From: Jason Ish <jason.ish@oisf.net>
Date: Mon, 15 Mar 2021 21:38:57 +0000 (-0600)
Subject: dns-udp-double-request-response: add dns eve v2 test
X-Git-Tag: suricata-6.0.4~108
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=719a7865a92cbac8b93adde4959b99fa5938816e;p=thirdparty%2Fsuricata-verify.git

dns-udp-double-request-response: add dns eve v2 test
---

diff --git a/tests/dns-udp-double-request-response-v1/README.txt b/tests/dns-udp-double-request-response-v1/README.txt
new file mode 100644
index 000000000..d0a46a673
--- /dev/null
+++ b/tests/dns-udp-double-request-response-v1/README.txt
@@ -0,0 +1,8 @@
+Test 2 UDP DNS requests followed back to back with no response, then
+the 2 responses being received.
+
+Prior to Suricata 3.2 the first request would be marked as having a
+reply lost when the second request was seen.
+
+Related issue:
+https://redmine.openinfosecfoundation.org/issues/1923
diff --git a/tests/dns-udp-double-request-response-v1/dns-udp-double-request-response.pcap b/tests/dns-udp-double-request-response-v1/dns-udp-double-request-response.pcap
new file mode 100644
index 000000000..43b47e68c
Binary files /dev/null and b/tests/dns-udp-double-request-response-v1/dns-udp-double-request-response.pcap differ
diff --git a/tests/dns-udp-double-request-response-v1/suricata.yaml b/tests/dns-udp-double-request-response-v1/suricata.yaml
new file mode 100644
index 000000000..5f7eded22
--- /dev/null
+++ b/tests/dns-udp-double-request-response-v1/suricata.yaml
@@ -0,0 +1,10 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filename: eve.json
+      types:
+        - dns:
+            version: 1
diff --git a/tests/dns-udp-double-request-response-v1/test.yaml b/tests/dns-udp-double-request-response-v1/test.yaml
new file mode 100644
index 000000000..f9d87cb08
--- /dev/null
+++ b/tests/dns-udp-double-request-response-v1/test.yaml
@@ -0,0 +1,16 @@
+requires:
+  features:
+    - HAVE_LIBJANSSON
+  lt-version: 7
+
+checks:
+  - filter:
+      count: 2
+      match:
+        event_type: dns
+        dns.type: query
+  - filter:
+      count: 9
+      match:
+        event_type: dns
+        dns.type: answer
diff --git a/tests/dns-udp-double-request-response/suricata.yaml b/tests/dns-udp-double-request-response/suricata.yaml
index 5f7eded22..bf949095f 100644
--- a/tests/dns-udp-double-request-response/suricata.yaml
+++ b/tests/dns-udp-double-request-response/suricata.yaml
@@ -7,4 +7,3 @@ outputs:
       filename: eve.json
       types:
         - dns:
-            version: 1
diff --git a/tests/dns-udp-double-request-response/test.yaml b/tests/dns-udp-double-request-response/test.yaml
index 7804b105b..bd8327966 100644
--- a/tests/dns-udp-double-request-response/test.yaml
+++ b/tests/dns-udp-double-request-response/test.yaml
@@ -9,7 +9,7 @@ checks:
         event_type: dns
         dns.type: query
   - filter:
-      count: 9
+      count: 2
       match:
         event_type: dns
         dns.type: answer