From: Jason Ish Date: Thu, 4 Jul 2024 21:24:59 +0000 (-0600) Subject: dns-udp-eve-txt: v2 and v3 tests X-Git-Tag: suricata-7.0.7~66 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=76f8ce7a89151d3add10e62e87a37f533c054392;p=thirdparty%2Fsuricata-verify.git dns-udp-eve-txt: v2 and v3 tests --- diff --git a/tests/dns-udp-eve-v1-txt/test.yaml b/tests/dns-udp-eve-v1-txt/test.yaml index 1861dbd4a..5a4ec6d66 100644 --- a/tests/dns-udp-eve-v1-txt/test.yaml +++ b/tests/dns-udp-eve-v1-txt/test.yaml @@ -1,7 +1,7 @@ requires: lt-version: 7 -pcap: ../dns-udp-eve-v2-txt/input.pcap +pcap: ../dns/dns-udp-eve-txt/input.pcap checks: - filter: diff --git a/tests/dns-udp-eve-v2-txt/input.pcap b/tests/dns/dns-udp-eve-txt/input.pcap similarity index 100% rename from tests/dns-udp-eve-v2-txt/input.pcap rename to tests/dns/dns-udp-eve-txt/input.pcap diff --git a/tests/dns/dns-udp-eve-txt/test.yaml b/tests/dns/dns-udp-eve-txt/test.yaml new file mode 100644 index 000000000..1a9caa3c0 --- /dev/null +++ b/tests/dns/dns-udp-eve-txt/test.yaml @@ -0,0 +1,124 @@ +requires: + min-version: 8 + +checks: +- filter: + count: 1 + match: + dest_ip: 10.16.1.1 + dest_port: 53 + dns.id: 39372 + dns.queries[0].rrname: textsecure-service-ca.whispersystems.org + dns.queries[0].rrtype: A + dns.tx_id: 0 + dns.type: request + event_type: dns + pcap_cnt: 3 + proto: UDP + src_ip: 10.16.1.11 + src_port: 60922 +- filter: + count: 1 + match: + dest_ip: 10.16.1.1 + dest_port: 53 + dns.id: 28243 + dns.queries[0].rrname: google.com + dns.queries[0].rrtype: TXT + dns.tx_id: 0 + dns.type: request + event_type: dns + pcap_cnt: 1 + proto: UDP + src_ip: 10.16.1.11 + src_port: 52345 +- filter: + count: 1 + match: + dest_ip: 10.16.1.1 + dest_port: 53 + dns.answers[0].rdata: 34.197.178.240 + dns.answers[0].rrname: textsecure-service-ca.whispersystems.org + dns.answers[0].rrtype: A + dns.answers[0].ttl: 5 + dns.flags: '8180' + dns.grouped.A[0]: 34.197.178.240 + dns.id: 39372 + dns.qr: true + dns.ra: true + dns.rcode: NOERROR + dns.rd: true + dns.queries[0].rrname: textsecure-service-ca.whispersystems.org + dns.queries[0].rrtype: A + dns.type: response + dns.version: 3 + event_type: dns + pcap_cnt: 4 + proto: UDP + src_ip: 10.16.1.11 + src_port: 60922 +- filter: + count: 1 + match: + dest_ip: 10.16.1.1 + dest_port: 53 + dns.answers[0].rdata: v=spf1 include:_spf.google.com ~all + dns.answers[0].rrname: google.com + dns.answers[0].rrtype: TXT + dns.answers[0].ttl: 3217 + dns.flags: '8180' + dns.grouped.TXT[0]: v=spf1 include:_spf.google.com ~all + dns.id: 28243 + dns.qr: true + dns.ra: true + dns.rcode: NOERROR + dns.rd: true + dns.queries[0].rrname: google.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 + event_type: dns + pcap_cnt: 2 + proto: UDP + src_ip: 10.16.1.11 + src_port: 52345 +- filter: + count: 1 + match: + app_proto: dns + dest_ip: 10.16.1.1 + dest_port: 53 + event_type: flow + flow.age: 0 + flow.alerted: false + flow.bytes_toclient: 116 + flow.bytes_toserver: 100 + flow.end: 2017-06-08T15:45:58.525601+0000 + flow.pkts_toclient: 1 + flow.pkts_toserver: 1 + flow.reason: shutdown + flow.start: 2017-06-08T15:45:58.520996+0000 + flow.state: established + proto: UDP + src_ip: 10.16.1.11 + src_port: 60922 +- filter: + count: 1 + match: + app_proto: dns + dest_ip: 10.16.1.1 + dest_port: 53 + event_type: flow + flow.age: 0 + flow.alerted: false + flow.bytes_toclient: 129 + flow.bytes_toserver: 81 + flow.end: 2017-06-08T15:45:57.833020+0000 + flow.pkts_toclient: 1 + flow.pkts_toserver: 1 + flow.reason: shutdown + flow.start: 2017-06-08T15:45:57.828730+0000 + flow.state: established + proto: UDP + src_ip: 10.16.1.11 + src_port: 52345 diff --git a/tests/dns/v2/dns-udp-eve-txt/input.pcap b/tests/dns/v2/dns-udp-eve-txt/input.pcap new file mode 100644 index 000000000..edb238eda Binary files /dev/null and b/tests/dns/v2/dns-udp-eve-txt/input.pcap differ diff --git a/tests/dns-udp-eve-v2-txt/test.yaml b/tests/dns/v2/dns-udp-eve-txt/test.yaml similarity index 98% rename from tests/dns-udp-eve-v2-txt/test.yaml rename to tests/dns/v2/dns-udp-eve-txt/test.yaml index 5f7461fc7..faf5afed5 100644 --- a/tests/dns-udp-eve-v2-txt/test.yaml +++ b/tests/dns/v2/dns-udp-eve-txt/test.yaml @@ -1,4 +1,5 @@ -# *** Add configuration here *** +env: + SURICATA_EVE_DNS_VERSION: 2 checks: - filter: