From: Jason Ish <ish@unx.ca>
Date: Thu, 8 Jun 2017 19:01:09 +0000 (-0600)
Subject: dns txt test
X-Git-Tag: suricata-6.0.4~583
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=36a160f44ea9791f9c04fc86f183c657cfea12eb;p=thirdparty%2Fsuricata-verify.git

dns txt test
---

diff --git a/dns-udp-eve-log-txt/README.md b/dns-udp-eve-log-txt/README.md
new file mode 100644
index 000000000..5a1c088f7
--- /dev/null
+++ b/dns-udp-eve-log-txt/README.md
@@ -0,0 +1,2 @@
+Test that a TXT record is extracted and logged correctly to Eve.
+
diff --git a/dns-udp-eve-log-txt/check.sh b/dns-udp-eve-log-txt/check.sh
new file mode 100755
index 000000000..d8a9ef65d
--- /dev/null
+++ b/dns-udp-eve-log-txt/check.sh
@@ -0,0 +1,9 @@
+#! /bin/sh
+
+set -e
+
+txt=$(cat output/eve.json | \
+	  jq -c 'select(.dns.type == "answer") | select(.dns.rrtype == "TXT") | .dns.rdata')
+test "${txt}" = '"v=spf1 include:_spf.google.com ~all"'
+
+
diff --git a/dns-udp-eve-log-txt/dns-txt-google.com.pcap b/dns-udp-eve-log-txt/dns-txt-google.com.pcap
new file mode 100644
index 000000000..edb238eda
Binary files /dev/null and b/dns-udp-eve-log-txt/dns-txt-google.com.pcap differ