From: Jeff Lucovsky <jeff@lucovsky.org>
Date: Sat, 12 Feb 2022 14:52:49 +0000 (-0500)
Subject: test/ipproto: Validate proto name/numbers
X-Git-Tag: suricata-5.0.10~48
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=46bdb3e1c78f6d521ed895968a11c0d12fabb2e0;p=thirdparty%2Fsuricata-verify.git

test/ipproto: Validate proto name/numbers

Issue 5072
---

diff --git a/tests/detect-ip_proto-01/test.rules b/tests/detect-ip_proto-01/test.rules
new file mode 100644
index 000000000..7423f60f4
--- /dev/null
+++ b/tests/detect-ip_proto-01/test.rules
@@ -0,0 +1,13 @@
+# Valid protocol names/numbers
+alert ip any any -> any any (msg:"Valid protoccol number"; ip_proto:2; sid:1;)
+alert ip any any -> any any (msg:"Valid protoccol name"; ip_proto:tcp; sid:2;)
+alert ip any any -> any any (msg:"Valid protoccol number"; ip_proto:0; sid:3;)
+alert ip any any -> any any (msg:"Valid protoccol number"; ip_proto:144; sid:4;)
+alert ip any any -> any any (msg:"Valid protoccol name"; ip_proto:TCP; sid:5;)
+
+# Invalid protocol names and/or numbers
+alert ip any any -> any any (msg:"Invalid protoccol number"; ip_proto:TcP; sid:20;)
+alert ip any any -> any any (msg:"Invalid protoccol number"; ip_proto:295; sid:22;)
+alert ip any any -> any any (msg:"Invalid protoccol name"; ip_proto:"not-a-protocol"; sid:23;)
+alert ip any any -> any any (msg:"Invalid protoccol number"; ip_proto:70000; sid:24;)
+alert ip any any -> any any (msg:"Invalid protoccol number"; ip_proto:-1; sid:25;)
diff --git a/tests/detect-ip_proto-01/test.yaml b/tests/detect-ip_proto-01/test.yaml
new file mode 100644
index 000000000..159a1eeb9
--- /dev/null
+++ b/tests/detect-ip_proto-01/test.yaml
@@ -0,0 +1,17 @@
+requires:
+    min-version: 7
+    pcap: false
+
+args:
+    - --engine-analysis
+
+exit-code: 1
+
+checks:
+    - shell:
+        args: grep "SC_ERR_INVALID_SIGNATURE" suricata.log | wc -l | xargs
+        expect: 5
+
+    - shell:
+        args: grep "SC_ERR_INVALID_VALUE" suricata.log | wc -l | xargs
+        expect: 5