From: Jason Ish <jason.ish@oisf.net>
Date: Wed, 29 Apr 2020 21:55:46 +0000 (-0600)
Subject: new test: dhcp-eve-extended
X-Git-Tag: suricata-6.0.4~298
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0dfb2259003bd93e844c37665c40fbc089c053ea;p=thirdparty%2Fsuricata-verify.git

new test: dhcp-eve-extended

Tests the extended output of DHCP.
---

diff --git a/tests/dhcp-eve-extended/input.pcap b/tests/dhcp-eve-extended/input.pcap
new file mode 100644
index 000000000..93617129f
Binary files /dev/null and b/tests/dhcp-eve-extended/input.pcap differ
diff --git a/tests/dhcp-eve-extended/suricata.yaml b/tests/dhcp-eve-extended/suricata.yaml
new file mode 100644
index 000000000..7f2fafa63
--- /dev/null
+++ b/tests/dhcp-eve-extended/suricata.yaml
@@ -0,0 +1,11 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: true
+      filename: eve.json
+      types:
+        - dhcp:
+            extended: true
+        - flow
diff --git a/tests/dhcp-eve-extended/test.yaml b/tests/dhcp-eve-extended/test.yaml
new file mode 100644
index 000000000..3494287b7
--- /dev/null
+++ b/tests/dhcp-eve-extended/test.yaml
@@ -0,0 +1,68 @@
+# *** Add configuration here ***
+
+checks:
+- filter:
+    count: 1
+    match:
+      dest_ip: 10.16.1.1
+      dest_port: 67
+      dhcp.assigned_ip: 0.0.0.0
+      dhcp.client_id: 00:11:32:17:49:f0
+      dhcp.client_ip: 10.16.1.4
+      dhcp.client_mac: 00:11:32:17:49:f0
+      dhcp.dhcp_type: request
+      dhcp.hostname: nas1\x00
+      dhcp.id: 4016330564
+      dhcp.params[0]: subnet_mask
+      dhcp.params[1]: router
+      dhcp.params[2]: domain
+      dhcp.params[3]: dns_server
+      dhcp.type: request
+      event_type: dhcp
+      pcap_cnt: 1
+      proto: UDP
+      src_ip: 10.16.1.4
+      src_port: 68
+- filter:
+    count: 1
+    match:
+      dest_ip: 10.16.1.4
+      dest_port: 68
+      dhcp.assigned_ip: 10.16.1.4
+      dhcp.client_ip: 10.16.1.4
+      dhcp.client_mac: 00:11:32:17:49:f0
+      dhcp.dhcp_type: ack
+      dhcp.dns_servers[0]: 10.16.1.1
+      dhcp.hostname: nas1\x00
+      dhcp.id: 4016330564
+      dhcp.lease_time: 3600
+      dhcp.next_server_ip: 10.16.1.1
+      dhcp.rebinding_time: 3031
+      dhcp.relay_ip: 0.0.0.0
+      dhcp.renewal_time: 1681
+      dhcp.routers[0]: 10.16.1.1
+      dhcp.subnet_mask: 255.255.0.0
+      dhcp.type: reply
+      event_type: dhcp
+      pcap_cnt: 2
+      proto: UDP
+      src_ip: 10.16.1.1
+      src_port: 67
+- filter:
+    count: 1
+    match:
+      app_proto: dhcp
+      dest_ip: 10.16.1.1
+      dest_port: 67
+      event_type: flow
+      flow.age: 0
+      flow.alerted: false
+      flow.bytes_toclient: 350
+      flow.bytes_toserver: 342
+      flow.pkts_toclient: 1
+      flow.pkts_toserver: 1
+      flow.reason: shutdown
+      flow.state: established
+      proto: UDP
+      src_ip: 10.16.1.4
+      src_port: 68