From: Victor Julien <victor@inliniac.net>
Date: Mon, 18 Jan 2021 07:46:00 +0000 (+0100)
Subject: tests: add 2 simple nfs tests
X-Git-Tag: suricata-6.0.4~194
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=749274a246fe7c9103158e793edac3e03a52d4f3;p=thirdparty%2Fsuricata-verify.git

tests: add 2 simple nfs tests
---

diff --git a/tests/nfs3-01/README.md b/tests/nfs3-01/README.md
new file mode 100644
index 000000000..374f30b0f
--- /dev/null
+++ b/tests/nfs3-01/README.md
@@ -0,0 +1,4 @@
+PCAP
+====
+
+Pcap from https://wiki.wireshark.org/SampleCaptures#NFS_Protocol_Family
diff --git a/tests/nfs3-01/input.pcap b/tests/nfs3-01/input.pcap
new file mode 100644
index 000000000..9a94efd9e
Binary files /dev/null and b/tests/nfs3-01/input.pcap differ
diff --git a/tests/nfs3-01/test.yaml b/tests/nfs3-01/test.yaml
new file mode 100644
index 000000000..0fab95341
--- /dev/null
+++ b/tests/nfs3-01/test.yaml
@@ -0,0 +1,83 @@
+# *** Add configuration here ***
+
+args:
+- -k none
+
+checks:
+- filter:
+    count: 1
+    match:
+      dest_ip: 139.25.22.2
+      dest_port: 1022
+      event_type: nfs
+      nfs.file_tx: false
+      nfs.filename: ''
+      nfs.id: 2
+      nfs.procedure: FSINFO
+      nfs.status: OK
+      nfs.type: response
+      nfs.version: 3
+      proto: UDP
+      rpc.auth_type: UNIX
+      rpc.creds.gid: 0
+      rpc.creds.machine_name: werrmsche
+      rpc.creds.uid: 0
+      rpc.status: ACCEPTED
+      rpc.xid: 1578961885
+      src_ip: 139.25.22.102
+      src_port: 2049
+- filter:
+    count: 1
+    match:
+      app_proto: nfs
+      dest_ip: 139.25.22.2
+      dest_port: 1022
+      event_type: fileinfo
+      fileinfo.filename: bln
+      fileinfo.gaps: false
+      fileinfo.md5: 3a8614dc01881ca20e07e1b9cbc03dc0
+      fileinfo.sha1: 7035ba04df3785719585929f63ed36f8ba347b62
+      fileinfo.sha256: cb39bdb9ce305c91be125134205144c2d5fbf458291711f90f4d2276c69821d8
+      fileinfo.size: 11
+      fileinfo.state: CLOSED
+      fileinfo.stored: false
+      fileinfo.tx_id: 38
+      nfs.file_tx: true
+      nfs.filename: bln
+      nfs.hhash: a5fcf973
+      nfs.id: 39
+      nfs.procedure: READ
+      nfs.read.chunks: 1
+      nfs.read.first: true
+      nfs.read.last: true
+      nfs.read.last_xid: 1578961922
+      nfs.status: OK
+      nfs.type: response
+      nfs.version: 3
+      proto: UDP
+      rpc.auth_type: UNIX
+      rpc.creds.gid: 0
+      rpc.creds.machine_name: werrmsche
+      rpc.creds.uid: 0
+      rpc.status: ACCEPTED
+      rpc.xid: 1578961922
+      src_ip: 139.25.22.102
+      src_port: 2049
+- filter:
+    count: 1
+    match:
+      app_proto: nfs
+      dest_ip: 139.25.22.102
+      dest_port: 2049
+      event_type: flow
+      flow.age: 0
+      flow.alerted: false
+      flow.bytes_toclient: 11038
+      flow.bytes_toserver: 10398
+      flow.pkts_toclient: 57
+      flow.pkts_toserver: 57
+      flow.reason: shutdown
+      flow.state: established
+      proto: UDP
+      src_ip: 139.25.22.2
+      src_port: 1022
diff --git a/tests/nfs4-01/README.md b/tests/nfs4-01/README.md
new file mode 100644
index 000000000..374f30b0f
--- /dev/null
+++ b/tests/nfs4-01/README.md
@@ -0,0 +1,4 @@
+PCAP
+====
+
+Pcap from https://wiki.wireshark.org/SampleCaptures#NFS_Protocol_Family
diff --git a/tests/nfs4-01/input.pcap b/tests/nfs4-01/input.pcap
new file mode 100644
index 000000000..c89498881
Binary files /dev/null and b/tests/nfs4-01/input.pcap differ
diff --git a/tests/nfs4-01/test.yaml b/tests/nfs4-01/test.yaml
new file mode 100644
index 000000000..6e2d12fd1
--- /dev/null
+++ b/tests/nfs4-01/test.yaml
@@ -0,0 +1,79 @@
+# *** Add configuration here ***
+
+args:
+- -k none
+
+checks:
+- filter:
+    count: 1
+    match:
+      app_proto: nfs
+      dest_ip: 192.168.0.61
+      dest_port: 2049
+      event_type: fileinfo
+      fileinfo.gaps: false
+      fileinfo.size: 5
+      fileinfo.state: CLOSED
+      fileinfo.stored: false
+      fileinfo.tx_id: 0
+      nfs.file_tx: true
+      nfs.filename: ''
+      nfs.hhash: a4c60877
+      nfs.id: 1
+      nfs.procedure: WRITE
+      nfs.status: OK
+      nfs.type: response
+      nfs.version: 4
+      proto: TCP
+      rpc.auth_type: 'NULL'
+      rpc.status: ACCEPTED
+      rpc.xid: 2731791399
+      src_ip: 192.168.0.26
+      src_port: 880
+- filter:
+    count: 1
+    match:
+      dest_ip: 192.168.0.61
+      dest_port: 2049
+      event_type: nfs
+      nfs.file_tx: true
+      nfs.filename: ''
+      nfs.hhash: a4c60877
+      nfs.id: 1
+      nfs.procedure: WRITE
+      nfs.status: OK
+      nfs.type: response
+      nfs.version: 4
+      pcap_cnt: 81
+      proto: TCP
+      rpc.auth_type: 'NULL'
+      rpc.status: ACCEPTED
+      rpc.xid: 2731791399
+      src_ip: 192.168.0.26
+      src_port: 880
+- filter:
+    count: 1
+    match:
+      app_proto: nfs
+      dest_ip: 192.168.0.61
+      dest_port: 2049
+      event_type: flow
+      flow.age: 4
+      flow.alerted: false
+      flow.bytes_toclient: 8392
+      flow.bytes_toserver: 8742
+      flow.pkts_toclient: 38
+      flow.pkts_toserver: 43
+      flow.reason: shutdown
+      flow.state: closed
+      proto: TCP
+      src_ip: 192.168.0.26
+      src_port: 880
+      tcp.ack: true
+      tcp.fin: true
+      tcp.psh: true
+      tcp.state: closed
+      tcp.syn: true
+      tcp.tcp_flags: 1b
+      tcp.tcp_flags_tc: 1b
+      tcp.tcp_flags_ts: 1b