From: Eric Leblond <el@stamus-networks.com>
Date: Sun, 19 Jun 2022 11:03:13 +0000 (+0200)
Subject: tests: add ipv4 set save test
X-Git-Tag: suricata-6.0.9~31
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=482aa308ed7bdbf8386e46f5510eb6dd750c4c5f;p=thirdparty%2Fsuricata-verify.git

tests: add ipv4 set save test
---

diff --git a/tests/datasets-07-state-ip/expected/state.csv b/tests/datasets-07-state-ip/expected/state.csv
new file mode 100644
index 000000000..817280424
--- /dev/null
+++ b/tests/datasets-07-state-ip/expected/state.csv
@@ -0,0 +1 @@
+1.2.3.4
diff --git a/tests/datasets-07-state-ip/input.pcap b/tests/datasets-07-state-ip/input.pcap
new file mode 100644
index 000000000..790a6a155
Binary files /dev/null and b/tests/datasets-07-state-ip/input.pcap differ
diff --git a/tests/datasets-07-state-ip/test.rules b/tests/datasets-07-state-ip/test.rules
new file mode 100644
index 000000000..e4107b809
--- /dev/null
+++ b/tests/datasets-07-state-ip/test.rules
@@ -0,0 +1 @@
+alert dns any any -> any any (ip.dst; dataset:set,dns-srv, type ipv4, state state.csv; sid:1;)
diff --git a/tests/datasets-07-state-ip/test.yaml b/tests/datasets-07-state-ip/test.yaml
new file mode 100644
index 000000000..d368d010c
--- /dev/null
+++ b/tests/datasets-07-state-ip/test.yaml
@@ -0,0 +1,13 @@
+requires:
+  features:
+    - HAVE_LIBJANSSON
+  files:
+    - src/detect-ipaddr.c
+
+args:
+  - --data-dir=${OUTPUT_DIR}
+
+checks:
+  - file-compare:
+      filename: state.csv
+      expected: expected/state.csv
diff --git a/tests/datasets-07-state-ip/writepcap.py b/tests/datasets-07-state-ip/writepcap.py
new file mode 100755
index 000000000..f5a1b7a5e
--- /dev/null
+++ b/tests/datasets-07-state-ip/writepcap.py
@@ -0,0 +1,16 @@
+#!/usr/bin/env python
+from scapy.all import *
+
+pkts = []
+
+pkts += Ether(dst='ff:ff:ff:ff:ff:ff', src='00:01:02:03:04:05')/ \
+    Dot1Q(vlan=6)/ \
+    IP(dst='1.2.3.4', src='5.6.7.8')/UDP(dport=53)/DNS(id=1, rd=1, qd=DNSQR(qname='example.com'))
+pkts += Ether(dst='ff:ff:ff:ff:ff:ff', src='00:01:02:03:04:05')/ \
+    Dot1Q(vlan=6)/ \
+    IP(dst='1.2.3.4', src='5.6.7.8')/UDP(dport=53)/DNS(id=2, rd=1, qd=DNSQR(qname='example.com'))
+pkts += Ether(dst='ff:ff:ff:ff:ff:ff', src='00:01:02:03:04:05')/ \
+    Dot1Q(vlan=6)/ \
+    IP(dst='1.2.3.4', src='5.6.7.8')/UDP(dport=53)/DNS(id=3, rd=1, qd=DNSQR(qname='example.com'))
+
+wrpcap('input.pcap', pkts)