From: Jason Ish <jason.ish@oisf.net>
Date: Fri, 17 Feb 2023 18:33:15 +0000 (-0600)
Subject: test: issue 4759
X-Git-Tag: suricata-6.0.12~23
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=590594c6d2685c8ceb33e10c0177d7e9d74d773b;p=thirdparty%2Fsuricata-verify.git

test: issue 4759
---

diff --git a/tests/issues/issue-4759.1/README.md b/tests/issues/issue-4759.1/README.md
new file mode 100644
index 000000000..6ebb6e5b1
--- /dev/null
+++ b/tests/issues/issue-4759.1/README.md
@@ -0,0 +1 @@
+Test for issue 4759. Also related to 5799.
diff --git a/tests/issues/issue-4759.1/tcpdns.pcap b/tests/issues/issue-4759.1/tcpdns.pcap
new file mode 100644
index 000000000..c1ff33a58
Binary files /dev/null and b/tests/issues/issue-4759.1/tcpdns.pcap differ
diff --git a/tests/issues/issue-4759.1/test.rules b/tests/issues/issue-4759.1/test.rules
new file mode 100644
index 000000000..26dac02f7
--- /dev/null
+++ b/tests/issues/issue-4759.1/test.rules
@@ -0,0 +1,2 @@
+alert tls any any -> any any (msg:"SSL Fingerprint"; sid:1; rev:1;)
+alert dns any any -> any any (msg:".com in DNS query"; dns.query; content:".com"; sid:2; rev:1;)
diff --git a/tests/issues/issue-4759.1/test.yaml b/tests/issues/issue-4759.1/test.yaml
new file mode 100644
index 000000000..e3063cad9
--- /dev/null
+++ b/tests/issues/issue-4759.1/test.yaml
@@ -0,0 +1,9 @@
+checks:
+  - filter:
+      count: 2
+      match:
+        event_type: alert
+  - filter:
+      count: 4
+      match:
+        event_type: dns