From: Pierre Chifflier Date: Tue, 21 May 2019 18:51:23 +0000 (+0200) Subject: tests: add testcases for SNMP X-Git-Tag: suricata-6.0.4~425 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=43620c8ab538360e6491a11d93deb7942fe475f9;p=thirdparty%2Fsuricata-verify.git tests: add testcases for SNMP SNMP v2c, v3 (unauth and encrypted) --- diff --git a/tests/snmp-v2c-get/README.md b/tests/snmp-v2c-get/README.md new file mode 100644 index 000000000..a0e724f06 --- /dev/null +++ b/tests/snmp-v2c-get/README.md @@ -0,0 +1,4 @@ +Test for accessing SNMP fields for v2c request/response PDU types. + +PCAP URL: + http://packetlife.net/captures/SNMPv2c_get_requests.cap diff --git a/tests/snmp-v2c-get/SNMPv2c_get_requests.pcap b/tests/snmp-v2c-get/SNMPv2c_get_requests.pcap new file mode 100644 index 000000000..3721fe661 Binary files /dev/null and b/tests/snmp-v2c-get/SNMPv2c_get_requests.pcap differ diff --git a/tests/snmp-v2c-get/test.yaml b/tests/snmp-v2c-get/test.yaml new file mode 100644 index 000000000..c84c2c458 --- /dev/null +++ b/tests/snmp-v2c-get/test.yaml @@ -0,0 +1,34 @@ +requires: + features: + - HAVE_LIBJANSSON + - RUST + files: + - rust/src/snmp/snmp.rs + +args: + - -k none + +checks: + + - filter: + count: 8 + match: + event_type: snmp + snmp.version: 2 + + - filter: + count: 3 + match: + event_type: snmp + snmp.pdu_type: get_request + snmp.community: "[R0_C@cti!]" + snmp.version: 2 + + - filter: + count: 1 + match: + event_type: snmp + snmp.pdu_type: get_next_request + snmp.community: "[R0_C@cti!]" + snmp.version: 2 + snmp.vars: ["0.1"] diff --git a/tests/snmp-v3-encrypted/README.md b/tests/snmp-v3-encrypted/README.md new file mode 100644 index 000000000..9653e13d0 --- /dev/null +++ b/tests/snmp-v3-encrypted/README.md @@ -0,0 +1,4 @@ +Test for accessing SNMP fields for v3 request/response PDU types, with some encrypted PDUs. + +PCAP URL: + http://packetlife.net/captures/SNMPv3.cap diff --git a/tests/snmp-v3-encrypted/SNMPv3.pcap b/tests/snmp-v3-encrypted/SNMPv3.pcap new file mode 100644 index 000000000..93f2a24dc Binary files /dev/null and b/tests/snmp-v3-encrypted/SNMPv3.pcap differ diff --git a/tests/snmp-v3-encrypted/test.yaml b/tests/snmp-v3-encrypted/test.yaml new file mode 100644 index 000000000..2f51f296b --- /dev/null +++ b/tests/snmp-v3-encrypted/test.yaml @@ -0,0 +1,31 @@ +requires: + features: + - HAVE_LIBJANSSON + - RUST + files: + - rust/src/snmp/snmp.rs + +args: + - -k none + +checks: + + - filter: + count: 8 + match: + event_type: snmp + snmp.version: 3 + + - filter: + count: 2 + match: + event_type: snmp + snmp.pdu_type: get_request + snmp.version: 3 + + - filter: + count: 4 + match: + event_type: snmp + snmp.pdu_type: encrypted + snmp.version: 3 diff --git a/tests/snmp-v3-unauth/README.md b/tests/snmp-v3-unauth/README.md new file mode 100644 index 000000000..d0e7f3194 --- /dev/null +++ b/tests/snmp-v3-unauth/README.md @@ -0,0 +1,3 @@ +Test for accessing SNMP fields for v3 request/response PDU types, without authentication nor encryption. + +PCAP generated using Net-SNMP daemon. diff --git a/tests/snmp-v3-unauth/snmp-v3-get-bulk-unauth.pcapng b/tests/snmp-v3-unauth/snmp-v3-get-bulk-unauth.pcapng new file mode 100644 index 000000000..bf9ce8cf3 Binary files /dev/null and b/tests/snmp-v3-unauth/snmp-v3-get-bulk-unauth.pcapng differ diff --git a/tests/snmp-v3-unauth/test.yaml b/tests/snmp-v3-unauth/test.yaml new file mode 100644 index 000000000..21149efcc --- /dev/null +++ b/tests/snmp-v3-unauth/test.yaml @@ -0,0 +1,31 @@ +requires: + features: + - HAVE_LIBJANSSON + - RUST + files: + - rust/src/snmp/snmp.rs + +args: + - -k none + +checks: + + - filter: + count: 8 + match: + event_type: snmp + snmp.version: 3 + + - filter: + count: 3 + match: + event_type: snmp + snmp.pdu_type: get_request + snmp.version: 3 + + - filter: + count: 1 + match: + event_type: snmp + snmp.pdu_type: get_bulk_request + snmp.version: 3