Julien <victor@inliniac.net>
	Mon, 1 Jul 2019 12:47:00 +0000 (14:47 +0200)
tests/ipv4-hdr-keyword/input.pcap	[new file with mode: 0644]	patch \| blob
tests/ipv4-hdr-keyword/test.rules	[new file with mode: 0644]	patch \| blob
tests/ipv4-hdr-keyword/test.yaml	[new file with mode: 0644]	patch \| blob
tests/ipv4-hdr-keyword/writepcap.py	[new file with mode: 0755]	patch \| blob
tests/ipv6-hdr-keyword-01/input.pcap	[new file with mode: 0644]	patch \| blob
tests/ipv6-hdr-keyword-01/test.rules	[new file with mode: 0644]	patch \| blob
tests/ipv6-hdr-keyword-01/test.yaml	[new file with mode: 0644]	patch \| blob
tests/ipv6-hdr-keyword-01/writepcap.py	[new file with mode: 0755]	patch \| blob
tests/ipv6-hdr-keyword-02/input.pcap	[new file with mode: 0644]	patch \| blob
tests/ipv6-hdr-keyword-02/test.rules	[new file with mode: 0644]	patch \| blob
tests/ipv6-hdr-keyword-02/test.yaml	[new file with mode: 0644]	patch \| blob
tests/ipv6-hdr-keyword-02/writepcap.py	[new file with mode: 0755]	patch \| blob