From: Victor Julien <victor@inliniac.net>
Date: Sat, 15 Jan 2022 18:37:27 +0000 (+0100)
Subject: tests/quic: add sni test
X-Git-Tag: suricata-6.0.5~36
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=271fa2c5d5378684b4a3d4fa166e3efe4283135a;p=thirdparty%2Fsuricata-verify.git

tests/quic: add sni test
---

diff --git a/tests/quic-alerts/test.rules b/tests/quic-alerts/test.rules
index f089c67fd..cf17c1020 100644
--- a/tests/quic-alerts/test.rules
+++ b/tests/quic-alerts/test.rules
@@ -1,3 +1,4 @@
 alert quic any any -> any any (msg:"QUIC CYU HASH"; quic.cyu.hash; content:"7b3ceb1adc974ad360cfa634e8d0a730"; sid:1;)
 alert quic any any -> any any (msg:"QUIC CYU STRING"; quic.cyu.string; content:"46,PAD-SNI-VER-CCS-UAID-TCID-PDMD-SMHL-ICSL-NONP-MIDS-SCLS-CSCT-COPT-IRTT-CFCW-SFCW"; sid:2;)
 alert quic any any -> any any (msg:"QUIC VERSION"; quic.version; content:"Q046"; sid:3;)
+alert quic any any -> any any (msg:"QUIC SNI"; quic.sni; content:"clients1.google.com"; sid:4;)
diff --git a/tests/quic-alerts/test.yaml b/tests/quic-alerts/test.yaml
index a23c80466..b5c32246b 100644
--- a/tests/quic-alerts/test.yaml
+++ b/tests/quic-alerts/test.yaml
@@ -37,3 +37,9 @@ checks:
       match:
         event_type: alert
         alert.signature: QUIC VERSION
+
+  - filter:
+      count: 2
+      match:
+        event_type: alert
+        alert.signature: QUIC SNI