From: Jason Ish <jason.ish@oisf.net>
Date: Thu, 4 Jul 2024 21:28:59 +0000 (-0600)
Subject: dns-udp-eve-dig: v2 and v3 tests
X-Git-Tag: suricata-7.0.7~65
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=35a60ef50475d5594e9bcfaed0a4b2a3e2756aa7;p=thirdparty%2Fsuricata-verify.git

dns-udp-eve-dig: v2 and v3 tests
---

diff --git a/tests/dns-udp-eve-v2-dig/README.md b/tests/dns/dns-udp-eve-dig/README.md
similarity index 100%
rename from tests/dns-udp-eve-v2-dig/README.md
rename to tests/dns/dns-udp-eve-dig/README.md
diff --git a/tests/dns/dns-udp-eve-dig/test.yaml b/tests/dns/dns-udp-eve-dig/test.yaml
new file mode 100644
index 000000000..4f674294c
--- /dev/null
+++ b/tests/dns/dns-udp-eve-dig/test.yaml
@@ -0,0 +1,60 @@
+requires:
+  min-version: 8
+
+pcap: ../../cond-log-dns-dig/input.pcap
+
+checks:
+- filter:
+    count: 2
+    match:
+      event_type: dns
+- filter:
+    count: 1
+    match:
+      dest_ip: 10.16.1.1
+      dest_port: 53
+      dns.id: 36146
+      dns.queries[0].rrname: www.suricata-ids.org
+      dns.queries[0].rrtype: A
+      dns.tx_id: 0
+      dns.type: request
+      event_type: dns
+      pcap_cnt: 1
+      proto: UDP
+      src_ip: 10.16.1.11
+      src_port: 41805
+- filter:
+    count: 1
+    match:
+      dest_ip: 10.16.1.1
+      dest_port: 53
+      dns.answers[0].rdata: suricata-ids.org
+      dns.answers[0].rrname: www.suricata-ids.org
+      dns.answers[0].rrtype: CNAME
+      dns.answers[0].ttl: 3544
+      dns.answers[1].rdata: 192.0.78.24
+      dns.answers[1].rrname: suricata-ids.org
+      dns.answers[1].rrtype: A
+      dns.answers[1].ttl: 244
+      dns.answers[2].rdata: 192.0.78.25
+      dns.answers[2].rrname: suricata-ids.org
+      dns.answers[2].rrtype: A
+      dns.answers[2].ttl: 244
+      dns.flags: 81a0
+      dns.grouped.A[0]: 192.0.78.24
+      dns.grouped.A[1]: 192.0.78.25
+      dns.grouped.CNAME[0]: suricata-ids.org
+      dns.id: 36146
+      dns.qr: true
+      dns.ra: true
+      dns.rcode: NOERROR
+      dns.rd: true
+      dns.queries[0].rrname: www.suricata-ids.org
+      dns.queries[0].rrtype: A
+      dns.type: response
+      dns.version: 3
+      event_type: dns
+      pcap_cnt: 2
+      proto: UDP
+      src_ip: 10.16.1.11
+      src_port: 41805
diff --git a/tests/dns/v2/dns-udp-eve-dig/README.md b/tests/dns/v2/dns-udp-eve-dig/README.md
new file mode 100644
index 000000000..b62bf5054
--- /dev/null
+++ b/tests/dns/v2/dns-udp-eve-dig/README.md
@@ -0,0 +1 @@
+DNS EVE v2 test of a dig against www.suricata-ids.org.
diff --git a/tests/dns-udp-eve-v2-dig/test.yaml b/tests/dns/v2/dns-udp-eve-dig/test.yaml
similarity index 94%
rename from tests/dns-udp-eve-v2-dig/test.yaml
rename to tests/dns/v2/dns-udp-eve-dig/test.yaml
index 5f6dc7213..3fbc4df7f 100644
--- a/tests/dns-udp-eve-v2-dig/test.yaml
+++ b/tests/dns/v2/dns-udp-eve-dig/test.yaml
@@ -1,4 +1,7 @@
-pcap: ../cond-log-dns-dig/input.pcap
+env:
+  SURICATA_EVE_DNS_VERSION: 2
+
+pcap: ../../../cond-log-dns-dig/input.pcap
 
 checks:
 - filter: